(*<*)
―‹ ********************************************************************
* Project : HOL-CSP - A Shallow Embedding of CSP in Isabelle/HOL
* Version : 2.0
*
* Author : Benoît Ballenghien, Safouan Taha, Burkhart Wolff, Lina Ye.
* (Based on HOL-CSP 1.0 by Haykal Tej and Burkhart Wolff)
*
* This file : CSP monotonies
*
* Copyright (c) 2009 Université Paris-Sud, France
* Copyright (c) 2025 Université Paris-Saclay, France
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* * Neither the name of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
******************************************************************************› (*>*)
section‹ Monotonies ›
(*<*) theory CSP_Monotonies imports Constant_Processes Deterministic_Choice Non_Deterministic_Choice
Global_Non_Deterministic_Choice Sliding_Choice
Multi_Deterministic_Prefix_Choice Multi_Non_Deterministic_Prefix_Choice
Sequential_Composition Synchronization_Product Hiding Renaming CSP_Refinements begin (*>*)
subsection‹Straight Monotony›
subsubsection‹ Non Deterministic Choice ›
lemma mono_Ndet_FD : ‹P ⊑FD P' ==> Q ⊑FD Q' ==> P ⊓ Q ⊑FD P' ⊓ Q'› and mono_Ndet_DT : ‹P ⊑DT P' ==> Q ⊑DT Q' ==> P ⊓ Q ⊑DT P' ⊓ Q'› and mono_Ndet_F : ‹P ⊑F P' ==> Q ⊑F Q' ==> P ⊓ Q ⊑F P' ⊓ Q'› and mono_Ndet_D : ‹P ⊑D P' ==> Q ⊑D Q' ==> P ⊓ Q ⊑D P' ⊓ Q'› and mono_Ndet_T : ‹P ⊑T P' ==> Q ⊑T Q' ==> P ⊓ Q ⊑T P' ⊓ Q'› by (auto simp add: refine_defs Ndet_projs)
lemma mono_GlobalNdet_FD : ‹(∧a. a ∈ A ==> P a ⊑FD Q a) ==> (⊓a ∈ A. P a) ⊑FD⊓a ∈A. Q a› and mono_GlobalNdet_DT : ‹(∧a. a ∈ A ==> P a ⊑DT Q a) ==> (⊓a ∈ A. P a) ⊑DT⊓a ∈ A. Q a› and mono_GlobalNdet_F : ‹(∧a. a ∈ A ==> P a ⊑F Q a) ==> (⊓a ∈ A. P a) ⊑F⊓a ∈ A. Q a› and mono_GlobalNdet_D : ‹(∧a. a ∈ A ==> P a ⊑D Q a) ==> (⊓a ∈ A. P a) ⊑D⊓a ∈ A. Q a› and mono_GlobalNdet_T : ‹(∧a. a ∈ A ==> P a ⊑T Q a) ==> (⊓a ∈ A. P a) ⊑T⊓a ∈ A. Q a› by (auto simp add: refine_defs GlobalNdet_projs)
lemma GlobalNdet_FD_subset : ‹A ≠ {} ==> A ⊆ B ==> (⊓a ∈ B. P a) ⊑FD (⊓a ∈ A. P a)› and GlobalNdet_DT_subset : ‹A ⊆ B ==> (⊓a ∈ B. P a) ⊑DT (⊓a ∈ A. P a)› and GlobalNdet_F_subset : ‹A ≠ {} ==> A ⊆ B ==> (⊓a ∈ B. P a) ⊑F (⊓a ∈ A. P a)› and GlobalNdet_T_subset : ‹A ⊆ B ==> (⊓a ∈ B. P a) ⊑T (⊓a ∈ A. P a)› and GlobalNdet_D_subset : ‹A ⊆ B ==> (⊓a ∈ B. P a) ⊑D (⊓a ∈ A. P a)› by (auto simp add: refine_defs GlobalNdet_projs)
lemma mono_Det_FD : ‹P ⊑FD P' ==> Q ⊑FD Q' ==> P ◻ Q ⊑FD P' ◻ Q'› proof (rule trans_FD) show‹P ⊑FD P' ==> P ◻ Q ⊑FD P' ◻ Q› unfolding refine_defs F_Det D_Det using F_T T_F by blast next show‹Q ⊑FD Q' ==> P' ◻ Q ⊑FD P' ◻ Q'› unfolding refine_defs F_Det D_Det using F_T T_F by blast qed
lemma mono_Det_D : ‹P ⊑D P' ==> Q ⊑D Q' ==> P ◻ Q ⊑D P' ◻ Q'› by (metis D_Det Un_mono divergence_refine_def)
lemma mono_Det_T : ‹P ⊑T P' ==> Q ⊑T Q' ==> P ◻ Q ⊑T P' ◻ Q'› by (metis T_Det Un_mono trace_refine_def)
corollary mono_Det_DT : ‹P ⊑DT P' ==> Q ⊑DT Q' ==> P ◻ Q ⊑DT P' ◻ Q'› by (simp_all add: trace_divergence_refine_def mono_Det_D mono_Det_T)
text‹Deterministic choice monotony doesn't hold for term‹(⊑F)›.›
lemma mono_Sliding_FD : ‹P ⊑FD P' ==> Q ⊑FD Q' ==> P ⊳ Q ⊑FD P' ⊳ Q'› and mono_Sliding_DT : ‹P ⊑DT P' ==> Q ⊑DT Q' ==> P ⊳ Q ⊑DT P' ⊳ Q'› and mono_Sliding_D : ‹P ⊑D P' ==> Q ⊑D Q' ==> P ⊳ Q ⊑D P' ⊳ Q'› and mono_Sliding_T : ‹P ⊑T P' ==> Q ⊑T Q' ==> P ⊳ Q ⊑T P' ⊳ Q'› unfolding Sliding_def by (simp_all add: monos_Det monos_Ndet)
text‹Sliding choice monotony doesn't hold for term‹(⊑F)›.›
lemma mono_Sliding_F_right : ‹Q ⊑F Q' ==> P ⊳ Q ⊑F P ⊳ Q'› by (auto simp add: failure_refine_def F_Sliding)
lemma mono_Sync_FD : ‹[P ⊑FD P'; Q ⊑FD Q']==> P [S] Q ⊑FD P' [S] Q'› for P P' Q Q' :: ‹('a, 'r) processptick› proof (rule trans_FD[of _ ‹P' [S] Q›]) show‹P [S] Q ⊑FD P' [S] Q›if‹P ⊑FD P'›for P P' Q :: ‹('a, 'r) processptick› proof (rule failure_divergence_refine_optimizedI) from le_ref1 le_ref2T ‹P ⊑FD P'› show‹s ∈D (P' [S] Q) ==> s ∈D (P [S] Q)›for s unfolding D_Sync by blast next assume subset_div : ‹D (P' [S] Q) ⊆D (P [S] Q)› fix s Z assume‹(s, Z) ∈F (P' [S] Q)› then consider ‹s ∈D (P' [S] Q)›
| (F) t u X Y where‹(t, X) ∈F P'›‹(u, Y) ∈F Q› ‹s setinterleaves ((t, u), range tick ∪ ev ` S)› ‹Z = (X ∪ Y) ∩ (range tick ∪ ev ` S) ∪ X ∩ Y› unfolding F_Sync D_Sync by blast thus‹(s, Z) ∈F (P [S] Q)› proof cases from subset_div D_F show‹s ∈D (P' [S] Q) ==> (s, Z) ∈F (P [S] Q)›by blast next case F with le_ref2[OF ‹P ⊑FD P'›] show‹(s, Z) ∈F (P [S] Q)›unfolding F_Sync by blast qed qed thus‹Q ⊑FD Q' ==> P' [S] Q ⊑FD P' [S] Q'›by (metis Sync_commute) qed
lemma mono_Sync_DT : ‹P ⊑DT P' ==> Q ⊑DT Q' ==> P [S] Q ⊑DT P' [S] Q'› by (simp add: refine_defs T_Sync D_Sync) blast
lemmas mono_Par = mono_Sync[where A = UNIV] and mono_Par_FD = mono_Sync_FD[where S = UNIV] and mono_Par_DT = mono_Sync_DT[where S = UNIV] and mono_Inter = mono_Sync[where A = ‹{}›] and mono_Inter_FD = mono_Sync_FD[where S = ‹{}›] and mono_Inter_DT = mono_Sync_DT[where S = ‹{}›]
lemmas monos_Sync = mono_Sync mono_Sync_FD mono_Sync_DT and monos_Par = mono_Par mono_Par_FD mono_Par_DT and monos_Inter = mono_Inter mono_Inter_FD mono_Inter_DT
subsubsection‹Sequential composition›
lemma mono_Seq_FD : ‹P ⊑FD P' ==> Q ⊑FD Q' ==> P ; Q ⊑FD P' ; Q'› by (simp add: refine_defs Seq_projs subset_iff) (metis T_F_spec)
lemma mono_Seq_DT : ‹P ⊑DT P' ==> Q ⊑DT Q' ==> P ; Q ⊑DT P' ; Q'› by (simp add: refine_defs Seq_projs subset_iff) blast
lemma mono_Seq_F_right : ‹Q ⊑F Q' ==> P ; Q ⊑F P ; Q'› by (simp add: failure_refine_def F_Seq) blast
lemma mono_Seq_D_right : ‹Q ⊑D Q' ==> P ; Q ⊑D P ; Q'› by (simp add: divergence_refine_def D_Seq) blast
lemma mono_Seq_T_right : ‹Q ⊑T Q' ==> P ; Q ⊑T P ; Q'› by (simp add: trace_refine_def T_Seq) blast
text‹Left Sequence monotony doesn't hold for term‹(⊑F)›, term‹(⊑D)› and term‹(⊑T)›.›
lemma mono_Hiding_leT_imp_leD : ‹P \ A ⊑D Q \ A›if‹A ≠ {}›and‹P ⊑T Q› proof (unfold divergence_refine_def, rule subsetI) fix s assume‹s ∈D (Q \ A)› thenobtain t u where * : ‹front_tickFree u›‹tickFree t› ‹s = trace_hide t (ev ` A) @ u› ‹t ∈D Q ∨ (∃x. isInfHidden_seqRun x Q A t)› unfolding D_Hiding_seqRun by blast from"*"(4) have‹∃x. isInfHidden_seqRun x P A t› proof (elim disjE exE) assume‹t ∈D Q› from‹A ≠ {}›obtain a where‹a ∈ A›by blast have‹isInfHidden_seqRun (λi. ev a) P A t› proof (intro allI conjI) have‹seqRun t (λi. ev a) i ∈D Q›for i by (induct i) (simp_all add: ‹t ∈D Q› is_processT7 tickFree_seqRun_iff "*"(2)) thus‹seqRun t (λi. ev a) i ∈T P›for i by (meson D_T ‹P ⊑T Q› trace_refine_def subset_iff) next from‹a ∈ A›show‹ev a ∈ ev ` A›by simp qed thus‹∃x. isInfHidden_seqRun x P A t›by blast next show‹isInfHidden_seqRun x Q A t ==>∃x. isInfHidden_seqRun x P A t›for x by (meson ‹P ⊑T Q› trace_refine_def subset_iff) qed with"*"(1, 2, 3) show‹s ∈D (P \ A)›unfolding D_Hiding_seqRun by blast qed
lemma mono_Hiding_F : ‹P \ A ⊑F Q \ A›if‹P ⊑F Q› proof (cases ‹A = {}›) from‹P ⊑F Q›show‹A = {} ==> P \ A ⊑F Q \ A› by (auto simp add: failure_refine_def F_Hiding_seqRun subset_iff
intro: is_processT7 is_processT8) next show‹P \ A ⊑F Q \ A›if‹A ≠ {}› proof (unfold failure_refine_def, safe) fix s X assume‹(s, X) ∈F (Q \ A)› then consider ‹s ∈D (Q \ A)›
| t where‹s = trace_hide t (ev ` A)›‹(t, X ∪ ev ` A) ∈F Q› unfolding F_Hiding_seqRun D_Hiding_seqRun by blast thus‹(s, X) ∈F (P \ A)› proof cases fix t assume‹s = trace_hide t (ev ` A)›‹(t, X ∪ ev ` A) ∈F Q› from‹P ⊑F Q›‹(t, X ∪ ev ` A) ∈F Q›have‹(t, X ∪ ev ` A) ∈F P› unfolding failure_refine_def by blast with‹s = trace_hide t (ev ` A)›show‹(s, X) ∈F (P \ A)› unfolding F_Hiding by blast next from mono_Hiding_leT_imp_leD[OF ‹A ≠ {}›‹P ⊑F Q›[THEN leF_imp_leT]] show‹s ∈D (Q \ A) ==> (s, X) ∈F (P \ A)› by (simp add: divergence_refine_def in_mono is_processT8) qed qed qed
lemma mono_Hiding_T : ‹P \ A ⊑T Q \ A›if‹P ⊑T Q› proof (cases ‹A = {}›) from‹P ⊑T Q›show‹A = {} ==> P \ A ⊑T Q \ A› by (auto simp add: trace_refine_def T_Hiding_seqRun
subset_iff F_T T_F D_T is_processT7) next show‹P \ A ⊑T Q \ A›if‹A ≠ {}› proof (unfold trace_refine_def, rule subsetI) fix s assume‹s ∈T (Q \ A)› then consider ‹s ∈D (Q \ A)›
| t where‹s = trace_hide t (ev ` A)›‹(t, ev ` A) ∈F Q› unfolding T_Hiding_seqRun D_Hiding_seqRun by blast thus‹s ∈T (P \ A)› proof cases fix t assume‹s = trace_hide t (ev ` A)›‹(t, ev ` A) ∈F Q› from‹(t, ev ` A) ∈F Q›have‹t ∈T P› by (meson F_T ‹P ⊑T Q› in_mono trace_refine_def) with inf_hidden consider
t' where‹trace_hide t' (ev ` A) = trace_hide t (ev ` A)›‹(t', ev ` A) ∈F P›
| f where‹isInfHiddenRun f P A ∧ t ∈ range f›by blast thus‹s ∈T (P \ A)› proof cases show‹trace_hide t' (ev ` A) = trace_hide t (ev ` A) ==>
(t', ev ` A) ∈F P ==> s ∈T (P \ A)›for t' by (simp add: T_Hiding_seqRun) (metis ‹s = trace_hide t (ev ` A)›) next show‹isInfHiddenRun f P A ∧ t ∈ range f ==> s ∈T (P \ A)›for f by (simp add: T_Hiding)
(metis T_nonTickFree_imp_decomp ‹s = trace_hide t (ev ` A)› ‹t ∈T P› append_self_conv front_tickFree_Nil tick_T_F) qed next from mono_Hiding_leT_imp_leD[OF ‹A ≠ {}›‹P ⊑T Q›] show‹s ∈D (Q \ A) ==> s ∈T (P \ A)› by (simp add: divergence_refine_def in_mono D_T) qed qed qed
lemma mono_Hiding_FD : ‹P \ A ⊑FD Q \ A›if‹P ⊑FD Q› proof (cases ‹A = {}›) from‹P ⊑FD Q›show‹A = {} ==> P \ A ⊑FD Q \ A› by (simp add: refine_defs F_Hiding_seqRun D_Hiding_seqRun) blast next show‹A ≠ {} ==> P \ A ⊑FD Q \ A› by (unfold failure_divergence_refine_def)
(simp add: ‹P ⊑FD Q› leFD_imp_leF mono_Hiding_F leF_imp_leT mono_Hiding_leT_imp_leD) qed
lemma mono_Hiding_DT : ‹P \ A ⊑DT Q \ A›if‹P ⊑DT Q› proof (cases ‹A = {}›) from‹P ⊑DT Q›show‹A = {} ==> P \ A ⊑DTQ\ A› by (auto simp add: refine_defs T_Hiding_seqRun D_Hiding_seqRun F_T T_F in_mono) next show‹A ≠ {} ==> P \ A ⊑DT Q \ A› by (unfold trace_divergence_refine_def)
(simp add: ‹P ⊑DT Q› leDT_imp_leT mono_Hiding_T mono_Hiding_leT_imp_leD) qed
text‹Obviously, Hide monotony doesn't hold for term‹(⊑D)›.›
lemma mono_Mprefix_FD : ‹(∧a. a ∈ A ==> P a ⊑FD Q a) ==> Mprefix A P ⊑FD Mprefix A Q› and mono_Mprefix_DT : ‹(∧a. a ∈ A ==> P a ⊑DT Q a) ==> Mprefix A P ⊑DT Mprefix A Q› and mono_Mprefix_F : ‹(∧a. a ∈ A ==> P a ⊑F Q a) ==> Mprefix A P ⊑F Mprefix A Q› and mono_Mprefix_T : ‹(∧a. a ∈ A ==> P a ⊑T Q a) ==> Mprefix A P ⊑T Mprefix A Q› and mono_Mprefix_D : ‹(∧a. a ∈ A ==> P a ⊑D Q a) ==> Mprefix A P ⊑D Mprefix A Q› by (simp add: refine_defs Mprefix_projs, blast)+
corollary mono_read_FD : ‹(∧a. a ∈ A ==> P a ⊑FD Q a) ==> (c?a∈A → P a) ⊑FD (c?a∈A →Q a)› and mono_read_DT : ‹(∧a. a ∈ A ==> P a ⊑DT Q a) ==> (c?a∈A → P a) ⊑DT (c?a∈A → Q a)› and mono_read_F : ‹(∧a. a ∈ A ==> P a ⊑F Q a) ==> (c?a∈A → P a) ⊑F (c?a∈A → Q a)› and mono_read_T : ‹(∧a. a ∈ A ==> P a ⊑T Q a) ==> (c?a∈A → P a) ⊑T (c?a∈A → Q a)› and mono_read_D : ‹(∧a. a ∈ A ==> P a ⊑D Q a) ==> (c?a∈A → P a) ⊑D (c?a∈A → Q a)› unfolding read_def by (simp_all add: monos_Mprefix inv_into_into)
lemma mono_Mndetprefix_FD : ‹(∧a. a ∈ A ==> P a ⊑FD Q a) ==> Mndetprefix A P ⊑FD Mndetprefix A Q› and mono_Mndetprefix_DT : ‹(∧a. a ∈ A ==> P a ⊑DT Q a) ==> Mndetprefix A P ⊑DT Mndetprefix A Q› and mono_Mndetprefix_F : ‹(∧a. a ∈ A ==> P a ⊑F Q a) ==> Mndetprefix A P ⊑F Mndetprefix A Q› and mono_Mndetprefix_T : ‹(∧a. a ∈ A ==> P a ⊑T Q a) ==> Mndetprefix A P ⊑T Mndetprefix A Q› and mono_Mndetprefix_D : ‹(∧a. a ∈ A ==> P a ⊑D Q a) ==> Mndetprefix A P ⊑D Mndetprefix A Q› by (simp add: refine_defs Mndetprefix_projs, blast)+
corollary mono_ndet_write_FD : ‹(∧a. a ∈ A ==> P a ⊑FD Q a) ==> (c!!a∈A → P a) ⊑FD (c!!a∈A → Q a)› and mono_ndet_write_DT : ‹(∧a. a ∈ A ==> P a ⊑DT Q a) ==> (c!!a∈A → P a) ⊑DT (c!!a∈A→ Q a)› and mono_ndet_write_F : ‹(∧a. a ∈ A ==> P a ⊑F Q a) ==> (c!!a∈A → P a) ⊑F (c!!a∈A → Q a)› and mono_ndet_write_T : ‹(∧a. a ∈ A ==> P a ⊑T Q a) ==> (c!!a∈A → P a) ⊑T (c!!a∈A → Q a)› and mono_ndet_write_D : ‹(∧a. a ∈ A ==> P a ⊑D Q a) ==> (c!!a∈A → P a) ⊑D (c!!a∈A → Q a)› unfolding ndet_write_def by (simp_all add: monos_Mndetprefix inv_into_into)
lemma Mndetprefix_FD_Mprefix : ‹Mndetprefix A P ⊑FD Mprefix A P› and Mndetprefix_DT_Mprefix : ‹Mndetprefix A P ⊑DT Mprefix A P› and Mndetprefix_F_Mprefix : ‹Mndetprefix A P ⊑F Mprefix A P› and Mndetprefix_T_Mprefix : ‹Mndetprefix A P ⊑T Mprefix A P› and Mndetprefix_D_Mprefix : ‹Mndetprefix A P ⊑D Mprefix A P› by (simp_all add: refine_defs Mprefix_projs Mndetprefix_projs) blast+
corollary ndet_write_FD_read : ‹ndet_write c A P ⊑FD read c A P› and ndet_write_DT_read : ‹ndet_write c A P ⊑DT read c A P› and ndet_write_F_read : ‹ndet_write c A P ⊑F read c A P› and ndet_write_T_read : ‹ndet_write c A P ⊑T read c A P› and ndet_write_D_read : ‹ndet_write c A P ⊑D read c A P› by (simp_all add: read_def ndet_write_def Mndetprefix_le_Mprefix)
lemma Mndetprefix_FD_subset : ‹A ≠ {} ==> A ⊆ B ==> Mndetprefix B P ⊑FD Mndetprefix A P› and Mndetprefix_DT_subset : ‹A ⊆ B ==> Mndetprefix B P ⊑DT Mndetprefix A P› and Mndetprefix_F_subset : ‹A ≠ {} ==> A ⊆ B ==> Mndetprefix B P ⊑F Mndetprefix A P› and Mndetprefix_T_subset : ‹A ⊆ B ==> Mndetprefix B P ⊑T Mndetprefix A P› and Mndetprefix_D_subset : ‹A ⊆ B ==> Mndetprefix B P ⊑D Mndetprefix A P› by (auto simp add: refine_defs Mndetprefix_projs)
lemma ndet_write_FD_subset : ‹A ≠ {} ==> (c!!b∈B → P b) ⊑FD (c!!a∈A → P a)› and ndet_write_DT_subset : ‹(c!!b∈B → P b) ⊑DT (c!!a∈A → P a)› and ndet_write_F_subset : ‹A ≠ {} ==> (c!!b∈B → P b) ⊑F (c!!a∈A → P a)› and ndet_write_T_subset : ‹(c!!b∈B → P b) ⊑T (c!!a∈A → P a)› and ndet_write_D_subset : ‹(c!!b∈B → P b) ⊑D (c!!a∈A → P a)› if‹inj_on c B›and‹A ⊆ B› proof - have * : ‹(P ∘ inv_into B c) x = (P ∘ inv_into A c) x›if‹x ∈ c ` A›for x proof - from‹x ∈ c ` A›obtain a where‹a ∈ A›‹x = c a›by blast from‹a ∈ A›‹A ⊆ B›have‹a ∈ B›by blast from‹A ⊆ B›‹inj_on c B› inj_on_subset have‹inj_on c A›by blast from‹a ∈ A›‹x = c a›‹inj_on c A›have‹(inv_into A c) x = a›by simp moreoverfrom‹a ∈ B›‹x = c a›‹inj_on c B›have‹(inv_into B c) x = a›by simp ultimatelyshow‹(P ∘ inv_into B c) x = (P ∘ inv_into A c) x›by simp qed show‹A ≠ {} ==> (c!!b∈B → P b) ⊑FD (c!!a∈A → P a)› by (metis ‹A ⊆ B›"*" Mndetprefix_FD_subset empty_is_image
image_mono mono_Mndetprefix_eq ndet_write_def) show‹(c!!b∈B → P b) ⊑DT (c!!a∈A → P a)› by (metis ‹A ⊆ B›"*" Mndetprefix_DT_subset
image_mono mono_Mndetprefix_eq ndet_write_def) show‹A ≠ {} ==> (c!!b∈B → P b) ⊑F (c!!a∈A → P a)› by (metis ‹A ⊆ B›"*" Mndetprefix_F_subset empty_is_image
image_mono mono_Mndetprefix_eq ndet_write_def) show‹(c!!b∈B → P b) ⊑T (c!!a∈A → P a)› by (metis ‹A ⊆ B›"*" Mndetprefix_T_subset
image_mono mono_Mndetprefix_eq ndet_write_def) show‹(c!!b∈B → P b) ⊑D (c!!a∈A → P a)› by (metis ‹A ⊆ B›"*" Mndetprefix_D_subset
image_mono mono_Mndetprefix_eq ndet_write_def) qed
lemma Mndetprefix_FD_write0 : ‹Mndetprefix A P ⊑FD (a → P a)› and Mndetprefix_DT_write0 : ‹Mndetprefix A P ⊑DT (a → P a)› and Mndetprefix_F_write0 : ‹Mndetprefix A P ⊑F (a → P a)› and Mndetprefix_T_write0 : ‹Mndetprefix A P ⊑T (a → P a)› and Mndetprefix_D_write0 : ‹Mndetprefix A P ⊑D (a → P a)›if‹a ∈ A› by (rule Mndetprefix_le_subset[of ‹{a}›, simplified, OF ‹a ∈ A›])+
lemma Mprefix_DT_subset : ‹A ⊆ B ==> Mprefix B P ⊑DT Mprefix A P› and Mprefix_T_subset : ‹A ⊆ B ==> Mprefix B P ⊑T Mprefix A P› and Mprefix_D_subset : ‹A ⊆ B ==> Mprefix B P ⊑D Mprefix A P› by (auto simp add: refine_defs Mprefix_projs)
text‹Mprefix set monotony doesn't hold for term‹(⊑F)› and term‹(⊑FD)›
where it holds for deterministic choice.›
lemma read_DT_subset : ‹(c?b∈B → P b) ⊑DT (c?a∈A → P a)› and read_T_subset : ‹(c?b∈B → P b) ⊑T (c?a∈A → P a)› and read_D_subset : ‹(c?b∈B → P b) ⊑D (c?a∈A → P a)› if‹inj_on c B›and‹A ⊆ B› proof - have * : ‹(P ∘ inv_into B c) x = (P ∘ inv_into A c) x›if‹x ∈ c ` A›for x proof - from‹x ∈ c ` A›obtain a where‹a ∈ A›‹x = c a›by blast from‹a ∈ A›‹A ⊆ B›have‹a ∈ B›by blast from‹A ⊆ B›‹inj_on c B› inj_on_subset have‹inj_on c A›by blast from‹a ∈ A›‹x = c a›‹inj_on c A›have‹(inv_into A c) x = a›by simp moreoverfrom‹a ∈ B›‹x = c a›‹inj_on c B›have‹(inv_into B c) x = a›by simp ultimatelyshow‹(P ∘ inv_into B c) x = (P ∘ inv_into A c) x›by simp qed show‹(c?b∈B → P b) ⊑DT (c?a∈A → P a)› by (metis ‹A ⊆ B›"*" Mprefix_DT_subset image_mono mono_Mprefix_eq read_def) show‹(c?b∈B → P b) ⊑T (c?a∈A → P a)› by (metis ‹A ⊆ B›"*" Mprefix_T_subset image_mono mono_Mprefix_eq read_def) show‹(c?b∈B → P b) ⊑D (c?a∈A → P a)› by (metis ‹A ⊆ B›"*" Mprefix_D_subset image_mono mono_Mprefix_eq read_def) qed
subsection‹Monotony Properties›
subsubsection‹ Non Deterministic Choice Operator Laws ›
lemma Ndet_FD_self_left : ‹P ⊓ Q ⊑FD P› and Ndet_DT_self_left : ‹P ⊓ Q ⊑DT P› and Ndet_F_self_left : ‹P ⊓ Q ⊑F P› and Ndet_T_self_left : ‹P ⊓ Q ⊑T P› and Ndet_D_self_left : ‹P ⊓ Q ⊑D P› and Ndet_FD_self_right : ‹P ⊓ Q ⊑FD Q› and Ndet_DT_self_right : ‹P ⊓ Q ⊑DT Q› and Ndet_F_self_right : ‹P ⊓ Q ⊑F Q› and Ndet_T_self_right : ‹P ⊓ Q ⊑T Q› and Ndet_D_self_right : ‹P ⊓ Q ⊑D Q› by (simp_all add: refine_defs Ndet_projs)
subsubsection‹ Refinements and Constant Processes ›
lemma STOP_T_iff: ‹STOP ⊑T P ⟷ P = STOP› by (metis STOP_iff_T insert_absorb is_processT1_TR subset_singleton_iff trace_refine_def)
lemma STOP_F_iff: ‹STOP ⊑F P ⟷ P = STOP› using STOP_T_iff idem_F leF_imp_leT by blast
lemma STOP_FD_iff: ‹STOP ⊑FD P ⟷ P = STOP› using STOP_F_iff leFD_imp_leF by blast
lemma STOP_DT_iff: ‹STOP ⊑DT P ⟷ P = STOP› using STOP_T_iff idem_DT leDT_imp_leT by blast
lemma SKIP_FD_iff: ‹SKIP r ⊑FD P ⟷ P = SKIP r›for P :: ‹('a, 'r) processptick› proof (rule iffI) show‹P = SKIP r ==> SKIP r ⊑FD P›by simp next show‹P = SKIP r›if‹SKIP r ⊑FD P› proof (rule FD_antisym[OF _ ‹SKIP r ⊑FD P›]) show‹P ⊑FD SKIP r› proof (rule failure_divergence_refineI) from‹SKIP r ⊑FD P›show‹s ∈D (SKIP r) ==> s ∈D P›for s by (simp add: refine_defs D_SKIP) next fix s :: ‹('a, 'r) traceptick›and X assume‹(s, X) ∈F (SKIP r)› then consider ‹s = []›‹🍋(r) ∉ X› | ‹s = [🍋(r)]›unfolding F_SKIP by blast thus‹(s, X) ∈F P› proof cases from‹SKIP r ⊑FD P›show‹s = [] ==>🍋(r) ∉ X ==> (s, X) ∈F P› by (simp add: refine_defs F_SKIP D_SKIP subset_iff)
(metis T_F append_Nil is_processT1_TR is_processT5_S7 is_processT6_TR_notin not_Cons_self2) next from‹SKIP r ⊑FD P›show‹s = [🍋(r)] ==> (s, X) ∈F P› by (simp add: refine_defs F_SKIP D_SKIP subset_iff)
(metis (no_types) Int_insert_right_if0 is_processT1 list.simps(15) non_tickFree_tick
tickFree_Nil tickFree_def tick_T_F trace_tick_continuation_or_all_tick_failuresE) qed qed qed qed
lemma SKIP_F_iff: ‹SKIP r ⊑F P ⟷ P = SKIP r› proof (rule iffI) show‹P = SKIP r ==> SKIP r ⊑F P›by simp next assume‹SKIP r ⊑F P› hence‹SKIP r ⊑D P› by (simp add: failure_refine_def divergence_refine_def subset_iff F_SKIP D_SKIP)
(metis append_Nil equals0I insertI1 is_processT8 is_processT9 list.distinct(1)) with‹SKIP r ⊑F P›have‹SKIP r ⊑FD P›by (unfold failure_divergence_refine_def) simp thus‹P = SKIP r›by (fact SKIP_FD_iff[THEN iffD1]) qed
(* TODO: prove a new version of this result, should be something like andmoveit \<open>P\<^bold>;Q=SKIPr\<longleftrightarrow>\<exists>S.(P=\<sqinter>s\<in>S.SKIPs)\<and>(\<forall>s\<in>S.Qs=SKIPr)\<close>
lemmaSeq_is_SKIP_iff:\<open>P\<^bold>;Q=SKIPr\<longleftrightarrow>(\<exists>s.P=SKIPs\<and>Qs=SKIPr)\<close> proof(introiffI) show\<open>\<exists>s.P=SKIPs\<and>Qs=SKIPr\<Longrightarrow>P\<^bold>;Q=SKIPr\<close> by(elimexE)(simpadd:SKIP_Seq) next assume\<open>P\<^bold>;Q=SKIPr\<close>
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
