diff --git a/thys/Buchi_Complementation/Ranking.thy b/thys/Buchi_Complementation/Ranking.thy --- a/thys/Buchi_Complementation/Ranking.thy +++ b/thys/Buchi_Complementation/Ranking.thy @@ -1,478 +1,480 @@ section \Rankings\ theory Ranking imports "Alternate" "Graph" begin subsection \Rankings\ type_synonym 'state ranking = "'state node \ nat" definition ranking :: "('label, 'state) nba \ 'label stream \ 'state ranking \ bool" where "ranking A w f \ (\ v \ gunodes A w. f v \ 2 * card (nodes A)) \ (\ v \ gunodes A w. \ u \ gusuccessors A w v. f u \ f v) \ (\ v \ gunodes A w. gaccepting A v \ even (f v)) \ (\ v \ gunodes A w. \ r k. gurun A w r v \ smap f (gtrace r v) = sconst k \ odd k)" subsection \Ranking Implies Word not in Language\ lemma ranking_stuck: assumes "ranking A w f" assumes "v \ gunodes A w" "gurun A w r v" obtains n k where "smap f (gtrace (sdrop n r) (gtarget (stake n r) v)) = sconst k" proof - have 0: "f u \ f v" if "v \ gunodes A w" "u \ gusuccessors A w v" for v u using assms(1) that unfolding ranking_def by auto have 1: "shd (v ## gtrace r v) \ gunodes A w" using assms(2) by auto have 2: "sdescending (smap f (v ## gtrace r v))" using 1 assms(3) proof (coinduction arbitrary: r v rule: sdescending.coinduct) case sdescending obtain u s where 1: "r = u ## s" using stream.exhaust by blast have 2: "v \ gunodes A w" using sdescending(1) by simp have 3: "gurun A w (u ## s) v" using sdescending(2) 1 by auto have 4: "u \ gusuccessors A w v" using 3 by auto have 5: "u \ gureachable A w v" using graph.reachable_successors 4 by blast show ?case unfolding 1 proof (intro exI conjI disjI1) show "f u \ f v" using 0 2 4 by this show "shd (u ## gtrace s u) \ gunodes A w" using 2 5 by auto show "gurun A w s u" using 3 by auto qed auto qed obtain n k where 3: "sdrop n (smap f (v ## gtrace r v)) = sconst k" using sdescending_stuck[OF 2] by metis have "gtrace (sdrop (Suc n) r) (gtarget (stake (Suc n) r) v) = sdrop (Suc n) (gtrace r v)" using sscan_sdrop by rule also have "smap f \ = sdrop n (smap f (v ## gtrace r v))" by (auto, metis 3 id_apply sdrop_smap sdrop_stl siterate.simps(2) sscan_const stream.map stream.map_sel(2) stream.sel(2)) also have "\ = sconst k" using 3 by this finally show ?thesis using that by blast qed lemma ranking_stuck_odd: assumes "ranking A w f" assumes "v \ gunodes A w" "gurun A w r v" obtains n where "sset (smap f (gtrace (sdrop n r) (gtarget (stake n r) v))) \ Collect odd" proof - obtain n k where 1: "smap f (gtrace (sdrop n r) (gtarget (stake n r) v)) = sconst k" using ranking_stuck assms by this have 2: "gtarget (stake n r) v \ gunodes A w" using assms(2, 3) by (simp add: graph.nodes_target graph.run_stake) have 3: "gurun A w (sdrop n r) (gtarget (stake n r) v)" using assms(2, 3) by (simp add: graph.run_sdrop) have 4: "odd k" using 1 2 3 assms(1) unfolding ranking_def by meson have "sset (smap f (gtrace (sdrop n r) (gtarget (stake n r) v))) = sset (sconst k)" unfolding 1 by rule also have "\ \ Collect odd" using 4 by simp finally show ?thesis using that by simp qed lemma ranking_language: assumes "ranking A w f" shows "w \ language A" proof assume 1: "w \ language A" obtain r p where 2: "run A (w ||| r) p" "p \ initial A" "infs (accepting A) (p ## r)" using 1 by rule let ?r = "fromN 1 ||| r" let ?v = "(0, p)" have 3: "?v \ gunodes A w" "gurun A w ?r ?v" using 2(1, 2) by (auto intro: run_grun) obtain n where 4: "sset (smap f (gtrace (sdrop n ?r) (gtarget (stake n ?r) ?v))) \ {a. odd a}" using ranking_stuck_odd assms 3 by this let ?s = "stake n ?r" let ?t = "sdrop n ?r" let ?u = "gtarget ?s ?v" have "sset (gtrace ?t ?u) \ gureachable A w ?v" proof (intro graph.reachable_trace graph.reachable_target graph.reachable.reflexive) show "gupath A w ?s ?v" using graph.run_stake 3(2) by this show "gurun A w ?t ?u" using graph.run_sdrop 3(2) by this qed also have "\ \ gunodes A w" using 3(1) by blast finally have 7: "sset (gtrace ?t ?u) \ gunodes A w" by this have 8: "\ p. p \ gunodes A w \ gaccepting A p \ even (f p)" using assms unfolding ranking_def by auto have 9: "\ p. p \ sset (gtrace ?t ?u) \ gaccepting A p \ even (f p)" using 7 8 by auto have 19: "infs (accepting A) (smap snd ?r)" using 2(3) by simp have 18: "infs (gaccepting A) ?r" using 19 by simp have 17: "infs (gaccepting A) (gtrace ?r ?v)" using 18 unfolding gtrace_alt_def by this have 16: "infs (gaccepting A) (gtrace (?s @- ?t) ?v)" using 17 unfolding stake_sdrop by this have 15: "infs (gaccepting A) (gtrace ?t ?u)" using 16 by simp have 13: "infs (even \ f) (gtrace ?t ?u)" using infs_mono[OF _ 15] 9 by simp have 12: "infs even (smap f (gtrace ?t ?u))" using 13 by (simp add: comp_def) have 11: "Bex (sset (smap f (gtrace ?t ?u))) even" using 12 infs_any by metis show False using 4 11 by auto qed subsection \Word not in Language implies Ranking\ subsubsection \Removal of Endangered Nodes\ definition clean :: "('label, 'state) nba \ 'label stream \ 'state node set \ 'state node set" where "clean A w V \ {v \ V. infinite (greachable A w V v)}" lemma clean_decreasing: "clean A w V \ V" unfolding clean_def by auto lemma clean_successors: assumes "v \ V" "u \ gusuccessors A w v" shows "u \ clean A w V \ v \ clean A w V" proof - assume 1: "u \ clean A w V" have 2: "u \ V" "infinite (greachable A w V u)" using 1 unfolding clean_def by auto have 3: "u \ greachable A w V v" using graph.reachable.execute assms(2) 2(1) by blast have 4: "greachable A w V u \ greachable A w V v" using 3 by blast have 5: "infinite (greachable A w V v)" using 2(2) 4 by (simp add: infinite_super) show "v \ clean A w V" unfolding clean_def using assms(1) 5 by simp qed subsubsection \Removal of Safe Nodes\ definition prune :: "('label, 'state) nba \ 'label stream \ 'state node set \ 'state node set" where "prune A w V \ {v \ V. \ u \ greachable A w V v. gaccepting A u}" lemma prune_decreasing: "prune A w V \ V" unfolding prune_def by auto lemma prune_successors: assumes "v \ V" "u \ gusuccessors A w v" shows "u \ prune A w V \ v \ prune A w V" proof - assume 1: "u \ prune A w V" have 2: "u \ V" "\ x \ greachable A w V u. gaccepting A x" using 1 unfolding prune_def by auto have 3: "u \ greachable A w V v" using graph.reachable.execute assms(2) 2(1) by blast have 4: "greachable A w V u \ greachable A w V v" using 3 by blast show "v \ prune A w V" unfolding prune_def using assms(1) 2(2) 4 by auto qed subsubsection \Run Graph Interation\ definition graph :: "('label, 'state) nba \ 'label stream \ nat \ 'state node set" where "graph A w k \ alternate (clean A w) (prune A w) k (gunodes A w)" abbreviation "level A w k l \ {v \ graph A w k. fst v = l}" lemma graph_0[simp]: "graph A w 0 = gunodes A w" unfolding graph_def by simp lemma graph_Suc[simp]: "graph A w (Suc k) = (if even k then clean A w else prune A w) (graph A w k)" unfolding graph_def by simp lemma graph_antimono: "antimono (graph A w)" using alternate_antimono clean_decreasing prune_decreasing unfolding antimono_def le_fun_def graph_def by metis lemma graph_nodes: "graph A w k \ gunodes A w" using graph_0 graph_antimono le0 antimonoD by metis lemma graph_successors: assumes "v \ gunodes A w" "u \ gusuccessors A w v" shows "u \ graph A w k \ v \ graph A w k" using assms proof (induct k arbitrary: u v) case 0 show ?case using 0(2) by simp next case (Suc k) have 1: "v \ graph A w k" using Suc using antimono_iff_le_Suc graph_antimono rev_subsetD by blast show ?case using Suc(2) clean_successors[OF 1 Suc(4)] prune_successors[OF 1 Suc(4)] by auto qed lemma graph_level_finite: assumes "finite (nodes A)" shows "finite (level A w k l)" proof - have "level A w k l \ {v \ gunodes A w. fst v = l}" by (simp add: graph_nodes subset_CollectI) also have "{v \ gunodes A w. fst v = l} \ {l} \ nodes A" using gnodes_nodes by force also have "finite ({l} \ nodes A)" using assms(1) by simp finally show ?thesis by this qed lemma find_safe: assumes "w \ language A" assumes "V \ {}" "V \ gunodes A w" assumes "\ v. v \ V \ gsuccessors A w V v \ {}" obtains v where "v \ V" "\ u \ greachable A w V v. \ gaccepting A u" proof (rule ccontr) assume 1: "\ thesis" have 2: "\ v. v \ V \ \ u \ greachable A w V v. gaccepting A u" using that 1 by auto have 3: "\ r v. v \ initial A \ run A (w ||| r) v \ fins (accepting A) r" using assms(1) by auto obtain v where 4: "v \ V" using assms(2) by force obtain x where 5: "x \ greachable A w V v" "gaccepting A x" using 2 4 by blast obtain y where 50: "gpath A w V y v" "x = gtarget y v" using 5(1) by rule obtain r where 6: "grun A w V r x" "infs (\ x. x \ V \ gaccepting A x) r" proof (rule graph.recurring_condition) show "x \ V \ gaccepting A x" using greachable_subset 4 5 by blast next fix v assume 1: "v \ V \ gaccepting A v" obtain v' where 20: "v' \ gsuccessors A w V v" using assms(4) 1 by (meson IntE equals0I) have 21: "v' \ V" using 20 by auto have 22: "\ u \ greachable A w V v'. u \ V \ gaccepting A u" using greachable_subset 2 21 by blast obtain r where 30: "gpath A w V r v'" "gtarget r v' \ V \ gaccepting A (gtarget r v')" using 22 by blast show "\ r. r \ [] \ gpath A w V r v \ gtarget r v \ V \ gaccepting A (gtarget r v)" proof (intro exI conjI) show "v' # r \ []" by simp show "gpath A w V (v' # r) v" using 20 30 by auto show "gtarget (v' # r) v \ V" using 30 by simp show "gaccepting A (gtarget (v' # r) v)" using 30 by simp qed qed auto obtain u where 100: "u \ ginitial A" "v \ gureachable A w u" using 4 assms(3) by blast have 101: "gupath A w y v" using gpath_subset 50(1) subset_UNIV by this have 102: "gurun A w r x" using grun_subset 6(1) subset_UNIV by this obtain t where 103: "gupath A w t u" "v = gtarget t u" using 100(2) by rule have 104: "gurun A w (t @- y @- r) u" using 101 102 103 50(2) by auto obtain s q where 7: "t @- y @- r = fromN (Suc 0) ||| s" "u = (0, q)" using grun_elim[OF 104] 100(1) by blast have 8: "run A (w ||| s) q" using grun_run[OF 104[unfolded 7]] by simp have 9: "q \ initial A" using 100(1) 7(2) by auto have 91: "sset (trace (w ||| s) q) \ reachable A q" using nba.reachable_trace nba.reachable.reflexive 8 by this have 10: "fins (accepting A) s" using 3 9 8 by this have 12: "infs (gaccepting A) r" using infs_mono[OF _ 6(2)] by simp have "s = smap snd (t @- y @- r)" unfolding 7(1) by simp also have "infs (accepting A) \" using 12 by (simp add: comp_def) finally have 13: "infs (accepting A) s" by this show False using 10 13 by simp qed lemma remove_run: assumes "finite (nodes A)" "w \ language A" assumes "V \ gunodes A w" "clean A w V \ {}" obtains v r where "grun A w V r v" "sset (gtrace r v) \ clean A w V" "sset (gtrace r v) \ - prune A w (clean A w V)" proof - obtain u where 1: "u \ clean A w V" "\ x \ greachable A w (clean A w V) u. \ gaccepting A x" proof (rule find_safe) show "w \ language A" using assms(2) by this show "clean A w V \ {}" using assms(4) by this show "clean A w V \ gunodes A w" using assms(3) by (meson clean_decreasing subset_iff) next fix v assume 1: "v \ clean A w V" have 2: "v \ V" using 1 clean_decreasing by blast have 3: "infinite (greachable A w V v)" using 1 clean_def by auto have "gsuccessors A w V v \ gusuccessors A w v" by auto also have "finite \" using 2 assms(1, 3) finite_nodes_gsuccessors by blast finally have 4: "finite (gsuccessors A w V v)" by this have 5: "infinite (insert v (\((greachable A w V) ` (gsuccessors A w V v))))" using graph.reachable_step 3 by metis obtain u where 6: "u \ gsuccessors A w V v" "infinite (greachable A w V u)" using 4 5 by auto have 7: "u \ clean A w V" using 6 unfolding clean_def by auto show "gsuccessors A w (clean A w V) v \ {}" using 6(1) 7 by auto qed auto have 2: "u \ V" using 1(1) unfolding clean_def by auto have 3: "infinite (greachable A w V u)" using 1(1) unfolding clean_def by simp have 4: "finite (gsuccessors A w V v)" if "v \ greachable A w V u" for v proof - have 1: "v \ V" using that greachable_subset 2 by blast have "gsuccessors A w V v \ gusuccessors A w v" by auto also have "finite \" using 1 assms(1, 3) finite_nodes_gsuccessors by blast finally show ?thesis by this qed obtain r where 5: "grun A w V r u" using graph.koenig[OF 3 4] by this have 6: "greachable A w V u \ V" using 2 greachable_subset by blast have 7: "sset (gtrace r u) \ V" using graph.reachable_trace[OF graph.reachable.reflexive 5(1)] 6 by blast have 8: "sset (gtrace r u) \ clean A w V" unfolding clean_def using 7 infinite_greachable_gtrace[OF 5(1)] by auto have 9: "sset (gtrace r u) \ greachable A w (clean A w V) u" using 5 8 by (metis graph.reachable.reflexive graph.reachable_trace grun_subset) show ?thesis proof show "grun A w V r u" using 5(1) by this show "sset (gtrace r u) \ clean A w V" using 8 by this show "sset (gtrace r u) \ - prune A w (clean A w V)" proof (intro subsetI ComplI) fix p assume 10: "p \ sset (gtrace r u)" "p \ prune A w (clean A w V)" have 20: "\ x \ greachable A w (clean A w V) p. gaccepting A x" using 10(2) unfolding prune_def by auto have 30: "greachable A w (clean A w V) p \ greachable A w (clean A w V) u" using 10(1) 9 by blast show "False" using 1(2) 20 30 by force qed qed qed lemma level_bounded: assumes "finite (nodes A)" "w \ language A" obtains n where "\ l. l \ n \ card (level A w (2 * k) l) \ card (nodes A) - k" proof (induct k arbitrary: thesis) case (0) show ?case proof (rule 0) fix l :: nat have "finite ({l} \ nodes A)" using assms(1) by simp also have "level A w 0 l \ {l} \ nodes A" using gnodes_nodes by force also (card_mono) have "card \ = card (nodes A)" using assms(1) by simp finally show "card (level A w (2 * 0) l) \ card (nodes A) - 0" by simp qed next case (Suc k) show ?case proof (cases "graph A w (Suc (2 * k)) = {}") case True have 3: "graph A w (2 * Suc k) = {}" using True prune_decreasing by simp blast show ?thesis using Suc(2) 3 by simp next case False obtain v r where 1: "grun A w (graph A w (2 * k)) r v" "sset (gtrace r v) \ graph A w (Suc (2 * k))" "sset (gtrace r v) \ - graph A w (Suc (Suc (2 * k)))" proof (rule remove_run) show "finite (nodes A)" "w \ language A" using assms by this show "clean A w (graph A w (2 * k)) \ {}" using False by simp show "graph A w (2 * k) \ gunodes A w" using graph_nodes by this qed auto obtain l q where 2: "v = (l, q)" by force obtain n where 90: "\ l. n \ l \ card (level A w (2 * k) l) \ card (nodes A) - k" using Suc(1) by blast show ?thesis proof (rule Suc(2)) fix j assume 100: "n + Suc l \ j" have 6: "graph A w (Suc (Suc (2 * k))) \ graph A w (Suc (2 * k))" using graph_antimono antimono_iff_le_Suc by blast have 101: "gtrace r v !! (j - Suc l) \ graph A w (Suc (2 * k))" using 1(2) snth_sset by auto have 102: "gtrace r v !! (j - Suc l) \ graph A w (Suc (Suc (2 * k)))" using 1(3) snth_sset by blast have 103: "gtrace r v !! (j - Suc l) \ level A w (Suc (2 * k)) j" using 1(1) 100 101 2 by (auto elim: grun_elim) have 104: "gtrace r v !! (j - Suc l) \ level A w (Suc (Suc (2 * k))) j" using 100 102 by simp have "level A w (2 * Suc k) j = level A w (Suc (Suc (2 * k))) j" by simp also have "\ \ level A w (Suc (2 * k)) j" using 103 104 6 by blast also have "\ \ level A w (2 * k) j" by (simp add: Collect_mono clean_def) finally have 105: "level A w (2 * Suc k) j \ level A w (2 * k) j" by this have "card (level A w (2 * Suc k) j) < card (level A w (2 * k) j)" using assms(1) 105 by (simp add: graph_level_finite psubset_card_mono) also have "\ \ card (nodes A) - k" using 90 100 by simp finally show "card (level A w (2 * Suc k) j) \ card (nodes A) - Suc k" by simp qed qed qed lemma graph_empty: assumes "finite (nodes A)" "w \ language A" shows "graph A w (Suc (2 * card (nodes A))) = {}" proof - obtain n where 1: "\ l. l \ n \ card (level A w (2 * card (nodes A)) l) = 0" using level_bounded[OF assms(1, 2), of "card (nodes A)"] by auto have "graph A w (2 * card (nodes A)) = (\ l \ {..< n}. level A w (2 * card (nodes A)) l) \ (\ l \ {n ..}. level A w (2 * card (nodes A)) l)" by auto also have "(\ l \ {n ..}. level A w (2 * card (nodes A)) l) = {}" using graph_level_finite assms(1) 1 by fastforce also have "finite ((\ l \ {..< n}. level A w (2 * card (nodes A)) l) \ {})" using graph_level_finite assms(1) by auto finally have 100: "finite (graph A w (2 * card (nodes A)))" by this have 101: "finite (greachable A w (graph A w (2 * card (nodes A))) v)" for v using 100 greachable_subset[of A w "graph A w (2 * card (nodes A))" v] using finite_insert infinite_super by auto show ?thesis using 101 by (simp add: clean_def) qed lemma graph_le: assumes "finite (nodes A)" "w \ language A" assumes "v \ graph A w k" shows "k \ 2 * card (nodes A)" using graph_empty graph_antimono assms by (metis (no_types, lifting) Suc_leI antimono_def basic_trans_rules(30) empty_iff not_le_imp_less) subsection \Node Ranks\ definition rank :: "('label, 'state) nba \ 'label stream \ 'state node \ nat" where "rank A w v \ GREATEST k. v \ graph A w k" lemma rank_member: assumes "finite (nodes A)" "w \ language A" "v \ gunodes A w" shows "v \ graph A w (rank A w v)" unfolding rank_def proof (rule GreatestI_nat) show "v \ graph A w 0" using assms(3) by simp - show "\ k. v \ graph A w k \ k \ 2 * card (nodes A)" using graph_le assms(1, 2) by blast + show "\k. v \ graph A w k \ k \ 2 * card (nodes A)" + using graph_le assms(1, 2) by blast qed lemma rank_removed: assumes "finite (nodes A)" "w \ language A" shows "v \ graph A w (Suc (rank A w v))" proof assume "v \ graph A w (Suc (rank A w v))" then have 2: "Suc (rank A w v) \ rank A w v" unfolding rank_def using Greatest_le_nat graph_le assms by metis then show "False" by auto qed lemma rank_le: assumes "finite (nodes A)" "w \ language A" assumes "v \ gunodes A w" "u \ gusuccessors A w v" shows "rank A w u \ rank A w v" unfolding rank_def proof (rule Greatest_le_nat) have 1: "u \ gureachable A w v" using graph.reachable_successors assms(4) by blast have 2: "u \ gunodes A w" using assms(3) 1 by auto show "v \ graph A w (GREATEST k. u \ graph A w k)" unfolding rank_def[symmetric] proof (rule graph_successors) show "v \ gunodes A w" using assms(3) by this show "u \ gusuccessors A w v" using assms(4) by this show "u \ graph A w (rank A w u)" using rank_member assms(1, 2) 2 by this qed - show "\ k. v \ graph A w k \ k \ 2 * card (nodes A)" using graph_le assms(1, 2) by blast + show "\k. v \ graph A w k \ k \ 2 * card (nodes A)" + using graph_le assms(1, 2) by blast qed lemma language_ranking: assumes "finite (nodes A)" "w \ language A" shows "ranking A w (rank A w)" unfolding ranking_def proof (intro conjI ballI allI impI) fix v assume 1: "v \ gunodes A w" have 2: "v \ graph A w (rank A w v)" using rank_member assms 1 by this show "rank A w v \ 2 * card (nodes A)" using graph_le assms 2 by this next fix v u assume 1: "v \ gunodes A w" "u \ gusuccessors A w v" show "rank A w u \ rank A w v" using rank_le assms 1 by this next fix v assume 1: "v \ gunodes A w" "gaccepting A v" have 2: "v \ graph A w (rank A w v)" using rank_member assms 1(1) by this have 3: "v \ graph A w (Suc (rank A w v))" using rank_removed assms by this have 4: "v \ prune A w (graph A w (rank A w v))" using 2 1(2) unfolding prune_def by auto have 5: "graph A w (Suc (rank A w v)) \ prune A w (graph A w (rank A w v))" using 3 4 by blast show "even (rank A w v)" using 5 by auto next fix v r k assume 1: "v \ gunodes A w" "gurun A w r v" "smap (rank A w) (gtrace r v) = sconst k" have "sset (gtrace r v) \ gureachable A w v" using 1(2) by (metis graph.reachable.reflexive graph.reachable_trace) then have 6: "sset (gtrace r v) \ gunodes A w" using 1(1) by blast have 60: "rank A w ` sset (gtrace r v) \ {k}" using 1(3) by (metis equalityD1 sset_sconst stream.set_map) have 50: "sset (gtrace r v) \ graph A w k" using rank_member[OF assms] subsetD[OF 6] 60 unfolding image_subset_iff by auto have 70: "grun A w (graph A w k) r v" using grun_subset 1(2) 50 by this have 7: "sset (gtrace r v) \ clean A w (graph A w k)" unfolding clean_def using 50 infinite_greachable_gtrace[OF 70] by auto have 8: "sset (gtrace r v) \ graph A w (Suc k) = {}" using rank_removed[OF assms] 60 by blast have 9: "sset (gtrace r v) \ {}" using stream.set_sel(1) by auto have 10: "graph A w (Suc k) \ clean A w (graph A w k)" using 7 8 9 by blast show "odd k" using 10 unfolding graph_Suc by auto qed subsection \Correctness Theorem\ theorem language_ranking_iff: assumes "finite (nodes A)" shows "w \ language A \ (\ f. ranking A w f)" using ranking_language language_ranking assms by blast end diff --git a/thys/DynamicArchitectures/Configuration_Traces.thy b/thys/DynamicArchitectures/Configuration_Traces.thy --- a/thys/DynamicArchitectures/Configuration_Traces.thy +++ b/thys/DynamicArchitectures/Configuration_Traces.thy @@ -1,1803 +1,1803 @@ (* Title: Configuration_Traces.thy Author: Diego Marmsoler *) section "A Theory of Dynamic Architectures" text \ The following theory formalizes configuration traces~\cite{Marmsoler2016a,Marmsoler2016} as a model for dynamic architectures. Since configuration traces may be finite as well as infinite, the theory depends on Lochbihler's theory of co-inductive lists~\cite{Lochbihler2010}. \ theory Configuration_Traces imports Coinductive.Coinductive_List begin text \ In the following we first provide some preliminary results for natural numbers, extended natural numbers, and lazy lists. Then, we introduce a locale @text{dynamic\_architectures} which introduces basic definitions and corresponding properties for dynamic architectures. \ subsection "Natural Numbers" text \ We provide one additional property for natural numbers. \ lemma boundedGreatest: assumes "P (i::nat)" and "\n' > n. \ P n'" shows "\i'\n. P i' \ (\n'. P n' \ n'\i')" proof - have "P (i::nat) \ n\i \ \n' > n. \ P n' \ (\i'\n. P i' \ (\n'\n. P n' \ n'\i'))" proof (induction n) case 0 then show ?case by auto next case (Suc n) then show ?case proof cases assume "i = Suc n" then show ?thesis using Suc.prems by auto next assume "\(i = Suc n)" thus ?thesis proof cases assume "P (Suc n)" thus ?thesis by auto next assume "\ P (Suc n)" with Suc.prems have "\n' > n. \ P n'" using Suc_lessI by blast moreover from \\(i = Suc n)\ have "i \ n" and "P i" using Suc.prems by auto ultimately obtain i' where "i'\n \ P i' \ (\n'\n. P n' \ n' \ i')" using Suc.IH by blast hence "i' \ n" and "P i'" and "(\n'\n. P n' \ n' \ i')" by auto thus ?thesis by (metis le_SucI le_Suc_eq) qed qed qed moreover have "n\i" proof (rule ccontr) assume "\ (n \ i)" hence "n < i" by arith thus False using assms by blast qed ultimately obtain i' where "i'\n" and "P i'" and "\n'\n. P n' \ n' \ i'" using assms by blast with assms have "\n'. P n' \ n' \ i'" using not_le_imp_less by blast with \i' \ n\ and \P i'\ show ?thesis by auto qed subsection "Extended Natural Numbers" text \ We provide one simple property for the \emph{strict} order over extended natural numbers. \ lemma enat_min: assumes "m \ enat n'" and "enat n < m - enat n'" shows "enat n + enat n' < m" using assms by (metis add.commute enat.simps(3) enat_add_mono enat_add_sub_same le_iff_add) subsection "Lazy Lists" text \ In the following we provide some additional notation and properties for lazy lists. \ notation LNil ("[]\<^sub>l") notation LCons (infixl "#\<^sub>l" 60) notation lappend (infixl "@\<^sub>l" 60) lemma lnth_lappend[simp]: assumes "lfinite xs" and "\ lnull ys" shows "lnth (xs @\<^sub>l ys) (the_enat (llength xs)) = lhd ys" proof - from assms have "\k. llength xs = enat k" using lfinite_conv_llength_enat by auto then obtain k where "llength xs = enat k" by blast hence "lnth (xs @\<^sub>l ys) (the_enat (llength xs)) = lnth ys 0" using lnth_lappend2[of xs k k ys] by simp with assms show ?thesis using lnth_0_conv_lhd by simp qed lemma lfilter_ltake: assumes "\(n::nat)\llength xs. n\i \ (\ P (lnth xs n))" shows "lfilter P xs = lfilter P (ltake i xs)" proof - have "lfilter P xs = lfilter P ((ltake i xs) @\<^sub>l (ldrop i xs))" using lappend_ltake_ldrop[of "(enat i)" xs] by simp hence "lfilter P xs = (lfilter P ((ltake i) xs)) @\<^sub>l (lfilter P (ldrop i xs))" by simp show ?thesis proof cases assume "enat i \ llength xs" have "\x P (lnth (ldrop i xs) x)" proof (rule allI) fix x show "enat x < llength (ldrop (enat i) xs) \ \ P (lnth (ldrop (enat i) xs) x)" proof assume "enat x < llength (ldrop (enat i) xs)" moreover have "llength (ldrop (enat i) xs) = llength xs - enat i" using llength_ldrop[of "enat i"] by simp ultimately have "enat x < llength xs - enat i" by simp with \enat i \ llength xs\ have "enat x + enat i < llength xs" using enat_min[of i "llength xs" x] by simp moreover have "enat i + enat x = enat x + enat i" by simp ultimately have "enat i + enat x < llength xs" by arith hence "i + x < llength xs" by simp hence "lnth (ldrop i xs) x = lnth xs (x + the_enat i)" using lnth_ldrop[of "enat i" "x" xs] by simp moreover have "x + i \ i" by simp with assms \i + x < llength xs\ have "\ P (lnth xs (x + the_enat i))" by (simp add: assms(1) add.commute) ultimately show "\ P (lnth (ldrop i xs) x)" using assms by simp qed qed hence "lfilter P (ldrop i xs) = []\<^sub>l" by (metis diverge_lfilter_LNil in_lset_conv_lnth) with \lfilter P xs = (lfilter P ((ltake i) xs)) @\<^sub>l (lfilter P (ldrop i xs))\ show "lfilter P xs = lfilter P (ltake i xs)" by simp next assume "\ enat i \ llength xs" hence "enat i > llength xs" by simp hence "ldrop i xs = []\<^sub>l" by simp hence "lfilter P (ldrop i xs) = []\<^sub>l" using lfilter_LNil[of P] by arith with \lfilter P xs = (lfilter P ((ltake i) xs)) @\<^sub>l (lfilter P (ldrop i xs))\ show "lfilter P xs = lfilter P (ltake i xs)" by simp qed qed lemma lfilter_lfinite[simp]: assumes "lfinite (lfilter P t)" and "\ lfinite t" shows "\n. \n'>n. \ P (lnth t n')" proof - from assms have "finite {n. enat n < llength t \ P (lnth t n)}" using lfinite_lfilter by auto then obtain k where sset: "{n. enat n < llength t \ P (lnth t n)} \ {n. n enat n < llength t \ P (lnth t n)}" using finite_nat_bounded[of "{n. enat n < llength t \ P (lnth t n)}"] by auto show ?thesis proof (rule ccontr) assume "\(\n. \n'>n. \ P (lnth t n'))" hence "\n. \n'>n. P (lnth t n')" by simp then obtain n' where "n'>k" and "P (lnth t n')" by auto moreover from \\ lfinite t\ have "n' < llength t" by (simp add: not_lfinite_llength) ultimately have "n' \ {n. n enat n < llength t \ P (lnth t n)}" and "n'\{n. enat n < llength t \ P (lnth t n)}" by auto with sset show False by auto qed qed subsection "Specifying Dynamic Architectures" text \ In the following we formalize dynamic architectures in terms of configuration traces, i.e., sequences of architecture configurations. Moreover, we introduce definitions for operations to support the specification of configuration traces. \ typedecl cnf type_synonym trace = "nat \ cnf" consts arch:: "trace set" type_synonym cta = "trace \ nat \ bool" subsubsection "Implication" definition imp :: "cta \ cta \ cta" (infixl "\\<^sup>c" 10) where "\ \\<^sup>c \' \ \ t n. \ t n \ \' t n" declare imp_def[simp] lemma impI[intro!]: fixes t n assumes "\ t n \ \' t n" shows "(\ \\<^sup>c \') t n" using assms by simp lemma impE[elim!]: fixes t n assumes "(\ \\<^sup>c \') t n" and "\ t n" and "\' t n \ \'' t n" shows "\'' t n" using assms by simp subsubsection "Disjunction" definition disj :: "cta \ cta \ cta" (infixl "\\<^sup>c" 15) where "\ \\<^sup>c \' \ \ t n. \ t n \ \' t n" declare disj_def[simp] lemma disjI1[intro]: assumes "\ t n" shows "(\ \\<^sup>c \') t n" using assms by simp lemma disjI2[intro]: assumes "\' t n" shows "(\ \\<^sup>c \') t n" using assms by simp lemma disjE[elim!]: assumes "(\ \\<^sup>c \') t n" and "\ t n \ \'' t n" and "\' t n \ \'' t n" shows "\'' t n" using assms by auto subsubsection "Conjunction" definition conj :: "cta \ cta \ cta" (infixl "\\<^sup>c" 20) where "\ \\<^sup>c \' \ \ t n. \ t n \ \' t n" declare conj_def[simp] lemma conjI[intro!]: fixes n assumes "\ t n" and "\' t n" shows "(\ \\<^sup>c \') t n" using assms by simp lemma conjE[elim!]: fixes n assumes "(\ \\<^sup>c \') t n" and "\ t n \ \' t n \ \'' t n" shows "\'' t n" using assms by simp subsubsection "Negation" definition neg :: "cta \ cta" ("\\<^sup>c _" [19] 19) where "\\<^sup>c \ \ \ t n. \ \ t n" declare neg_def[simp] lemma negI[intro!]: assumes "\ t n \ False" shows "(\\<^sup>c \) t n" using assms by auto lemma negE[elim!]: assumes "(\\<^sup>c \) t n" and "\ t n" shows "\' t n" using assms by simp subsubsection "Quantifiers" definition all :: "('a \ cta) \ cta" (binder "\\<^sub>c" 10) where "all P \ \t n. (\y. (P y t n))" declare all_def[simp] lemma allI[intro!]: assumes "\x. \ x t n" shows "(\\<^sub>cx. \ x) t n" using assms by simp lemma allE[elim!]: fixes n assumes "(\\<^sub>cx. \ x) t n" and "\ x t n \ \' t n" shows "\' t n" using assms by simp definition ex :: "('a \ cta) \ cta" (binder "\\<^sub>c" 10) where "ex P \ \t n. (\y. (P y t n))" declare ex_def[simp] lemma exI[intro!]: assumes "\ x t n" shows "(\\<^sub>cx. \ x) t n" using assms HOL.exI by simp lemma exE[elim!]: assumes "(\\<^sub>cx. \ x) t n" and "\x. \ x t n \ \' t n" shows "\' t n" using assms HOL.exE by auto subsubsection "Atomic Assertions" text \ First we provide rules for basic behavior assertions. \ definition ca :: "(cnf \ bool) \ cta" where "ca \ \ \ t n. \ (t n)" lemma caI[intro]: fixes n assumes "\ (t n)" shows "(ca \) t n" using assms ca_def by simp lemma caE[elim]: fixes n assumes "(ca \) t n" shows "\ (t n)" using assms ca_def by simp subsubsection "Next Operator" definition nxt :: "cta \ cta" ("\\<^sub>c(_)" 24) where "\\<^sub>c(\) \ \(t::(nat \ cnf)) n. \ t (Suc n)" subsubsection "Eventually Operator" definition evt :: "cta \ cta" ("\\<^sub>c(_)" 23) where "\\<^sub>c(\) \ \(t::(nat \ cnf)) n. \n'\n. \ t n'" subsubsection "Globally Operator" definition glob :: "cta \ cta" ("\\<^sub>c(_)" 22) where "\\<^sub>c(\) \ \(t::(nat \ cnf)) n. \n'\n. \ t n'" lemma globI[intro!]: fixes n' assumes "\n\n'. \ t n" shows "(\\<^sub>c(\)) t n'" using assms glob_def by simp lemma globE[elim!]: fixes n n' assumes "(\\<^sub>c(\)) t n" and "n'\n" shows "\ t n'" using assms glob_def by simp subsubsection "Until Operator" definition until :: "cta \ cta \ cta" (infixl "\\<^sub>c" 21) where "\' \\<^sub>c \ \ \(t::(nat \ cnf)) n. \n''\n. \ t n'' \ (\n'\n. n' < n'' \ \' t n')" lemma untilI[intro]: fixes n assumes "\n''\n. \ t n'' \ (\n'\n. n' \' t n')" shows "(\' \\<^sub>c \) t n" using assms until_def by simp lemma untilE[elim]: fixes n assumes "(\' \\<^sub>c \) t n" shows "\n''\n. \ t n'' \ (\n'\n. n' \' t n')" using assms until_def by simp subsubsection "Weak Until" definition wuntil :: "cta \ cta \ cta" (infixl "\\<^sub>c" 20) where "\' \\<^sub>c \ \ \' \\<^sub>c \ \\<^sup>c \\<^sub>c(\')" lemma wUntilI[intro]: fixes n assumes "(\n''\n. \ t n'' \ (\n'\n. n' \' t n')) \ (\n'\n. \' t n')" shows "(\' \\<^sub>c \) t n" using assms wuntil_def by auto lemma wUntilE[elim]: fixes n n' assumes "(\' \\<^sub>c \) t n" shows "(\n''\n. \ t n'' \ (\n'\n. n' \' t n')) \ (\n'\n. \' t n')" proof - from assms have "(\' \\<^sub>c \ \\<^sup>c \\<^sub>c(\')) t n" using wuntil_def by simp hence "(\' \\<^sub>c \) t n \ (\\<^sub>c(\')) t n" by simp thus ?thesis proof assume "(\' \\<^sub>c \) t n" hence "\n''\n. \ t n'' \ (\n'\n. n' < n'' \ \' t n')" by auto thus ?thesis by auto next assume "(\\<^sub>c\') t n" hence "\n'\n. \' t n'" by auto thus ?thesis by auto qed qed lemma wUntil_Glob: assumes "(\' \\<^sub>c \) t n" and "(\\<^sub>c(\' \\<^sup>c \'')) t n" shows "(\'' \\<^sub>c \) t n" proof from assms(1) have "(\n''\n. \ t n'' \ (\n'\n. n' < n'' \ \' t n')) \ (\n'\n. \' t n')" using wUntilE by simp thus "(\n''\n. \ t n'' \ (\n'\n. n' < n'' \ \'' t n')) \ (\n'\n. \'' t n')" proof assume "\n''\n. \ t n'' \ (\n'\n. n' < n'' \ \' t n')" show "(\n''\n. \ t n'' \ (\n'\n. n' < n'' \ \'' t n')) \ (\n'\n. \'' t n')" proof - from \\n''\n. \ t n'' \ (\n'\n. n' < n'' \ \' t n')\ obtain n'' where "n''\n" and "\ t n''" and a1: "\n'\n. n' < n'' \ \' t n'" by auto moreover have "\n'\n. n' < n'' \ \'' t n'" proof fix n' show "n'\n \ n'< n'' \ \'' t n'" proof (rule HOL.impI[OF HOL.impI]) assume "n'\n" and "n'' \\<^sup>c \'') t n'" using globE by simp hence "\' t n' \ \'' t n'" using impE by auto moreover from a1 \n'\n\ \n' have "\' t n'" by simp ultimately show "\'' t n'" by simp qed qed ultimately show ?thesis by auto qed next assume a1: "\n'\n. \' t n'" have "\n'\n. \'' t n'" proof fix n' show "n'\n \ \'' t n'" proof assume "n'\n" with assms(2) have "(\' \\<^sup>c \'') t n'" using globE by simp hence "\' t n' \ \'' t n'" using impE by auto moreover from a1 \n'\n\ have "\' t n'" by simp ultimately show "\'' t n'" by simp qed qed thus "(\n''\n. \ t n'' \ (\n'\n. n' < n'' \ \'' t n')) \ (\n'\n. \'' t n')" by simp qed qed subsection "Dynamic Components" text \ To support the specification of patterns over dynamic architectures we provide a locale for dynamic components. It takes the following type parameters: \begin{itemize} \item id: a type for component identifiers \item cmp: a type for components \item cnf: a type for architecture configurations \end{itemize} \ locale dynamic_component = fixes tCMP :: "'id \ cnf \ 'cmp" ("\\<^bsub>_\<^esub>(_)" [0,110]60) and active :: "'id \ cnf \ bool" ("\_\\<^bsub>_\<^esub>" [0,110]60) begin text \ The locale requires two parameters: \begin{itemize} \item @{term tCMP} is an operator to obtain a component with a certain identifier from an architecture configuration. \item @{term active} is a predicate to assert whether a certain component is activated within an architecture configuration. \end{itemize} \ text \ The locale provides some general properties about its parameters and introduces six important operators over configuration traces: \begin{itemize} \item An operator to extract the behavior of a certain component out of a given configuration trace. \item An operator to obtain the number of activations of a certain component within a given configuration trace. \item An operator to obtain the least point in time (before a certain point in time) from which on a certain component is not activated anymore. \item An operator to obtain the latest point in time where a certain component was activated. \item Two operators to map time-points between configuration traces and behavior traces. \end{itemize} Moreover, the locale provides several properties about the operators and their relationships. \ lemma nact_active: fixes t::"nat \ cnf" and n::nat and n'' and id assumes "\id\\<^bsub>t n\<^esub>" and "n'' \ n" and "\ (\n'\n. n' < n'' \ \id\\<^bsub>t n'\<^esub>)" shows "n=n''" using assms le_eq_less_or_eq by auto lemma nact_exists: fixes t::"nat \ cnf" assumes "\i\n. \c\\<^bsub>t i\<^esub>" shows "\i\n. \c\\<^bsub>t i\<^esub> \ (\k. n\k \ k \c\\<^bsub>t k\<^esub>)" proof - let ?L = "LEAST i. (i\n \ \c\\<^bsub>t i\<^esub>)" from assms have "?L\n \ \c\\<^bsub>t ?L\<^esub>" using LeastI[of "\x::nat. (x\n \ \c\\<^bsub>t x\<^esub>)"] by auto moreover have "\k. n\k \ k \c\\<^bsub>t k\<^esub>" using not_less_Least by auto ultimately show ?thesis by blast qed lemma lActive_least: assumes "\i\n. i < llength t \ \c\\<^bsub>lnth t i\<^esub>" shows "\i\n. (i < llength t \ \c\\<^bsub>lnth t i\<^esub> \ (\k. n\k \ k k \c\\<^bsub>lnth t k\<^esub>))" proof - let ?L = "LEAST i. (i\n \ i < llength t \ \c\\<^bsub>lnth t i\<^esub>)" from assms have "?L\n \ ?L < llength t \ \c\\<^bsub>lnth t ?L\<^esub>" using LeastI[of "\x::nat.(x\n \ x \c\\<^bsub>lnth t x\<^esub>)"] by auto moreover have "\k. n\k \ k k \c\\<^bsub>lnth t k\<^esub>" using not_less_Least by auto ultimately show ?thesis by blast qed subsection "Projection" text \ In the following we introduce an operator which extracts the behavior of a certain component out of a given configuration trace. \ definition proj:: "'id \ (cnf llist) \ ('cmp llist)" ("\\<^bsub>_\<^esub>(_)" [0,110]60) where "proj c = lmap (\cnf. (\\<^bsub>c\<^esub>(cnf))) \ (lfilter (active c))" lemma proj_lnil [simp,intro]: "\\<^bsub>c\<^esub>([]\<^sub>l) = []\<^sub>l" using proj_def by simp lemma proj_lnull [simp]: "\\<^bsub>c\<^esub>(t) = []\<^sub>l \ (\k \ lset t. \ \c\\<^bsub>k\<^esub>)" proof assume "\\<^bsub>c\<^esub>(t) = []\<^sub>l" hence "lfilter (active c) t = []\<^sub>l" using proj_def lmap_eq_LNil by auto thus "\k \ lset t. \ \c\\<^bsub>k\<^esub>" using lfilter_eq_LNil[of "active c"] by simp next assume "\k\lset t. \ \c\\<^bsub>k\<^esub>" hence "lfilter (active c) t = []\<^sub>l" by simp thus "\\<^bsub>c\<^esub>(t) = []\<^sub>l" using proj_def by simp qed lemma proj_LCons [simp]: "\\<^bsub>i\<^esub>(x #\<^sub>l xs) = (if \i\\<^bsub>x\<^esub> then (\\<^bsub>i\<^esub>(x)) #\<^sub>l (\\<^bsub>i\<^esub>(xs)) else \\<^bsub>i\<^esub>(xs))" using proj_def by simp lemma proj_llength[simp]: "llength (\\<^bsub>c\<^esub>(t)) \ llength t" using llength_lfilter_ile proj_def by simp lemma proj_ltake: assumes "\(n'::nat)\llength t. n'\n \ (\ \c\\<^bsub>lnth t n'\<^esub>)" shows "\\<^bsub>c\<^esub>(t) = \\<^bsub>c\<^esub>(ltake n t)" using lfilter_ltake proj_def assms by (metis comp_apply) lemma proj_finite_bound: assumes "lfinite (\\<^bsub>c\<^esub>(inf_llist t))" shows "\n. \n'>n. \ \c\\<^bsub>t n'\<^esub>" using assms lfilter_lfinite[of "active c" "inf_llist t"] proj_def by simp subsubsection "Monotonicity and Continuity" lemma proj_mcont: shows "mcont lSup lprefix lSup lprefix (proj c)" proof - have "mcont lSup lprefix lSup lprefix (\x. lmap (\cnf. \\<^bsub>c\<^esub>(cnf)) (lfilter (active c) x))" by simp moreover have "(\x. lmap (\cnf. \\<^bsub>c\<^esub>(cnf)) (lfilter (active c) x)) = lmap (\cnf. \\<^bsub>c\<^esub>(cnf)) \ lfilter (active c)" by auto ultimately show ?thesis using proj_def by simp qed lemma proj_mcont2mcont: assumes "mcont lub ord lSup lprefix f" shows "mcont lub ord lSup lprefix (\x. \\<^bsub>c\<^esub>(f x))" proof - have "mcont lSup lprefix lSup lprefix (proj c)" using proj_mcont by simp with assms show ?thesis using llist.mcont2mcont[of lSup lprefix "proj c"] by simp qed lemma proj_mono_prefix[simp]: assumes "lprefix t t'" shows "lprefix (\\<^bsub>c\<^esub>(t)) (\\<^bsub>c\<^esub>(t'))" proof - from assms have "lprefix (lfilter (active c) t) (lfilter (active c) t')" using lprefix_lfilterI by simp hence "lprefix (lmap (\cnf. \\<^bsub>c\<^esub>(cnf)) (lfilter (active c) t)) (lmap (\cnf. \\<^bsub>c\<^esub>(cnf)) (lfilter (active c) t'))" using lmap_lprefix by simp thus ?thesis using proj_def by simp qed subsubsection "Finiteness" lemma proj_finite[simp]: assumes "lfinite t" shows "lfinite (\\<^bsub>c\<^esub>(t))" using assms proj_def by simp lemma proj_finite2: assumes "\(n'::nat)\llength t. n'\n \ (\ \c\\<^bsub>lnth t n'\<^esub>)" shows "lfinite (\\<^bsub>c\<^esub>(t))" using assms proj_ltake proj_finite by simp lemma proj_append_lfinite[simp]: fixes t t' assumes "lfinite t" shows "\\<^bsub>c\<^esub>(t @\<^sub>l t') = (\\<^bsub>c\<^esub>(t)) @\<^sub>l (\\<^bsub>c\<^esub>(t'))" (is "?lhs=?rhs") proof - have "?lhs = (lmap (\cnf. \\<^bsub>c\<^esub>(cnf)) \ (lfilter (active c))) (t @\<^sub>l t')" using proj_def by simp also have "\ = lmap (\cnf. \\<^bsub>c\<^esub>(cnf)) (lfilter (active c) (t @\<^sub>l t'))" by simp also from assms have "\ = lmap (\cnf. \\<^bsub>c\<^esub>(cnf)) ((lfilter (active c) t) @\<^sub>l (lfilter (active c) t'))" by simp also have "\ = (@\<^sub>l) (lmap (\cnf. \\<^bsub>c\<^esub>(cnf)) (lfilter (active c) t)) (lmap (\cnf. \\<^bsub>c\<^esub>(cnf)) (lfilter (active c) t'))" using lmap_lappend_distrib by simp also have "\ = ?rhs" using proj_def by simp finally show ?thesis . qed lemma proj_one: assumes "\i. i < llength t \ \c\\<^bsub>lnth t i\<^esub>" shows "llength (\\<^bsub>c\<^esub>(t)) \ 1" proof - from assms have "\x\lset t. \c\\<^bsub>x\<^esub>" using lset_conv_lnth by force hence "\ lfilter (\k. \c\\<^bsub>k\<^esub>) t = []\<^sub>l" using lfilter_eq_LNil[of "(\k. \c\\<^bsub>k\<^esub>)"] by blast hence "\ \\<^bsub>c\<^esub>(t) = []\<^sub>l" using proj_def by fastforce thus ?thesis by (simp add: ileI1 lnull_def one_eSuc) qed subsubsection "Projection not Active" lemma proj_not_active[simp]: assumes "enat n < llength t" and "\ \c\\<^bsub>lnth t n\<^esub>" shows "\\<^bsub>c\<^esub>(ltake (Suc n) t) = \\<^bsub>c\<^esub>(ltake n t)" (is "?lhs = ?rhs") proof - from assms have "ltake (enat (Suc n)) t = (ltake (enat n) t) @\<^sub>l ((lnth t n) #\<^sub>l []\<^sub>l)" using ltake_Suc_conv_snoc_lnth by blast hence "?lhs = \\<^bsub>c\<^esub>((ltake (enat n) t) @\<^sub>l ((lnth t n) #\<^sub>l []\<^sub>l))" by simp moreover have "\ = (\\<^bsub>c\<^esub>(ltake (enat n) t)) @\<^sub>l (\\<^bsub>c\<^esub>((lnth t n) #\<^sub>l []\<^sub>l))" by simp moreover from assms have "\\<^bsub>c\<^esub>((lnth t n) #\<^sub>l []\<^sub>l) = []\<^sub>l" by simp ultimately show ?thesis by simp qed lemma proj_not_active_same: assumes "enat n \ (n'::enat)" and "\ lfinite t \ n'-1 < llength t" and "\k. k\n \ k k < llength t \ \c\\<^bsub>lnth t k\<^esub>" shows "\\<^bsub>c\<^esub>(ltake n' t) = \\<^bsub>c\<^esub>(ltake n t)" proof - have "\\<^bsub>c\<^esub>(ltake (n + (n' - n)) t) = \\<^bsub>c\<^esub>((ltake n t) @\<^sub>l (ltake (n'-n) (ldrop n t)))" by (simp add: ltake_plus_conv_lappend) hence "\\<^bsub>c\<^esub>(ltake (n + (n' - n)) t) = (\\<^bsub>c\<^esub>(ltake n t)) @\<^sub>l (\\<^bsub>c\<^esub>(ltake (n'-n) (ldrop n t)))" by simp moreover have "\\<^bsub>c\<^esub>(ltake (n'-n) (ldrop n t)) = []\<^sub>l" proof - have "\k\{lnth (ltake (n' - enat n) (ldrop (enat n) t)) na | na. enat na < llength (ltake (n' - enat n) (ldrop (enat n) t))}. \ \c\\<^bsub>k\<^esub>" proof fix k assume "k\{lnth (ltake (n' - enat n) (ldrop (enat n) t)) na | na. enat na < llength (ltake (n' - enat n) (ldrop (enat n) t))}" then obtain k' where "enat k' < llength (ltake (n' - enat n) (ldrop (enat n) t))" and "k=lnth (ltake (n' - enat n) (ldrop (enat n) t)) k'" by auto have "enat (k' + n) < llength t" proof - from \enat k' < llength (ltake (n' - enat n) (ldrop (enat n) t))\ have "enat k' < n'-n" by simp hence "enat k' + n < n'" using assms(1) enat_min by auto show ?thesis proof cases assume "lfinite t" with \\ lfinite t \ n'-1 < llength t\ have "n'-1 llength t" using eSuc_ile_mono ileI1 by blast with \enat k' + n < n'\ show ?thesis by (simp add: add.commute) next assume "\ lfinite t" hence "llength t = \" using not_lfinite_llength by auto thus ?thesis by simp qed qed moreover have "k = lnth t (k' + n)" proof - from \enat k' < llength (ltake (n' - enat n) (ldrop (enat n) t))\ have "enat k'enat (k' + n) < llength t\ show ?thesis using lnth_ldrop[of n k' t ] using \k = lnth (ltake (n' - enat n) (ldrop (enat n) t)) k'\ by (simp add: add.commute) qed moreover from \enat n \ (n'::enat)\ have "k' + the_enat n\n" by auto moreover from \enat k' < llength (ltake (n' - enat n) (ldrop (enat n) t))\ have "k' + n \c\\<^bsub>k\<^esub>" using \\k. k\n \ k k < llength t \ \c\\<^bsub>lnth t k\<^esub>\ by simp qed hence "\k\lset (ltake (n'-n) (ldrop n t)). \ \c\\<^bsub>k\<^esub>" using lset_conv_lnth[of "(ltake (n' - enat n) (ldrop (enat n) t))"] by simp thus ?thesis using proj_lnull by auto qed moreover from assms have "n + (n' - n) = n'" by (meson enat.distinct(1) enat_add_sub_same enat_diff_cancel_left enat_le_plus_same(1) less_imp_le) ultimately show ?thesis by simp qed subsubsection "Projection Active" lemma proj_active[simp]: assumes "enat i < llength t" "\c\\<^bsub>lnth t i\<^esub>" shows "\\<^bsub>c\<^esub>(ltake (Suc i) t) = (\\<^bsub>c\<^esub>(ltake i t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)" (is "?lhs = ?rhs") proof - from assms have "ltake (enat (Suc i)) t = (ltake (enat i) t) @\<^sub>l ((lnth t i) #\<^sub>l []\<^sub>l)" using ltake_Suc_conv_snoc_lnth by blast hence "?lhs = \\<^bsub>c\<^esub>((ltake (enat i) t) @\<^sub>l ((lnth t i) #\<^sub>l []\<^sub>l))" by simp moreover have "\ = (\\<^bsub>c\<^esub>(ltake (enat i) t)) @\<^sub>l (\\<^bsub>c\<^esub>((lnth t i) #\<^sub>l []\<^sub>l))" by simp moreover from assms have "\\<^bsub>c\<^esub>((lnth t i) #\<^sub>l []\<^sub>l) = (\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l" by simp ultimately show ?thesis by simp qed lemma proj_active_append: assumes a1: "(n::nat) \ i" and a2: "enat i < (n'::enat)" and a3: "\ lfinite t \ n'-1 < llength t" and a4: "\c\\<^bsub>lnth t i\<^esub>" and "\i'. (n \ i' \ enat i' i' < llength t \ \c\\<^bsub>lnth t i'\<^esub>) \ (i' = i)" shows "\\<^bsub>c\<^esub>(ltake n' t) = (\\<^bsub>c\<^esub>(ltake n t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)" (is "?lhs = ?rhs") proof - have "?lhs = \\<^bsub>c\<^esub>(ltake (Suc i) t)" proof - from a2 have "Suc i \ n'" by (simp add: Suc_ile_eq) moreover from a3 have "\ lfinite t \ n'-1 < llength t" by simp moreover have "\k. enat k\enat (Suc i) \ k k < llength t \ \c\\<^bsub>lnth t k\<^esub>" proof assume "\k. enat k\enat (Suc i) \ k k < llength t \ \c\\<^bsub>lnth t k\<^esub>" then obtain k where "enat k\enat (Suc i)" and "kc\\<^bsub>lnth t k\<^esub>" by blast moreover from \enat k\enat (Suc i)\ have "enat k\n" using assms by (meson dual_order.trans enat_ord_simps(1) le_SucI) ultimately have "enat k=enat i" using assms using enat_ord_simps(1) by blast with \enat k\enat (Suc i)\ show False by simp qed ultimately show ?thesis using proj_not_active_same[of "Suc i" n' t c] by simp qed also have "\ = (\\<^bsub>c\<^esub>(ltake i t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)" proof - have "i < llength t" proof cases assume "lfinite t" with a3 have "n'-1 < llength t" by simp hence "n' \ llength t" by (metis eSuc_minus_1 enat_minus_mono1 ileI1 not_le) with a2 show "enat i < llength t" by simp next assume "\ lfinite t" thus ?thesis by (metis enat_ord_code(4) llength_eq_infty_conv_lfinite) qed with a4 show ?thesis by simp qed also have "\ = ?rhs" proof - from a1 have "enat n \ enat i" by simp moreover from a2 a3 have "\ lfinite t \ enat i-1 < llength t" using enat_minus_mono1 less_imp_le order.strict_trans1 by blast moreover have "\k. k\n \ enat k enat k < llength t \ \c\\<^bsub>lnth t k\<^esub>" proof assume "\k. k\n \ enat k enat k < llength t \ \c\\<^bsub>lnth t k\<^esub>" then obtain k where "k\n" and "enat kc\\<^bsub>lnth t k\<^esub>" by blast moreover from \enat k have "enat kenat k show False by simp qed ultimately show ?thesis using proj_not_active_same[of n i t c] by simp qed finally show ?thesis by simp qed subsubsection "Same and not Same" lemma proj_same_not_active: assumes "n \ n'" and "enat (n'-1) < llength t" and "\\<^bsub>c\<^esub>(ltake n' t) = \\<^bsub>c\<^esub>(ltake n t)" shows "\k. k\n \ k \c\\<^bsub>lnth t k\<^esub>" proof assume "\k. k\n \ k \c\\<^bsub>lnth t k\<^esub>" then obtain i where "i\n" and "ic\\<^bsub>lnth t i\<^esub>" by blast moreover from \enat (n'-1) and \i have "i\<^bsub>c\<^esub>(ltake (Suc i) t) = (\\<^bsub>c\<^esub>(ltake i t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)" by simp moreover from \i have "Suc i \ n'" by simp hence "lprefix(\\<^bsub>c\<^esub>(ltake (Suc i) t)) (\\<^bsub>c\<^esub>(ltake n' t))" by simp then obtain "tl" where "\\<^bsub>c\<^esub>(ltake n' t) = (\\<^bsub>c\<^esub>(ltake (Suc i) t)) @\<^sub>l tl" using lprefix_conv_lappend by auto moreover from \n\i\ have "lprefix(\\<^bsub>c\<^esub>(ltake n t)) (\\<^bsub>c\<^esub>(ltake i t))" by simp hence "lprefix(\\<^bsub>c\<^esub>(ltake n t)) (\\<^bsub>c\<^esub>(ltake i t))" by simp then obtain "hd" where "\\<^bsub>c\<^esub>(ltake i t) = (\\<^bsub>c\<^esub>(ltake n t)) @\<^sub>l hd" using lprefix_conv_lappend by auto ultimately have "\\<^bsub>c\<^esub>(ltake n' t) = (((\\<^bsub>c\<^esub>(ltake n t)) @\<^sub>l hd) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)) @\<^sub>l tl" by simp also have "\ = ((\\<^bsub>c\<^esub>(ltake n t)) @\<^sub>l hd) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l tl)" using lappend_snocL1_conv_LCons2[of "(\\<^bsub>c\<^esub>(ltake n t)) @\<^sub>l hd" "\\<^bsub>c\<^esub>(lnth t i)"] by simp also have "\ = (\\<^bsub>c\<^esub>(ltake n t)) @\<^sub>l (hd @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l tl))" using lappend_assoc by auto also have "\\<^bsub>c\<^esub>(ltake n' t) = (\\<^bsub>c\<^esub>(ltake n' t)) @\<^sub>l []\<^sub>l" by simp finally have "(\\<^bsub>c\<^esub>(ltake n' t)) @\<^sub>l []\<^sub>l = (\\<^bsub>c\<^esub>(ltake n t)) @\<^sub>l (hd @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l tl))" . moreover from assms(3) have "llength (\\<^bsub>c\<^esub>(ltake n' t)) = llength (\\<^bsub>c\<^esub>(ltake n t))" by simp ultimately have "lfinite (\\<^bsub>c\<^esub>(ltake n' t)) \ []\<^sub>l = hd @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l tl)" using assms(3) lappend_eq_lappend_conv[of "\\<^bsub>c\<^esub>(ltake n' t)" "\\<^bsub>c\<^esub>(ltake n t)" "[]\<^sub>l"] by simp moreover have "lfinite (\\<^bsub>c\<^esub>(ltake n' t))" by simp ultimately have "[]\<^sub>l = hd @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l tl)" by simp hence "(\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l tl = []\<^sub>l" using LNil_eq_lappend_iff by auto thus False by simp qed lemma proj_not_same_active: assumes "enat n \ (n'::enat)" and "(\ lfinite t) \ n'-1 < llength t" and "\(\\<^bsub>c\<^esub>(ltake n' t) = \\<^bsub>c\<^esub>(ltake n t))" shows "\k. k\n \ k enat k < llength t \ \c\\<^bsub>lnth t k\<^esub>" proof (rule ccontr) assume "\(\k. k\n \ k enat k < llength t \ \c\\<^bsub>lnth t k\<^esub>)" have "\\<^bsub>c\<^esub>(ltake n' t) = \\<^bsub>c\<^esub>(ltake (enat n) t)" proof cases assume "lfinite t" hence "llength t\\" by (simp add: lfinite_llength_enat) hence "enat (the_enat (llength t)) = llength t" by auto with assms \\ (\k\n. k < n' \ enat k < llength t \ \c\\<^bsub>lnth t k\<^esub>)\ show ?thesis using proj_not_active_same[of n n' t c] by simp next assume "\ lfinite t" with assms \\ (\k\n. k < n' \ enat k < llength t \ \c\\<^bsub>lnth t k\<^esub>)\ show ?thesis using proj_not_active_same[of n n' t c] by simp qed with assms show False by simp qed subsection "Activations" text \ We also introduce an operator to obtain the number of activations of a certain component within a given configuration trace. \ definition nAct :: "'id \ enat \ (cnf llist) \ enat" ("\_ #\<^bsub>_\<^esub>_\") where "\c #\<^bsub>n\<^esub> t\ \ llength (\\<^bsub>c\<^esub>(ltake n t))" lemma nAct_0[simp]: "\c #\<^bsub>0\<^esub> t\ = 0" by (simp add: nAct_def) lemma nAct_NIL[simp]: "\c #\<^bsub>n\<^esub> []\<^sub>l\ = 0" by (simp add: nAct_def) lemma nAct_Null: assumes "llength t \ n" and "\c #\<^bsub>n\<^esub> t\ = 0" shows "\i \c\\<^bsub>lnth t i\<^esub>" proof - from assms have "lnull (\\<^bsub>c\<^esub>(ltake n t))" using nAct_def lnull_def by simp hence "\\<^bsub>c\<^esub>(ltake n t) = []\<^sub>l" using lnull_def by blast hence "(\k\lset (ltake n t). \ \c\\<^bsub>k\<^esub>)" by simp show ?thesis proof (rule ccontr) assume "\ (\i \c\\<^bsub>lnth t i\<^esub>)" then obtain i where "ic\\<^bsub>lnth t i\<^esub>" by blast moreover have "enat i < llength (ltake n t) \ lnth (ltake n t) i = (lnth t i)" proof from \llength t \ n\ have "n = min n (llength t)" using min.orderE by auto hence "llength (ltake n t) = n" by simp with \i show "enat i < llength (ltake n t)" by auto from \i show "lnth (ltake n t) i = (lnth t i)" using lnth_ltake by auto qed hence "(lnth t i \ lset (ltake n t))" using in_lset_conv_lnth[of "lnth t i" "ltake n t"] by blast ultimately show False using \(\k\lset (ltake n t). \ \c\\<^bsub>k\<^esub>)\ by simp qed qed lemma nAct_ge_one[simp]: assumes "llength t \ n" and "i < n" and "\c\\<^bsub>lnth t i\<^esub>" shows "\c #\<^bsub>n\<^esub> t\ \ enat 1" proof (rule ccontr) assume "\ (\c #\<^bsub>n\<^esub> t\ \ enat 1)" hence "\c #\<^bsub>n\<^esub> t\ < enat 1" by simp hence "\c #\<^bsub>n\<^esub> t\ < 1" using enat_1 by simp hence "\c #\<^bsub>n\<^esub> t\ = 0" using Suc_ile_eq \\ enat 1 \ \c #\<^bsub>n\<^esub> t\\ zero_enat_def by auto with \llength t \ n\ have "\i \c\\<^bsub>lnth t i\<^esub>" using nAct_Null by simp with assms show False by simp qed lemma nAct_finite[simp]: assumes "n \ \" shows "\n'. \c #\<^bsub>n\<^esub> t\ = enat n'" proof - from assms have "lfinite (ltake n t)" by simp hence "lfinite (\\<^bsub>c\<^esub>(ltake n t))" by simp hence "\n'. llength (\\<^bsub>c\<^esub>(ltake n t)) = enat n'" using lfinite_llength_enat[of "\\<^bsub>c\<^esub>(ltake n t)"] by simp thus ?thesis using nAct_def by simp qed lemma nAct_enat_the_nat[simp]: assumes "n \ \" shows "enat (the_enat (\c #\<^bsub>n\<^esub> t\)) = \c #\<^bsub>n\<^esub> t\" proof - from assms have "\c #\<^bsub>n\<^esub> t\ \ \" by simp thus ?thesis using enat_the_enat by simp qed subsubsection "Monotonicity and Continuity" lemma nAct_mcont: shows "mcont lSup lprefix Sup (\) (nAct c n)" proof - have "mcont lSup lprefix lSup lprefix (ltake n)" by simp hence "mcont lSup lprefix lSup lprefix (\t. \\<^bsub>c\<^esub>(ltake n t))" using proj_mcont2mcont[of lSup lprefix "(ltake n)"] by simp hence "mcont lSup lprefix Sup (\) (\t. llength (\\<^bsub>c\<^esub>(ltake n t)))" by simp moreover have "nAct c n = (\t. llength (\\<^bsub>c\<^esub>(ltake n t)))" using nAct_def by auto ultimately show ?thesis by simp qed lemma nAct_mono: assumes "n \ n'" shows "\c #\<^bsub>n\<^esub> t\ \ \c #\<^bsub>n'\<^esub> t\" proof - from assms have "lprefix (ltake n t) (ltake n' t)" by simp hence "lprefix (\\<^bsub>c\<^esub>(ltake n t)) (\\<^bsub>c\<^esub>(ltake n' t))" by simp hence "llength (\\<^bsub>c\<^esub>(ltake n t)) \ llength (\\<^bsub>c\<^esub>(ltake n' t))" using lprefix_llength_le[of "(\\<^bsub>c\<^esub>(ltake n t))"] by simp thus ?thesis using nAct_def by simp qed lemma nAct_strict_mono_back: assumes "\c #\<^bsub>n\<^esub> t\ < \c #\<^bsub>n'\<^esub> t\" shows "n < n'" proof (rule ccontr) assume "\ nn'" by simp hence "\c #\<^bsub>n\<^esub> t\ \ \c #\<^bsub>n'\<^esub> t\" using nAct_mono by simp thus False using assms by simp qed subsubsection "Not Active" lemma nAct_not_active[simp]: fixes n::nat and n'::nat and t::"(cnf llist)" and c::'id assumes "enat i < llength t" and "\ \c\\<^bsub>lnth t i\<^esub>" shows "\c #\<^bsub>Suc i\<^esub> t\ = \c #\<^bsub>i\<^esub> t\" proof - from assms have "\\<^bsub>c\<^esub>(ltake (Suc i) t) = \\<^bsub>c\<^esub>(ltake i t)" by simp hence "llength (\\<^bsub>c\<^esub>(ltake (enat (Suc i)) t)) = llength (\\<^bsub>c\<^esub>(ltake i t))" by simp moreover have "llength (\\<^bsub>c\<^esub>(ltake i t)) \ \" using llength_eq_infty_conv_lfinite[of "\\<^bsub>c\<^esub>(ltake (enat i) t)"] by simp ultimately have "llength (\\<^bsub>c\<^esub>(ltake (Suc i) t)) = llength (\\<^bsub>c\<^esub>(ltake i t))" using the_enat_eSuc by simp with nAct_def show ?thesis by simp qed lemma nAct_not_active_same: assumes "enat n \ (n'::enat)" and "n'-1 < llength t" and "\k. enat k\n \ k \c\\<^bsub>lnth t k\<^esub>" shows "\c #\<^bsub>n'\<^esub> t\ = \c #\<^bsub>n\<^esub> t\" using assms proj_not_active_same nAct_def by simp subsubsection "Active" lemma nAct_active[simp]: fixes n::nat and n'::nat and t::"(cnf llist)" and c::'id assumes "enat i < llength t" and "\c\\<^bsub>lnth t i\<^esub>" shows "\c #\<^bsub>Suc i\<^esub> t\ = eSuc (\c #\<^bsub>i\<^esub> t\)" proof - from assms have "\\<^bsub>c\<^esub>(ltake (Suc i) t) = (\\<^bsub>c\<^esub>(ltake i t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)" by simp hence "llength (\\<^bsub>c\<^esub>(ltake (enat (Suc i)) t)) = eSuc (llength (\\<^bsub>c\<^esub>(ltake i t)))" using plus_1_eSuc one_eSuc by simp moreover have "llength (\\<^bsub>c\<^esub>(ltake i t)) \ \" using llength_eq_infty_conv_lfinite[of "\\<^bsub>c\<^esub>(ltake (enat i) t)"] by simp ultimately have "llength (\\<^bsub>c\<^esub>(ltake (Suc i) t)) = eSuc (llength (\\<^bsub>c\<^esub>(ltake i t)))" using the_enat_eSuc by simp with nAct_def show ?thesis by simp qed lemma nAct_active_suc: fixes n::nat and n'::enat and t::"(cnf llist)" and c::'id assumes "\ lfinite t \ n'-1 < llength t" and "n \ i" and "enat i < n'" and "\c\\<^bsub>lnth t i\<^esub>" and "\i'. (n \ i' \ enat i' i' < llength t \ \c\\<^bsub>lnth t i'\<^esub>) \ (i' = i)" shows "\c #\<^bsub>n'\<^esub> t\ = eSuc (\c #\<^bsub>n\<^esub> t\)" proof - from assms have "\\<^bsub>c\<^esub>(ltake n' t) = (\\<^bsub>c\<^esub>(ltake (enat n) t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)" using proj_active_append[of n i n' t c] by blast moreover have "llength ((\\<^bsub>c\<^esub>(ltake (enat n) t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)) = eSuc (llength (\\<^bsub>c\<^esub>(ltake (enat n) t)))" using one_eSuc eSuc_plus_1 by simp ultimately show ?thesis using nAct_def by simp qed lemma nAct_less: assumes "enat k < llength t" and "n \ k" and "k < (n'::enat)" and "\c\\<^bsub>lnth t k\<^esub>" shows "\c #\<^bsub>n\<^esub> t\ < \c #\<^bsub>n'\<^esub> t\" proof - have "\c #\<^bsub>k\<^esub> t\ \ \" by simp then obtain en where en_def: "\c #\<^bsub>k\<^esub> t\ = enat en" by blast moreover have "eSuc (enat en) \ \c #\<^bsub>n'\<^esub> t\" proof - from assms have "Suc k \ n'" using Suc_ile_eq by simp hence "\c #\<^bsub>Suc k\<^esub> t\ \ \c #\<^bsub>n'\<^esub> t\" using nAct_mono by simp moreover from assms have "\c #\<^bsub>Suc k\<^esub> t\ = eSuc (\c #\<^bsub>k\<^esub> t\)" by simp ultimately have "eSuc (\c #\<^bsub>k\<^esub> t\) \ \c #\<^bsub>n'\<^esub> t\" by simp thus ?thesis using en_def by simp qed moreover have "enat en < eSuc (enat en)" by simp ultimately have "enat en < \c #\<^bsub>n'\<^esub> t\" using less_le_trans[of "enat en" "eSuc (enat en)"] by simp moreover have "\c #\<^bsub>n\<^esub> t\ \ enat en" proof - from assms have "\c #\<^bsub>n\<^esub> t\ \ \c #\<^bsub>k\<^esub> t\" using nAct_mono by simp thus ?thesis using en_def by simp qed ultimately show ?thesis using le_less_trans[of "\c #\<^bsub>n\<^esub> t\"] by simp qed lemma nAct_less_active: assumes "n' - 1 < llength t" and "\c #\<^bsub>enat n\<^esub> t\ < \c #\<^bsub>n'\<^esub> t\" shows "\i\n. i \c\\<^bsub>lnth t i\<^esub>" proof (rule ccontr) assume "\ (\i\n. i \c\\<^bsub>lnth t i\<^esub>)" moreover have "enat n \ n'" using assms(2) less_imp_le nAct_strict_mono_back by blast ultimately have "\c #\<^bsub>n\<^esub> t\ = \c #\<^bsub>n'\<^esub> t\" using \n' - 1 < llength t\ nAct_not_active_same by simp thus False using assms by simp qed subsubsection "Same and Not Same" lemma nAct_same_not_active: assumes "\c #\<^bsub>n'\<^esub> inf_llist t\ = \c #\<^bsub>n\<^esub> inf_llist t\" shows "\k\n. k \ \c\\<^bsub>t k\<^esub>" proof (rule ccontr) assume "\(\k\n. k \ \c\\<^bsub>t k\<^esub>)" then obtain k where "k\n" and "kc\\<^bsub>t k\<^esub>" by blast hence "\c #\<^bsub>Suc k\<^esub> inf_llist t\ = eSuc (\c #\<^bsub>k\<^esub> inf_llist t\)" by simp moreover have "\c #\<^bsub>k\<^esub> inf_llist t\\\" by simp ultimately have "\c #\<^bsub>k\<^esub> inf_llist t\ < \c #\<^bsub>Suc k\<^esub> inf_llist t\" by fastforce moreover from \n\k\ have "\c #\<^bsub>n\<^esub> inf_llist t\ \ \c #\<^bsub>k\<^esub> inf_llist t\" using nAct_mono by simp moreover from \k have "Suc k \ n'" by (simp add: Suc_ile_eq) hence "\c #\<^bsub>Suc k\<^esub> inf_llist t\ \ \c #\<^bsub>n'\<^esub> inf_llist t\" using nAct_mono by simp ultimately show False using assms by simp qed lemma nAct_not_same_active: assumes "\c #\<^bsub>enat n\<^esub> t\ < \c #\<^bsub>n'\<^esub> t\" and "\ lfinite t \ n' - 1 < llength t" shows "\(i::nat)\n. enat i< n' \ i \c\\<^bsub>lnth t i\<^esub>" proof - from assms have "llength(\\<^bsub>c\<^esub>(ltake n t)) < llength (\\<^bsub>c\<^esub>(ltake n' t))" using nAct_def by simp hence "\\<^bsub>c\<^esub>(ltake n' t) \ \\<^bsub>c\<^esub>(ltake n t)" by auto moreover from assms have "enat n < n'" using nAct_strict_mono_back[of c "enat n" t n'] by simp ultimately show ?thesis using proj_not_same_active[of n n' t c] assms by simp qed lemma nAct_less_llength_active: assumes "x < llength (\\<^bsub>c\<^esub>(t))" and "enat x = \c #\<^bsub>enat n'\<^esub> t\" shows "\(i::nat)\n'. i \c\\<^bsub>lnth t i\<^esub>" proof - have "llength(\\<^bsub>c\<^esub>(ltake n' t)) < llength (\\<^bsub>c\<^esub>(t))" using assms(1) assms(2) nAct_def by auto hence "llength(\\<^bsub>c\<^esub>(ltake n' t)) < llength (\\<^bsub>c\<^esub>(ltake (llength t) t))" by (simp add: ltake_all) hence "\c #\<^bsub>enat n'\<^esub> t\ < \c #\<^bsub>llength t\<^esub> t\" using nAct_def by simp moreover have "\ lfinite t \ llength t - 1 < llength t" proof (rule Meson.imp_to_disjD[OF HOL.impI]) assume "lfinite t" hence "llength t \ \" by (simp add: llength_eq_infty_conv_lfinite) moreover have "llength t>0" proof - from \x < llength (\\<^bsub>c\<^esub>(t))\ have "llength (\\<^bsub>c\<^esub>(t))>0" by auto thus ?thesis using proj_llength Orderings.order_class.order.strict_trans2 by blast qed ultimately show "llength t - 1 < llength t" by (metis One_nat_def \lfinite t\ diff_Suc_less enat_ord_simps(2) idiff_enat_enat lfinite_conv_llength_enat one_enat_def zero_enat_def) qed ultimately show ?thesis using nAct_not_same_active[of c n' t "llength t"] by simp qed lemma nAct_exists: assumes "x < llength (\\<^bsub>c\<^esub>(t))" shows "\(n'::nat). enat x = \c #\<^bsub>n'\<^esub> t\" proof - have "x < llength (\\<^bsub>c\<^esub>(t)) \ (\(n'::nat). enat x = \c #\<^bsub>n'\<^esub> t\)" proof (induction x) case 0 thus ?case by (metis nAct_0 zero_enat_def) next case (Suc x) show ?case proof assume "Suc x < llength (\\<^bsub>c\<^esub>(t))" hence "x < llength (\\<^bsub>c\<^esub>(t))" using Suc_ile_eq less_imp_le by auto with Suc.IH obtain n' where "enat x = \c #\<^bsub>enat n'\<^esub> t\" by blast with \x < llength (\\<^bsub>c\<^esub>(t))\ have "\i\n'. i < llength t \ \c\\<^bsub>lnth t i\<^esub>" using nAct_less_llength_active[of x c t n'] by simp then obtain i where "i\n'" and "ic\\<^bsub>lnth t i\<^esub>" and "\k. n'\k \ k k \c\\<^bsub>lnth t k\<^esub>" using lActive_least[of n' t c] by auto moreover from \i have "\ lfinite t \ enat (Suc i) - 1 < llength t" by (simp add: one_enat_def) moreover have "enat i < enat (Suc i)" by simp moreover have "\i'. (n' \ i' \ enat i' i' \c\\<^bsub>lnth t i'\<^esub>) \ (i' = i)" proof (rule HOL.impI[THEN HOL.allI]) fix i' assume "n' \ i' \ enat i' i' \c\\<^bsub>lnth t i'\<^esub>" with \\k. n'\k \ k k \c\\<^bsub>lnth t k\<^esub>\ show "i'=i" by fastforce qed ultimately have "\c #\<^bsub>Suc i\<^esub> t\ = eSuc (\c #\<^bsub>n'\<^esub> t\)" using nAct_active_suc[of t "Suc i" n' i c] by simp with \enat x = \c #\<^bsub>enat n'\<^esub> t\\ have "\c #\<^bsub>Suc i\<^esub> t\ = eSuc (enat x)" by simp thus "\n'. enat (Suc x) = \c #\<^bsub>enat n'\<^esub> t\" by (metis eSuc_enat) qed qed with assms show ?thesis by simp qed subsection "Projection and Activation" text \ In the following we provide some properties about the relationship between the projection and activations operator. \ lemma nAct_le_proj: "\c #\<^bsub>n\<^esub> t\ \ llength (\\<^bsub>c\<^esub>(t))" proof - from nAct_def have "\c #\<^bsub>n\<^esub> t\ = llength (\\<^bsub>c\<^esub>(ltake n t))" by simp moreover have "llength (\\<^bsub>c\<^esub>(ltake n t)) \ llength (\\<^bsub>c\<^esub>(t))" proof - have "lprefix (ltake n t) t" by simp hence "lprefix (\\<^bsub>c\<^esub>(ltake n t)) (\\<^bsub>c\<^esub>(t))" by simp hence "llength (\\<^bsub>c\<^esub>(ltake n t)) \ llength (\\<^bsub>c\<^esub>(t))" using lprefix_llength_le by blast thus ?thesis by auto qed thus ?thesis using nAct_def by simp qed lemma proj_nAct: assumes "(enat n < llength t)" shows "\\<^bsub>c\<^esub>(ltake n t) = ltake (\c #\<^bsub>n\<^esub> t\) (\\<^bsub>c\<^esub>(t))" (is "?lhs = ?rhs") proof - have "?lhs = ltake (llength (\\<^bsub>c\<^esub>(ltake n t))) (\\<^bsub>c\<^esub>(ltake n t))" using ltake_all[of "\\<^bsub>c\<^esub>(ltake n t)" "llength (\\<^bsub>c\<^esub>(ltake n t))"] by simp also have "\ = ltake (llength (\\<^bsub>c\<^esub>(ltake n t))) ((\\<^bsub>c\<^esub>(ltake n t)) @\<^sub>l (\\<^bsub>c\<^esub>(ldrop n t)))" using ltake_lappend1[of "llength (\\<^bsub>c\<^esub>(ltake (enat n) t))" "\\<^bsub>c\<^esub>(ltake n t)" "(\\<^bsub>c\<^esub>(ldrop n t))"] by simp also have "\ = ltake (\c #\<^bsub>n\<^esub> t\) ((\\<^bsub>c\<^esub>(ltake n t)) @\<^sub>l (\\<^bsub>c\<^esub>(ldrop n t)))" using nAct_def by simp also have "\ = ltake (\c #\<^bsub>n\<^esub> t\) (\\<^bsub>c\<^esub>((ltake (enat n) t) @\<^sub>l (ldrop n t)))" by simp also have "\ = ltake (\c #\<^bsub>n\<^esub> t\) (\\<^bsub>c\<^esub>(t))" using lappend_ltake_ldrop[of n t] by simp finally show ?thesis by simp qed lemma proj_active_nth: assumes "enat (Suc i) < llength t" "\c\\<^bsub>lnth t i\<^esub>" shows "lnth (\\<^bsub>c\<^esub>(t)) (the_enat (\c #\<^bsub>i\<^esub> t\)) = \\<^bsub>c\<^esub>(lnth t i)" proof - from assms have "enat i < llength t" using Suc_ile_eq[of i "llength t"] by auto with assms have "\\<^bsub>c\<^esub>(ltake (Suc i) t) = (\\<^bsub>c\<^esub>(ltake i t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)" by simp moreover have "lnth ((\\<^bsub>c\<^esub>(ltake i t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)) (the_enat (llength (\\<^bsub>c\<^esub>(ltake i t)))) = \\<^bsub>c\<^esub>(lnth t i)" proof - have "\ lnull ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)" by simp moreover have "lfinite (\\<^bsub>c\<^esub>(ltake i t))" by simp ultimately have "lnth ((\\<^bsub>c\<^esub>(ltake i t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)) (the_enat (llength (\\<^bsub>c\<^esub>(ltake i t)))) = lhd ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)" by simp also have "\ = \\<^bsub>c\<^esub>(lnth t i)" by simp finally show "lnth ((\\<^bsub>c\<^esub>(ltake i t)) @\<^sub>l ((\\<^bsub>c\<^esub>(lnth t i)) #\<^sub>l []\<^sub>l)) (the_enat (llength (\\<^bsub>c\<^esub>(ltake i t)))) = \\<^bsub>c\<^esub>(lnth t i)" by simp qed ultimately have "\\<^bsub>c\<^esub>(lnth t i) = lnth (\\<^bsub>c\<^esub>(ltake (Suc i) t)) (the_enat (llength (\\<^bsub>c\<^esub>(ltake i t))))" by simp also have "\ = lnth (\\<^bsub>c\<^esub>(ltake (Suc i) t)) (the_enat (\c #\<^bsub>i\<^esub> t\))" using nAct_def by simp also have "\ = lnth (ltake (\c #\<^bsub>Suc i\<^esub> t\) (\\<^bsub>c\<^esub>(t))) (the_enat (\c #\<^bsub>i\<^esub> t\))" using proj_nAct[of "Suc i" t c] assms by simp also have "\ = lnth (\\<^bsub>c\<^esub>(t)) (the_enat (\c #\<^bsub>i\<^esub> t\))" proof - from assms have "\c #\<^bsub>Suc i\<^esub> t\ = eSuc (\c #\<^bsub>i\<^esub> t\)" using \enat i < llength t\ by simp moreover have "\c #\<^bsub>i\<^esub> t\ < eSuc (\c #\<^bsub>i\<^esub> t\)" using iless_Suc_eq[of "the_enat (\c #\<^bsub>enat i\<^esub> t\)"] by simp ultimately have "\c #\<^bsub>i\<^esub> t\ < (\c #\<^bsub>Suc i\<^esub> t\)" by simp hence "enat (the_enat (\c #\<^bsub>Suc i\<^esub> t\)) > enat (the_enat (\c #\<^bsub>i\<^esub> t\))" by simp thus ?thesis using lnth_ltake[of "the_enat (\c #\<^bsub>i\<^esub> t\)" "the_enat (\c #\<^bsub>enat (Suc i)\<^esub> t\)" "\\<^bsub>c\<^esub>(t)"] by simp qed finally show ?thesis .. qed lemma nAct_eq_proj: assumes "\(\i\n. \c\\<^bsub>lnth t i\<^esub>)" shows "\c #\<^bsub>n\<^esub> t\ = llength (\\<^bsub>c\<^esub>(t))" (is "?lhs = ?rhs") proof - from nAct_def have "?lhs = llength (\\<^bsub>c\<^esub>(ltake n t))" by simp moreover from assms have "\(n'::nat)\llength t. n'\n \ (\ \c\\<^bsub>lnth t n'\<^esub>)" by simp hence "\\<^bsub>c\<^esub>(t) = \\<^bsub>c\<^esub>(ltake n t)" using proj_ltake by simp ultimately show ?thesis by simp qed lemma nAct_llength_proj: assumes "\i\n. \c\\<^bsub>t i\<^esub>" shows "llength (\\<^bsub>c\<^esub>(inf_llist t)) \ eSuc (\c #\<^bsub>n\<^esub> inf_llist t\)" proof - from \\i\n. \c\\<^bsub>t i\<^esub>\ obtain i where "i\n" and "\c\\<^bsub>t i\<^esub>" and "\ (\k\n. k < i \ k < llength (inf_llist t) \ \c\\<^bsub>t k\<^esub>)" using lActive_least[of n "inf_llist t" c] by auto moreover have "llength (\\<^bsub>c\<^esub>(inf_llist t)) \ \c #\<^bsub>Suc i\<^esub> inf_llist t\" using nAct_le_proj by simp moreover have "eSuc (\c #\<^bsub>n\<^esub> inf_llist t\) = \c #\<^bsub>Suc i\<^esub> inf_llist t\" proof - have "enat (Suc i) < llength (inf_llist t)" by simp moreover have "i < Suc i" by simp moreover from \\ (\k\n. k < i \ k < llength (inf_llist t) \ \c\\<^bsub>t k\<^esub>)\ have "\i'. n \ i' \ i' < Suc i \ \c\\<^bsub>lnth (inf_llist t) i'\<^esub> \ i' = i" by fastforce ultimately show ?thesis using nAct_active_suc \i\n\ \\c\\<^bsub>t i\<^esub>\ by simp qed ultimately show ?thesis by simp qed subsection "Least not Active" text \ In the following, we introduce an operator to obtain the least point in time before a certain point in time where a component was deactivated. \ definition lNAct :: "'id \ (nat \ cnf) \ nat \ nat" ("\_ \ _\\<^bsub>_\<^esub>") where "\c \ t\\<^bsub>n\<^esub> \ (LEAST n'. n=n' \ (n' (\k. k\n' \ k \c\\<^bsub>t k\<^esub>)))" lemma lNact0[simp]: "\c \ t\\<^bsub>0\<^esub> = 0" by (simp add: lNAct_def) lemma lNact_least: assumes "n=n' \ n' (\k. k\n' \ k \c\\<^bsub>t k\<^esub>)" shows "\c \ t\\<^bsub>n\<^esub> \ n'" using Least_le[of "\n'. n=n' \ (n' (\k. k\n' \ k \c\\<^bsub>t k\<^esub>))" n'] lNAct_def using assms by auto lemma lNAct_ex: "\c \ t\\<^bsub>n\<^esub>=n \ \c \ t\\<^bsub>n\<^esub> (\k. k\\c \ t\\<^bsub>n\<^esub> \ k \c\\<^bsub>t k\<^esub>)" proof - let ?P="\n'. n=n' \ n' (\k. k\n' \ k \c\\<^bsub>t k\<^esub>)" from lNAct_def have "\c \ t\\<^bsub>n\<^esub> = (LEAST n'. ?P n')" by simp moreover have "?P n" by simp with LeastI have "?P (LEAST n'. ?P n')" . ultimately show ?thesis by auto qed lemma lNact_notActive: fixes c t n k assumes "k\\c \ t\\<^bsub>n\<^esub>" and "k\c\\<^bsub>t k\<^esub>" by (metis assms lNAct_ex leD) lemma lNactGe: fixes c t n n' assumes "n' \ \c \ t\\<^bsub>n\<^esub>" and "\c\\<^bsub>t n'\<^esub>" shows "n' \ n" using assms lNact_notActive leI by blast lemma lNactLe[simp]: fixes n n' shows "\c \ t\\<^bsub>n\<^esub> \ n" using lNAct_ex less_or_eq_imp_le by blast lemma lNactLe_nact: fixes n n' assumes "n'=n \ (n' (\k. k\n' \ k \c\\<^bsub>t k\<^esub>))" shows "\c \ t\\<^bsub>n\<^esub> \ n'" using assms lNAct_def Least_le[of "\n'. n=n' \ (n' (\k. k\n' \ k \c\\<^bsub>t k\<^esub>))"] by auto lemma lNact_active: fixes cid t n assumes "\kcid\\<^bsub>t k\<^esub>" shows "\cid \ t\\<^bsub>n\<^esub> = n" using assms lNAct_ex by blast lemma nAct_mono_back: fixes c t and n and n' assumes "\c #\<^bsub>n'\<^esub> inf_llist t\ \ \c #\<^bsub>n\<^esub> inf_llist t\" shows "n'\\c \ t\\<^bsub>n\<^esub>" proof cases assume "\c #\<^bsub>n'\<^esub> inf_llist t\ = \c #\<^bsub>n\<^esub> inf_llist t\" thus ?thesis proof cases assume "n'\n" thus ?thesis using lNactLe by (metis HOL.no_atp(11)) next assume "\ n'\n" hence "n'\c #\<^bsub>n'\<^esub> inf_llist t\ = \c #\<^bsub>n\<^esub> inf_llist t\\ have "\k. k\n' \ k \c\\<^bsub>t k\<^esub>" by (metis enat_ord_simps(1) enat_ord_simps(2) nAct_same_not_active) thus ?thesis using lNactLe_nact by (simp add: \n' < n\) qed next assume "\\c #\<^bsub>n'\<^esub> inf_llist t\ = \c #\<^bsub>n\<^esub> inf_llist t\" with assms have "\c #\<^bsub>enat n'\<^esub> inf_llist t\ > \c #\<^bsub>enat n\<^esub> inf_llist t\" by simp hence "n' > n" using nAct_strict_mono_back[of c "enat n" "inf_llist t" "enat n'"] by simp thus ?thesis by (meson dual_order.strict_implies_order lNactLe le_trans) qed lemma nAct_mono_lNact: assumes "\c \ t\\<^bsub>n\<^esub> \ n'" shows "\c #\<^bsub>n\<^esub> inf_llist t\ \ \c #\<^bsub>n'\<^esub> inf_llist t\" proof - have "\k. k\\c \ t\\<^bsub>n\<^esub> \ k \c\\<^bsub>t k\<^esub>" using lNact_notActive by auto moreover have "enat n - 1 < llength (inf_llist t)" by (simp add: one_enat_def) moreover from \\c \ t\\<^bsub>n\<^esub> \ n'\ have "enat \c \ t\\<^bsub>n\<^esub> \ enat n" by simp ultimately have "\c #\<^bsub>n\<^esub> inf_llist t\=\c #\<^bsub>\c \ t\\<^bsub>n\<^esub>\<^esub> inf_llist t\" using nAct_not_active_same by simp thus ?thesis using nAct_mono assms by simp qed subsection "Next Active" text \ In the following, we introduce an operator to obtain the next point in time when a component is activated. \ definition nxtAct :: "'id \ (nat \ cnf) \ nat \ nat" ("\_ \ _\\<^bsub>_\<^esub>") where "\c \ t\\<^bsub>n\<^esub> \ (THE n'. n'\n \ \c\\<^bsub>t n'\<^esub> \ (\k. k\n \ k \c\\<^bsub>t k\<^esub>))" lemma nxtActI: fixes n::nat and t::"nat \ cnf" and c::'id assumes "\i\n. \c\\<^bsub>t i\<^esub>" shows "\c \ t\\<^bsub>n\<^esub> \ n \ \c\\<^bsub>t \c \ t\\<^bsub>n\<^esub>\<^esub> \ (\k. k\n \ k<\c \ t\\<^bsub>n\<^esub> \ \c\\<^bsub>t k\<^esub>)" proof - let ?P = "THE n'. n'\n \ \c\\<^bsub>t n'\<^esub> \ (\k. k\n \ k \c\\<^bsub>t k\<^esub>)" from assms obtain i where "i\n \ \c\\<^bsub>t i\<^esub> \ (\k. k\n \ k \c\\<^bsub>t k\<^esub>)" using lActive_least[of n "inf_llist t" c] by auto moreover have "(\x. n \ x \ \c\\<^bsub>t x\<^esub> \ \ (\k\n. k < x \ \c\\<^bsub>t k\<^esub>) \ x = i)" proof - fix x assume "n \ x \ \c\\<^bsub>t x\<^esub> \ \ (\k\n. k < x \ \c\\<^bsub>t k\<^esub>)" show "x = i" proof (rule ccontr) assume "\ (x = i)" thus False using \i\n \ \c\\<^bsub>t i\<^esub> \ (\k. k\n \ k \c\\<^bsub>t k\<^esub>)\ \n \ x \ \c\\<^bsub>t x\<^esub> \ \ (\k\n. k < x \ \c\\<^bsub>t k\<^esub>)\ by fastforce qed qed ultimately have "(?P) \ n \ \c\\<^bsub>t (?P)\<^esub> \ (\k. k\n \ k \c\\<^bsub>t k\<^esub>)" using theI[of "\n'. n'\n \ \c\\<^bsub>t n'\<^esub> \ (\k. k\n \ k \c\\<^bsub>t k\<^esub>)"] by blast thus ?thesis using nxtAct_def[of c t n] by metis qed lemma nxtActLe: fixes n n' assumes "\i\n. \c\\<^bsub>t i\<^esub>" shows "n \ \c \ t\\<^bsub>n\<^esub>" by (simp add: assms nxtActI) lemma nxtAct_eq: assumes "n'\n" and "\c\\<^bsub>t n'\<^esub>" and "\n''\n. n'' \ \c\\<^bsub>t n''\<^esub>" shows "n' = \c \ t\\<^bsub>n\<^esub>" by (metis assms(1) assms(2) assms(3) nxtActI linorder_neqE_nat nxtActLe) lemma nxtAct_active: fixes i::nat and t::"nat \ cnf" and c::'id assumes "\c\\<^bsub>t i\<^esub>" shows "\c \ t\\<^bsub>i\<^esub> = i" by (metis assms le_eq_less_or_eq nxtActI) lemma nxtActive_no_active: assumes "\!i. i\n \ \c\\<^bsub>t i\<^esub>" shows "\ (\i'\Suc \c \ t\\<^bsub>n\<^esub>. \c\\<^bsub>t i'\<^esub>)" proof assume "\i'\Suc \c \ t\\<^bsub>n\<^esub>. \c\\<^bsub>t i'\<^esub>" then obtain i' where "i'\Suc \c \ t\\<^bsub>n\<^esub>" and "\c\\<^bsub>t i'\<^esub>" by auto moreover from assms(1) have "\c \ t\\<^bsub>n\<^esub>\n" using nxtActI by auto ultimately have "i'\n" and "\c\\<^bsub>t i'\<^esub>" and "i'\\c \ t\\<^bsub>n\<^esub>" by auto moreover from assms(1) have "\c\\<^bsub>t \c \ t\\<^bsub>n\<^esub>\<^esub>" and "\c \ t\\<^bsub>n\<^esub>\n" using nxtActI by auto ultimately show False using assms(1) by auto qed lemma nxt_geq_lNact[simp]: assumes "\i\n. \c\\<^bsub>t i\<^esub>" shows "\c \ t\\<^bsub>n\<^esub>\\c \ t\\<^bsub>n\<^esub>" proof - from assms have "n \ \c \ t\\<^bsub>n\<^esub>" using nxtActLe by simp moreover have "\c \ t\\<^bsub>n\<^esub>\n" by simp ultimately show ?thesis by arith qed lemma active_geq_nxtAct: assumes "\c\\<^bsub>t i\<^esub>" and "the_enat (\c #\<^bsub>i\<^esub> inf_llist t\)\the_enat (\c #\<^bsub>n\<^esub> inf_llist t\)" shows "i\\c \ t\\<^bsub>n\<^esub>" proof cases assume "\c #\<^bsub>i\<^esub> inf_llist t\=\c #\<^bsub>n\<^esub> inf_llist t\" show ?thesis proof (rule ccontr) assume "\ i\\c \ t\\<^bsub>n\<^esub>" hence "i<\c \ t\\<^bsub>n\<^esub>" by simp with \\c #\<^bsub>i\<^esub> inf_llist t\=\c #\<^bsub>n\<^esub> inf_llist t\\ have "\ (\k\i. k < n \ \c\\<^bsub>t k\<^esub>)" by (metis enat_ord_simps(1) leD leI nAct_same_not_active) moreover have "\ (\k\n. k <\c \ t\\<^bsub>n\<^esub> \ \c\\<^bsub>t k\<^esub>)" using nxtActI by blast ultimately have "\ (\k\i. k <\c \ t\\<^bsub>n\<^esub> \ \c\\<^bsub>t k\<^esub>)" by auto with \i<\c \ t\\<^bsub>n\<^esub>\ show False using \\c\\<^bsub>t i\<^esub>\ by simp qed next assume "\\c #\<^bsub>i\<^esub> inf_llist t\=\c #\<^bsub>n\<^esub> inf_llist t\" moreover from \the_enat (\c #\<^bsub>i\<^esub> inf_llist t\)\the_enat (\c #\<^bsub>n\<^esub> inf_llist t\)\ have "\c #\<^bsub>i\<^esub> inf_llist t\\\c #\<^bsub>n\<^esub> inf_llist t\" by (metis enat.distinct(2) enat_ord_simps(1) nAct_enat_the_nat) ultimately have "\c #\<^bsub>i\<^esub> inf_llist t\>\c #\<^bsub>n\<^esub> inf_llist t\" by simp hence "i>n" using nAct_strict_mono_back[of c n "inf_llist t" i] by simp with \\c\\<^bsub>t i\<^esub>\ show ?thesis by (meson dual_order.strict_implies_order leI nxtActI) qed lemma nAct_same: assumes "\c \ t\\<^bsub>n\<^esub> \ n'" and "n' \ \c \ t\\<^bsub>n\<^esub>" shows "the_enat (\c #\<^bsub>enat n'\<^esub> inf_llist t\) = the_enat (\c #\<^bsub>enat n\<^esub> inf_llist t\)" proof cases assume "n \ n'" moreover have "n' - 1 < llength (inf_llist t)" by simp moreover have "\ (\i\n. i \c\\<^bsub>t i\<^esub>)" by (meson assms(2) less_le_trans nxtActI) ultimately show ?thesis using nAct_not_active_same by (simp add: one_enat_def) next assume "\ n \ n'" hence "n' < n" by simp moreover have "n - 1 < llength (inf_llist t)" by simp moreover have "\ (\i\n'. i < n \ \c\\<^bsub>t i\<^esub>)" by (metis \\ n \ n'\ assms(1) dual_order.trans lNAct_ex) ultimately show ?thesis using nAct_not_active_same[of n' n] by (simp add: one_enat_def) qed lemma nAct_mono_nxtAct: assumes "\i\n. \c\\<^bsub>t i\<^esub>" and "\c \ t\\<^bsub>n\<^esub> \ n'" shows "\c #\<^bsub>n\<^esub> inf_llist t\ \ \c #\<^bsub>n'\<^esub> inf_llist t\" proof - from assms have "\c #\<^bsub>\c \ t\\<^bsub>n\<^esub>\<^esub> inf_llist t\ \ \c #\<^bsub>n'\<^esub> inf_llist t\" using nAct_mono assms by simp moreover have "\c #\<^bsub>\c \ t\\<^bsub>n\<^esub>\<^esub> inf_llist t\=\c #\<^bsub>n\<^esub> inf_llist t\" proof - from assms have "\k. k\n \ k<\c \ t\\<^bsub>n\<^esub> \ \c\\<^bsub>t k\<^esub>" and "n \ \c \ t\\<^bsub>n\<^esub>" using nxtActI by auto moreover have "enat \c \ t\\<^bsub>n\<^esub> - 1 < llength (inf_llist t)" by (simp add: one_enat_def) ultimately show ?thesis using nAct_not_active_same[of n "\c \ t\\<^bsub>n\<^esub>"] by auto qed ultimately show ?thesis by simp qed subsection "Latest Activation" text \ In the following, we introduce an operator to obtain the latest point in time when a component is activated. \ abbreviation latestAct_cond:: "'id \ trace \ nat \ nat \ bool" where "latestAct_cond c t n n' \ n' \c\\<^bsub>t n'\<^esub>" definition latestAct:: "'id \ trace \ nat \ nat" ("\_ \ _\\<^bsub>_\<^esub>") where "latestAct c t n = (GREATEST n'. latestAct_cond c t n n')" lemma latestActEx: assumes "\n'nid\\<^bsub>t n'\<^esub>" shows "\n'. latestAct_cond nid t n n' \ (\n''. latestAct_cond nid t n n'' \ n'' \ n')" proof - from assms obtain n' where "latestAct_cond nid t n n'" by auto moreover have "\n''>n. \ latestAct_cond nid t n n''" by simp ultimately obtain n' where "latestAct_cond nid t n n' \ (\n''. latestAct_cond nid t n n'' \ n'' \ n')" using boundedGreatest[of "latestAct_cond nid t n" n'] by blast thus ?thesis .. qed lemma latestAct_prop: assumes "\n'nid\\<^bsub>t n'\<^esub>" shows "\nid\\<^bsub>t (latestAct nid t n)\<^esub>" and "latestAct nid t nnid\\<^bsub>t \nid \ t\\<^bsub>n\<^esub>\<^esub>" and "latestAct nid t n \nid \ t\\<^bsub>n\<^esub>" proof - from assms latestActEx have "n' \ (GREATEST x. latestAct_cond nid t n x)" using Greatest_le_nat[of "latestAct_cond nid t n"] by blast thus ?thesis using latestAct_def by auto qed lemma latestActNxt: assumes "\n'nid\\<^bsub>t n'\<^esub>" shows "\nid \ t\\<^bsub>\nid \ t\\<^bsub>n\<^esub>\<^esub>=\nid \ t\\<^bsub>n\<^esub>" using assms latestAct_prop(1) nxtAct_active by auto lemma latestActNxtAct: assumes "\n'\n. \tid\\<^bsub>t n'\<^esub>" and "\n'tid\\<^bsub>t n'\<^esub>" shows "\tid \ t\\<^bsub>n\<^esub> > \tid \ t\\<^bsub>n\<^esub>" by (meson assms latestAct_prop(2) less_le_trans nxtActI zero_le) lemma latestActless: assumes "\n'\n\<^sub>s. n' \nid\\<^bsub>t n'\<^esub>" shows "\nid \ t\\<^bsub>n\<^esub>\n\<^sub>s" by (meson assms dual_order.trans latestAct_less) lemma latestActEq: fixes nid::'id assumes "\nid\\<^bsub>t n'\<^esub>" and "\(\n''>n'. n'' \nid\\<^bsub>t n'\<^esub>)" and "n'nid \ t\\<^bsub>n\<^esub> = n'" using latestAct_def proof have "(GREATEST n'. latestAct_cond nid t n n') = n'" proof (rule Greatest_equality[of "latestAct_cond nid t n" n']) from assms(1) assms (3) show "latestAct_cond nid t n n'" by simp next fix y assume "latestAct_cond nid t n y" hence "\nid\\<^bsub>t y\<^esub>" and "y n'" using assms(1) assms (2) leI by blast qed thus "n' = (GREATEST n'. latestAct_cond nid t n n')" by simp qed subsection "Last Activation" text \ In the following we introduce an operator to obtain the latest point in time where a certain component was activated within a certain configuration trace. \ definition lActive :: "'id \ (nat \ cnf) \ nat" ("\_ \ _\") where "\c \ t\ \ (GREATEST i. \c\\<^bsub>t i\<^esub>)" lemma lActive_active: assumes "\c\\<^bsub>t i\<^esub>" and "\n' > n. \ (\c\\<^bsub>t n'\<^esub>)" shows "\c\\<^bsub>t (\c \ t\)\<^esub>" proof - - from assms obtain i' where "\c\\<^bsub>t i'\<^esub>" and "(\y. \c\\<^bsub>t y\<^esub> \ y \ i')" + from assms obtain i' where "\c\\<^bsub>t i'\<^esub>" and "\y. \c\\<^bsub>t y\<^esub> \ y \ i'" using boundedGreatest[of "\i'. \c\\<^bsub>t i'\<^esub>" i n] by blast - thus ?thesis using lActive_def Nat.GreatestI_nat[of "\i'. \c\\<^bsub>t i'\<^esub>"] by simp + thus ?thesis using lActive_def Nat.GreatestI_nat[of "\i'. \c\\<^bsub>t i'\<^esub>"] by metis qed lemma lActive_less: assumes "\c\\<^bsub>t i\<^esub>" and "\n' > n. \ (\c\\<^bsub>t n'\<^esub>)" shows "\c \ t\ \ n" proof (rule ccontr) assume "\ \c \ t\ \ n" hence "\c \ t\ > n" by simp moreover from assms have "\c\\<^bsub>t (\c \ t\)\<^esub>" using lActive_active by simp ultimately show False using assms by simp qed lemma lActive_greatest: assumes "\c\\<^bsub>t i\<^esub>" and "\n' > n. \ (\c\\<^bsub>t n'\<^esub>)" shows "i \ \c \ t\" proof - - from assms obtain i' where "\c\\<^bsub>t i'\<^esub>" and "(\y. \c\\<^bsub>t y\<^esub> \ y \ i')" + from assms obtain i' where "\c\\<^bsub>t i'\<^esub>" and "\y. \c\\<^bsub>t y\<^esub> \ y \ i'" using boundedGreatest[of "\i'. \c\\<^bsub>t i'\<^esub>" i n] by blast - with assms show ?thesis using lActive_def Nat.Greatest_le_nat[of "\i'. \c\\<^bsub>t i'\<^esub>" i] by simp + with assms show ?thesis using lActive_def Nat.Greatest_le_nat[of "\i'. \c\\<^bsub>t i'\<^esub>" i] by metis qed lemma lActive_greater_active: assumes "n > \c \ t\" and "\n'' > n'. \ \c\\<^bsub>t n''\<^esub>" shows "\ \c\\<^bsub>t n\<^esub>" proof (rule ccontr) assume "\ \ \c\\<^bsub>t n\<^esub>" with \\n'' > n'. \ \c\\<^bsub>t n''\<^esub>\ have "n \ \c \ t\" using lActive_greatest by simp thus False using assms by simp qed lemma lActive_greater_active_all: assumes "\n'' > n'. \ \c\\<^bsub>t n''\<^esub>" shows "\(\n > \c \ t\. \c\\<^bsub>t n\<^esub>)" proof (rule ccontr) assume "\\(\n > \c \ t\. \c\\<^bsub>t n\<^esub>)" then obtain "n" where "n>\c \ t\" and "\c\\<^bsub>t n\<^esub>" by blast with \\n'' > n'. \ (\c\\<^bsub>t n''\<^esub>)\ have "\ \c\\<^bsub>t n\<^esub>" using lActive_greater_active by simp with \\c\\<^bsub>t n\<^esub>\ show False by simp qed lemma lActive_equality: assumes "\c\\<^bsub>t i\<^esub>" and "(\x. \c\\<^bsub>t x\<^esub> \ x \ i)" shows "\c \ t\ = i" unfolding lActive_def using assms Greatest_equality[of "\i'. \c\\<^bsub>t i'\<^esub>"] by simp lemma nxtActive_lactive: assumes "\i\n. \c\\<^bsub>t i\<^esub>" and "\ (\i>\c \ t\\<^bsub>n\<^esub>. \c\\<^bsub>t i\<^esub>)" shows "\c \ t\\<^bsub>n\<^esub>=\c \ t\" proof - from assms(1) have "\c\\<^bsub>t \c \ t\\<^bsub>n\<^esub>\<^esub>" using nxtActI by auto moreover from assms have "\ (\i'\Suc \c \ t\\<^bsub>n\<^esub>. \c\\<^bsub>t i'\<^esub>)" using nxtActive_no_active by simp hence "(\x. \c\\<^bsub>t x\<^esub> \ x \ \c \ t\\<^bsub>n\<^esub>)" using not_less_eq_eq by auto ultimately show ?thesis using \\ (\i'\Suc \c \ t\\<^bsub>n\<^esub>. \c\\<^bsub>t i'\<^esub>)\ lActive_equality by simp qed subsection "Mapping Time Points" text \ In the following we introduce two operators to map time-points between configuration traces and behavior traces. \ subsubsection "Configuration Trace to Behavior Trace" text \ First we provide an operator which maps a point in time of a configuration trace to the corresponding point in time of a behavior trace. \ definition cnf2bhv :: "'id \ (nat \ cnf) \ nat \ nat" ("\<^bsub>_\<^esub>\\<^bsub>_\<^esub>(_)" [150,150,150] 110) where "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) \ the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1 + (n - \c \ t\)" lemma cnf2bhv_mono: assumes "n'\n" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n') \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)" by (simp add: assms cnf2bhv_def diff_le_mono) lemma cnf2bhv_mono_strict: assumes "n\\c \ t\" and "n'>n" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n') > \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)" using assms cnf2bhv_def by auto text "Note that the functions are nat, that means that also in the case the difference is negative they will return a 0!" lemma cnf2bhv_ge_llength[simp]: assumes "n\\c \ t\" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) \ the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1" using assms cnf2bhv_def by simp lemma cnf2bhv_greater_llength[simp]: assumes "n>\c \ t\" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) > the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1" using assms cnf2bhv_def by simp lemma cnf2bhv_suc[simp]: assumes "n\\c \ t\" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(Suc n) = Suc (\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n))" using assms cnf2bhv_def by simp lemma cnf2bhv_lActive[simp]: shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(\c \ t\) = the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1" using cnf2bhv_def by simp lemma cnf2bhv_lnth_lappend: assumes act: "\i. \c\\<^bsub>t i\<^esub>" and nAct: "\i. i\n \ \c\\<^bsub>t i\<^esub>" shows "lnth ((\\<^bsub>c\<^esub>(inf_llist t)) @\<^sub>l (inf_llist t')) (\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)) = lnth (inf_llist t') (n - \c \ t\ - 1)" (is "?lhs = ?rhs") proof - from nAct have "lfinite (\\<^bsub>c\<^esub>(inf_llist t))" using proj_finite2 by auto then obtain k where k_def: "llength (\\<^bsub>c\<^esub>(inf_llist t)) = enat k" using lfinite_llength_enat by blast moreover have "k \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)" proof - from nAct have "\i. i>n-1 \ \c\\<^bsub>t i\<^esub>" by simp with act have "\c \ t\ \ n-1" using lActive_less by auto moreover have "n>0" using act nAct by auto ultimately have "\c \ t\ < n" by simp hence "the_enat (llength (\\<^bsub>c\<^esub>inf_llist t)) - 1 < \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)" using cnf2bhv_greater_llength by simp with k_def show ?thesis by simp qed ultimately have "?lhs = lnth (inf_llist t') (\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) - k)" using lnth_lappend2 by blast moreover have "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) - k = n - \c \ t\ - 1" proof - from cnf2bhv_def have "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) - k = the_enat (llength (\\<^bsub>c\<^esub>inf_llist t)) - 1 + (n - \c \ t\) - k" by simp also have "\ = the_enat (llength (\\<^bsub>c\<^esub>inf_llist t)) - 1 + (n - \c \ t\) - the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t)))" using k_def by simp also have "\ = the_enat (llength (\\<^bsub>c\<^esub>inf_llist t)) + (n - \c \ t\) - 1 - the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t)))" proof - have "\i. enat i < llength (inf_llist t) \ \c\\<^bsub>lnth (inf_llist t) i\<^esub>" by (simp add: act) hence "llength (\\<^bsub>c\<^esub>inf_llist t) \ 1" using proj_one by simp moreover from k_def have "llength (\\<^bsub>c\<^esub>inf_llist t) \ \" by simp ultimately have "the_enat (llength (\\<^bsub>c\<^esub>inf_llist t)) \ 1" by (simp add: k_def one_enat_def) thus ?thesis by simp qed also have "\ = the_enat (llength (\\<^bsub>c\<^esub>inf_llist t)) + (n - \c \ t\) - the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1" by simp also have "\ = n - \c \ t\ - 1" by simp finally show ?thesis . qed ultimately show ?thesis by simp qed lemma nAct_cnf2proj_Suc_dist: assumes "\i\n. \c\\<^bsub>t i\<^esub>" and "\(\i>\c \ t\\<^bsub>n\<^esub>. \c\\<^bsub>t i\<^esub>)" shows "Suc (the_enat \c #\<^bsub>enat n\<^esub>inf_llist t\)=\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(Suc \c \ t\\<^bsub>n\<^esub>)" proof - have "the_enat \c #\<^bsub>enat n\<^esub>inf_llist t\ = \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(\c \ t\\<^bsub>n\<^esub>)" (is "?LHS = ?RHS") proof - from assms have "?RHS = the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1" using nxtActive_lactive[of n c t] by simp also have "llength (\\<^bsub>c\<^esub>(inf_llist t)) = eSuc (\c #\<^bsub>\c \ t\\<^bsub>n\<^esub>\<^esub> inf_llist t\)" proof - from assms have "\ (\i'\ Suc (\c \ t\\<^bsub>n\<^esub>). \c\\<^bsub>t i'\<^esub>)" using nxtActive_no_active by simp hence "\c #\<^bsub>Suc (\c \ t\\<^bsub>n\<^esub>)\<^esub> inf_llist t\ = llength (\\<^bsub>c\<^esub>(inf_llist t))" using nAct_eq_proj[of "Suc (\c \ t\\<^bsub>n\<^esub>)" c "inf_llist t"] by simp moreover from assms(1) have "\c\\<^bsub>t (\c \ t\\<^bsub>n\<^esub>)\<^esub>" using nxtActI by blast hence "\c #\<^bsub>Suc (\c \ t\\<^bsub>n\<^esub>)\<^esub> inf_llist t\ = eSuc (\c #\<^bsub>\c \ t\\<^bsub>n\<^esub>\<^esub> inf_llist t\)" by simp ultimately show ?thesis by simp qed also have "the_enat(eSuc (\c #\<^bsub>\c \ t\\<^bsub>n\<^esub>\<^esub> inf_llist t\)) - 1 = (\c #\<^bsub>\c \ t\\<^bsub>n\<^esub>\<^esub> inf_llist t\)" proof - have "\c #\<^bsub>\c \ t\\<^bsub>n\<^esub>\<^esub> inf_llist t\ \ \" by simp hence "the_enat(eSuc (\c #\<^bsub>\c \ t\\<^bsub>n\<^esub>\<^esub> inf_llist t\)) = Suc(the_enat(\c #\<^bsub>\c \ t\\<^bsub>n\<^esub>\<^esub> inf_llist t\))" using the_enat_eSuc by simp thus ?thesis by simp qed also have "\ = ?LHS" proof - have "enat \c \ t\\<^bsub>n\<^esub> - 1 < llength (inf_llist t)" by (simp add: one_enat_def) moreover from assms(1) have "\c \ t\\<^bsub>n\<^esub>\n" and "\k. enat n \ enat k \ enat k < enat \c \ t\\<^bsub>n\<^esub> \ \c\\<^bsub>lnth (inf_llist t) k\<^esub>" using nxtActI by auto ultimately have "\c #\<^bsub>enat \c \ t\\<^bsub>n\<^esub>\<^esub>inf_llist t\ = \c #\<^bsub>enat n\<^esub>inf_llist t\" using nAct_not_active_same[of n "\c \ t\\<^bsub>n\<^esub>" "inf_llist t" c] by simp moreover have "\c #\<^bsub>enat n\<^esub>inf_llist t\\\" by simp ultimately show ?thesis by auto qed finally show ?thesis by fastforce qed moreover from assms have "\c \ t\\<^bsub>n\<^esub>=\c \ t\" using nxtActive_lactive by simp hence "Suc (\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(\c \ t\\<^bsub>n\<^esub>)) = \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(Suc \c \ t\\<^bsub>n\<^esub>)" using cnf2bhv_suc[where n="\c \ t\\<^bsub>n\<^esub>"] by simp ultimately show ?thesis by simp qed subsubsection "Behavior Trace to Configuration Trace" text \ Next we define an operator to map a point in time of a behavior trace back to a corresponding point in time for a configuration trace. \ definition bhv2cnf :: "'id \ (nat \ cnf) \ nat \ nat" ("\<^bsub>_\<^esub>\\<^bsub>_\<^esub>(_)" [150,150,150] 110) where "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) \ \c \ t\ + (n - (the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1))" lemma bhv2cnf_mono: assumes "n'\n" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n') \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)" by (simp add: assms bhv2cnf_def diff_le_mono) lemma bhv2cnf_mono_strict: assumes "n'>n" and "n \ the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n') > \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)" using assms bhv2cnf_def by auto text "Note that the functions are nat, that means that also in the case the difference is negative they will return a 0!" lemma bhv2cnf_ge_lActive[simp]: shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) \ \c \ t\" using bhv2cnf_def by simp lemma bhv2cnf_greater_lActive[simp]: assumes "n>the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) > \c \ t\" using assms bhv2cnf_def by simp lemma bhv2cnf_lActive[simp]: assumes "\i. \c\\<^bsub>t i\<^esub>" and "lfinite (\\<^bsub>c\<^esub>(inf_llist t))" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t)))) = Suc (\c \ t\)" proof - from assms have "\\<^bsub>c\<^esub>(inf_llist t)\ []\<^sub>l" by simp hence "llength (\\<^bsub>c\<^esub>(inf_llist t)) > 0" by (simp add: lnull_def) moreover from \lfinite (\\<^bsub>c\<^esub>(inf_llist t))\ have "llength (\\<^bsub>c\<^esub>(inf_llist t)) \ \" using llength_eq_infty_conv_lfinite by auto ultimately have "the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) > 0" using enat_0_iff(1) by fastforce hence "the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - (the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1) = 1" by simp thus ?thesis using bhv2cnf_def by simp qed subsubsection "Relating the Mappings" text \ In the following we provide some properties about the relationship between the two mapping operators. \ lemma bhv2cnf_cnf2bhv: assumes "n \ \c \ t\" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)) = n" (is "?lhs = ?rhs") proof - have "?lhs = \c \ t\ + ((\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)) - (the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1))" using bhv2cnf_def by simp also have "\ = \c \ t\ + (((the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t)))) - 1 + (n - \c \ t\)) - (the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1))" using cnf2bhv_def by simp also have "(the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t)))) - 1 + (n - (\c \ t\)) - (the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1) = (the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t)))) - 1 - ((the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t)))) - 1) + (n - (\c \ t\))" by simp also have "\ = n - (\c \ t\)" by simp also have "(\c \ t\) + (n - (\c \ t\)) = (\c \ t\) + n - \c \ t\" using assms by simp also have "\ = ?rhs" by simp finally show ?thesis . qed lemma cnf2bhv_bhv2cnf: assumes "n \ the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)) = n" (is "?lhs = ?rhs") proof - have "?lhs = the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1 + ((\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)) - (\c \ t\))" using cnf2bhv_def by simp also have "\ = the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1 + (\c \ t\ + (n - (the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1)) - (\c \ t\))" using bhv2cnf_def by simp also have "\c \ t\ + (n - (the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1)) - (\c \ t\) = \c \ t\ - (\c \ t\) + (n - (the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1))" by simp also have "\ = n - (the_enat(llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1)" by simp also have "the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1 + (n - (the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1)) = n - (the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1) + (the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1)" by simp also have "\ = n + ((the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1) - (the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1))" using assms by simp also have "\ = ?rhs" by simp finally show ?thesis . qed lemma p2c_mono_c2p: assumes "n \ \c \ t\" and "n' \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n') \ n" proof - from \n' \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)\ have "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n') \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n))" using bhv2cnf_mono by simp thus ?thesis using bhv2cnf_cnf2bhv \n \ \c \ t\\ by simp qed lemma p2c_mono_c2p_strict: assumes "n \ \c \ t\" and "n<\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n')" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) < n'" proof (rule ccontr) assume "\ (\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) < n')" hence "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) \ n'" by simp with \n \ \c \ t\\ have "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(nat (\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n))) \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n')" using bhv2cnf_mono by simp hence "\(\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(nat (\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n))) < \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n'))" by simp with \n \ \c \ t\\ have "\(n < \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n'))" using "bhv2cnf_cnf2bhv" by simp with assms show False by simp qed lemma c2p_mono_p2c: assumes "n \ the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1" and "n' \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n') \ n" proof - from \n' \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n)\ have "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n') \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n))" using cnf2bhv_mono by simp thus ?thesis using cnf2bhv_bhv2cnf \n \ the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1\ by simp qed lemma c2p_mono_p2c_strict: assumes "n \ the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1" and "n<\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n')" shows "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) < n'" proof (rule ccontr) assume "\ (\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) < n')" hence "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n) \ n'" by simp with \n \ the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1\ have "\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(nat (\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n))) \ \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n')" using cnf2bhv_mono by simp hence "\(\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(nat (\<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n))) < \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n'))" by simp with \n \ the_enat (llength (\\<^bsub>c\<^esub>(inf_llist t))) - 1\ have "\(n < \<^bsub>c\<^esub>\\<^bsub>t\<^esub>(n'))" using "cnf2bhv_bhv2cnf" by simp with assms show False by simp qed end end diff --git a/thys/List-Infinite/CommonArith/Util_Nat.thy b/thys/List-Infinite/CommonArith/Util_Nat.thy --- a/thys/List-Infinite/CommonArith/Util_Nat.thy +++ b/thys/List-Infinite/CommonArith/Util_Nat.thy @@ -1,311 +1,311 @@ (* Title: Util_Nat.thy Date: Oct 2006 Author: David Trachtenherz *) section \Results for natural arithmetics\ theory Util_Nat imports Main begin subsection \Some convenience arithmetic lemmata\ lemma add_1_Suc_conv: "m + 1 = Suc m" by simp lemma sub_Suc0_sub_Suc_conv: "b - a - Suc 0 = b - Suc a" by simp lemma Suc_diff_Suc: "m < n \ Suc (n - Suc m) = n - m" apply (rule subst[OF sub_Suc0_sub_Suc_conv]) apply (rule Suc_pred) apply (simp only: zero_less_diff) done lemma nat_grSuc0_conv: "(Suc 0 < n) = (n \ 0 \ n \ Suc 0)" by fastforce lemma nat_geSucSuc0_conv: "(Suc (Suc 0) \ n) = (n \ 0 \ n \ Suc 0)" by fastforce lemma nat_lessSucSuc0_conv: "(n < Suc (Suc 0)) = (n = 0 \ n = Suc 0)" by fastforce lemma nat_leSuc0_conv: "(n \ Suc 0) = (n = 0 \ n = Suc 0)" by fastforce lemma mult_pred: "(m - Suc 0) * n = m * n - n" by (simp add: diff_mult_distrib) lemma mult_pred_right: "m * (n - Suc 0) = m * n - m" by (simp add: diff_mult_distrib2) lemma gr_implies_gr0: "m < (n::nat) \ 0 < n" by simp corollary mult_cancel1_gr0: " (0::nat) < k \ (k * m = k * n) = (m = n)" by simp corollary mult_cancel2_gr0: " (0::nat) < k \ (m * k = n * k) = (m = n)" by simp corollary mult_le_cancel1_gr0: " (0::nat) < k \ (k * m \ k * n) = (m \ n)" by simp corollary mult_le_cancel2_gr0: " (0::nat) < k \ (m * k \ n * k) = (m \ n)" by simp lemma gr0_imp_self_le_mult1: "0 < (k::nat) \ m \ m * k" by (drule Suc_leI, drule mult_le_mono[OF order_refl], simp) lemma gr0_imp_self_le_mult2: "0 < (k::nat) \ m \ k * m" by (subst mult.commute, rule gr0_imp_self_le_mult1) lemma less_imp_Suc_mult_le: "m < n \ Suc m * k \ n * k" by (rule mult_le_mono1, simp) lemma less_imp_Suc_mult_pred_less: "\ m < n; 0 < k \ \ Suc m * k - Suc 0 < n * k" apply (rule Suc_le_lessD) apply (simp only: Suc_pred[OF nat_0_less_mult_iff[THEN iffD2, OF conjI, OF zero_less_Suc]]) apply (rule less_imp_Suc_mult_le, assumption) done lemma ord_zero_less_diff: "(0 < (b::'a::ordered_ab_group_add) - a) = (a < b)" by (simp add: less_diff_eq) lemma ord_zero_le_diff: "(0 \ (b::'a::ordered_ab_group_add) - a) = (a \ b)" by (simp add: le_diff_eq) text \\diff_diff_right\ in rule format\ lemmas diff_diff_right = Nat.diff_diff_right[rule_format] lemma less_add1: "(0::nat) < j \ i < i + j" by simp lemma less_add2: "(0::nat) < j \ i < j + i" by simp lemma add_lessD2: "i + j < (k::nat) \ j < k" by simp lemma add_le_mono2: "i \ (j::nat) \ k + i \ k + j" by simp lemma add_less_mono2: "i < (j::nat) \ k + i < k + j" by simp lemma diff_less_self: "\ (0::nat) < i; 0 < j \ \ i - j < i" by simp lemma ge_less_neq_conv: "((a::'a::linorder) \ n) = (\x. x < a \ n \ x)" and le_greater_neq_conv: "(n \ (a::'a::linorder)) = (\x. a < x \ n \ x)" by (subst linorder_not_less[symmetric], blast)+ lemma greater_le_neq_conv: "((a::'a::linorder) < n) = (\x. x \ a \ n \ x)" and less_ge_neq_conv: "(n < (a::'a::linorder)) = (\x. a \ x \ n \ x)" by (subst linorder_not_le[symmetric], blast)+ text \Lemmas for @term{abs} function\ lemma leq_pos_imp_abs_leq: "\ 0 \ (a::'a::ordered_ab_group_add_abs); a \ b \ \ \a\ \ \b\" by simp lemma leq_neg_imp_abs_geq: "\ (a::'a::ordered_ab_group_add_abs) \ 0; b \ a \ \ \a\ \ \b\" by simp lemma abs_range: "\ 0 \ (a::'a::{ordered_ab_group_add_abs,abs_if}); -a \ x; x \ a \ \ \x\ \ a" apply (clarsimp simp: abs_if) apply (rule neg_le_iff_le[THEN iffD1], simp) done text \Lemmas for @term{sgn} function\ lemma sgn_abs:"(x::'a::linordered_idom) \ 0 \ \sgn x\ = 1" by (case_tac "x < 0", simp+) lemma sgn_mult_abs:"\x\ * \sgn (a::'a::linordered_idom)\ = \x * sgn a\" by (fastforce simp add: sgn_if abs_if) lemma abs_imp_sgn_abs: "\a\ = \b\ \ \sgn (a::'a::linordered_idom)\ = \sgn b\" by (fastforce simp add: abs_if) lemma sgn_mono: "a \ b \ sgn (a::'a::{linordered_idom,linordered_semidom}) \ sgn b" by (auto simp add: sgn_if) subsection \Additional facts about inequalities\ lemma add_diff_le: "k \ n \ m + k - n \ (m::nat)" by (case_tac "m + k < n", simp_all) lemma less_add_diff: "k < (n::nat) \ m < n + m - k" by (rule add_less_imp_less_right[of _ k], simp) lemma add_diff_less: "\ k < n; 0 < m \ \ m + k - n < (m::nat)" by (case_tac "m + k < n", simp_all) lemma add_le_imp_le_diff1: "i + k \ j \ i \ j - (k::nat)" by (case_tac "k \ j", simp_all) lemma add_le_imp_le_diff2: "k + i \ j \ i \ j - (k::nat)" by simp lemma diff_less_imp_less_add: "j - (k::nat) < i \ j < i + k" by simp lemma diff_less_conv: "0 < i \ (j - (k::nat) < i) = (j < i + k)" by (safe, simp_all) lemma le_diff_swap: "\ i \ (k::nat); j \ k \ \ (k - j \ i) = (k - i \ j)" by (safe, simp_all) lemma diff_less_imp_swap: "\ 0 < (i::nat); k - i < j \ \ (k - j < i)" by simp lemma diff_less_swap: "\ 0 < (i::nat); 0 < j \ \ (k - j < i) = (k - i < j)" by (blast intro: diff_less_imp_swap) lemma less_diff_imp_less: "(i::nat) < j - m \ i < j" by simp lemma le_diff_imp_le: "(i::nat) \ j - m \ i \ j" by simp lemma less_diff_le_imp_less: "\ (i::nat) < j - m; n \ m \ \ i < j - n" by simp lemma le_diff_le_imp_le: "\ (i::nat) \ j - m; n \ m \ \ i \ j - n" by simp lemma le_imp_diff_le: "(j::nat) \ k \ j - n \ k" by simp subsection \Inequalities for Suc and pred\ corollary less_eq_le_pred: "0 < (n::nat) \ (m < n) = (m \ n - Suc 0)" by (safe, simp_all) corollary less_imp_le_pred: "m < n \ m \ n - Suc 0" by simp corollary le_pred_imp_less: "\ 0 < n; m \ n - Suc 0 \ \ m < n" by simp corollary pred_less_eq_le: "0 < m \ (m - Suc 0 < n) = (m \ n)" by (safe, simp_all) corollary pred_less_imp_le: "m - Suc 0 < n \ m \ n" by simp corollary le_imp_pred_less: "\ 0 < m; m \ n \ \ m - Suc 0 < n" by simp lemma diff_add_inverse_Suc: "n < m \ n + (m - Suc n) = m - Suc 0" by simp lemma pred_mono: "\ m < n; 0 < m \ \ m - Suc 0 < n - Suc 0" by simp corollary pred_Suc_mono: "\ m < Suc n; 0 < m \ \ m - Suc 0 < n" by simp lemma Suc_less_pred_conv: "(Suc m < n) = (m < n - Suc 0)" by (safe, simp_all) lemma Suc_le_pred_conv: "0 < n \ (Suc m \ n) = (m \ n - Suc 0)" by (safe, simp_all) lemma Suc_le_imp_le_pred: "Suc m \ n \ m \ n - Suc 0" by simp subsection \Additional facts about cancellation in (in-)equalities\ lemma diff_cancel_imp_eq: "\ 0 < (n::nat); n + i - j = n \ \ i = j" by simp lemma nat_diff_left_cancel_less: "k - m < k - (n::nat) \ n < m" by simp lemma nat_diff_right_cancel_less: "n - k < (m::nat) - k \ n < m" by simp lemma nat_diff_left_cancel_le1: "\ k - m \ k - (n::nat); m < k \ \ n \ m" by simp lemma nat_diff_left_cancel_le2: "\ k - m \ k - (n::nat); n \ k \ \ n \ m" by simp lemma nat_diff_right_cancel_le1: "\ m - k \ n - (k::nat); k < m \ \ m \ n" by simp lemma nat_diff_right_cancel_le2: "\ m - k \ n - (k::nat); k \ n \ \ m \ n" by simp lemma nat_diff_left_cancel_eq1: "\ k - m = k - (n::nat); m < k \ \ m = n" by simp lemma nat_diff_left_cancel_eq2: "\ k - m = k - (n::nat); n < k \ \ m = n" by simp lemma nat_diff_right_cancel_eq1: "\ m - k = n - (k::nat); k < m \ \ m = n" by simp lemma nat_diff_right_cancel_eq2: "\ m - k = n - (k::nat); k < n \ \ m = n" by simp lemma eq_diff_left_iff: "\ (m::nat) \ k; n \ k\ \ (k - m = k - n) = (m = n)" by (safe, simp_all) lemma eq_imp_diff_eq: "m = (n::nat) \ m - k = n - k" by simp text \List of definitions and lemmas\ thm Nat.add_Suc_right add_1_Suc_conv sub_Suc0_sub_Suc_conv thm Nat.mult_cancel1 Nat.mult_cancel2 mult_cancel1_gr0 mult_cancel2_gr0 thm Nat.add_lessD1 add_lessD2 thm Nat.zero_less_diff ord_zero_less_diff ord_zero_le_diff thm - Nat.le_add_diff + le_add_diff add_diff_le less_add_diff add_diff_less thm Nat.le_diff_conv le_diff_conv2 Nat.less_diff_conv diff_less_imp_less_add diff_less_conv thm le_diff_swap diff_less_imp_swap diff_less_swap thm less_diff_imp_less le_diff_imp_le thm less_diff_le_imp_less le_diff_le_imp_le thm Nat.less_imp_diff_less le_imp_diff_le thm Nat.less_Suc_eq_le less_eq_le_pred less_imp_le_pred le_pred_imp_less thm Nat.Suc_le_eq pred_less_eq_le pred_less_imp_le le_imp_pred_less thm diff_cancel_imp_eq thm diff_add_inverse_Suc thm Nat.nat_add_left_cancel_less Nat.nat_add_left_cancel_le - Nat.nat_add_right_cancel - Nat.add_left_cancel + nat_add_right_cancel + add_left_cancel Nat.eq_diff_iff Nat.less_diff_iff Nat.le_diff_iff thm nat_diff_left_cancel_less nat_diff_right_cancel_less thm nat_diff_left_cancel_le1 nat_diff_left_cancel_le2 nat_diff_right_cancel_le1 nat_diff_right_cancel_le2 thm nat_diff_left_cancel_eq1 nat_diff_left_cancel_eq2 nat_diff_right_cancel_eq1 nat_diff_right_cancel_eq2 thm Nat.eq_diff_iff eq_diff_left_iff thm - Nat.nat_add_right_cancel Nat.add_left_cancel + nat_add_right_cancel add_left_cancel Nat.diff_le_mono eq_imp_diff_eq end