is well known that simultaneous broadcast has the effect of making \emph{common knowledge}; roughly put, the agents all learn
same things at the same time as the system evolves, so the
amongst the agents' states of knowledge never becomes more
than it is in the initial state 🍋‹‹Chapter~6› in "FHMV:1995"›. For this reason we might hope to find
-state implementations of JKBPs in broadcast environments.
broadcast assumption by itself is insufficient in general, however 🍋‹‹\S7› in "Ron:1996"›, and so we need to further constrain the
. Here we require that for each canonical trace the JKBP
at most one action. In practice this constraint is easier
verify than the circularity would suggest; we return to this point
the end of this section.
+ fixes agents :: "'a odlist" fixes envObsC :: "'es ==> 'cobs" defines"envObs a s ≡ (envObsC (es s), ODList.lookup (ps s) a)" assumes agents: "ODList.toSet agents = UNIV" assumes envTrans: "∀s s' a eact eact' aact aact'. ODList.lookup (ps s) a = ODList.lookup (ps s') a ∧ aact a = aact' a ⟶ ODList.lookup (ps (envTrans eact aact s)) a = ODList.lookup (ps (envTrans eact' aact' s')) a" assumes jkbpDet: "∀a. ∀t ∈ SPR.jkbpC. length (jAction SPR.MC t a) ≤ 1" text_raw‹ \end{isabellebody}% \caption{Finite broadcast environments with a deterministic JKBP.} \label{fig:kbps-theory-det-broadcast-envs}
end{figure}
\<close>(*<*)
instantiation BEState_ext :: (linorder, linorder, linorder, linorder) linorder begin
definition less_eq_BEState_ext where"x ≤ y ≡ es x < es y ∨ (es x = es y ∧ (ps x < ps y ∨ (ps x = ps y ∧ more x ≤more y)))"
definition less_BEState_ext where"x < y ≡ es x < es y ∨ (es x = es y ∧ (ps x < ps y ∨ (ps x = ps y ∧ more x < more y)))"
instance apply intro_classes apply (unfold less_eq_BEState_ext_def less_BEState_ext_def) apply auto done
end
instance BEState_ext :: ("{finite, linorder}", finite, "{finite, linorder}", finite) finite proof let ?U = "UNIV :: ('a, 'b, 'c, 'd) BEState_ext set"
{ fix x :: "('a, 'b, 'c, 'd) BEState_scheme" have"∃a b c. x = BEState_ext a b c" by (cases x) simp
} thenhave U: "?U = (λ((a, b), c). BEState_ext a b c) ` ((UNIV × UNIV) × UNIV)" by (auto simp add: Set.image_def) show"finite ?U"by (simp add: U) qed
(*>*) text‹
encode our expectations of the scenario in the @{term
FiniteBroadcastEnvironment"} locale of
~\ref{fig:kbps-theory-det-broadcast-envs}. The broadcast is
by having all agents make the same common observation of the
state of type @{typ "'es"}. We also allow each agent to
a private state of type @{typ "'ps"}; that other agents
influence it or directly observe it is enforced by the ‹envTrans› and the definition of @{term "envObs"}.
do however allow the environment's protocol to be non-deterministic
a function of the entire system state, including private states.
seek a suitable simulation space by considering what determines an
's knowledge. Intuitively any set of traces that is relevant to
agents' states of knowledge with respect to @{term "t ∈ jkbpC"}
include only those with the same common observation as @{term
t"}:
this is an abstraction of the SPR jview of the given trace.
›
lemma spr_jview_tObsC: assumes"spr_jview a t = spr_jview a t'" shows"tObsC t = tObsC t'" (*<*) using SPR.sync[rule_format, OF assms] assms by (induct rule: trace_induct2) (auto simp: envObs_def tObsC_def)
lemma tObsC_tLength: "tObsC t = tObsC t' ==> tLength t = tLength t'" unfolding tObsC_def by (rule tMap_eq_imp_tLength_eq)
lemma tObsC_tStep_eq_inv: "tObsC t' = tObsC (t ↝ s) ==>∃t'' s'. t' = t'' ↝ s'" unfolding tObsC_def by auto
lemma tObsC_initial[iff]: "tFirst (tObsC t) = envObsC (es (tFirst t))" "tObsC (tInit s) = tInit (envObsC (es s))" "tObsC t = tInit cobs ⟷ (∃s. t = tInit s ∧ envObsC (es s) = cobs)" unfolding tObsC_def by simp_all
lemma spr_tObsC_trc_aux: assumes"(t, t') ∈ (∪a. relations SPR.MC a)*" shows"tObsC t = tObsC t'" using assms apply (induct) apply simp apply clarsimp apply (rule_tac a=x in spr_jview_tObsC) apply simp done
lemma spr_jview_tObsC_trans: "[spr_jview a t = spr_jview a t'; spr_jview a' t' = spr_jview a' t''] ==> tObsC t = tObsC t''" by (fastforce dest: spr_jview_tObsC)
(*>*) text‹
the single-agent case of \S\ref{sec:kbps-spr-single-agent}, it
not sufficient for a simulation to record only the final states; we
to relate the initial private states of the agents with the final
they consider possible, as the initial states may contain
that is not common knowledge. This motivates the following
:
›
definition
tObsC_abs :: "('a, 'es, 'as) BEState Trace ==> ('a, 'es, 'as) BEState Relation" where "tObsC_abs t ≡ { (tFirst t', tLast t') |t'. t' ∈ SPR.jkbpC ∧ tObsC t' = tObsC t}" (*<*) lemma tObsC_abs_jview_eq[dest]: "spr_jview a t' = spr_jview a t ==> tObsC_abs t = tObsC_abs t'" unfolding tObsC_abs_def by (fastforce dest: spr_jview_tObsC)
lemma tObsC_abs_tObsC_eq[dest]: "tObsC t' = tObsC t ==> tObsC_abs t = tObsC_abs t'" unfolding tObsC_abs_def by (fastforce dest: spr_jview_tObsC)
lemma spr_jview_tObsCI: assumes tt': "tObsC t = tObsC t'" and first: "envObs a (tFirst t) = envObs a (tFirst t')" and"tMap (λs. ODList.lookup (ps s) a) t = tMap (λs. ODList.lookup (ps s) a) t'" shows"spr_jview a t = spr_jview a t'" using tObsC_tLength[OF tt'] assms by (induct rule: trace_induct2, auto iff: tObsC_def envObs_def spr_jview_def)
lemma tObsC_absI[intro]: "[ t' ∈ SPR.jkbpC; tObsC t' = tObsC t; u = tFirst t'; v = tLast t' ] ==> (u, v) ∈ tObsC_abs t" unfolding tObsC_abs_def by blast
lemma tObsC_abs_conv: "(u, v) ∈ tObsC_abs t ⟷ (∃t'. t' ∈ SPR.jkbpC ∧ tObsC t' = tObsC t ∧ u = tFirst t' ∧ v = tLast t')" unfolding tObsC_abs_def by blast
associated Kripke structure relates two worlds for an agent if the
's observation on the the first and last states corresponds, and
worlds have the same common observation relation. As always, we
propositions on the final state of the trace.
›
definition
spr_simRels :: "'a ==> ('a, 'es, 'as) spr_simWorld Relation" where "spr_simRels ≡ λa. { (s, s') |s s'. envObs a (sprFst s) = envObs a (sprFst s') ∧ envObs a (sprLst s) = envObs a (sprLst s') ∧ sprCRel s = sprCRel s' }"
lemma envDetJKBP': assumes tCn: "t ∈ SPR.jkbpCn n" and aact: "act ∈ set (jAction (SPR.MCn n) t a)" shows"jAction (SPR.MCn n) t a = [act]" using jkbpDet[rule_format, where t=t and a=a] assms apply - apply (cases "jAction SPR.MC t a") apply (auto iff: SPR.jkbpC_jkbpCn_jAction_eq[OF tCn] dest: SPR.jkbpCn_jkbpC_inc) done
(*>*) text‹
the properties of a simulation are easy to show for @{term
spr_sim"} except for reverse simulation.
critical lemma states that if we have two traces that yield the
common observations, and an agent makes the same observation on
initial states, then that agent's private states at each point
the two traces are identical.
›
lemma spr_jview_det_ps: assumes tt'C: "{t, t'} ⊆ SPR.jkbpC" assumes obsCtt': "tObsC t = tObsC t'" assumes first: "envObs a (tFirst t) = envObs a (tFirst t')" shows"tMap (λs. ODList.lookup (ps s) a) t = tMap (λs. ODList.lookup (ps s) a) t'" (*<*) using tObsC_tLength[OF obsCtt'] first tt'C obsCtt' proof(induct rule: trace_induct2) case (tInit s s') thus ?case by (simp add: envObs_def) next case (tStep s s' t t') from tStep have ts: "t ↝ s ∈ SPR.jkbpCn (tLength (t ↝ s))" and t's': "t' ↝ s' ∈ SPR.jkbpCn (tLength (t' ↝ s'))" by blast+ from tStep have jvtt': "spr_jview a t = spr_jview a t'" by - (rule spr_jview_tObsCI, auto) with tStep have jatt': "jAction (SPR.MCn (tLength t)) t a = jAction (SPR.MCn (tLength t')) t' a" apply - apply simp apply (rule S5n_jAction_eq) apply blast unfolding SPR.mkM_def apply auto done from jvtt' have tt'Last: "ODList.lookup (ps (tLast t)) a = ODList.lookup (ps (tLast t')) a" by (auto simp: envObs_def) from ts obtain eact aact where aact: "∀a. aact a ∈ set (jAction (SPR.MCn (tLength t)) t a)" and s: "s = envTrans eact aact (tLast t)" by (auto iff: Let_def) from t's' obtain eact' aact' where aact': "∀a. aact' a ∈ set (jAction (SPR.MCn (tLength t')) t' a)" and s': "s' = envTrans eact' aact' (tLast t')" by (auto iff: Let_def) from tStep have tCn: "t ∈ SPR.jkbpCn (tLength t)"by auto from aact obtain act where act: "jAction (SPR.MCn (tLength t)) t a = [act]" using envDetJKBP'[OF tCn, where a=a and act="aact a"] by auto hence"jAction (SPR.MCn (tLength t')) t' a = [act]" by (simp only: jatt') with act aact aact' have"aact a = aact' a" by (auto elim!: allE[where x=a]) with agents tt'Last s s' have"ODList.lookup (ps s) a = ODList.lookup (ps s') a" by (simp add: envTrans) moreover from tStep have"tMap (λs. ODList.lookup (ps s) a) t = tMap (λs. ODList.lookup (ps s) a) t'" by auto moreover from tStep have"envObsC (es s) = envObsC (es s')" unfolding tObsC_def by simp ultimatelyshow ?caseby simp qed
lemma spr_sim_r: "sim_r SPR.MC spr_simMC spr_sim" proof(rule sim_rI) fix a p q' assume pT: "p ∈ worlds SPR.MC" and fpq': "(spr_sim p, q') ∈ relations spr_simMC a" from fpq' obtain uq fq vq where q': "q' = ( sprFst = uq, sprLst = vq, sprCRel = tObsC_abs p )" and uq: "envObs a (tFirst p) = envObs a uq" and vq: "envObs a (tLast p) = envObs a vq" unfolding mkKripke_def spr_sim_def spr_simRels_def by fastforce
from fpq' have"q' ∈ worlds spr_simMC"by simp with q' have"(uq, vq) ∈ tObsC_abs p" using spr_sim_tFirst_tLast[where s=q'] apply auto done thenobtain t where tT: "t ∈ SPR.jkbpC" and tp: "tObsC t = tObsC p" and tuq: "tFirst t = uq" and tvq: "tLast t = vq" by (auto iff: tObsC_abs_conv)
from pT tT tp tuq uq have"tMap (λs. ODList.lookup (ps s) a) p = tMap (λs. ODList.lookup (ps s) a) t" by (auto intro: spr_jview_det_ps) with tp tuq uq have"spr_jview a p = spr_jview a t" by (auto intro: spr_jview_tObsCI)
with pT tT have pt: "(p, t) ∈ relations SPR.MC a" unfolding SPR.mkM_def by simp from q' uq vq tp tuq tvq have ftq': "spr_sim t = q'" unfolding spr_sim_def by auto from pt ftq' show"∃q. (p, q) ∈ relations SPR.MC a ∧ spr_sim q = q'" by blast qed
(*>*) text‹
proof proceeds by lock-step induction over @{term "t"} and @{term
t'"}, appealing to the @{term "jkbpDet"} assumption, the definition
@{term "envObs"} and the constraint @{term "envTrans"}.
is then a short step to showing reverse simulation, and hence
:
›
lemma spr_sim: "sim SPR.MC spr_simMC spr_sim" (*<*) using spr_sim_range spr_simVal spr_sim_f spr_sim_r unfolding sim_def by blast (*>*)
before we canonically represent the quotient of the simulated
@{typ "('a, 'es, 'as) spr_simWorld"} under @{term
spr_simRels"} using ordered, distinct lists. In particular, we use
type @{typ "('a × 'a) odlist"} (abbreviated @{typ "'a
"}) to canonically represent relations.
@{term "X"} represents a simulated equivalence class for
{term "t ∈ jkbpC"}, we can decompose @{term "spr_simAbs X"} in terms
@{term "tObsC_abs t"} and @{term "agent_abs t"}:
›
definition
agent_abs :: "'a ==> ('a, 'es, 'as) BEState Trace ==> ('a, 'es, 'as) BEState Relation" where "agent_abs a t ≡ { (tFirst t', tLast t') |t'. t' ∈ SPR.jkbpC ∧ spr_jview a t' = spr_jview a t }" (*<*)
lemma agent_absI[intro]: "[ spr_jview a t' = spr_jview a t; t' ∈ SPR.jkbpC; t ∈ SPR.jkbpC ] ==> (tFirst t', tLast t') ∈ agent_abs a t" unfolding agent_abs_def by auto
lemma spr_simAbs_refl: assumes tC: "t ∈ SPR.jkbpC" and ec: "spr_simAbs ec = SPRdet.sim_equiv_class a t" shows"spr_sim t ∈ spr_simAbs ec" using assms by simp
lemma spr_simAbs_tObsC_abs[simp]: assumes tC: "t ∈ SPR.jkbpC" and ec: "spr_simAbs ec = SPRdet.sim_equiv_class a t" shows"toSet (fst ec) = tObsC_abs t" using tC spr_simAbs_refl[OF tC ec] unfolding spr_sim_def spr_simAbs_def by auto
representation is canonical on the domain of interest (though not
general):
›
lemma spr_simAbs_inj_on: "inj_on spr_simAbs { x . spr_simAbs x ∈ SPRdet.jkbpSEC }" (*<*) proof(rule inj_onI) fix x y assume x: "x ∈ { x . spr_simAbs x ∈ SPRdet.jkbpSEC }" and y: "y ∈ { x . spr_simAbs x ∈ SPRdet.jkbpSEC }" and xy: "spr_simAbs x = spr_simAbs y" from x obtain a t where tC: "t ∈ SPR.jkbpC" and ec: "spr_simAbs x = SPRdet.sim_equiv_class a t" by auto from spr_simAbs_tObsC_abs[OF tC ec] spr_simAbs_tObsC_abs[OF tC trans[OF xy[symmetric] ec], symmetric] have"fst x = fst y"by (blast intro: injD[OF toSet_inj]) moreover from spr_simAbs_agent_abs[OF tC ec] spr_simAbs_agent_abs[OF tC trans[OF xy[symmetric] ec], symmetric] have"snd x = snd y"by (blast intro: injD[OF toSet_inj]) ultimatelyshow"x = y"by (simp add: prod_eqI) qed
(*>*) text‹
following sections make use of a Kripke structure constructed over
{term "tObsC_abs t"} for some canonical trace @{term "t"}. Note that
use the relation in the generated code.
lemma spr_repMC_kripke[intro, simp]: "kripke (spr_repMC X)" by (rule kripkeI) simp
lemma spr_repMC_S5n[intro, simp]: "S5n (spr_repMC X)" unfolding spr_repRels_def by (intro S5nI equivI refl_onI symI transI) auto
(*>*) text‹
before we can show that this Kripke structure is adequate for a
canonical trace @{term "t"} by showing that it simulates
{term "spr_repMC"} We introduce an intermediate structure:
before we define a set of constants that satisfy the ‹Algorithm› locale given the assumptions of the @{term
FiniteDetBroadcastEnvironment"} locale.
›
(* **************************************** *)
subsubsection‹Initial states›
text‹
initial states for agent @{term "a"} given an initial observation
{term "iobs"} consist of the set of states that yield a common
consonant with @{term "iobs"} paired with the set of
where @{term "a"} observes @{term "iobs"}:
›
definition (in -)
spr_simInit :: "('a, 'es, 'as) BEState list ==> ('es ==> 'cobs) ==> ('a ==> ('a, 'es, 'as) BEState ==> 'cobs × 'obs) ==> 'a ==> ('cobs × 'obs) ==> ('a :: linorder, 'es :: linorder, 'as :: linorder) spr_simWorldsRep" where "spr_simInit envInit envObsC envObs ≡ λa iobs. (ODList.fromList [ (s, s). s ← envInit, envObsC (es s) = fst iobs ], ODList.fromList [ (s, s). s ← envInit, envObs a s = iobs ])" (*<*)
knowledge operation computes the subset of possible worlds @{term
cec"} that yield the same observation as @{term "s"} for agent @{term
a"}:
›
definition (in -)
spr_knowledge :: "('a ==> ('a::linorder, 'es::linorder, 'as::linorder) BEState ==> 'cobs × 'as option) ==> ('a, 'es, 'as) BEState odrelation ==> 'a ==> ('a, 'es, 'as) spr_simWorlds ==> ('a, 'es, 'as) spr_simWorldsECRep" where "spr_knowledge envObs cec ≡ λa s. ODList.fromList [ s' . s' ← toList cec, (s, s') ∈ spr_repRels envObs a ]" (*<*)
(* We need to avoid the explicit enumeration of the set in spr_repRels. *)
declare (in -) spr_knowledge_def[code del]
lemma (in -) [code]: "spr_knowledge envObs cec = (λa s. ODList.fromList [ s' . s' ← toList cec, envObs a (fst s) = envObs a (fst s') ∧ envObs a (snd s) = envObs a (snd s') ])" unfolding spr_knowledge_def spr_repRels_def by (simp add: split_def)
(*>*) text‹
the common knowledge operation computes the transitive 🍋‹"AFP:TRANCL"› of the union of the knowledge relations for
agents ‹as›:
›
definition (in -)
spr_commonKnowledge :: "('a ==> ('a::linorder, 'es::linorder, 'as::linorder) BEState ==> 'cobs × 'as option) ==> ('a, 'es, 'as) BEState odrelation ==> 'a list ==> ('a, 'es, 'as) spr_simWorlds ==> ('a, 'es, 'as) spr_simWorldsECRep" where "spr_commonKnowledge envObs cec ≡ λas s. let r = λa. ODList.fromList [ (s', s'') . s' ← toList cec, s'' ← toList cec, (s', s'') ∈ spr_repRels envObs a ]; R = toList (ODList.big_union r as) in ODList.fromList (memo_list_trancl R s)" (*<*)
(* We need to avoid the explicit enumeration of the set in spr_repRels. *)
declare (in -) spr_commonKnowledge_def[code del]
lemma (in -) [code]: "spr_commonKnowledge envObs cec = (λas s. let r = λa. ODList.fromList [ (s', s'') . s' ← toList cec, s'' ← toList cec, envObs a (fst s') = envObs a (fst s'') ∧ envObs a (snd s') = envObs a (snd s'') ]; R = toList (ODList.big_union r as) in ODList.fromList (memo_list_trancl R s))" unfolding spr_commonKnowledge_def spr_repRels_def by (simp add: split_def)
(*>*) text‹
evaluation function evaluates a subjective knowledge formula on
representation of an equivalence class:
the above result about evaluation, we can relate ‹spr_simAction› to @{term "jAction"}. Firstly, ‹spr_simAction› behaves the same as @{term "jAction"} using the
{term "spr_repMC"} structure:
lemma spr_submodel_aux: assumes tC: "t ∈ SPR.jkbpC" and s: "s ∈ worlds (spr_simMCt t)" shows"gen_model SPRdet.MCS s = gen_model (spr_simMCt t) s" proof(rule gen_model_subset[where T="spr_jkbpCSt t"]) fix a let ?X = "spr_sim ` { t' . t' ∈ SPR.jkbpC ∧ tObsC t = tObsC t' }" show"relations SPRdet.MCS a ∩ ?X × ?X = relations (spr_simMCt t) a ∩ ?X × ?X" by (simp add: Int_ac Int_absorb1
relation_mono[OF jkbpCSt_jkbpCS_subset jkbpCSt_jkbpCS_subset]) next let ?X = "spr_sim ` { t' . t' ∈ SPR.jkbpC ∧ tObsC t = tObsC t' }" from s show"(∪a. relations (spr_simMCt t) a)* `` {s} ⊆ ?X" apply (clarsimp simp del: mkKripke_simps) apply (erule (1) kripke_rels_trc_worlds) apply auto done next let ?Y = "{ t' . t' ∈ SPR.jkbpC ∧ tObsC t = tObsC t' }" let ?X = "spr_sim ` ?Y" from s obtain t' where st': "s = spr_sim t'" and t'C: "t' ∈ SPR.jkbpC" and t'O: "tObsC t = tObsC t'" by fastforce
{ fix t'' assume tt': "(t', t'') ∈ (∪a. relations SPR.MC a)*" from t'C tt' have t''C: "t'' ∈ SPR.jkbpC" by - (erule kripke_rels_trc_worlds, simp_all) from t'O tt' have t''O: "tObsC t = tObsC t''" by (simp add: spr_tObsC_trc_aux) from t''C t''O have"t'' ∈ ?Y"by simp } hence"(∪a. relations SPR.MC a)* `` {t'} ⊆ ?Y" by clarsimp hence"spr_sim ` ((∪a. relations SPR.MC a)* `` {t'}) ⊆ ?X" by (rule image_mono) with st' t'C show"(∪a. relations SPRdet.MCS a)* `` {s} ⊆ ?X" using sim_trc_commute[OF SPR.mkM_kripke spr_sim, where t=t'] by simp qed (insert s, auto)
(*>*) text‹
can connect the agent's choice of actions on the ‹spr_repMC› structure to those on the ‹SPR.MC› structure
our earlier results about actions being preserved by generated
and simulations.
›
lemma spr_simAction: assumes tC: "t ∈ SPR.jkbpC" assumes ec: "spr_simAbs ec = SPRdet.sim_equiv_class a t" shows"set (spr_simAction a ec) = set (jAction SPR.MC t a)" (*<*) (is "?lhs = ?rhs") proof - from tC ec have"?lhs = set (jAction (spr_repMC (toSet (fst ec))) (tFirst t, tLast t) a)" by (rule spr_action_jaction) alsofrom tC ec have"... = set (jAction (spr_simMCt t) (spr_sim t) a)" by (simp add: simulation_jAction_eq[OF _ spr_repSim] spr_sim_tObsC_abs) alsofrom tC have"... = set (jAction SPRdet.MCS (spr_sim t) a)" using gen_model_jAction_eq[OF spr_submodel_aux[OF tC, where s="spr_sim t"], where w'="spr_sim t"]
gen_model_world_refl[where w="spr_sim t"and M="spr_simMCt t"] by simp alsofrom tC have"... = set (jAction SPR.MC t a)" by (simp add: simulation_jAction_eq[OF _ spr_sim]) finallyshow ?thesis . qed (*>*)
(* **************************************** *)
subsubsection‹Simulated transitions›
text‹
story of simulated transitions takes some doing. We begin by
the successor relation of a given equivalence class @{term
X"} with respect to the common equivalence class @{term "cec"}:
›
abbreviation (in -) "spr_jAction jkbp envVal envObs cec s ≡ λa. spr_simAction jkbp envVal envObs a (cec, spr_knowledge envObs cec a s)"
will split the result of this function according to the common
and also agent @{term "a"}'s observation, where @{term
a"} is the agent we are constructing the automaton for.
lemma spr_simObsC: assumes t'sC: "t ↝ s ∈ SPR.jkbpC" and aec': "toSet aec = (rel_ext (envObs_rel (envObs a)) ∩ X × X) `` {(tFirst t, s)}" and X: "X = {(tFirst t', s) |t' s. t' ↝ s ∈ SPR.jkbpC ∧ spr_jview a t' = spr_jview a t}" shows"spr_simObsC envObsC aec = envObsC (es s)" unfolding spr_simObsC_def apply (cases aec) using assms apply auto[1] using assms apply (simp add: ODList.hd_def toList_fromList) apply (subgoal_tac "x ∈ insert x (set xs)") apply (auto iff: envObs_def)[1] apply blast done
lemma envObs_rel_equiv: "equiv UNIV (rel_ext (envObs_rel (envObs a)))" by (intro equivI refl_onI symI transI) auto
(*>*) text‹
that ‹spr_simTrans› works requires a series of
lemmas that show we do in fact compute the correct successor
classes. We elide the unedifying details, skipping
to the lemma that the @{term "Algorithm"} locale expects:
›
lemma spr_simTrans: assumes tC: "t ∈ SPR.jkbpC" assumes ec: "spr_simAbs ec = SPRdet.sim_equiv_class a t" shows"spr_simAbs ` set (spr_simTrans a ec) = { SPRdet.sim_equiv_class a (t' ↝ s) |t' s. t' ↝ s ∈ SPR.jkbpC ∧ spr_jview a t' = spr_jview a t}" (*<*)(is "?lhs = ?rhs") proof show"?lhs ⊆ ?rhs" proof fix x assume x: "x ∈ ?lhs" thenobtain rx where xrx: "x = spr_simAbs rx" and rx: "rx ∈ set (spr_simTrans a ec)"by blast with tC ec obtain cec' aec' UV' t' s where rxp: "rx = (cec', aec')" and t'sC: "t' ↝ s ∈ SPR.jkbpC" and tt': "spr_jview a t' = spr_jview a t" and aec': "toSet aec' = (rel_ext (envObs_rel (envObs a)) ∩ set (spr_trans (fst ec) (snd ec)) × set (spr_trans (fst ec) (snd ec))) `` {(tFirst t', s)}" and cec': "cec' = ODList.filter (λs. envObsC (es (snd s)) = spr_simObsC envObsC aec') (fromList (spr_trans (fst ec) (fst ec)))" unfolding spr_simTrans_def using spr_trans_aec[OF assms] apply (auto split: prod.split_asm) apply (drule imageI[where f=set]) apply (simp add: partition[OF envObs_rel_equiv subset_UNIV]) apply (erule quotientE) apply fastforce done from t'sC tt' aec' cec' have"spr_simAbs (cec', aec') = SPRdet.sim_equiv_class a (t' ↝ s)" unfolding spr_simAbs_def apply clarsimp apply rule using spr_trans_aec[OF assms] spr_trans_cec[OF assms] apply clarsimp apply (rule_tac x="t'aa ↝ s'"in image_eqI) apply (simp add: spr_sim_def) apply (cut_tac aec=aec' and t=t' and s=s in spr_simObsC[where a=a]) apply simp_all apply rule apply clarsimp apply (erule_tac t'="t'b ↝ sa"in tObsC_absI) apply simp_all apply (auto dest: spr_jview_tObsC iff: tObsC_def envObs_def_raw)[1] apply (clarsimp simp: envObs_def_raw tObsC_abs_conv) apply (case_tac t'b) apply (simp add: tObsC_def) apply clarsimp apply (rename_tac Trace State) apply (rule_tac x=Trace in exI) apply (auto dest: spr_jview_tObsC simp: tObsC_def)[1] apply (simp add: spr_jview_def) using spr_trans_aec[OF assms] spr_trans_cec[OF assms] apply (clarsimp simp: spr_sim_def) apply (cut_tac aec=aec' and t=t' and s=s in spr_simObsC[where a=a]) apply simp_all apply (frule spr_jview_tStep_eq_inv) apply clarsimp apply safe apply (clarsimp simp: tObsC_abs_conv) apply (case_tac t'a) apply (simp add: tObsC_def) apply clarsimp apply (rename_tac Trace State) apply (rule_tac x="Trace"in exI) apply (drule spr_jview_prefix_closed) apply (auto dest: spr_jview_tObsC simp: tObsC_def)[1]
apply (frule spr_jview_tStep_eq_inv) apply clarsimp apply (frule tObsC_tStep_eq_inv) apply clarsimp apply (drule spr_jview_tObsC) back apply (simp add: tObsC_def) done qed qed
(*>*) text‹
explicit-state approach sketched above is quite inefficient, and
some distance from the symbolic techniques we use in
S\ref{sec:kbps-prag-algorithmics}. However it does suffice to
the theory on the muddy children example in
S\ref{sec:kbps-theory-mc}.
›
end(* context FiniteDetBroadcastEnvironment *)
subsubsection‹Maps›
text‹
always we use a pair of tries. The domain of these maps is the pair
relations.
lemma (in FiniteDetBroadcastEnvironment) trans_MapOps[intro, simp]: "MapOps (λk. (spr_simAbs (fst k), snd k)) (SPRdet.jkbpSEC × UNIV) trans_MapOps" proof fix k show"MapOps.lookup trans_MapOps (MapOps.empty trans_MapOps) k = None" unfolding trans_MapOps_def trans_MapOps_lookup_def by (auto split: prod.split) next fix e k k' M assume k: "(spr_simAbs (fst k), snd k) ∈ SPRdet.jkbpSEC × (UNIV :: 'z set)" and k': "(spr_simAbs (fst k'), snd k') ∈ SPRdet.jkbpSEC × (UNIV :: 'z set)" show"MapOps.lookup trans_MapOps (MapOps.update trans_MapOps k e M) k' = (if (spr_simAbs (fst k'), snd k') = (spr_simAbs (fst k), snd k) then Some e else MapOps.lookup trans_MapOps M k')" proof(cases "(spr_simAbs (fst k'), snd k') = (spr_simAbs (fst k), snd k)") case True hence"k = k'" using inj_onD[OF spr_simAbs_inj_on] k k' by (auto iff: prod_eqI) thus ?thesis unfolding trans_MapOps_def trans_MapOps_lookup_def trans_MapOps_update_def by (auto simp: lookup_update lookup_trie_update_with split: option.split prod.split) next have *: "∧ y ya. y ≠ ya ==> Mapping.lookup (Mapping.update y e Mapping.empty) ya = None"by transfer simp case False thus ?thesis unfolding trans_MapOps_def trans_MapOps_lookup_def trans_MapOps_update_def by (auto dest: map_prod_eq simp: lookup_trie_update_with split: option.split prod.split intro!: lookup_update_neq *) qed qed
lemma (in FiniteDetBroadcastEnvironment) acts_MapOps[intro, simp]: "MapOps spr_simAbs SPRdet.jkbpSEC acts_MapOps" proof fix k show"MapOps.lookup acts_MapOps (MapOps.empty acts_MapOps) k = None" unfolding acts_MapOps_def acts_MapOps_lookup_def by auto next fix e k k' M assume k: "spr_simAbs k ∈ SPRdet.jkbpSEC" and k': "spr_simAbs k' ∈ SPRdet.jkbpSEC" show"MapOps.lookup acts_MapOps (MapOps.update acts_MapOps k e M) k' = (if spr_simAbs k' = spr_simAbs k then Some e else MapOps.lookup acts_MapOps M k')" proof(cases "spr_simAbs k' = spr_simAbs k") case True hence"k = k'" using inj_onD[OF spr_simAbs_inj_on] k k' by (auto iff: prod_eqI) thus ?thesis unfolding acts_MapOps_def acts_MapOps_lookup_def acts_MapOps_update_def by (auto simp: lookup_trie_update_with lookup_trie_update split: option.split prod.split) next case False thus ?thesis unfolding acts_MapOps_def acts_MapOps_lookup_def acts_MapOps_update_def by (auto dest: map_prod_eq simp: lookup_trie_update_with lookup_trie_update split: option.split prod.split) qed qed
(*>*) text‹
suffices to placate the @{term "Algorithm"} locale.
we remarked earlier in this section, in general it may be difficult
establish the determinacy of a KBP as it is a function of the
. However in many cases determinism is syntactically
as the guards are logically disjoint, independently of the
subformulas. The following lemma generates the required
obligations for this case:
›
lemma (in PreEnvironmentJView) jkbpDetI: assumes tC: "t ∈ jkbpC" assumes jkbpSynDet: "∀a. distinct (map guard (jkbp a))" assumes jkbpSemDet: "∀a gc gc'. gc ∈ set (jkbp a) ∧ gc' ∈ set (jkbp a) ∧ t ∈ jkbpC ⟶ guard gc = guard gc' ∨¬(MC, t ⊨ guard gc ∧ MC, t ⊨ guard gc')" shows"length (jAction MC t a) ≤ 1" (*<*) proof -
{ fix a X assume"set X ⊆ set (jkbp a)" and"distinct (map guard X)" with tC have"length [ action gc . gc ← X, MC, t ⊨ guard gc ] ≤ 1" apply (induct X) using jkbpSemDet[rule_format, where a=a] apply auto done } from this[OF subset_refl jkbpSynDet[rule_format]] show ?thesis unfolding jAction_def by simp qed
(*>*) text‹
scenario presented here is a variant of the broadcast environments
by 🍋‹"Ron:1996"›, which we cover in the next section.
FloatBarrier
› (*<*) end (*>*)
Messung V0.5 in Prozent
¤ Dauer der Verarbeitung: 0.46 Sekunden
(vorverarbeitet am 2026-06-10)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
