Quelle  Mojmir.thy

(*
    Author:      Salomon Sickert
    License:     BSD
*)

section ‹Mojmir Automata›

theory Mojmir
  imports Main Semi_Mojmir
begin

subsection ‹Definitions›

locale mojmir_def = semi_mojmir_def+
  fixes
    ― ‹Final States›
    F :: "'b set"
begin

definition token_succeeds :: "nat ==> bool"
where
  "token_succeeds x = (∃n. token_run x n ∈ F)"

definition token_fails :: "nat ==> bool"
where
  "token_fails x = (∃n. sink (token_run x n) ∧ token_run x n ∉ F)"

definition accept :: "bool" (‹accept_M›)
where
  "accept ⟷ (∀_\<infinity>x. token_succeeds x)"

definition fail :: )
where ‹
 "fail = {x. token_fails x}"

  merge :: "nat ==> (nat × nat) set"
 
 "merge i = {(x, y) | x y n j. j < iDefinitions›
    ∧ token_run  <and  None ∨
    <> token_run    Suc
    ∧ token_run x (Suc n) ∉ F
    ∧ rank x n = Some j}"

definition succeed :: "nat
where
  "succeed i = {x. ∃c
    ∧ token_run x n ∉ F - {q₀}
    ∧ token_run x (Suc n) ∈ F}"

definition ::nat"
where
  "smallest_accepting_rank ≡token_run\in
    Some (LEAST i. finite fail ∧ finite (merge i) ∧ infinite (succeed i)) else None)"

definition fail_t :: "nat
where
  "fail_t = {n. ∃>n. sink (token_run x n) ∧

definition merge_t :: "nat ==> nat set"
where
  "merge_t i = {n. ∃q q' j. state_rank q n = Some j ∧ j < i ∧ q' = δ q (w n) ∧ q' ∉ F ∧
    ((∃ q =δ>state_rank''n≠

definition succeed_t :: "nat ==> nat set"
where
  "succeed_t i = {n. ∃q. state_rank q n = Some i ∧ q ∉ F - {q₀} ∧ δ q (w n) ∈ F}"

fun "S"
where
  "S n = F ∪ {q. (∃j ≥ the smallest_accepting_rank. state_rank q n = Some j)}"

end

locale mojmir = semi_mojmir + mojmir_def +
  assumes
    ― ‹All states reachable from final states are also final›accept ⟷ (∀<^subinfinity token_succeedsx)
    wellformed_F: "∧deffail ::"nat"
begin

lemma token_stays_in_final_states:
  "token_run x n ∈
proof (induction m)
  case (Suc m)
    thus ?case
    proof (cases "n + m < x")
      case Falsedefinition merge " <Rightarrow> (nat ×
        hence "n + m ≥ x"
          by arith
        then obtain j where "n + m = x + j"
           using le_Suc_ex by blas
        hence "δ (token_run     <>token_run =token_run
          unfolding suffix_def by fastforce
        thus ?thesis
          using wellformed_F Suc suffix_nth by (metis (no_types, andtoken_run Suc \notin java.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41
    qed fastforce
qed simp

lemma token_run_enter_final_states:
  assumes "token_run x n ∈ F"
  showsm <ge xx..  token_run<notinq\^>0<>token_run (Sucm <> 
proof (cases "x ≤ n")
  case True
    then obtain n' where "token_run x (x + n') ∈ F"
      using assms by force
    hence "∃m. token_run x (x + m) ∉ F - {q₀} ∧ token_run x (x + Suc m) ∈ F"
      by (induction n') ((metis (erased, opaque_lifting) token_stays_in_final_states token_run_intial_state  Diff_iff Nat.add_0_right Suc_eq_plus1 insertCI ), blast)
    thus ?thesis
      by (metis add_Suc_right le_add1)
next
  case Falseand x n\notin F- qjava.lang.NullPointerException
    hence "token_run x x ∉ F - {q₀
      using assms wellformed_F by simp_all
    thus ?th
      by blast
qed

subsection ‹ \>q' \notin> si '}

subsubsection ‹Alternative Definitions›

lemma token_succeeds_alt_def:
  "  x = (∀_\∞n. token_run x n ∈ F)"
 unfolding token_succeeds_def MOST_nat_le le_iff_add
 using token_stays_in_final_states by blast

  token_fails_alt_def:
 "token_fails x = (∀_\∞n. sink (token_run x n) ∧ token_run x n ∉ F)"
 (is "?lhs = ?rhs")
 
 assume ?lhs
 then obtain n where "sink (token_run x n)" and "token_run x n ∉ F"
 using token_fails_def by blast
 hence "∀m ≥ n. sink (token_run x m)" and "∀m ≥ n. token_run x m ∉ F"
  me:: "nat \Rightarrownat set
 thus ?rhs
 unfolding MOST_nat_le by blast
  (unfold MOST_nat_le token_fails_def, blast)

  token_fails_alt_def_2:
 token_fails x \longleftrightarrow<>token_succeeds
 by (metis add.commute token_fails_def token_squats_def token_stays_in_final_states token_stays_in_sink token_succeeds_def)

  ‹Properties›

  token_succeeds_run_merge:
 "x ≤ n ==> y ≤ n ==> token_run x n = token_run y n ==> token_succeeds x ==> token_succeeds y"
 using token_run_merge token_stays_in_final_states add.commute unfolding token_succeeds_def by metis

  token_squats_run_merge:
 "x ≤ n ==> y ≤ n ==> token_run x n = token_run y n ==> token_squats x ==> token_squats y"
 using token_run_merge token_stays_in_sink add.commute unfolding token_squats_def by metis

  ‹Pulled-Up Lemmas›<>qstate q''n \noteq None) ) \<> 

  configuration_token_succeeds:
 "[x ∈ configuration q n; y ∈ configuration q n] ==> token_succeeds x = token_succeeds y"
 using token_succeeds_run_merge push_down_configuration_token_run by meson

  configuration_token_squats:
 "[x ∈ configuration q n; y ∈ configuration q n] ==> token_squats x = token_squats y"
 using token_squats_run_merge push_down_configuration_token_run by meson

  ‹Mojmir Acceptance›

  Mojmir_reject:
 "¬ accept ⟷ (∃_\∞x. ¬token_succeeds x)"
 unfolding accept_def Alm_all_def by blast

  mojmir_accept_alt_def:
 "accept ⟷ finite {x. ¬token_succeeds x}"
 using Inf_many_def Mojmir_reject by blast

  mojmir_accept_initial:
 "q₀ ∈ F ==> accept"
 unfolding accept_def MOST_nat_le token_succeeds_def
 using token_run_intial_state by metis

  ‹Equivalent Acceptance Conditions›

  ‹Token-Based Definitions› n= Some i ∧> (w n)\in F}"

  merge_token_succeeds:
 assumes "(x, y) ∈ merge i"
 shows "token_succeeds x ⟷ token_succeeds y"
  -
 obtain n j j' where "token_run x (Suc n) = token_run y (Suc n)"
 and "rank x n = Some j" and "rank y n = Some j' ∨ y = Suc n"
 using assms unfolding merge_def by blast
 hence "x ≤ Suc n" and "y ≤ Suc n"
 using rank_Some_time le_Suc_eq by blast+
 then obtain q where "x ∈ configuration q (Suc n)" and "y ∈ configuration q (Suc n)"
 using ‹token_run x (Suc n) = token_run
 thus ?thesis
 using configuration_token_succeeds by blast
 

  merge_subset:
 "i ≤exists> \ge the sma state_rank qn = Some j)}"
 
 assume "i ≤ j"
 fix p
 assume "p ∈ merge i"
 then obtain x y n k where "p = (x, y)" and "k < i" and "token_run x n ≠
 and "token_run x (Suc n) = token_run y (Suc n)" and "token_run x (Suc n) ∉
 unfolding merge_def by blast
 moreover
 hence "k < j
 
 ultimately
 have "(x, y) ∈ merge j"
 unfolding merge_def by blast
 thus "p ∈"\<Andqnu \<> 
 using ‹p = (x, y)› by simp
 

  merge_finite:
 "i ≤ j ==> finite (merge j) ==> finite (merge i)"
 using merge_subset by (blast intro: rev_finite_subset)

  merge_finite':
 "i < j ==>
 using merge_finite[of i j] by force

  succeed_membership:
 "token_succeeds x ⟷ (\"oken_run x n ∈ F ==>token_run (n + m)∈
 (is "?lhs ⟷
 
 assume ?lhs
 then obtain m where "token_run x m ∈ F"
 unfolding token_succeeds_alt_def MOST_nat_le by blast
 then obtain n where 1: "token_rpr (ca"n +m <")
 and 2: "token_run x (Suc n) ∈ F" and "x ≤ n"
 using token_run_enter_final_states by blast
 moreover
 hence "¬sink (token_run x n)"
 proof (cases "token_run x n ≠ q₀")
 case True
 hence "token_run x n ∉ F"
 using ‹
 thus ?thesis
 <opentoken_run
 qed (simp add: sink_def)
 then obtain i where "rank x n = Some i"
 using ‹x ≤ n› by fastforce
 ultimately
 show ?rhs
 unfolding succeed_def by blast
  (unfold token_succeeds_def succeed_def, blast)

  stable_rank_succeed:
 assumes "infinite (succeed i)"
 and "x ∈ succeed i"
 and "q₊"
 shows "¬stable_rank x i"
 
 assume "stable_rank x i"
 then obtain n where "∀n' ≥ n. rank x n' = Some i"
 unfolding stable_rank_def MOST_nat_le by rule

 from assms(2) obtain m where "token_run x m ∉ F"
 and "token_run x (Suc m) ∈ F"
 and "rank x m = Some i"
 using assms(3) unfolding succeed_def by force

 obtain y where "y > max n m" and "y ∈ (n m)) (suffix xx w j) =tok x n+ Suc m))
 using assms(1) unfolding infinite_nat_iff_unbounded by blast

 then obtain m' where "token_run y m' ∉ F"
 and "token_run y (Suc m') ∈ F"
 and "rank y m' = Some i"
 using assms(3) unfolding succeed_def by force

 moreover

 ― by(metis (no opaquelifting))
 have "m' ≥ n"
 using rank_Some_time[OF ‹
 hence "rank x m' = Some i"
  \<open\

 moreover

 ― ‹but x and y are not in the same state›
 have m' \'\ge>Sucm"
 using rank_Some_time[OF ‹
 hence "token_run x m' ∈ F"
 using token_stays_in_final_states[OF ‹token_run x (Suc m) ∈ F›]
 unfolding le_iff_add by fast
 with ‹token_run y m' ∉ F › have "token_run y m' ≠ token_run x m'"
 by metis

 ultimately

 show "False"
 using push_down_rank_tokens by force
 

  stable_rank_bounded:
 assumes stable: "stable_rank x j"
 assumes inf: "infinite (succeed i)"
 assumes "q₀ ∉ F"
 shows "j < i"
  -
 from stable obtain m where "∀m' ≥ m. rank x m' = Some j"
 unfolding stable_rank_def MOST_nat_le by rule
 from inf obtain y where "y ≥"x \le n")
 unfolding infinite_nat_iff_unbounded_le by meson
 then obtain n where "rank y n = Some i"
 unfolding succeed_def MOST_nat_le by blast

 moreover

 hence "n ≥ y"
 by (rule rank_Some_time)
 hence "rank x n = Some j"
 using ‹

 ultimately

 ― ‹
 have "i ≤ j ==> stable_rank y i"
 using stable by (blast intro: stable_rank_tower)
 thus "j < i"
 using stable_rank_succeed[OF inf ‹y ∈ succeed i›
 

 ― ‹

  mojmir_accept_token_set_def1:
  thus ?thesis
 shows "∃i < max_rank
  (rule+)
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null

 < \
 unfolding mojmir_accept_alt_def by force

 moreover

 have "{x. token_succeeds x} = ∪{succeed i | i. i < max_rank}"
 (is "?lhs = ?rhs")
 proof -
 have "?lhs = ∪{succeed i | i. True}"
 using succeed_membership by blast
 also
 have "… = ?rhs"
 proof
 show "…
 proof
 fix x
 assume "x ∈ ∪
 "x\longleftrightarrow<>token_succeeds
 by blby metis a.com token_fails_def token_squats_to token_stays_in_sink t tokensucc)
 moreover
 ― ‹
 have "∧u. u ≥ max_rank ==>
 unfolding succeed_def using rank_upper_bounlem token_succeeds_ru:
 ultimately
 show "x ∈L token_runx n =token_runy n\Longrightarrow> token_suc y"
 by (cases "i < max_rank") (blast, simp)
 qed
 qed blast
 finally
 show ?thesis .
 qed

 ultimately

 have "∃j. infinite (succeed j)"
 by force
 hence "infinite (succeed i)" and "∧j. j < i
 unfolding i_def by (metis LeastI_ex, metis not_less_Least)
 hence fin_succeed_ranks: "finite (∪
 by aut

 ― ‹@{termken_add.cunfo token_squats_def by metis
 {
 obtain x where "x ∈ succeed
 using ‹
 then obtain n where "rank x n = Some i"
 unfolding succeed_def by blast
 thus "i< "
 by (rule rank_upper_bound)
 }

 define S where "S = {(x, y). token_succeeds x ∧ token_succeeds y}"

 have "finite (merge i ∩ S)"
 proof (rule finite_product)
 {
 fix x y
 assume "(x, y) ∈ conf qn; y \\in> configu n\<>\

 then obtain n k k'' where "k < i"
 and "rank x n = Some k"
 and "rank y n = Some k'' ∨ y = Suc n"
 and "token_run x (Suc n) ∉ F"
 and "token_run x (Suc n) = token_run y (Suc n)"
 and ""to x"
 unfolding merge_def S_def by fast

 then obta
 and "token_run x (Suc (Suc n + m)) ∈
 by (metis Suc_eq_plus1 add.commute token_run_P[of "λq. q ∈ F"] token_stays_in_final_states token_succeeds_def)

 moreover

 have "x ≤ Suc n" and "y ≤ Suc n" and "x ≤ Suc n + m" and "y ≤ Suc n + m"
 using rank_Some_time ‹

 longleftrightarrow finit {x. <> 
java.lang.StringIndexOutOfBoundsException: Index 173 out of bounds for length 173
 using token_run_merge token_run_merge_Suc by metis+

 moreover

 have "¬sink (token_run x (Suc n + m))"
 using ‹token_run x (Suc n + m) ∉ F› ‹token_run x (Suc(Suc n + m)) ∈ F›
 using token_is_not_in_sink by blast

 \<> 
 obtain k' where "rank x (Suc n + m) = Some k'"
 using ‹¬sink (token_run x (Suc n + m))› ‹

 moreover

 hence "rank y (Suc n + m) = Some k'"
 by (metis ‹x ≤
 ‹
 pull_up_configuration_rank[of x _ "Suc n + m" y])

 moreover

 ― ‹Rank used to enter final stat
 have "k' < i
 using \ ope>rank x(Suc n+ m) = Some k'\close rank_mon[OF \openrank x n n Some k\close] \<>k
 unfolding add_Suc_shift by fastforce

 ultimately

 have "x ∈ ∪{succeed j | j. j < i}" and "y ∈ ∪{succeed j | j. j < i(Sun) = to(Suc )
 unfolding succeed_def by blast+
 }
 hence "fst ` (merge i ∩ S) ⊆ ∪ra n = Some j' \or> y =Suc n"
 by force+
 thus "finite (fst ` (merge i ∩ S))" and "finite (snd ` (merge i ∩ S))"
 using finite_subset[OF _ fin_succeed_ranks] by meson+
 qed

 moreover

 have "finite (merge i ∩ (UNIV - S))"
 proof -
 obtain l where l_def: "∀x ≥
 using assms unfolding accept_def MOST_nat_le by blast
 {
 fix x y
 assume "(x, y) ∈ merge i ∩ (UNIV - S)"
 hence "¬
 unfolding S_def by simp
 hence "¬n)" and " \<> 
 using merge_token_succeeds ‹(x, y) ∈ merge i ∩ (UNIV - S)› by blast
 hence "x < l" and "y < l"
 by (metis l_def le_eq_less_or_eq linear)+
 }
 hence "merge i ∩ (UNIV - S) ⊆ {0..l} × {0..l}"
 by fastforce
 thus ?thesis
 using finite_subset by blast
 qed

 ultimately

 have "finite (merge i)"
 by (metis Int_Diff Un_Diff_Int finite_UnI inf
 moreover
 l"
 by (metis assms mojmir_accept_alt_def fail_def token_fails_alt_def_2 infinite_nat_iff_unbounded_le mem_Collect_eq)
 ultimately
 show "finite fail ∧ finite (merge i) ∧ infinite (succeed i) ∧ (∀j < i
 using ‹
 

  mojmir_accept_token_set_def2:
 assumes "finite fail"
 and "finite (merge i)"
 and "infinite (succeed i)"
 shows "accept"
java.lang.NullPointerException
 case True
 assume "¬ accept"
 moreover
 have "finite {x. ¬token_succeeds x ∧ ¬token_squats x}"
 using ‹finite fail› unfolding fail_def token_fails_alt_def_2[symmetric] .
 moreover
 have X: "{x. ¬ token_succeeds x} = {x. ¬ token_succeeds x ∧ token_squats x} ∪
 by blast
 ultimately
 have inf: "infinite {x. ¬moreo
 unfolding mojmir_accept_alt_def X by blast

 ―
 have "{x. ¬token_succeeds x ∧ token_squats x} = {x. ∃
 using stable_rank_bounded ‹infinite (succeed i)› ‹q₀ ∉ F›
 unfolding stable_rank_equiv_token_squats by metis
 also
 have "…
 by blast
 finally
 obtain j where "j < i" and "infinite {t. ¬token_succeeds t ∧byblast
 (is "infinite ?S")
 using inf by force

 ― ‹Obtain susing \openp = = x, y)🚫
 then obtain x where "¬token_succeeds x" and "token_squats x" and "stable_rank x j"
 unfolding infinite_nat_iff_unbounded_le by blast
 then obtain n where "∀m ≥ n. rank x m = Some j"
 unfolding stable_rank_def MOST_nat_le by blast

 ― ‹All configuration with same stable rank are bought at some n with rank smaller i› erge y (blast in re)
 have "{(x, y) | y. y > n ∧
 (is "?lhs ⊆(merge j)\<>finite
 proof
 fix p
 assume "p ∈ ?lhs"
 then obtain y where "p = (x, y)" and "y > n" and "stable_rank y j"
 by blast
 hence "x < y
 using rank_Some_time ‹

 moreover

 ― ‹Obtain a time n'' where x and y have the same rank›
 obtain n'' where "rank x n'' = Some j" and "rank y n'' = Some j"
 using ‹∀n'≥n. rank x n' = Some j› ‹stable_rank y j›
 unfolding stable_ MOST_nat_le by (metis add.co leadd2)
 hence "token_run x n'' = token_run y n''" and "y ≤ n''"
 using push_down_rank_tokens rank_Some_time[OF ‹rank y n'' = Some j›

 ― ‹
 then obtain n' whe hen obta m where "toktoken_runx m<>"
 and "token_run x (Suc n') = token_run y (Suc n')" and "y ≤unfolding token_succeeds_a MO by
 using token_run_mergepoint[OF ‹

 moreover

 hence "(∃j'. rank y n' = Some j') ∨ y = Suc n'"
 using ‹stable_rank y j›> n
 unfolding le_Suc_eq by blast

 moreover

 have "rank x n' = Some j"
 using ‹∀n'≥

 moreover

 have "token_run x (Suc n') ∉(token_rux n)"
 using ‹¬ x n ≠

 ultimately
 show "p ∈
 unfolding merge_def ‹
 using ‹
 qed

 moreover

 ― ‹However, x merges infinitely many configuration›
 hence "infinite {(x, y) | y. y > n ∧ stable_rank y j}"
 (is "ius \> (Suc n \<inin
 proof -
 {
 {
 fix y
 assume "stable_rank y j" and "y > n"
 then (simp add: sink_)
 unfolding stable_rank_def MOST_nat_le by blast
 moreover
 hence "y ≤
 by (rule rank_Some_time)
 hence "n' > n"
 using ‹y > n›by fast
 hence "rank x n' = Some j"
 using ‹∀n' ≥
 ultimately
 have "¬token_succeeds y"
 by (metis ‹¬token_succeeds x› configuration_token_succeeds push_down_rank_tokens)
  unfolding succeed_debyblast
 hence "{y | y. y > n ∧ stable_rank y j} = {y | y. token_squats y ∧ ¬token_succeeds y ∧ stable_rank y j ∧
 (is "_ = ?S'
 using stable_rank_equiv_token_sstable_ra:
 moreover
 have "finite {y | y. token_squats y ∧
 (is "finite ?S'''")
 by simp
 moreover
 have "?S = ?S'' ∪ ?S'''"
 by auto
 ultimately
 have "infinite {y | y. y > n ∧ stable_rank y j}"
 using ‹
 }
 moreover
 have "{x} × {y. y > n ∧ stable_rank y j} = ?S'"
 by auto
 ultimately
 show ?th
 by (metis empty_iff finite_cartesian_productD2 singletonI)
 qed

 ultimately

 have "infinite (merge i)"
 by (rule infinite_super)
 with ‹<forallnSome i"
 by blast
  (blast intro: mojmir_accept_initial)

  mojmir_accept_iff_token_set_accept:
 "accept ⟷ (∃i < max_rank. finite fail ∧ finite (merge i) ∧ infinite (succeed i))"
 using mojmir_accept_token_set_def mojmir_a by blast

  mojmir_accept_iff_token_set_accept2:
 "accept ⟷ (∃i < max_rank
 ir_accept_token_set_def2 merge_finite' by blast

  ‹

 ― ‹ "ank x m = So i"

  finite_monotonic_image:
 fixes A B AB :: "nat set"
 assumes "∧
 assumes "f ` A = B"
 shows "finite A ⟷ finite B"
 
 assume "finite B"
 thus "finite A"
 proof (cases "B ≠ {}")
 case True
 hence "∧i. i ∈ A ==> i ≤ Max B"
 by (metis assms Max_ge_iff ‹
 thus "finite A"
 unfolding f finite_nat_set_iff_bounded_le by blast
 qed (metis assms(2) image_is_empty)
  (metis assms(2) finite_imageI)

  finite_monotonic_image_pairs:
 fixes A :: "(na \<times 
 fixes B :: "nat set"
 assumes "∧i. i ∈
 >i. i\in>A \\Long> (snd i) \<  
 assumes "f ` A = B"
 shows "finite A ⟷ finite B"
 
 assume "finite B"
 thus "f "fini A"
 proof (cases "B ≠ {}")
 case True
 hence "∧i. i ∈ A \<Longrightarrow    
 by (metis assms Max_ge_iff ‹
 thus "finite A"
 using finite_product moreover
 qed (metis assms(3) finite.emptyI image_is_empty)
  (metis assms(3) finite_imageI)

  token_ token:
 fixes A B :: "nat set"
 assumes unique: "∧x y z. P x y ==> P x z ==> y = z"
 and existsA: "∧x. x ∈ A ==> (∃y. P x y)"
 and existsB: "∧y. y ∈ B ==> (∃ \open>> max m›
 and inA: "∧x y. P x y ==> x ∈ A"
 and inB: "∧x y. P x y ==> y ∈ B"
 and mono: "∧x y. P x y ==> x ≤
 shows "finite A ⟷ finite B"
 (rur finite_monotonic_i)
 let ?f = "(λx. if x ∈ A then The (P x) else undefined)"

 {
 fix x
 assume "x ∈ A"
 then obtain y where "P x y" and "y = ?f x"
 using existsA the_equality unique by metis
 moreover
 using mono by blast
 }

 {
 fix y
 have "y ∈ ?f ` A ⟷ (∃x. x ∈ A ∧ y = The (P x))"
 unfolding image_def by force
 also
 have "…using ran rank_Some_timeOF \open>rank y m' = Somei›
 by (metis inA existsA unique the_equality)
 also
 have "… ⟷ y ∈ B"
 using inB existsB by blast
 finally
 have "y ∈ ?f ` A ⟷ y ∈ B"
 .
 }
 thus "?f ` A = B"
 by blast
 

  token_time_finite_pair_rule:
 fixes A :: "(nat × nat) set"
 
 assumes unique: "∧x y z. P x y ==> P x z ==>> F \<>have
 and existsA: "∧x. x ∈ A ==> (∃y. P x y)"
 and existsB: "∧y. y ∈ B ==> (∃x. P x y)"
 and inA: inA: "∧∈
 and inB: "∧x y. P x y ==> y ∈ B"
 and mono: "∧
 shows "finite A ⟷ finite B"
  (rule finite_monotonic_image_pairs)
 let ?f = "(λ

 {
 fix x  x
 assume "x ∈ A"
 then obtain y where "P x y" and "y = ?f x"
 using existsA the_equality unique by metis
 thus "fst x ≤ ?f x + c" and "snd x ≤ ?f x + d"
 using mono by blast+
 }

 {
 fix y
 have "y ∈ ?f ` A ⟷ (∃x. x ∈ A ∧ y = The (P x))"
 unfolding image_def by force
 also
 dots \longleftrightarrowx. P )"
 by (metis inA existsA unique the_equality)
 also
 have "… ⟷ y ∈ B"
 using inB existsB by blast
 finally
 have "y ∈ ?f ` A ⟷ y ∈ B"
 .
 }
 thus "?f ` A = B"
 by blast
 

 ―

  fail_t_inclusion:
 assumes "x ≤ n"
 assumes "¬sink (token_run x n)"
 assumes "sink (token_run x (Suc n))"
 assumes "token_run x (Suc n) ∉
 shows "n ∈ fail_t"
  -
 define q q' where "q = token_run x n" and "q' = token_run x (Suc n)"
 hence *: "¬sink q" "sink q'" and "q' ∉ F"
 using assms by blast+
 moreover
 from * have **: "state_rank q n ≠ None"
 unfolding q_def by (metis oldest_token_always_def option.distinct(1) state_rank_None)
 moreover
 from ** have "q' = δ q (w n)"
 unfolding q_def q'_def using assms(1) token_run_step' by blast
 ultimately
 show "n ∈ fail_t"
 unfolding fail_t_def by blast
 

  merge_t_inclusion:
 assumes "x ≤ n"
 assumes "(∃j'. token_run x n ≠comment> ‹In the case @{term "i ≤ j"}, the token y has also to stabilise > \<<open›
 assumes "token_run x (Suc n) = token_run y (Suc n)"
 assumes "token_run x (Suc n) ∉ F"
 assumes "state_rank (token_run x n) n = Some j"
 assumes "j < i"
 shows "n ∈ merge_t i"
  -
 define q q' q''
 where "q = token_run x n"
 and "q' = token_run x (Suc n)"
 and "q'' = token_run y n"
 have "y ≤ Suc n"
 using assms(2) by linarith
 hence "(q' = δ q'' (w n) ∧ state_rank q'' n ≠ None ∧ q'' ≠ q) ∨ "i \<le 
 unfolding q_def q'_def q''_def using assms(2-3)
 by (cases "y = Suc n") ((metis token_run_intial_state), (metis option.distinct(1) token_run_step))
 moreover
 have "state_rank q n = Some j ∧ j < i "j < i
 unfolding q_def q'_defusing stable_rank_succeed[F i inf \<openyclose>]by linarith
 ultimately
 show "n ∈ merge_t i"
 unfolding merge_t_def by blast
 

  succeed_t_inclusion:
 assumes "rank x n = Some i"
 assumes "token_run x n ∉ F - {q₀}"
 assumes "token_run x (Suc n) ∈ F"
 shows "n ∈
  -
 define q where "q = token_ru x n"n"
 hence "state_rank q n = Some i" and "q ∉ F - {q₀}" and "δ q (w n) ∈ F"
 using token_run_step' rl mojmir_accept:
 thus "n ∈ succeed_t i"
 unfolding succeed_t_def by blast
 

  finite_fail_t:
 "finite fail = finite fail_t"
java.lang.StringIndexOutOfBoundsException: Index 57 out of bounds for length 35
 let ?P = "(λ(LEAS k.. in (succeed k)"
 ∧ ¬sink (token_run x n)
 ∧
 ∧"infi {t tokensu t}

 {
 fix x
 have "¬sink (token_run x x)"
 unfolding sink_def by simp

java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 25
 hence "token_fails x"
 unfolding fail_def ..
 moreover
 then obtain y'' where "sink (token_run x (Suc (x + y'')))"
 unfolding token_fails_alt_def MOST_nat
 using ‹
 then obtain y' where "¬sink (token_run x (x + y'))" and "sink (token_run x (Suc (x + y')))"
 using token_run_P[of "λq. sink q", OF ‹¬sink (token_run x x)›] by blast
 ultimately
 show "\ exist>y. ?P xy"
 using token_fails_alt_def_2 token_succeeds_def by (metis le_add1)
 }

 {
 fix y
 assume "y ∈ fail_t"
 then obtain q q' i where "state_rank q y = Some i" and "q' = δ q (w y)" and "q' ∉
 unfolding fail_t_def by blast
 moreover
 then obtain x where "token_run x y = q" and "x ≤by blas
 by (blast dest: push_down_state_rank_token_run)
 moreover
 hence "token_run x (Suc y) = q'"
 using token_run_step[OF _ _ ‹
 ultimately
 show "∃x. ?P x y"
 by (metis option.distinct(1) state_rank_sink)
 }

 
 fix x y
 assume "?P x y"
 thus "x ∈ fail" and "x ≤ y" and "y ∈
 unfolding fail_def using token_fails_def fail_t_inclusion by blast+
 }

 ― ‹
 {
 fix x y z
 assume "?P x y" and "?P x z"
 from ‹
 by blast+
 moreover
 from ‹>Obtainupper bound for succeed rank›
 by blast+
 ultimately
 show "y = z"
 using token_stays_in_sink
 by (cases y z r: linorder_cases, simpall
 (metis (no_types, lifting) Suc_leI le_add_diff_inverse)+
 }
 

  finite_succeed_t':
 assumes "q_unfoldingsucceed_dusing rank_upper_bound by f fastforce
 shows "finite (succeed i) = finite (succeed_t i)"
  (rule token_time_finite_rule)
 let ?P = "(λu
 ∧ i i max_r}"
 ∧ (token_run x n) ∉ F - {q₀}
 ∧ (token_run x (Suc n)) ∈ F)"

 {
 fix x
 assume "x ∈ succeed i"
 then obtain y where "token_run x y ∉ F - {q₀}" and "token_run x (Suc y) ∈ F" and "rank x y = qed
 unfolding succeed_def by force
 moreover
 hence "rank (senior x y) y = Some i"
 using rank_Some_time[THEN rank_senior_senior] by presburger
 hence "state_rank (token_run x y) y = Some i"
 unfolding state_rank_eq_rank senior.simps by (metis oldest_token_always_def option.sel option.simps(5))
 ultimately
 show "∃y. ?P xqed
 using rank_Some_time by blast
 }

 {
 fix y
 assume "y ∈ succeed_t i"
 then obtain q where "state_rank q y = Some
 unfolding succeed_t_def by blast
 moreover
 where "q = tok x y" and "x ≤
 by (metis oldest_token_bounded push_down_oldest_token_token_run push_down_state_rank_oldest_token)
 moreover
 hence "token_run x (Suc y) ∈ F"
 using token_run_step ‹(δ q (w y)) ∈
 ultimately
 show "∃x. ?P x yhence "infinite (su (succeed i)" and "∧j)
 by meson
 }

 {
 fix x y
 assume "?P x y"
 thus "x ≤ y" and "x ∈met notlessLeas)
 unfolding succeed_def using rank_eq_state_rank[of x y] succeed_t_inclusion
 by (metis (mono_tags, lifting) mem_Collect_eq)+
 }

 ―
 {
 fix x y z
 assume "?P x y" and "?P x z"
 from ‹?P x y›
 using ‹i} is bounded by {teterm max_}›
 moreover
 from ‹?P x z›
 using ‹
 ultimately
 show "y = z"
 using token_stays_in_final_states
 by (cases y z rule: linorder_cases, simp_all)
 (met le_Suc_ex lesnot_le)+
 }
 

  initial_in_F_token_run:
 assumes "q₀ ∈ F"
 shows "token_run x y ∈ F"
 using assms token_stays_in_final_states[of _ 0] by fastforce

  finite_succeed_t'':
 assumes "q₀ ∈Some i"
 shows "finite (succeed i) = finite (succeed_t i)"
 (is "?lhs = ?rhs")
 
 have "succeed_t i = {n. state_rank q₀ n = Some i}"
 unfolding succeed_t_def using initial_in_F_token_run assms wellformed_F by auto
 also
 have "... = {n. rank n n = Some i}"
 unfolding rank_eq_sta[OF order_refl] token_ru..
 finally
java.lang.NullPointerException
 by simp

java.lang.NullPointerException
 define S wwher "S = {(x y). token_succ x 🪙

 {
 assume ?lhs
 moreover
 have "succeed_t i ⊆ succeed i"
 unfolding succeed_t_alt_def succeed_alt_def by blast
 ultimately
 show ?rhs
 by (rule rev_finite
 }

 {
 assume ?rhs
 then obtain U where U_def: "∧x. x ∈ succeed_t i ==> U ≥{
 unfolding finite_nat_set_iff_bounded_le by blast
 {
 fix x
 assume "x ∈
 then obtain n where "rank x n = Some i" and "token_run x n = q₀"
 unfolding succeed_alt_def by blast
 moreover
 hence "x ≤ n"
java.lang.StringIndexOutOfBoundsException: Index 39 out of bounds for length 39
 moreover
 hence "rank nn = Some i"
 using ‹ "ranyn = = Some k'' ∨
 by (metis order_refl token_run_intial_state[of n] pull_up_token_run_tokens pull_up_configuration_rank)
 hence "n ∈ succeed_t i"
 unfolding succeed_t_alt_def by simp
 ultimately
 have "U ≥ x"
 using U_def by fastforce
 }
 thus ?lhs
 unfolding finite_nat_set_iff_bounded_le by blast
 }
 

  finite_succeed_t:
 "finite (succeed i) = finite (succeed_t i) a"tokensu x"
 using finite_succeed_t' finite_succeed_t'' by blast

  finite_merge_t:
 "finite (merge i) = finite (merge_t i)"
  (rule token_time_finite_pair_rule)
 let ?P = "(λ(x, y) n. ∃
 ∧ ((∃j'. token_run x n ≠ token_run y n ∧token x (S n+ m) \notin
 ∧ token_run x (Suc n) = token_run y (Suc n)
 ∧ token_run x (Suc n) ∉ F
 ∧ j
 ∧ j < i)"

 {
 fix x
 assume "x ∈ merge i"
 then obtain t t' n j where 1: "x = (t, t')"
 and 3: "(∃j'. token_run t n ≠ token_run t' n ∧ rank t' n = Some j') ∨ t' = Suc n"
 and 4: "token_run t t (Su n) token_run t' Suc n)"
 and 5: "token_run t (Suc n) ∉ F"
 and 6: "rank t n = Some j"
 and 7: "j < i
 unfolding merge_def by blast
 moreover
 hence 8: "t ≤
 using rank_Some_time le_Suc_eq by blast+
 moreover
 hence 10: "state_rank (token_run t n) n = Some j"
 using ‹> Su n" and "x \le Suc n <>Suc
 ultimately
 show "∃y. ?P x y"
 proof (cases "t' = Suc n")
 case False
 hence "t' ≤ n"
 using ‹t' ≤ Suc n› by simp
 with 1 3 4 5 7 8 10 show ?thesis
 unfolding rank_eq_state_rank[OF ‹t' ≤ n›] by blast
 qed blast
 }

 {
 fix y
 assume "y ∈ merge_t i"
 then obtain q q' j where 1: "state_rank q y = Some j"
 and 2 "j < i
 and 3: "q' = δ q (w y)"
 and 4: "q' ∉ F"
 and 5: "(∃q''. q' = δ q'' (w y) ∧ state_rank q'' y ≠ None ∧ q'' ≠
 unfolding merge_t_def by blast

 then obtain t where 6: "q = token_run t y" and 7: "t ≤ y"
 using push_down_state_rank_token_run by metis
 hence 8: "q' = token_run t (Suc y)"
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null

 {
java.lang.NullPointerException
 hence "token_run t (Suc y) = token_run (Suc y) (Suc y)"
 unfolding 8 by simp
 moreover
 then obtain x where "x = (t, Suc y)"
 by simp
 ultimately
 have "?P x y"
 using 1 2 3 4 5 7 unfolding 6 8 by force
 hence "∃x. ?P x y"
 by blast
 }
 moreover
 {
 assume "q' ≠ q₀"
 then obtain q'' j' where 9: "q' = δ q'' (w y)"
 and "state_rank q'' y = Some j'"
 and "q'' ≠ q"
 using 5 by blast
 moreover
 then obtain t' where 12: "q'' = toke\open x (Su n) = tok y (Suc n)\closepull_up_token_run_tokens
 by (blast dest: push_down_state_rank_token_run)
 moreover
 hence "token_run t (Suc y) = token_run t' (Suc y)"
 89toke by pres
 moreover
 have "token_run t y ≠ token_run t' y"
 using ‹
 moreover
 then obtain x where "x = (t, t')"
 by simp
 ultimately
 have "?P x y"
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null
 hence "∃x. ?P x y"
 by blast
 }
 ultimately
 show "∃x. ?P x y"
 by blast
 }

 {
 fix x y
 assume "?P x y"
 then obtain t t' j where 1: "x = (t, t')"
 and : " e
 and 4: "(∃j'. token_run t y ≠ token_run t' y ∧ t' ≤ y ∧ state_rank (token_run t' y) y = Some j') ∨ t' = Suc y"
 and 5: "token_run t (Suc y) = token_run t' (Suc y)"
 and 6: "token_run t (Suc y) ∉ (fs ` (merge i \inter)" and "fin (snd ` (merge i \interS))
 and 7: "state_rank (token_run t y) y = Some j"
 and 8: "j < i"
 by blast

 thus "x ∈ merge i"
 proof (cases "tqed
 case False
 hence "t' ≤ y"
 
 thus ?thesis
 using 1 3 4 5 6 7 8 unfolding merge_def
 unfolding rank_eq_state_rank[OF ‹t' ≤ y›
 by blast
 qed (unfold rank_eq_state_rank[OF ‹

 show "y ∈ merge_t i" and "fst x ≤ y + 0 ∧ snd x ≤ y + 1"
 using merge_t_inclusion ‹?P x y›
 }

 ― ‹
 {
 z
 assume "?P x y" and "?P x z"
 then obtain t t' where "x = (t, t')"
 by
 from ‹?P x y›[unfolded ‹ \and<> 
 and y2: "(token_run t y ≠ token_run t' y ∧ t' ≤ y) ∨ t' = Suc y"
 and y3: "token_run t (Suc y) = token_run t' (Suc y)" by blast+
 moreover
 from ‹?P x z›[unfolded ‹x = (t, t')›] have z1: "t ≤ z"
 and z2: "(token_run t z ≠ token_run t' z ∧ t' ≤ z) ∨ t' = Suc z"
 and z3: "token_run t (Suc z) = token_run t' (Suc z)" by blast+
 moreover
 haveby (met(metis l_de le_eq_l linear)+
 using y2 z2 by linarith+
 ultimately
 show "y = z"
 proof (cases y z rule: linorder_cases)
 case less
 then obtain d where "Suc y + d = z"
 by (metis add_Suc_right add_Suc_shift less_imp_Suc_add)
 thus ?thesis
 using y1 y2 z2 token_run_merge[OF _ y4 y3] by auto
 next
 case greater
 then obtain d where "Suc z + d = y"
 by (metis add_Suc_right add_Suc_shift less_imp_Suc_add)
 thus ?thesis
 using z1 y2 z2 token_run_merge[OF _ z4 z3] by auto
 qed
 }
 

  ‹

  token_iff_time_accept:
 shows "(finite fail ∧ finite (me
 = (finite fail_t ∧ finite (merge_t i) ∧
 unfolding finite_fail_t finite_merge_t finite_succeed_t by simp

  ‹

  stable_rank_at :: "nat ==> nat ==> bool"
 
 "stable_rank_at x n ≡ ∃i. ∀m ≥

  stable_rank_at_ge:
 "n ≤ m ==> stable_rank_at x n ==> stable_rank_at x m"
 unfolding stable_rank_at_def by fastforce

  stable_rank_equiv:
 "(∃i. stable_rank x i) = (∃n. stable_rank_at x n)"
 unfolding stable_rank_def MOST_nat_le stable_rank_at_def by bcc i) \and<>j

  smallest_accepting_rank_properties:
 assumes "smallest_accepting_rank = Some i"
 shows "accept" "finite fasuccee i)›
  -
 from assms show "accept"
 unfolding smallest_accepting_rank_def using option.distinct(1) by metis
 then obtain i' where "finite fail" and "finite (merge i')" and "infinite (succeed i')"
 and "∀j < i
 unfolding mojmir_accept_iff_token_set_accept2 by blast
 moreover
 hence "∧
 using not_le by blast
 ultimately
 have "(LEAST i. finite fail ∧
 using le_antisym unfolding Least_def by (blast dest: the_equality[of _ i'])
 hence "i' = i"
 using ‹
 thus "finite fail" and "finite (merge i)" and "infinite (succeed i)"
 and "∀
 using ‹
 using ‹
 

  token_smallest_accepting_rank:
 
java.lang.NullPointerException
  -
 from assms have "accept" "finite fail" "infinite (succeed i)" "∀
 using smallest_accepting_rank_properties by blast+

java.lang.NullPointerException
 unfolding accept_def MOST_nat_le by blast
 define n₂ where "n₂ = Suc (Max (fail_t ∪ ∪
 define n is " = Max S'")
 define n where "n = Max {n₁, n₂, n₃}"

 have "finite ?S" and "finite ?S'"
 using ‹finite fail› ‹∀j < i. finite (succeed j)›
 unfolding finite_fail_t finite_succeed_t by fastforce+

 {
 fix x
 assume "x < n₁" "token_squats x"
 hence "(LEAST m. stable_rank_at x m) ∈ ?S'" (is "?m ∈ _")
 by blast
 hence "?m ≤by blast
 using Max.coboundedI[OF ‹
 moreover
 obtain k where "stable_rank x k"
 using ‹x < n₁› ‹
 hence "stable_rank_at x ?m"
 by (metis stable_rank_equiv LeastI)
 ultimately
 have "stable_rank_at x n₃"
 by (rule stable_rank_at_ge)
 hence "∃i. ∀m' ≥ n. rank x m' = Some i"
 unfolding n_def stable_rank_at_def by fastforce
 }
 note Stable = this

 have "∧m j. j < i {. 🚫
 using Max.coboundedI[OF ‹finite ?S›] unfolding n_def n₂_def by ftable_rank_b \<openinfinite
 hence Succeed: "∧m j x. n ≤ m ==> token_run x m ∉ F - {q₀} ==> token_run x (Suc m) ∈ F ==> rank x m = Some j ==>
 by (metis not_le succeed_t_inclusion)

  "<Andm< n
 using Max.coboundedI[OF ‹finite ?S›] unfolding n_def n₂_def by fastforce
 hence Fail: "∧m x. n ≤ m ==> x ≤ m ==> sink (token_run x m) ∨ ¬sink (token_run x (Suc m)) ∨ \      
 using fail_t_inclusion by fastforce

 
 fix m x
 assume "m ≥ n" "m ≥ x"
 moreover
 {
 assume "token_succeeds x" "token_run x m ∉ F"
 then obtain m' where "x ≤ m'" and "token_run x m' ∉ F - {q\<     (
 using token_run_enter_final_states unfolding token_succeeds_def by meson
 moreover
 hence "¬sink (token_run x m')"
 by (metis Diff_empty Diff_insert0 ‹
 ultimately
 obtain j' where "rank x m' = Some j'"
 by simp
 moreover
 have "m ≤ infinite_nat_if_unby blas
 by (metis ‹
 moreover
 hence "m' ≥ n"
 using ‹x ≤ m›
 hence "j' ≥ i"
java.lang.StringIndexOutOfBoundsException: Index 73 out of bounds for length 73
 
 obtain k where "rank x x = Some k"
 using rank_initial[of x] by blast
 ultimately
 obtain j where "rank x m = Some j"
 by (metis rank_continuous[OF ‹
 hence "∃j ≥ i. rank x m = Some j"
 using rank_monotonic ‹rank x m' = Some j'› ‹j' ≥ i› ‹m ≤ m'›[THEN le_Suc_ex]
 by (blast dest: le_Suc_ex trans_le_add1)
 }
 moreover
 {
 assume "¬token_succeeds x"
 hence "\<And         fastfo+
 unfolding token_succeeds_def by blast
 moreover
 have "¬(∃j ≥ i. rank x m = Some j)"
 proof (cases "token_squats x")
 case True
 ― ‹The token
 have "x < n
 using ‹
 then obtain k where ―
 using Stable[OF _ True] by blast
 moreover
 hence "stable_rank x k"
 unfolding stable_rank_def MOST_nat_le by blast
 moreover
 have "q₀ ∉ F"
 by (metis ‹∧m. token_run x m ∉ F› initial_in_F_token_run)
 ultimately
 ― ‹
 have "k < i" and "rank x m = Some k"
 using stable_rank_bounded ‹infinite (succeed i)› ‹n ≤ m› by blast+
 thus ?thesis
 by simp
 next
 case False
 ― ‹Then token is already in a sink›a "y ≤
 have "sink (token_run x m)"
 proof (rule ccontr)
 assume "¬sink (token_run x m)"
 moreover
 obtain m' where "m < m
 by (metis False token_squats_def le_add2 not_le not_less_eq_eq token_stays_in_sink)
 ultimately
 obtain m'' where "m ≤ m''" and "¬sink (token_run x m'')" and "sink (token_run x (Suc m''))"
 
 thus False
 by (metis Fail ‹
 qed
 ― ‹Hence there is no rank›
 thus ?thesis
 by simp
 qed
 ultimately
 have "¬(∃j ≥ i. rank x m = Some j) ∧ token_run x m ∉ F"
 by blast
 }
 ultimately
 have "(∃j ≥ i. rank x m = Some j) ∨ token_run x m ∈ F ⟷ token_succeeds x"
 by (cases "token_succeeds x") (blast, simp)
 }
 moreover
 ― "tok x (Suc n') = to y (Sc n')" and y \le n'"
 have "∧m x. m ≥ n ==> ¬l bymet
 using n_def n₁_def by force
 ultimately
 show ?thesis
 unfolding MOST_nat_le not_le[symmetric] by blast
 

  succeeding_states:
 assumes "smallest_accepting_rank = Some i"
java.lang.NullPointerException
 -
 obtain n where n_def: "∧m x. m ≥ n ==> token_succeeds x = (x > m ∨ (∃j ≥ i. rank x m = Some j) ∨ token_run x m ∈ F)"
 using token_smallest_accepting_rank[OF assms] unfolding MOST_nat_le by auto
 {
 fix m q
 assume "m ≥ n" "q ∉ F" "∃x ∈ configuration q m. token_succeeds x"
 moreover
 then obtain x where "token_run x m = q" and "x ≤ m" and "token_succeeds x"
 by auto
 ultimately
 have "∃j ≥j"
 using n_def by simp
 hence "∃j ≥ i. state_rank q m = Some j"
  rank_ ‹
 }
 moreover
 {
 fix m q x
 assume "m ≥ n" "x ∈ configuration q m"
 hence "x ≤ m" and "token_run x m = q"
 by simp+
 moreover
 assume "q ∈ S m"
 hence "(∃j ≥ i. state_rank q m = Some j) ∨ q ∈ F"
 using assms by fastforce
 ultimately
 have "(∃j ≥ i. rank x m = Some j) ∨ q ∈ F"
 using rank_eq_state_rank by presburger
 hence "token_succeeds x"
 unfolding n_def[OF ‹m ≥ n›] ‹token_run x m = q› by presburger
 }
 ultimately
 show ?thesis
 unfolding MOST_nat_le S.simps assms option.sel by blast