Theory "mu"

Parents     env   muSyntax

Signature

Constant Type
STATES_UNION_aux :('prop mu # ('prop, 'state) KS # (string -> 'state -> bool) + 'prop mu # string # ('prop, 'state) KS # (string -> 'state -> bool) # num -> 'prop mu # ('prop, 'state) KS # (string -> 'state -> bool) + 'prop mu # string # ('prop, 'state) KS # (string -> 'state -> bool) # num -> bool) -> 'prop mu # ('prop, 'state) KS # (string -> 'state -> bool) + 'prop mu # string # ('prop, 'state) KS # (string -> 'state -> bool) # num -> 'state -> bool
STATES_UNION :'prop mu # ('prop, 'state) KS # (string -> 'state -> bool) + 'prop mu # string # ('prop, 'state) KS # (string -> 'state -> bool) # num -> 'state -> bool
STATES :'prop mu -> ('prop, 'state) KS -> (string -> 'state -> bool) -> 'state -> bool
MU_SAT :'a mu -> ('a, 'b) KS -> (string -> 'b -> bool) -> 'b -> bool
MU_MODEL_SAT :'a mu -> ('a, 'b) KS -> (string -> 'b -> bool) -> bool
FP :'prop mu -> string -> ('prop, 'state) KS -> (string -> 'state -> bool) -> num -> 'state -> bool

Definitions

STATES_UNION_AUX_def 
|- !R.
     STATES_UNION_aux R =
     WFREC R
       (\STATES_UNION a''.
          case a'' of
             INL (T,ks,e) -> I ks.S
          || INL (F,ks',e') -> I {}
          || INL (~f,ks'''',e'''') ->
               I (ks''''.S DIFF STATES_UNION (INL (f,ks'''',e'''')))
          || INL (f'' /\ g',ks'''''',e'''''') ->
               I
                 (STATES_UNION (INL (f'',ks'''''',e'''''')) INTER
                  STATES_UNION (INL (g',ks'''''',e'''''')))
          || INL (f' \/ g,ks''''',e''''') ->
               I
                 (STATES_UNION (INL (f',ks''''',e''''')) UNION
                  STATES_UNION (INL (g,ks''''',e''''')))
          || INL (RV Q,ks''',e''') -> I {s | s IN ks'''.S /\ e''' Q s}
          || INL (AP p,ks'',e'') -> I {s | s IN ks''.S /\ p IN ks''.L s}
          || INL (<> f''',ks''''''',e''''''') ->
               I
                 {s |
                  ?q.
                    q IN ks'''''''.S /\ s>--ks'''''''/a-->q /\
                    q IN STATES_UNION (INL (f''',ks''''''',e'''''''))}
          || INL ([[a']] f'''',ks'''''''',e'''''''') ->
               I
                 {s |
                  !q.
                    q IN ks''''''''.S /\
                    (s>--ks''''''''/a'-->q ==>
                     q IN STATES_UNION (INL (f'''',ks'''''''',e'''''''')))}
          || INL ((mu Q''.. f''''''),ks'''''''''',e'''''''''') ->
               I
                 {s |
                  ?n.
                    s IN
                    STATES_UNION
                      (INR
                         (f'''''',Q'',ks'''''''''',e''''''''''[[[Q''<--{}]]],
                          n))}
          || INL ((nu Q'.. f'''''),ks''''''''',e''''''''') ->
               I
                 {s |
                  !n.
                    s IN
                    STATES_UNION
                      (INR
                         (f''''',Q',ks''''''''',
                          e'''''''''[[[Q'<--ks'''''''''.S]]],n))}
          || INR (f''''''',Q''',ks''''''''''',e''''''''''',0) ->
               I (e''''''''''' Q''')
          || INR (f''''''',Q''',ks''''''''''',e''''''''''',SUC n) ->
               I
                 (STATES_UNION
                    (INL
                       (f''''''',ks''''''''''',
                        e'''''''''''[[[Q'''<--STATES_UNION
                                                (INR
                                                   (f''''''',Q''',
                                                    ks''''''''''',
                                                    e''''''''''',n))]]]))))
STATES_UNION_primitive_def 
|- STATES_UNION =
   STATES_UNION_aux
     @R.
       WF R /\ (!e ks f. R (INL (f,ks,e)) (INL (~f,ks,e))) /\
       (!f e ks g. R (INL (g,ks,e)) (INL (f \/ g,ks,e))) /\
       (!g e ks f. R (INL (f,ks,e)) (INL (f \/ g,ks,e))) /\
       (!f e ks g. R (INL (g,ks,e)) (INL (f /\ g,ks,e))) /\
       (!g e ks f. R (INL (f,ks,e)) (INL (f /\ g,ks,e))) /\
       (!a e ks f. R (INL (f,ks,e)) (INL (<> f,ks,e))) /\
       (!e f a ks s q.
          s>--ks/a-->q ==> R (INL (f,ks,e)) (INL ([[a]] f,ks,e))) /\
       (!e ks Q f n.
          R (INR (f,Q,ks,e[[[Q<--ks.S]]],n)) (INL ((nu Q.. f),ks,e))) /\
       (!e ks Q f n.
          R (INR (f,Q,ks,e[[[Q<--{}]]],n)) (INL ((mu Q.. f),ks,e))) /\
       (!n Q e ks f.
          R (INL (f,ks,e[[[Q<--STATES_UNION_aux R (INR (f,Q,ks,e,n))]]]))
            (INR (f,Q,ks,e,SUC n))) /\
       !n e ks Q f. R (INR (f,Q,ks,e,n)) (INR (f,Q,ks,e,SUC n))
STATES_UNION_extract1_def 
|- !x x1 x2 x3 x4. FP x x1 x2 x3 x4 = STATES_UNION (INR (x,x1,x2,x3,x4))
STATES_UNION_extract0_def 
|- !x x1 x2. STATES x x1 x2 = STATES_UNION (INL (x,x1,x2))
MU_MODEL_SAT_def 
|- !f ks e. MU_MODEL_SAT f ks e = !s. s IN ks.S0 ==> MU_SAT f ks e s

Theorems

STATES_def 
|- (STATES T ks e = ks.S) /\ (STATES F ks e = {}) /\
   (STATES (AP p) ks e = {s | s IN ks.S /\ p IN ks.L s}) /\
   (STATES (RV Q) ks e = {s | s IN ks.S /\ e Q s}) /\
   (STATES (~f) ks e = ks.S DIFF STATES f ks e) /\
   (STATES (f \/ g) ks e = STATES f ks e UNION STATES g ks e) /\
   (STATES (f /\ g) ks e = STATES f ks e INTER STATES g ks e) /\
   (STATES <> f ks e =
    {s | ?q. q IN ks.S /\ s>--ks/a-->q /\ q IN STATES f ks e}) /\
   (STATES [[a]] f ks e =
    {s | !q. q IN ks.S /\ (s>--ks/a-->q ==> q IN STATES f ks e)}) /\
   (STATES (nu Q.. f) ks e = {s | !n. s IN FP f Q ks e[[[Q<--ks.S]]] n}) /\
   (STATES (mu Q.. f) ks e = {s | ?n. s IN FP f Q ks e[[[Q<--{}]]] n}) /\
   (FP f Q ks e 0 = e Q) /\
   (FP f Q ks e (SUC n) = STATES f ks e[[[Q<--FP f Q ks e n]]])
MU_SAT_def 
|- !f ks e s. MU_SAT f ks e s = s IN STATES f ks e
MU_BIGUNION 
|- !f ks e Q.
     wfKS ks ==>
     (STATES (mu Q.. f) ks e =
      BIGUNION {P | ?n. P = FP f Q ks e[[[Q<--{}]]] n})
NU_BIGINTER 
|- !f ks e Q.
     wfKS ks ==>
     (STATES (nu Q.. f) ks e =
      BIGINTER {P | ?n. P = FP f Q ks e[[[Q<--ks.S]]] n})
STATES_NNF_ID 
|- !f ks e. wfKS ks ==> (STATES (NNF f) ks e = STATES f ks e)
MU_SAT_NEG 
|- !s ks e. wfKS ks ==> !f. MU_SAT (~f) ks e s = ~MU_SAT f ks e s
MU_SAT_CONJ 
|- !s ks e.
     wfKS ks ==>
     !f g. MU_SAT (f /\ g) ks e s = MU_SAT f ks e s /\ MU_SAT g ks e s
MU_SAT_DISJ 
|- !s ks e.
     wfKS ks ==>
     !f g. MU_SAT (f \/ g) ks e s = MU_SAT f ks e s \/ MU_SAT g ks e s
MU_SAT_T 
|- !s ks e. wfKS ks ==> (MU_SAT T ks e s = T)
MU_SAT_F 
|- !s ks e. wfKS ks ==> (MU_SAT F ks e s = F)
MU_SAT_DMD 
|- !s ks e.
     wfKS ks ==>
     !a f. MU_SAT <> f ks e s = ?q. ks.T a (s,q) /\ MU_SAT f ks e q
MU_SAT_BOX 
|- !s ks e.
     wfKS ks ==>
     !a f. MU_SAT [[a]] f ks e s = !q. ks.T a (s,q) ==> MU_SAT f ks e q
MU_SAT_RV 
|- !s ks e. wfKS ks ==> !Q. MU_SAT (RV Q) ks e s = e Q s
MU_SAT_AP 
|- !s ks e. wfKS ks ==> !a. MU_SAT (AP a) ks e s = ks.L s a
MU_SAT_LFP 
|- !s ks e.
     wfKS ks ==>
     !Q f. MU_SAT (mu Q.. f) ks e s = ?n. s IN FP f Q ks e[[[Q<--{}]]] n
MU_SAT_GFP 
|- !s ks e.
     wfKS ks ==>
     !Q f. MU_SAT (nu Q.. f) ks e s = !n. s IN FP f Q ks e[[[Q<--ks.S]]] n
STATES_MONO 
|- !f ks e e' Q X Y.
     wfKS ks /\ IMF (mu Q.. f) /\ X SUBSET Y /\
     (!Q'.
        (if ~RV Q' SUBF NNF f then e Q' = e' Q' else e Q' SUBSET e' Q')) ==>
     STATES f ks e[[[Q<--X]]] SUBSET STATES f ks e'[[[Q<--Y]]]
ENV_VAR_LEGAL 
|- !e Q' f. (if ~RV Q' SUBF NNF f then e Q' = e Q' else e Q' SUBSET e Q')
STATES_MONO_EQ 
|- !f ks e Q X Y.
     wfKS ks /\ IMF (mu Q.. f) /\ X SUBSET Y ==>
     STATES f ks e[[[Q<--X]]] SUBSET STATES f ks e[[[Q<--Y]]]
LFP_CHAIN 
|- !f ks e n Q.
     wfKS ks /\ IMF (mu Q.. f) ==>
     FP f Q ks e[[[Q<--{}]]] n SUBSET FP f Q ks e[[[Q<--{}]]] (SUC n)
MU_FP_STATES 
|- !f ks e n' Q.
     wfKS ks /\ IMF (mu Q.. f) ==>
     (FP f Q ks e[[[Q<--{}]]] n' = FP f Q ks e[[[Q<--{}]]] (SUC n')) ==>
     (STATES (mu Q.. f) ks e = FP f Q ks e[[[Q<--{}]]] n')
GEN_LFP_IDEM 
|- !f ks e Q.
     wfKS ks /\ IMF (mu Q.. f) /\ FINITE ks.S ==>
     (STATES f ks
        e[[[Q<--BIGUNION {P | ?i. P = FP f Q ks e[[[Q<--{}]]] i}]]] =
      BIGUNION {P | ?i. P = FP f Q ks e[[[Q<--{}]]] i})
GEN_LFP_CHAIN 
|- !f ks e n Q X.
     wfKS ks /\ IMF (mu Q.. f) /\ X SUBSET STATES f ks e[[[Q<--X]]] ==>
     FP f Q ks e[[[Q<--X]]] n SUBSET FP f Q ks e[[[Q<--X]]] (SUC n)
GEN_MU_FP_STATES 
|- !f ks e n Q X.
     wfKS ks /\ IMF (mu Q.. f) /\ FINITE ks.S /\
     X SUBSET STATES f ks e[[[Q<--X]]] ==>
     X SUBSET BIGUNION {P | ?n. P = FP f Q ks e[[[Q<--{}]]] n} ==>
     (FP f Q ks e[[[Q<--X]]] n = FP f Q ks e[[[Q<--X]]] (SUC n)) ==>
     (STATES (mu Q.. f) ks e = FP f Q ks e[[[Q<--X]]] n)
GFP_CHAIN 
|- !f ks e n Q.
     wfKS ks /\ IMF (mu Q.. f) ==>
     FP f Q ks e[[[Q<--ks.S]]] (SUC n) SUBSET FP f Q ks e[[[Q<--ks.S]]] n
NU_FP_STATES 
|- !f ks e n' Q.
     wfKS ks /\ IMF (nu Q.. f) ==>
     (FP f Q ks e[[[Q<--ks.S]]] n' = FP f Q ks e[[[Q<--ks.S]]] (SUC n')) ==>
     (STATES (nu Q.. f) ks e = FP f Q ks e[[[Q<--ks.S]]] n')
GEN_GFP_IDEM 
|- !f ks e Q.
     wfKS ks /\ IMF (nu Q.. f) /\ FINITE ks.S ==>
     (STATES f ks
        e[[[Q<--BIGINTER {P | ?i. P = FP f Q ks e[[[Q<--ks.S]]] i}]]] =
      BIGINTER {P | ?i. P = FP f Q ks e[[[Q<--ks.S]]] i})
GEN_GFP_CHAIN 
|- !f ks e n Q X.
     wfKS ks /\ IMF (nu Q.. f) /\ STATES f ks e[[[Q<--X]]] SUBSET X ==>
     FP f Q ks e[[[Q<--X]]] (SUC n) SUBSET FP f Q ks e[[[Q<--X]]] n
GEN_NU_FP_STATES 
|- !f ks e n Q X.
     wfKS ks /\ IMF (nu Q.. f) /\ FINITE ks.S /\
     STATES f ks e[[[Q<--X]]] SUBSET X ==>
     BIGINTER {P | ?n. P = FP f Q ks e[[[Q<--ks.S]]] n} SUBSET X ==>
     (FP f Q ks e[[[Q<--X]]] n = FP f Q ks e[[[Q<--X]]] (SUC n)) ==>
     (STATES (nu Q.. f) ks e = FP f Q ks e[[[Q<--X]]] n)
MS_FP 
|- !f ks e Q s X n.
     MU_SAT f ks e[[[Q<--FP f Q ks e[[[Q<--X]]] n]]] s =
     FP f Q ks e[[[Q<--X]]] (SUC n) s
MS_FP_INIT 
|- !f ks e Q s X n.
     wfKS ks ==>
     (MU_SAT (RV Q) ks e[[[Q<--FP f Q ks e[[[Q<--X]]] n]]] s =
      FP f Q ks e[[[Q<--X]]] n s)
GEN_MS_FP_INIT 
|- !ks e Q s X. wfKS ks ==> (MU_SAT (RV Q) ks e[[[Q<--X]]] s = X s)
LFP_INIT 
|- !f ks e Q s. wfKS ks ==> (FP f Q ks e[[[Q<--{}]]] 0 s = F)
GFP_INIT 
|- !f ks e Q s. wfKS ks ==> (FP f Q ks e[[[Q<--ks.S]]] 0 s = T)
GEN_FP_INIT 
|- !f ks e Q X s. wfKS ks ==> (FP f Q ks e[[[Q<--X]]] 0 s = X s)
SAT_RV_ENV_SUBST 
|- !f Q ks e n s.
     wfKS ks ==>
     (MU_SAT (RV Q) ks e[[[Q<--FP f Q ks e (SUC n)]]] s =
      MU_SAT f ks e[[[Q<--FP f Q ks e n]]] s)
fol1 
|- !p q x y. (p ==> x) /\ (q ==> y) ==> p /\ q ==> x /\ y
fol2 
|- !p x y. (p ==> x /\ y) ==> p ==> x \/ y
fol3 
|- !p x y z. (x /\ y ==> z) ==> (p ==> x /\ y) ==> p ==> z
fol4 
|- !p x y z. (x \/ y ==> z) ==> (p ==> x \/ y) ==> p ==> z
fol5 
|- !p x y. (x ==> y) ==> (p ==> x) ==> p ==> y
AP_SUBST 
|- !f g ap ks e s.
     wfKS ks ==>
     IS_PROP g ==>
     (!s. MU_SAT (AP ap) ks e s = MU_SAT g ks e s) ==>
     (MU_SAT f ks e s = MU_SAT (AP_SUBST g ap f) ks e s)
AP_SUBST_MODEL 
|- !f g ap ks e s.
     wfKS ks ==>
     IS_PROP g ==>
     (!s. MU_SAT (AP ap) ks e s = MU_SAT g ks e s) ==>
     (MU_MODEL_SAT f ks e = MU_MODEL_SAT (AP_SUBST g ap f) ks e)
MU_BISIM_STATES 
|- !f M1 M2 e1 e2 s1 s2 BS.
     wfKS M1 ==>
     wfKS M2 ==>
     (!p s1 s2. AP p SUBF f ==> (M1.L s1 p = M2.L s2 p)) ==>
     BISIM M1 M2 BS ==>
     (!Q s1 s2. BS (s1,s2) ==> (s1 IN e1 Q = s2 IN e2 Q)) ==>
     BS (s1,s2) ==>
     (MU_SAT f M1 e1 s1 = MU_SAT f M2 e2 s2)
MU_BISIM 
|- !f M1 M2 e1 e2 BS.
     wfKS M1 ==>
     wfKS M2 ==>
     (!p s1 s2. AP p SUBF f ==> (M1.L s1 p = M2.L s2 p)) ==>
     (!s1 s2. BS (s1,s2) ==> (s1 IN M1.S0 = s2 IN M2.S0)) ==>
     BISIM M1 M2 BS ==>
     (!Q s1 s2. BS (s1,s2) ==> (s1 IN e1 Q = s2 IN e2 Q)) ==>
     (!s1. ?s2. BS (s1,s2)) ==>
     (!s2. ?s1. BS (s1,s2)) ==>
     (MU_MODEL_SAT f M1 e1 = MU_MODEL_SAT f M2 e2)