subsection‹\label{ReactiveFeedback}Reactive Feedback›
theory ReactiveFeedback
imports TransitionFeedback IterateOperators
begin
definition "Feedback S = {:x ↝ (u, y), x' . (x = x'):} o IterateOmegaA ([-λ ((u, y), x) . ((u, x), x)-] o (S ** Skip)) o [-λ ((u,y), x) . y -]"
lemma Feedback_refin: "S ≤ T ⟹ Feedback S ≤ Feedback T"
apply (simp add: Feedback_def)
apply (rule refin_comp_right)
apply (rule refin_comp_left, simp_all)
apply (rule IterateOmegaA_refin)
apply (rule mono_comp_a)
apply simp_all
apply (rule refin_comp_left, simp_all)
by (rule prod_mono1, simp)
definition "FeedbackX Init S = [:x ↝ (u, y), x' . (u = ()) ∧ (x = x'):] o ((Init ** Skip) ** Skip) o IterateOmega ([-λ ((u, y), x) . ((u, x), x)-] o (S ** Skip)) o [-λ ((u,y), x) . y -]"
definition "FeedbackA Init S = [:x ↝ (x'', y), x' . (x'' = x) ∧ (x = x'):] o ((Init ** Skip) ** Skip) o IterateOmegaA ([-λ ((u, y), x) . ((u, x), x)-] o (S ** Skip)) o [-λ ((u,y), x) . y -]"
lemma feedback_update_simp_e: "feedback ([- λ (u, s, x) . (f s x, g u s x, h u s x) -])
= [-λ (s, x) . (g (f s x) s x, h (f s x) s x)-]"
apply (unfold feedback_simp_cc, simp)
by (simp add: fun_eq_iff assert_def demonic_def le_fun_def inpt_def rel_spec update_def)
definition "InitDF init = [: s ↝ s'. (□(λs. init (s (0::nat)))) s' :]"
definition "Add = [- λ(x,y). x+y-]"
definition "UD = [-λ(x,s). (s,x) -]"
definition "Split = [-λx. (x,x)-]"
definition "RT1 = [- λ(u, (s,x)). ((u,x),s)-]"
definition "RT2 = [- λ((v,y),s). (v, (s,y)) -]"
definition "RT3 = [- λ(x,s). (s,x)-]"
definition "Res = [-λx. Summ x-]"
definition "init_ExFb = (λ u . u = (0::nat))"
definition "ExFb = RT1 o (Add ** Skip) o UD o (Split ** Skip) o RT2"
lemma ExFb_simp : "ExFb = [- λ(u, (s,x)). (s, (u+x,s))-]"
apply (simp add: ExFb_def Add_def UD_def Split_def RT1_def RT2_def update_comp prod_update_skip)
apply (rule_tac f = "update" in arg_cong)
by (simp add: fun_eq_iff)
definition "ExFb_transfb = feedback ExFb"
lemma ExFb_transfb_simp: "ExFb_transfb = [- λ(s,x). (s+x,s)-]"
by (simp add: ExFb_transfb_def ExFb_simp feedback_update_simp_e)
definition "ExFb_genfb = DelayFeedback init_ExFb ExFb_transfb"
lemma DelayFeedback_example: "ExFb_genfb = Res"
apply (simp add: ExFb_genfb_def ExFb_transfb_simp Res_def init_ExFb_def update_def split_def)
apply (cut_tac init="(λ u . u = (0::nat))" and p="⊤" and r="(λx y. y=(fst x + snd x, fst x))" in DelayFeedback_simp )
apply (simp add: prec_pre_sts_simp assert_true_skip_a assert_true_skip)
apply (drule drop_assumption, simp)
apply (rule_tac f="demonic" in arg_cong)
apply (simp add: fun_eq_iff)
apply safe
apply (simp_all add: rel_pre_sts_simp)
apply (metis Nat.add_0_right sum_suc)
using Summ.simps(1) Summ.simps(2) by blast
definition "RT4 = [- λ(s, (u, x)). (u, (s, x)) -]"
definition "RT5 = [- λ(v, (s, y)). (s, (v, y)) -]"
definition "Res_aux = [-λ(u, x). ((λi. if i = 0 then 0 else u (i-1) + x (i-1)),(λi. if i = 0 then 0 else u (i-1) + x (i-1)))-]"
definition "ExFb_delayfb_aux = RT4 o ExFb o RT5"
lemma ExFb_delayfb_aux_simp: "ExFb_delayfb_aux = [-λ(s, (u, x)). (u+x, (s, s))-]"
apply (simp add: ExFb_delayfb_aux_def ExFb_simp RT4_def RT5_def update_comp)
apply (rule_tac f = "update" in arg_cong)
by (simp add: fun_eq_iff)
definition "ExFb_delayfb = [-λ(u,x). nzip u x-] o (DelayFeedback (λ u . u = (0::nat)) ExFb_delayfb_aux) o [-λx. (fst o x, snd o x)-]"
lemma aaa_ind:"∀x. (x = 0 ⟶ aa 0 = 0) ∧ (0 < x ⟶ aa x = a (x - Suc 0) + b (x - Suc 0)) ⟹
∀x. (x = 0 ⟶ ba 0 = 0) ∧ (0 < x ⟶ ba x = a (x - Suc 0) + b (x - Suc 0)) ⟹ (aa x = ba x)"
apply (induction x)
by simp_all
lemma ExFb_delayfb_simp: "ExFb_delayfb = Res_aux"
apply (simp add: ExFb_delayfb_def ExFb_delayfb_aux_simp Res_aux_def update_def split_def)
apply (simp add: DelayFeedback_b_simp)
apply (simp add: demonic_demonic)
apply (rule_tac f="demonic" in arg_cong)
apply (simp add: fun_eq_iff)
apply safe
apply simp_all
apply (simp_all add: rel_pre_sts_def nzip_def always_def at_fun_def at_prod_def lift_rel_def)
apply auto [1]
apply (metis Suc_pred fst_conv)
apply (metis snd_conv)
apply (metis Suc_pred snd_conv)
apply (simp add: OO_def nzip_def rel_pre_sts_simp)
apply (rule_tac x = "nzip aa ba" in exI, simp)
apply (rule_tac x = "nzip a b" in exI)
apply (unfold nzip_def, simp)
apply (rule_tac x = aa in exI, simp_all, safe)
by (drule_tac aa = aa and ba = ba and x = i in aaa_ind, simp_all)
definition "Init_ExFb = InitDF init_ExFb"
lemma Res_aux_simp: "[-λ((u, y), x). ((u, x), x)-] ∘ Res_aux ** Skip = [- λ((u, y), x). (((λi. if i = 0 then 0 else u (i-1) + x (i-1)),(λi. if i = 0 then 0 else u (i-1) + x (i-1))), x) -]"
apply (simp add: Res_aux_def prod_update_skip update_comp )
apply(rule_tac f=update in arg_cong)
apply (simp add: o_def )
by (subst fun_eq_iff, safe)
definition "Res_aux_fun = (λ((u::nat⇒nat, y::nat⇒nat), x::nat⇒nat). (((λ(i::nat). if i = (0::nat) then (0::nat) else u (i-(1::nat)) + x (i-(1::nat))), (λ(i::nat). if i = (0::nat) then (0::nat) else u (i-(1::nat)) + x (i-(1::nat)))), x))"
lemma Res_aux_fun_aux_a: "⋀ a b c . (Res_aux_fun ^^ (n::nat)) z = ((a,b), c)
⟹ (∀ i < n . a i = ( Summ c (i::nat)) ∧ b i = ( Summ c (i::nat))) ∧ c = (snd z)"
apply (induction n, simp_all)
apply (subst (asm) (2) Res_aux_fun_def)
apply (case_tac "(Res_aux_fun ^^ n) z", simp)
apply (case_tac aa, simp)
apply safe
apply (case_tac i, simp_all)
by (case_tac i, simp_all)
lemma Res_aux_fun_aux_b: "(i < n ⟹ apply (((Res_aux_fun )^^ n) z) i = apply ((Res_aux_fun ^^ (Suc i)) z) i)"
apply (case_tac "(Res_aux_fun ^^ Suc i) z")
apply (case_tac "a", simp)
apply (cut_tac a = aa and b = ba and c = b and n = "Suc i" and z = z in Res_aux_fun_aux_a, simp_all)
apply (case_tac "(Res_aux_fun ^^ n) z")
apply (case_tac "ab", simp)
apply (drule Res_aux_fun_aux_a)
by (simp add: apply_def)
lemma Res_aux_fun_aux_c: "(λx. let z = λi. apply (Res_aux_fun ((Res_aux_fun ^^ i) x)) i in ((fst ∘ fst ∘ z, snd ∘ fst ∘ z), snd ∘ z))
= (λ x . ((Summ (snd x), Summ (snd x)), snd x) )"
apply (simp add: fun_eq_iff Let_def, safe)
apply (case_tac " (Res_aux_fun ((Res_aux_fun ^^ x) ((a, b), ba)))")
apply (case_tac aa, simp)
apply (cut_tac a = ab and b = bc and c = bb and n = "Suc x" and z = "((a, b), ba)" in Res_aux_fun_aux_a, simp_all)
apply (simp add: apply_def)
apply (case_tac " (Res_aux_fun ((Res_aux_fun ^^ x) ((a, b), ba)))")
apply (case_tac aa, simp)
apply (cut_tac a = ab and b = bc and c = bb and n = "Suc x" and z = "((a, b), ba)" in Res_aux_fun_aux_a, simp_all)
apply (simp add: apply_def)
apply (case_tac " (Res_aux_fun ((Res_aux_fun ^^ x) ((a, b), ba)))")
apply (case_tac aa, simp)
apply (cut_tac a = ab and b = bc and c = bb and n = "Suc x" and z = "((a, b), ba)" in Res_aux_fun_aux_a, simp_all)
by (simp add: apply_def)
definition "Init_adder3 = [- λx. (λ (i::nat). (2::nat))-]"
definition "S_adder3 = [- λ (x, (x'::nat ⇒ unit)) . x-] o [- λx . (λ (i::nat). (x i) + 1)-] o [- λx . (λ (i::nat). if i = 0 then (0::nat) else x (i-1)) -] o
[- λx. (λ (i::nat) . x i + 2) -] o [- λx. (x, x) -]"
definition "Res_adder3 = [- λx . (λ (i::nat) . 3 * i + 2) -]"
definition "S_simp_adder3 = [- λ (x, (x'::nat ⇒ unit)). ((λi. if i = 0 then 2 else x(i-1) + 3), (λi. if i = 0 then 2 else x(i-1) + 3))-]"
lemma S_adder3_simp: "S_adder3 = S_simp_adder3"
apply (simp add: S_adder3_def S_simp_adder3_def)
apply (simp add: update_comp)
apply (rule_tac f = update in arg_cong)
by (simp add: fun_eq_iff)
lemma Adder3_inner_simp: "[-λ((u, y), x). ((u, x), x)-] ∘ S_simp_adder3 ** Skip = [- λ((u, y), x). (((λi. if i = 0 then 2 else u(i-1) + 3), (λi. if i = 0 then 2 else u(i-1) + 3)), x) -]"
apply (simp add: S_simp_adder3_def prod_update_skip update_comp )
apply(rule_tac f=update in arg_cong)
apply (simp add: o_def )
by (subst fun_eq_iff, safe)
definition "Adder3_iter_fun = (λ((u::nat ⇒ nat, y::nat ⇒ nat), x::nat ⇒ unit). ((λi::nat. if i = (0::nat) then 2::nat else u (i - (1::nat)) + (3::nat), λi::nat. if i = (0::nat) then 2::nat else u (i - (1::nat)) + (3::nat)), x))"
lemma Adder3_iter_aux_a: "⋀ a b c . (Adder3_iter_fun ^^ (n::nat)) z = ((a,b), c) ⟹ (∀ i < n . a i = 3 * i + 2 ∧ b i = 3 * i + 2) ∧ c = (snd z)"
apply (induction n, simp_all)
apply (case_tac "(Adder3_iter_fun ^^ n) z")
apply (case_tac aa, simp)
apply safe
apply simp_all
apply (subst (asm) (1) Adder3_iter_fun_def, simp)
apply (subgoal_tac " a i = (if i = 0 then 2 else ab (i - 1) + 3)", simp)
apply (case_tac "i", simp)
apply simp
apply (simp add: fun_eq_iff)
apply (subst (asm) (1) Adder3_iter_fun_def, simp, safe)
apply (case_tac "i", simp)
by simp
lemma Adder3_iter_aux_b[simp]: "i < n ⟹ apply ((Adder3_iter_fun ^^ n) z) i = apply ((Adder3_iter_fun ^^ Suc i) z) i"
apply (case_tac "(Adder3_iter_fun ^^ Suc i) z")
apply (case_tac "a", simp)
apply (cut_tac a = aa and b = ba and c = b and n = "Suc i" and z = z in Adder3_iter_aux_a, simp_all)
apply (case_tac "(Adder3_iter_fun ^^ n) z")
apply (case_tac "ab", simp)
apply (drule Adder3_iter_aux_a)
by (simp add: apply_def)
lemma Adder3_iter_aux_c: "(λx. let z = λi. apply (Adder3_iter_fun ((Adder3_iter_fun ^^ i) x)) i in ((fst ∘ fst ∘ z, snd ∘ fst ∘ z), snd ∘ z)) = (λ x . (((λ i . 3 * i + 2), (λ i . 3 * i + 2)), snd x) )"
apply (simp add: fun_eq_iff Let_def, safe)
apply (case_tac " (Adder3_iter_fun ((Adder3_iter_fun ^^ x) ((a, b), ba)))")
apply (case_tac aa, simp)
apply (cut_tac a = ab and b = bc and c = bb and n = "Suc x" and z = "((a, b), ba)" in Adder3_iter_aux_a, simp_all)
apply (simp add: apply_def)
apply (case_tac " (Adder3_iter_fun ((Adder3_iter_fun ^^ x) ((a, b), ba)))")
apply (case_tac aa, simp)
apply (cut_tac a = ab and b = bc and c = bb and n = "Suc x" and z = "((a, b), ba)" in Adder3_iter_aux_a, simp_all)
by (simp add: apply_def)
lemma "FeedbackX Init_adder3 S_adder3 = Res_adder3"
apply (simp add: FeedbackX_def)
apply (simp add: Init_adder3_def Res_adder3_def S_adder3_simp Adder3_inner_simp)
apply (simp add: Adder3_iter_fun_def [THEN sym])
apply (simp add: IterateOmega_func_bb Adder3_iter_aux_c)
apply (simp add: update_comp comp_assoc prod_update_skip)
apply(simp add: update_def demonic_demonic)
apply (rule_tac f = demonic in arg_cong)
by (simp add: OO_def fun_eq_iff)
definition "Init_sum = [-λx. (λ (i::nat). (0::nat))-]"
definition "S_sum = [-λ(x, x'). (λi. x i + x' i) -] o [- λx . (λ (i::nat). if i = 0 then (0::nat) else x (i-1)) -] o [- λx. (x, x) -]"
definition "Res_sum = [-λx. Summ x-]"
definition "S_simp_sum = [-λ(x, x'). ((λi. if i = 0 then 0 else x (i-1) + x' (i-1)),(λi. if i = 0 then 0 else x (i-1) + x' (i-1))) -]"
lemma S_sum_simp: "S_sum = S_simp_sum"
apply (simp add: S_sum_def S_simp_sum_def update_comp)
apply (rule_tac f = update in arg_cong)
by (simp add: fun_eq_iff)
lemma Sum_inner_simp: "[-λ((u, y), x). ((u, x), x)-] ∘ S_simp_sum ** Skip = [- λ((u, y), x). (((λi. if i = 0 then 0 else u (i-1) + x (i-1)),(λi. if i = 0 then 0 else u (i-1) + x (i-1))), x) -]"
apply (simp add: S_simp_sum_def prod_update_skip update_comp )
apply(rule_tac f=update in arg_cong)
apply (simp add: o_def )
by (subst fun_eq_iff, safe)
definition "Sum_iter_fun = (λ((u::nat⇒nat, y::nat⇒nat), x::nat⇒nat). (((λ(i::nat). if i = (0::nat) then (0::nat) else u (i-(1::nat)) + x (i-(1::nat))), (λ(i::nat). if i = (0::nat) then (0::nat) else u (i-(1::nat)) + x (i-(1::nat)))), x))"
lemma Sum_iter_aux_a: "⋀ a b c . (Sum_iter_fun ^^ (n::nat)) z = ((a,b), c) ⟹ (∀ i < n . a i = ( Summ c (i::nat)) ∧ b i = ( Summ c (i::nat))) ∧ c = (snd z)"
apply (induction n, simp_all)
apply (subst (asm) (2) Sum_iter_fun_def)
apply (case_tac "(Sum_iter_fun ^^ n) z", simp)
apply (case_tac aa, simp)
apply safe
apply (case_tac i, simp_all)
by (case_tac i, simp_all)
lemma Sum_iter_aux_b: "(i < n ⟹ apply (((Sum_iter_fun )^^ n) z) i = apply ((Sum_iter_fun ^^ (Suc i)) z) i)"
apply (case_tac "(Sum_iter_fun ^^ Suc i) z")
apply (case_tac "a", simp)
apply (cut_tac a = aa and b = ba and c = b and n = "Suc i" and z = z in Sum_iter_aux_a, simp_all)
apply (case_tac "(Sum_iter_fun ^^ n) z")
apply (case_tac "ab", simp)
apply (drule Sum_iter_aux_a)
by (simp add: apply_def)
lemma Sum_iter_aux_c: "(λx. let z = λi. apply (Sum_iter_fun ((Sum_iter_fun ^^ i) x)) i in ((fst ∘ fst ∘ z, snd ∘ fst ∘ z), snd ∘ z))
= (λ x . ((Summ (snd x), Summ (snd x)), snd x) )"
apply (simp add: fun_eq_iff Let_def, safe)
apply (case_tac " (Sum_iter_fun ((Sum_iter_fun ^^ x) ((a, b), ba)))")
apply (case_tac aa, simp)
apply (cut_tac a = ab and b = bc and c = bb and n = "Suc x" and z = "((a, b), ba)" in Sum_iter_aux_a, simp_all)
apply (simp add: apply_def)
apply (case_tac " (Sum_iter_fun ((Sum_iter_fun ^^ x) ((a, b), ba)))")
apply (case_tac aa, simp)
apply (cut_tac a = ab and b = bc and c = bb and n = "Suc x" and z = "((a, b), ba)" in Sum_iter_aux_a, simp_all)
apply (simp add: apply_def)
apply (case_tac " (Sum_iter_fun ((Sum_iter_fun ^^ x) ((a, b), ba)))")
apply (case_tac aa, simp)
apply (cut_tac a = ab and b = bc and c = bb and n = "Suc x" and z = "((a, b), ba)" in Sum_iter_aux_a, simp_all)
by (simp add: apply_def)
lemma "FeedbackX Init_sum S_sum = Res_sum"
apply (simp add: FeedbackX_def)
apply (simp add: Init_sum_def Res_sum_def S_sum_simp Sum_inner_simp)
apply (simp add: Sum_iter_fun_def [THEN sym])
apply (simp add: IterateOmega_func_bb Sum_iter_aux_b Sum_iter_aux_c)
apply (simp add: update_comp comp_assoc prod_update_skip)
apply(simp add: update_def demonic_demonic)
apply (rule_tac f = demonic in arg_cong)
by (simp add: OO_def)
definition "Init_adder3_wp = [- λx. (λ (i::nat). (2::nat))-]"
definition "S_adder3_wp = [- λ (x, (x'::nat ⇒ unit)) . x-] o {.□ (λx. x 0 ≠ 0).} o [- λx . (λ (i::nat). (x i) + 1)-] o [- λx . (λ (i::nat). if i = 0 then (0::nat) else x (i-1)) -] o
[- λx. (λ (i::nat) . x i + 2) -] o [- λx. (x, x) -]"
definition "Res_adder3_wp = {. x. True.} o [- λx . (λ (i::nat) . 3 * i + 2) -]"
definition "S_simp_adder3_wp = {. □ (λ (x, (x'::nat ⇒ unit)). x 0 ≠ 0) .} o[- λ (x, (x'::nat ⇒ unit)). ((λi. if i = 0 then 2 else x(i-1) + 3), (λi. if i = 0 then 2 else x(i-1) + 3))-]"
lemma S_adder3_wp_simp: "S_adder3_wp = S_simp_adder3_wp"
apply (simp add: S_adder3_wp_def S_simp_adder3_wp_def)
apply (simp add: update_comp update_assert_comp comp_assoc)
apply (rule spec_eq_iff)
by (simp_all add: fun_eq_iff always_def at_fun_def at_prod_def)
lemma Adder3_wp_inner_simp: "[-λ((u, y), x). ((u, x), x)-] ∘ S_simp_adder3_wp ** Skip = {. □ (λ ((u, y), x). u 0 ≠ 0).} o [-λ((u, y), x). (((λi. if i = 0 then 2 else u(i-1) + 3), (λi. if i = 0 then 2 else u(i-1) + 3)), x)-]"
apply (simp add: S_simp_adder3_wp_def prod_assert_update_skip update_comp)
apply (simp add: update_assert_comp comp_assoc[THEN sym])
apply (simp add: update_comp comp_assoc)
apply (rule spec_eq_iff)
by (simp_all add: fun_eq_iff always_def at_fun_def at_prod_def)
definition "Adder3_iter_wp_fun = (λ((u::nat ⇒ nat, y::nat ⇒ nat), x::nat ⇒ unit). ((λi::nat. if i = (0::nat) then 2::nat else u (i - (1::nat)) + (3::nat), λi::nat. if i = (0::nat) then 2::nat else u (i - (1::nat)) + (3::nat)), x))"
definition "Adder3_iter_wp_prec = (□ (λ ((u, y), x). u 0 ≠ 0))"
lemma Adder3_iter_wp_aux_a: "⋀ a b c . (Adder3_iter_wp_fun ^^ (n::nat)) z = ((a,b), c) ⟹ (∀ i < n . a i = 3 * i + 2 ∧ b i = 3 * i + 2) ∧ c = (snd z)"
apply (induction n, simp_all)
apply (case_tac "(Adder3_iter_wp_fun ^^ n) z")
apply (case_tac aa, simp)
apply safe
apply simp_all
apply (subst (asm) (1) Adder3_iter_wp_fun_def, simp)
apply (subgoal_tac " a i = (if i = 0 then 2 else ab (i - 1) + 3)", simp)
apply (case_tac "i", simp)
apply simp
apply (simp add: fun_eq_iff)
apply (subst (asm) (1) Adder3_iter_wp_fun_def, simp, safe)
apply (case_tac "i", simp)
by simp
lemma Adder3_iter_wp_aux_b: "i < n ⟹ apply ((Adder3_iter_wp_fun ^^ n) z) i = apply ((Adder3_iter_wp_fun ^^ Suc i) z) i"
apply (case_tac "(Adder3_iter_wp_fun ^^ Suc i) z")
apply (case_tac "a", simp)
apply (cut_tac a = aa and b = ba and c = b and n = "Suc i" and z = z in Adder3_iter_wp_aux_a, simp_all)
apply (case_tac "(Adder3_iter_wp_fun ^^ n) z")
apply (case_tac "ab", simp)
apply (drule Adder3_iter_wp_aux_a)
by (simp add: apply_def)
lemma Adder3_iter_wp_aux_c: "(λx. let z = λi. apply (Adder3_iter_wp_fun ((Adder3_iter_wp_fun ^^ i) x)) i in ((fst ∘ fst ∘ z, snd ∘ fst ∘ z), snd ∘ z)) = (λ x . (((λ i . 3 * i + 2), (λ i . 3 * i + 2)), snd x) )"
apply (simp add: fun_eq_iff Let_def, safe)
apply (case_tac " (Adder3_iter_wp_fun ((Adder3_iter_wp_fun ^^ x) ((a, b), ba)))")
apply (case_tac aa, simp)
apply (cut_tac a = ab and b = bc and c = bb and n = "Suc x" and z = "((a, b), ba)" in Adder3_iter_wp_aux_a, simp_all)
apply (simp add: apply_def)
apply (case_tac " (Adder3_iter_wp_fun ((Adder3_iter_wp_fun ^^ x) ((a, b), ba)))")
apply (case_tac aa, simp)
apply (cut_tac a = ab and b = bc and c = bb and n = "Suc x" and z = "((a, b), ba)" in Adder3_iter_wp_aux_a, simp_all)
by (simp add: apply_def)
lemma Adder3_iter_wp_aux_d: "⋀ i . i ≥ n ⟹ fst (fst ((Adder3_iter_wp_fun ^^ n) ((λi. 2, b), ba))) i = 3 * n + 2"
apply (induction n, simp)
apply simp
apply (subst (1) Adder3_iter_wp_fun_def)
apply (case_tac "(Adder3_iter_wp_fun ^^ n) ((λi. 2, b), ba)", simp)
by (case_tac "a", simp)
lemma Adder3_iter_wp_aux_e: "⋀ i. i < n ⟹ fst (fst ((Adder3_iter_wp_fun ^^ n) ((λi. 2, b), ba))) i = 3 * i + 2"
apply (induction n, simp)
apply simp
apply (subst (1) Adder3_iter_wp_fun_def)
apply (case_tac "(Adder3_iter_wp_fun ^^ n) ((λi. 2, b), ba)", simp)
apply (case_tac "a", simp)
by auto
lemma Adder3_iter_wp_prec_aux: "0 < fst (fst ((Adder3_iter_wp_fun ^^ n) ((λi. 2, b), ba))) i"
apply (case_tac "i ≥ n")
apply (simp add: Adder3_iter_wp_aux_d)
by (simp add: Adder3_iter_wp_aux_e)
lemma Adder3_iter_wp_prec: "(□ (λ((u, y), x). 0 < u 0)) ((Adder3_iter_wp_fun ^^ n) ((λi. 2, b), ba))"
apply (simp add: always_def at_fun_def at_prod_def, safe)
by (simp add: Adder3_iter_wp_prec_aux)
lemma "FeedbackX Init_adder3_wp S_adder3_wp = Res_adder3_wp"
apply (simp add: FeedbackX_def)
apply (simp add: Init_adder3_wp_def Res_adder3_wp_def S_adder3_wp_simp Adder3_wp_inner_simp)
apply (simp add: Adder3_iter_wp_fun_def [THEN sym])
apply (simp add: IterateOmega_assert_update_d Adder3_iter_wp_aux_c Adder3_iter_wp_aux_b)
apply (simp add: update_comp comp_assoc prod_update_skip)
apply (simp add: update_comp comp_assoc[THEN sym] update_assert_comp)
apply (simp add: update_comp comp_assoc)
apply(simp add: update_def demonic_assert_comp comp_assoc[THEN sym])
apply (simp add: demonic_demonic comp_assoc)
apply (rule prec_rel_eq)
apply auto [2]
apply (simp add: fun_eq_iff)
by (simp add: Adder3_iter_wp_prec)
definition "Init_adder3_havoc = [-λx. (λi. 0)-]"
definition "Res_adder3_havoc = ⊥"
lemma [simp]: "(λx. ∀b ba n. (□ (λ((u, y), x). 0 < u 0)) ((Adder3_iter_wp_fun ^^ n) ((λi. 0, b), ba))) = ⊥"
apply (simp add: fun_eq_iff always_def at_fun_def at_prod_def)
apply (rule_tac x="Eps ⊤" in exI)
apply (rule_tac x="Eps ⊤" in exI)
apply (rule_tac x=0 in exI)
by simp
lemma [simp]: "{.λx. False.} o [:r:] = ⊥"
by (simp add: fun_eq_iff assert_def)
lemma "FeedbackX Init_adder3_havoc S_adder3_wp = Res_adder3_havoc"
apply (simp add: FeedbackX_def)
apply (simp add: Init_adder3_havoc_def Res_adder3_havoc_def S_adder3_wp_simp Adder3_wp_inner_simp)
apply (simp add: Adder3_iter_wp_fun_def [THEN sym])
apply (simp add: IterateOmega_assert_update_d Adder3_iter_wp_aux_c Adder3_iter_wp_aux_b)
apply (simp add: update_comp comp_assoc prod_update_skip)
apply (simp add: update_comp comp_assoc[THEN sym] update_assert_comp)
apply (simp add: update_comp comp_assoc)
apply(simp add: update_def demonic_assert_comp comp_assoc[THEN sym])
apply (simp add: demonic_demonic comp_assoc)
by (simp add: bot_fun_def)
lemma Feedback_ExFb: "FeedbackX Init_ExFb ExFb_delayfb = Res"
apply (simp add: FeedbackX_def)
apply (simp add: Init_ExFb_def InitDF_def init_ExFb_def Res_def ExFb_delayfb_simp Res_aux_simp)
apply (simp add: Res_aux_fun_def [THEN sym])
apply (simp add: IterateOmega_func_bb Res_aux_fun_aux_b Res_aux_fun_aux_c)
apply (simp add: update_comp comp_assoc prod_update_skip)
apply (simp add: comp_assoc[THEN sym] Prod_demonic_skip demonic_demonic)
apply(simp add: update_def demonic_demonic)
apply (rule_tac f = demonic in arg_cong)
apply (simp add: OO_def always_def at_fun_def)
using mult_0 by blast
lemma feedback_in_simp_aaa: "p ≤ inpt r ⟹ p' ≤ inpt r' ⟹
feedback ( {. u, (s,x) . p' (s,x) ∧ p (u, (s,x)).} o [:u, (s,x) ↝ v, (s',y) . r' (s,x) v ∧ r (u, (s,x)) (s',y):])
= {. (s,x) . p' (s,x) ∧ (∀b. r' (s,x) b ⟶ p (b,(s,x))).} o [:(s,x) ↝ (s',y) . ∃ v . r' (s,x) v ∧ r (v, (s,x)) (s',y):]"
apply (unfold feedback_simp_a, simp)
apply (simp add: fun_eq_iff assert_def demonic_def le_fun_def inpt_def rel_spec)
apply safe
apply metis
apply metis
apply metis
apply metis
by metis
lemma IterateOmega_spec_a: "IterateOmega ({. p .} ∘ [: r :]) = {.((u,y),x) .∀n v y' z. (r ^^ n) ((u,y), x) ((v, y'), z) ⟶ p ((v,y'),z).} ∘ [: INF n. r ^^ n OO eqtop n :]"
apply (simp add: IterateOmega_spec)
apply (rule prec_rel_eq)
apply simp_all
by (simp add: split_def)
lemma AAA: "⋀u' y' . (((λ((u::'a, y::'b), x) ((u'::'a, y'::'b), x'). r (u, x) (u', y') ∧ x = x') ^^ n) ((u,y::'b), x) ((u', y'::'b), x')) ⟹ x = x'"
apply (induction n)
apply simp_all
by (simp add: OO_def, auto)
lemma BBB: "⋀u' y' . (((λ((u::'a, y::'b), x) ((u'::'a, y'::'b), x'). r (u, x) (u', y') ∧ x = x') ^^ n) ((u,y::'b), x) ((u', y'::'b), x')) =
(x = x' ∧ (((λ (u::'a, y::'b) (u'::'a, y'::'b) . r (u, x) (u', y')) ^^ n) (u,y::'b) (u', y'::'b)))"
apply safe
apply (drule AAA, simp)
apply (frule AAA, simp)
apply (induction n)
apply simp_all
apply (simp add: OO_def, auto)
apply (induction n)
apply simp_all
by (simp add: OO_def, auto)
lemma CCC: "(((λ((u::'a, y), x) ((u'::'a, y'), x'). r (u, x) (u', y') ∧ x = x') ^^ n) ((u,y::'b), x) ((u', y'::'b), x')) =
(x = x' ∧ (∃ U Y . U 0 = u ∧ U n = u' ∧ Y 0 = y ∧ Y n = y' ∧ (∀ i < n . r (U i, x) (U (Suc i), Y (Suc i)))))"
apply (simp add: BBB)
apply safe
apply (simp add: relpowp_fun_conv, safe)
apply (rule_tac x = "fst o f" in exI, simp)
apply (rule_tac x = "snd o f" in exI)
apply simp
apply safe
apply (drule_tac x = i in spec, simp)
apply (simp add: split_def)
apply (simp add: relpowp_fun_conv)
apply (rule_tac x = "λ i . (U i, Y i)" in exI)
by auto [1]
lemma IterateOmegaA_simp_a: "IterateOmegaA ([-λ ((u, y::nat ⇒'a), x) . ((u, x), x)-] o (({.p.} o [:r:]) ** Skip)) =
{.((ua, ya), xa).∀n a. (∃b U. U 0 = ua ∧ U n = a ∧ (∃Y. Y 0 = ya ∧ Y n = b ∧ (∀i<n. r (U i, xa) (U (Suc i), Y (Suc i))))) ⟶ p (a, xa).} ∘
[: INF n. (λ((u, y), x) ((u', y'), x'). r (u, x) (u', y') ∧ x = x') ^^ n OO eqtop (n-1) :]"
apply (subgoal_tac "[-λ((u, y::nat ⇒ 'a), x). ((u, x), x)-] ∘(({.p.} o [:r:]) ** Skip) = {.(u,y), x . p (u,x).} o [:(u, y), x ↝ (u', y'), x' . r (u, x) (u', y') ∧ x = x':]")
apply simp
apply (simp add: IterateOmegaA_spec)
apply (subgoal_tac "{.x.∀n a b ba. ((λ((u, y::nat ⇒ 'a), x) ((u', y'), x'). r (u, x) (u', y') ∧ x = x') ^^ n) x ((a, b), ba) ⟶ p (a, ba).}
= {.(ua,ya),xa.∀n a b ba. ((λ((u, y), x) ((u', y'), x'). r (u, x) (u', y') ∧ x = x') ^^ n) ((ua,ya),xa) ((a, b), ba) ⟶ p (a, ba).}")
apply simp
apply (simp add: CCC)
apply (simp add: fun_eq_iff assert_def)
apply (simp add: Prod_spec_Skip)
by (simp add: fun_eq_iff demonic_def le_fun_def assert_def update_def)
lemma IterateOmegaA_simp_b: "IterateOmegaA ([-λ ((u, y::nat ⇒'a), x) . ((u, x), x)-] o (({.p.} o [:r:]) ** Skip)) =
{.((ua, ya), xa).∀n U Y . (U 0 = ua ∧ Y 0 = ya ∧ (∀i<n. r (U i, xa) (U (Suc i), Y (Suc i)))) ⟶ p (U n, xa).} ∘
[: INF n. (λ((u, y), x) ((u', y'), x'). r (u, x) (u', y') ∧ x = x') ^^ n OO eqtop (n-1) :]"
apply (simp add: IterateOmegaA_simp_a)
apply (rule_tac f = "λ x . {.x.} o [: INF n. (λ((u, y), x) ((u', y'), x'). r (u, x) (u', y') ∧ x = x') ^^ n OO eqtop (n-(Suc 0)) :]" in arg_cong)
proof (subst fun_eq_iff, auto)
fix n :: nat
fix ba::'c
fix U::"nat ⇒ 'b"
fix Y::"nat ⇒ nat ⇒ 'a"
assume [simp]: "∀i<n. r (U i, ba) (U (Suc i), Y (Suc i))"
assume "∀n a. (∃b Ua. Ua 0 = U 0 ∧ Ua n = a ∧ (∃Ya. Ya 0 = Y 0 ∧ Ya n = b ∧ (∀i<n. r (Ua i, ba) (Ua (Suc i), Ya (Suc i))))) ⟶ p (a, ba)"
from this have A: "(∃b Ua. Ua 0 = U 0 ∧ Ua n = U n ∧ (∃Ya. Ya 0 = Y 0 ∧ Ya n = b ∧ (∀i<n. r (Ua i, ba) (Ua (Suc i), Ya (Suc i))))) ⟶ p (U n, ba)"
by simp
have "(∃b Ua. Ua 0 = U 0 ∧ Ua n = U n ∧ (∃Ya. Ya 0 = Y 0 ∧ Ya n = b ∧ (∀i<n. r (Ua i, ba) (Ua (Suc i), Ya (Suc i)))))"
apply (rule_tac x = "Y n" in exI)
apply (rule_tac x = U in exI, simp)
by (rule_tac x = Y in exI, simp)
from this and A show " p (U n, ba)"
by simp
qed
lemma IterateOmegaA_simp_aux: "(INF n. (λ((u, y), x) ((u', y'), x'). r (u, x) (u', y') ∧ x = x') ^^ n OO eqtop (n-1)) ((u::nat⇒'a,y::nat⇒'b), x::nat⇒'c) ((u'::nat⇒'a,y'::nat⇒'b), x'::nat⇒'c) =
(x = x' ∧ (∀xa. ∃a b. (∃U. U 0 = u ∧ U xa = a ∧ (∃Y. Y 0 = y ∧ Y xa = b ∧ (∀i<xa. r (U i, x) (U (Suc i), Y (Suc i))))) ∧ (∀i<xa-1. a i = u' i) ∧ (∀i<xa-1. b i = y' i))) "
apply (simp add: OO_def CCC eqtop_prod_def)
apply auto
apply (simp add: fun_eq_iff, safe)
apply(drule_tac x = "Suc (Suc xa)" in spec)
apply auto[1]
apply (drule_tac x = xa in spec)
by blast
lemma IterateOmegaA_simp_c: "IterateOmegaA ([-λ ((u::nat ⇒ 'a, y::nat ⇒'b), x::nat⇒'c) . ((u, x), x)-] o (({.p.} o [:r:]) ** Skip)) =
{.((ua, ya), xa).∀n U Y . (U 0 = ua ∧ Y 0 = ya ∧ (∀i<n. r (U i, xa) (U (Suc i), Y (Suc i)))) ⟶ p (U n, xa).} ∘
[: (u, y), x ↝ (u'::nat⇒'a, y'::nat⇒'b), x'::nat⇒'c . x = x'
∧ (∀xa. ∃a b. (∃U. U 0 = u ∧ U xa = a ∧ (∃Y. Y 0 = y ∧ Y xa = b ∧ (∀i<xa. r (U i, x) (U (Suc i), Y (Suc i))))) ∧ (∀i<xa-1. a i = u' i) ∧ (∀i<xa-1. b i = y' i)) :]"
apply (simp add: IterateOmegaA_simp_b)
apply (subgoal_tac "(INF n. (λ((u, y), x) ((u', y'), x'). r (u, x) (u', y') ∧ x = x') ^^ n OO eqtop (n-1))
= ( λ ((u, y), x) ((u', y'), x').x = x' ∧ (∀xa. ∃a b. (∃U. U 0 = u ∧ U xa = a ∧ (∃Y. Y 0 = y ∧ Y xa = b ∧ (∀i<xa. r (U i, x) (U (Suc i), Y (Suc i))))) ∧
(∀i<xa-1. a i = u' i) ∧ (∀i<xa-1. b i = y' i)))")
apply (simp_all)
apply (unfold fun_eq_iff)
apply safe
apply (cut_tac r = r and u = a and y = b and x = ba and u' = aa and y' = bb and x' = bc in IterateOmegaA_simp_aux)
apply (simp add: fun_eq_iff)
apply (simp add: fun_eq_iff)
apply (cut_tac r = r and u = a and y = b and x = ba and u' = aa and y' = bb and x' = bc in IterateOmegaA_simp_aux)
apply (simp add: fun_eq_iff)
apply (simp add: fun_eq_iff)
apply (cut_tac r = r and u = a and y = b and x = ba and u' = aa and y' = bb and x' = bc in IterateOmegaA_simp_aux)
by (simp add: fun_eq_iff)
lemma IterateOmegaA_simp_d: "IterateOmegaA ([-λ ((u::nat ⇒ 'a, y::nat ⇒'b), x::nat⇒'c) . ((u, x), x)-] o (({.p.} o [:r:]) ** Skip)) =
{.((ua, ya), xa).∀n U Y . (U 0 = ua ∧ Y 0 = ya ∧ (∀i<n. r (U i, xa) (U (Suc i), Y (Suc i)))) ⟶ p (U n, xa).} ∘
[: (u, y), x ↝ (u'::nat⇒'a, y'::nat⇒'b), x'::nat⇒'c . x = x'
∧ (∀xa. (∃U. U 0 = u ∧ (∃Y. Y 0 = y ∧ (∀i<xa. r (U i, x) (U (Suc i), Y (Suc i))) ∧ (∀i<xa-1. U xa i = u' i) ∧ (∀i<xa-1. Y xa i = y' i)))) :]"
apply (simp add: IterateOmegaA_simp_c)
apply (subgoal_tac "(λ ((u, y), x) ((u', y'), x').x = x' ∧ (∀xa. ∃a b. (∃U. U 0 = u ∧ U xa = a ∧ (∃Y. Y 0 = y ∧ Y xa = b ∧ (∀i<xa. r (U i, x) (U (Suc i), Y (Suc i))))) ∧
(∀i<xa-1. a i = u' i) ∧ (∀i<xa-1. b i = y' i)))
= (λ ((u, y), x) ((u', y'), x').x = x' ∧ (∀xa. (∃U. U 0 = u ∧ (∃Y. Y 0 = y ∧ (∀i<xa. r (U i, x) (U (Suc i), Y (Suc i))) ∧ (∀i<xa-1. U xa i = u' i) ∧ (∀i<xa-1. Y xa i = y' i)))))")
apply simp_all
apply (subst (2) fun_eq_iff, simp)
apply (subst (2) fun_eq_iff, simp)
apply safe
apply blast
by (drule_tac x = xa in spec, simp, safe, simp, auto)
lemma DelayFeedback_feedback_simp: "DelayFeedback init (feedback ({.(u, s, x). p u s x.} ∘ [-λ(u, s, x). (f s x, g u s x, h u s x)-])) =
{.prec_pre_sts init (λ(s, x) . p (f s x) s x) (λ(s, x) y . y = (g (f s x) s x, h (f s x) s x)).} ∘
[:rel_pre_sts init (λ(s, x) y. y = (g (f s x) s x, h (f s x) s x)):]"
apply (cut_tac p=p and f=f and g=g and h=h in feedback_update_simp_c, simp)
apply (simp add: update_def)
apply (simp add: DelayFeedback_simp)
by (simp add: fun_eq_iff assert_def demonic_def le_fun_def split_def)
lemma input_output_switch: "([-λ(s, u, x). (u, s, x)-] ∘ ({. p .} ∘ [-λ(u, s, x). (f s x, g u s x, h u s x)-]) ∘ [-λ(v, s, y). (s, v, y)-]) =
{. (s,u,x). p (u, s, x) .} o [- λ(s, u, x).(g u s x, f s x, h u s x) -]"
apply (simp add: comp_assoc[THEN sym] update_assert_comp)
apply (simp add: comp_assoc update_comp)
by (rule spec_eq_iff_1, simp_all add: fun_eq_iff)
primrec ss :: "'a ⇒ ('b ⇒ 'a ⇒ 'c ⇒ 'a) ⇒ ('a ⇒ 'c ⇒ 'b) ⇒ (nat ⇒ 'c) ⇒ nat ⇒ 'a" where
"ss a g f xa 0 = a" |
"ss a g f xa (Suc i) = g (f (ss a g f xa i) (xa i)) (ss a g f xa i) (xa i)"
primrec ssu :: "'a ⇒ ('b ⇒ 'a ⇒ 'c ⇒ 'a) ⇒ (nat ⇒ 'b) ⇒ (nat ⇒ 'c) ⇒ nat ⇒ 'a" where
"ssu a g u x 0 = a" |
"ssu a g u x (Suc i) = g (u i) (ssu a g u x i) (x i)"
lemma BBBd: "a = sa 0 ⟹ ∀fb<fa. sa (Suc fb) = g (u fb) (sa fb) (x fb) ⟹ i ≤ fa ⟹ ssu a g u x i = sa i"
by (induction i, auto)
definition "prec_pre_sts_st init p r u x = (∀ y . init (u 0) ⟶ (lift_rel r leads lift_pre p) (u, x) (u[1..], y))"
lemma prec_pre_sts_st_simp: "prec_pre_sts_st init p r u x =
(∀ y . init (u 0) ⟶ (∀n . (∀ i < n . r (u i, x i) (u (Suc i), y i)) ⟶ p (u n, x n)))"
apply (simp add: prec_pre_sts_st_def leads_def until_def lift_rel_def lift_pre_def at_fun_def at_prod_def, safe, blast)
by blast
lemma BBBc: "s = ssu a g u x ⟹ prec_pre_sts (λ s . s = a) (λ(s, u, x). p (u, s, x)) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (λi. (u i, x i)) =
((∀ fa. (∀ fb<fa. s (Suc fb) = g (u fb) (s fb) (x fb)) ⟶ p (u fa, s fa, x fa)))"
apply (simp add: prec_pre_sts_simp)
apply safe
apply (drule_tac x = "ssu a g u x" in spec, simp_all)
apply (drule_tac x = "λ i . (f (ssu a g u x i) (x i), h (u i) (ssu a g u x i) (x i))" in spec)
apply blast
apply (subgoal_tac "∀ i ≤ n . ssu a g u x i = ua i", simp)
apply (metis order_refl)
apply safe
by (rule BBBd, simp_all)
lemma BBBx: "s = ssu a g u x ⟹ prec_pre_sts (λ s . s = a) (λ(s, u, x). p (u, s, x)) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (λi. (u i, x i)) =
((∀ fa. p (u fa, s fa, x fa)))"
apply (simp add: prec_pre_sts_simp)
apply safe
apply (drule_tac x = "ssu a g u x" in spec)
apply auto [1]
apply (subgoal_tac "∀ i ≤ n . ssu a g u x i = ua i", simp)
apply (metis order_refl)
apply safe
by (rule BBBd, simp_all)
lemma BBBy: "(prec_pre_sts (λ s . s = a) (λ(s, u, x). p (u, s, x)) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (λi. (u i, x i))) =
((∀ fa. p (u fa, ssu a g u x fa, x fa)))"
by (rule BBBx, simp)
lemma BBBe: "a = sa 0 ⟹ ∀fb<fa. sa (Suc fb) = g (f (sa fb) (x fb)) (sa fb) (x fb) ⟹ i ≤ fa ⟹ ss a g f x i = sa i"
by (induction i, auto)
lemma BBBz: "(prec_pre_sts (λ s . s = a) (λ(s, x). p (f s x, s, x)) (λ(s, x) y. y = (g (f s x) s x, h (f s x) s x)) x)
= ((∀ fa. p (f ( ss a g f x fa) (x fa), ss a g f x fa, x fa)))"
apply (simp add: prec_pre_sts_simp)
apply safe
apply (drule_tac x = "ss a g f x" in spec)
apply auto [1]
apply (drule_tac x = n in spec)
apply (subgoal_tac "∀ i ≤ n . ss a g f x i = u i")
apply simp
apply safe
by (rule BBBe, simp_all)
primrec ssc :: "'c ⇒ (nat ⇒ 'a) ⇒ ('a ⇒ 'c ⇒ 'de ⇒ 'c) ⇒ (nat ⇒ 'de) ⇒ nat ⇒ nat ⇒ 'c" where
"ssc a U g xa i 0 = a" |
"ssc a U g xa i (Suc fa) = g (U fa) (ssc a U g xa i fa) (xa fa)"
primrec UUc :: "(nat ⇒ 'a) ⇒ 'b ⇒ ('b ⇒ 'c ⇒ 'a) ⇒ ('a ⇒ 'b ⇒ 'c ⇒ 'b) ⇒ (nat ⇒ 'c) ⇒ nat ⇒ nat ⇒ 'a" where
"UUc u a f g x 0 = u" |
"UUc u a f g x (Suc i) = (λ xa . f (ssc a (UUc u a f g x i) g x i xa) (x xa))"
lemma DDDa: "∀fa. sa (Suc fa) = g (U i fa) (sa fa) (xa fa) ∧ U (Suc i) fa = f (sa fa) (xa fa) ∧ Y (Suc i) fa = h (U i fa) (sa fa) (xa fa) ⟹
a = sa 0 ⟹ sa k = ssc a (U i) g xa i k"
by (induction k, auto)
lemma AAAAU:"U 0 = ua ⟹ aa = U n ⟹ ∀i<n. ∀fa. U (Suc i) fa = f (ssc a (U i) g xa i fa) (xa fa) ⟹ k ≤ n ⟹ UUc (U 0) a f g xa k = U k"
by (induction k, simp_all)
lemma AAAAAka:"0 < n ⟹ (∃b U. (n = 0 ⟶ U 0 = ua ∧ U 0 = aa ∧ ya = b) ∧
(0 < n ⟶ U 0 = ua ∧ U n = aa ∧ (∀i<n. ∀fa. U (Suc i) fa = f (ssc a (U i) g xa i fa) (xa fa)) ∧
(∀fa. h (U (n - Suc 0) fa) (ssc a (U (n - Suc 0)) g xa (n - Suc 0) fa) (xa fa) = b fa)))
= (UUc ua a f g xa n = aa)"
apply auto
prefer 2
apply (subst ex_comm)
apply (rule_tac x = "UUc ua a f g xa" in exI, simp_all)
apply (rule_tac x = "λ fa . h (UUc ua a f g xa (n - Suc 0) fa) (ssc a (UUc ua a f g xa (n - Suc 0)) g xa (n - Suc 0) fa) (xa fa)" in exI, simp)
by (rule AAAAU, simp_all, auto)
lemma AAAAAk: " (∃b U. (n = 0 ⟶ U 0 = ua ∧ U 0 = aa ∧ ya = b) ∧
(0 < n ⟶ U 0 = ua ∧ U n = aa ∧ (∀i<n. ∀fa. U (Suc i) fa = f (ssc a (U i) g xa i fa) (xa fa))
∧ (∀fa. h (U (n - Suc 0) fa) (ssc a (U (n - Suc 0)) g xa (n - Suc 0) fa) (xa fa) = b fa)))
= (UUc ua a f g xa n = aa)"
apply (case_tac n)
apply auto [1]
by (subst AAAAAka, simp_all)
lemma ZZZp: " ∀xa::nat. sa (Suc xa) = g (U i xa) (sa xa) (x xa) ∧ U (Suc i) xa = f (sa xa) (x xa) ∧ Y (Suc i) xa = h (U i xa) (sa xa) (x xa) ⟹ a = sa (0::nat) ⟹ sa k = ssc a (U i) g x i k"
by (induction k, auto)
lemma ZZZq: "s = ssc a (U i) g x i ⟹ (∃s. s 0 = a ∧ (∀xa. s (Suc xa) = g (U i xa) (s xa) (x xa) ∧ U (Suc i) xa = f (s xa) (x xa) ∧ Y (Suc i) xa = h (U i xa) (s xa) (x xa))) =
(∀ xa . U (Suc i) xa = f (s xa) (x xa) ∧ Y (Suc i) xa = h (U i xa) (s xa) (x xa))"
apply safe
apply (frule_tac k = xa in ZZZp, simp_all)
apply simp
apply (frule_tac k = xa in ZZZp, simp_all)
apply simp
by (rule_tac x = " ssc a (U i) g x i" in exI, simp_all)
lemma ZZZr: "0 < xa ⟹(∃Y . Y 0 = y ∧ Y xa = b ∧ (∀i<xa. ∀xa::nat. U (Suc i) xa = f (ssc a (U i) g x i xa) (x xa) ∧ Y (Suc i) xa = h (U i xa) (ssc a (U i) g x i xa) (x xa)))
= ((∀i<xa. ∀xa::nat. U (Suc i) xa = f (ssc a (U i) g x i xa) (x xa)) ∧ (∀ k . h (U (xa -1) k) (ssc a (U (xa -1)) g x (xa -1) k) (x k) = b k))"
apply simp
apply safe
apply auto [1]
apply (case_tac xa, simp_all)
apply (rule_tac x = "(λ k . (if k = 0 then y else (λ xa . h (U (k - 1) xa) (ssc a (U (k - 1)) g x (k - 1) xa) (x xa))))" in exI)
by auto
lemma ZZZc: "(∃Y . Y 0 = y ∧ Y xa = b ∧ (∀i<xa. ∀xa::nat. U (Suc i) xa = f (ssc a (U i) g x i xa) (x xa) ∧ Y (Suc i) xa = h (U i xa) (ssc a (U i) g x i xa) (x xa))) =
(if xa = 0 then y = b else ((∀i<xa. ∀xa::nat. U (Suc i) xa = f (ssc a (U i) g x i xa) (x xa)) ∧ (∀ k . h (U (xa -1) k) (ssc a (U (xa -1)) g x (xa -1) k) (x k) = b k)))"
apply (case_tac xa, simp)
apply auto [1]
by (simp add: ZZZr)
lemma [simp]: "∀i<xa. ∀xa::nat. Ua (Suc i) xa = f (ssc a (Ua i) g x i xa) (x xa) ⟹ UUc (Ua (0::nat)) a f g x xa = Ua xa"
by (induction xa, auto)
lemma TTTb: "U = UUc u a f g x ⟹ (0 < xa ⟶ (∃ U . U 0 = u ∧ U xa = aa ∧ (∀i<xa. ∀xa. U (Suc i) xa = f (ssc a (U i) g x i xa) (x xa)) ∧
(∀k. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = b k)))
= (0 < xa ⟶ (U xa = aa ∧ (∀k. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = b k)))"
apply safe
apply simp_all
by (rule_tac x = "UUc u a f g x" in exI, auto)
lemma TTTa: "(∃U. (xa = 0 ⟶ U 0 = u ∧ U 0 = aa ∧ y = b) ∧
(0 < xa ⟶ U 0 = u ∧ U xa = aa ∧ (∀i<xa. ∀xa. U (Suc i) xa = f (ssc a (U i) g x i xa) (x xa)) ∧ (∀k. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = b k)))
=((xa = 0 ⟶ u = aa ∧ y = b) ∧
(0 < xa ⟶ (∃ U . U 0 = u ∧ U xa = aa ∧ (∀i<xa. ∀xa. U (Suc i) xa = f (ssc a (U i) g x i xa) (x xa)) ∧
(∀k. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = b k))))"
by auto
lemma TTTc: "U = UUc u a f g x ⟹ (∃U. (xa = 0 ⟶ U 0 = u ∧ U 0 = aa ∧ y = b) ∧
(0 < xa ⟶ U 0 = u ∧ U xa = aa ∧ (∀i<xa. ∀xa. U (Suc i) xa = f (ssc a (U i) g x i xa) (x xa)) ∧ (∀k. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = b k)))
=((xa = 0 ⟶ u = aa ∧ y = b) ∧ (0 < xa ⟶ (U xa = aa ∧ (∀k. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = b k))))"
apply (subst TTTa)
by (simp add: TTTb)
lemma TTTe: "(∃ b. ((xa = 0 ⟶ u = aa ∧ y = b) ∧ (0 < xa ⟶ (U xa = aa ∧ (∀k. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = b k)))) ∧
(∀i<xa - Suc 0. aa i = u' i) ∧ (∀i<xa - Suc 0. b i = y' i))
= (((xa = 0 ⟶ u = aa) ∧ (0 < xa ⟶ ((U xa = aa ∧ (∃ b . (∀k. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = b k) ∧
(∀i<xa - Suc 0. aa i = u' i) ∧ (∀i<xa - Suc 0. b i = y' i)))))))"
apply safe
apply auto [1]
apply auto [1]
apply auto [1]
apply auto [1]
apply (case_tac xa, simp_all)
by (rule_tac x = b in exI, simp)
lemma TTTf: "(∃ b. ((xa = 0 ⟶ u = aa ∧ y = b) ∧ (0 < xa ⟶ (U xa = aa ∧ (∀k. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = b k)))) ∧
(∀i<xa - Suc 0. aa i = u' i) ∧ (∀i<xa - Suc 0. b i = y' i))
= (((xa = 0 ⟶ u = aa) ∧ (0 < xa ⟶ ((U xa = aa ∧
(∀i<xa - Suc 0. aa i = u' i) ∧ (∀k<xa - Suc 0. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = y' k))))))"
apply safe
apply auto [1]
apply auto [1]
apply auto [1]
apply auto [1]
apply (case_tac xa, simp_all)
by (rule_tac x = "λ k . h (U nat k) (ssc a (U nat) g x nat k) (x k)" in exI, simp)
thm UUc.simps
thm ssc.simps
primrec SS::"'b ⇒ ('a ⇒ 'b ⇒ 'c ⇒ 'b) ⇒ ('b ⇒ 'c ⇒ 'a) ⇒ (nat ⇒ 'c) ⇒ nat ⇒ 'b" where
"SS a g f x 0 = a" |
"SS a g f x (Suc i) = g (f (SS a g f x i) (x i)) (SS a g f x i) (x i)"
lemma UU_SS: "⋀ xa . i < xa ⟹ UUc u a f g x xa i = f (SS a g f x i) (x i) ∧ ssc a (UUc u a f g x xa) g x xa i = SS a g f x i"
apply (induction i, simp_all)
apply (case_tac xa, simp_all)
by(case_tac xa, simp_all)
lemma TTTza: " (x = x' ∧ (∀xa>0::nat. (∀i<xa - Suc (0::nat). f (SS a g f x i) (x i) = u' i) ∧ (∀k<xa - Suc (0::nat). h (f (SS a g f x k) (x k)) (SS a g f x k) (x k) = y' k))) =
(x = x' ∧ (∀ k . f (SS a g f x k) (x k) = u' k) ∧ (∀k . h (f (SS a g f x k) (x k)) (SS a g f x k) (x k) = y' k))"
apply auto
apply (drule_tac x = "Suc (Suc k)" in spec)
apply auto [1]
apply (drule_tac x = "Suc (Suc k)" in spec)
by auto [1]
lemma AAAAta:"0 < n ⟹ s = (λ i . ssc a (U i) g xa i) ⟹
(∃Y. Y 0 = ya ∧ Y n = b ∧ (∀i<n. rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (U i || xa) (U (Suc i) || Y (Suc i)))) =
((∀i<n. ∀ fa . U (Suc i) fa = f (s i fa) (xa fa)) ∧ ((∀ fa . h (U (n - 1) fa) (s (n - 1) fa) (xa fa) = b fa)))"
apply (simp add: rel_pre_sts_simp)
apply safe
apply (drule_tac x = i in spec, simp_all, safe)
apply (simp add: nzip_def)
apply (drule_tac a = a and k = fa in DDDa, simp_all)
apply (simp add: nzip_def)
apply (drule_tac x = "n - 1" in spec, simp_all, safe, simp)
apply (case_tac n, simp_all)
apply (drule_tac a = a and k = fa and i = "nat" in DDDa, simp_all)
apply (simp add: nzip_def)
apply (rule_tac x = "λ k . if k = 0 then ya else (λ fa . h (U (k -1) fa) (s (k-1) fa) (xa fa))" in exI, simp, safe)
by (rule_tac x = "ssc a (U i) g xa i" in exI, simp_all)
lemma AAAAt: "s = (λ i . ssc a (U i) g xa i) ⟹ (∃Y. Y 0 = ya ∧ Y n = b ∧ (∀i<n. rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (U i || xa) (U (Suc i) || Y (Suc i))))
= (if n = 0 then ya = b else ((∀i<n. ∀ fa . U (Suc i) fa = f (s i fa) (xa fa)) ∧ ((∀ fa . h (U (n - 1) fa) (s (n - 1) fa) (xa fa) = b fa))))"
apply (case_tac n)
apply auto [1]
by (subst AAAAta, simp_all)
lemma BBBq: "s = ssc a (UUc ua a f g xa n) g xa n ⟹ (∀ s. s 0 = a ⟶ (∀xb. (∀fa<xb. s (Suc fa) = g (UUc ua a f g xa n fa) (s fa) (xa fa)) ⟶ p (UUc ua a f g xa n xb, s xb, xa xb))) =
( (∀xb. p (UUc ua a f g xa n xb, s xb, xa xb)))"
proof safe
fix xb
show "s = ssc a (UUc ua a f g xa n) g xa n ⟹
∀s. s 0 = a ⟶ (∀xb. (∀fa<xb. s (Suc fa) = g (UUc ua a f g xa n fa) (s fa) (xa fa)) ⟶ p (UUc ua a f g xa n xb, s xb, xa xb)) ⟹
p (UUc ua a f g xa n xb, ssc a (UUc ua a f g xa n) g xa n xb, xa xb)"
by auto
next
fix sa xb
{fix fa
have "∀fa<xb. sa (Suc fa) = g (UUc ua (sa 0) f g xa n fa) (sa fa) (xa fa) ⟹ fa ≤ xb ⟹ ssc (sa 0) (UUc ua (sa 0) f g xa n) g xa n fa = sa fa"
by (induction fa, auto)
}
from this have A: "∀fa<xb. sa (Suc fa) = g (UUc ua (sa 0) f g xa n fa) (sa fa) (xa fa) ⟹ ssc (sa 0) (UUc ua (sa 0) f g xa n) g xa n xb = sa xb"
by simp
from this show "s = ssc (sa 0) (UUc ua (sa 0) f g xa n) g xa n ⟹
∀xb. p (UUc ua (sa 0) f g xa n xb, ssc (sa 0) (UUc ua (sa 0) f g xa n) g xa n xb, xa xb) ⟹
a = sa 0 ⟹ ∀fa<xb. sa (Suc fa) = g (UUc ua (sa 0) f g xa n fa) (sa fa) (xa fa) ⟹ p (UUc ua (sa 0) f g xa n xb, sa xb, xa xb)"
apply (simp_all)
by (drule_tac x = xb in spec, simp)
qed
lemma BBBk: "prec_pre_sts (λb. b = a) (λ(s, u, x). p (u, s, x)) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (UU ua a f g xa n || xa) =
(∀ s . s 0 = a ⟶ (∀xb. (∀ fa < xb. s (Suc fa) = g (UU ua a f g xa n fa) (s fa) (xa fa)) ⟶ p (UU ua a f g xa n xb, s xb, xa xb)))"
apply (simp add: prec_pre_sts_simp nzip_def, safe)
apply (drule_tac x = s in spec)
apply auto
apply (drule_tac x = "λ fa . (f (s fa) (xa fa), h (UU ua a f g xa n fa) (s fa) (xa fa))" in spec)
by auto
lemma ZZZaa: "(INF x. (λ((u, y), x) ((u', y'), x'). rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (u || x) (u' || y') ∧ x = x') ^^ x OO eqtop (x - Suc 0))
((u, (y::nat ⇒ 'c)), x) ((u', y'::nat ⇒ 'c), x') =
(x = x' ∧ (∀xa. ∃aa b. (∃U. U 0 = u ∧ U xa = aa ∧ (∃Y. Y 0 = y ∧ Y xa = b ∧ (∀i<xa. rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (U i || x) (U (Suc i) || Y (Suc i))))) ∧
(∀i<xa - Suc 0. aa i = u' i) ∧ (∀i<xa - Suc 0. b i = y' i))) "
by (cut_tac r = "λ (u, x) (u', y') . rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (u || x) (u' || y')"
and u = u and x = x and u' = u' and y = y and y' = y' and x' = x' in IterateOmegaA_simp_aux, simp)
lemma TTTd: "U = UUc u a f g x ⟹ (INF x. (λ((u, y), x) ((u', y'), x'). rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (u || x) (u' || y') ∧ x = x') ^^ x OO eqtop (x - Suc 0))
((u, (y::nat ⇒ 'c)), x) ((u', y'::nat ⇒ 'c), x') =
(x = x' ∧ (∀xa. ∃aa b. ((xa = 0 ⟶ u = aa ∧ y = b) ∧ (0 < xa ⟶ (U xa = aa ∧ (∀k. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = b k)))) ∧
(∀i<xa - Suc 0. aa i = u' i) ∧ (∀i<xa - Suc 0. b i = y' i)))"
apply (subst ZZZaa)
apply (simp add: rel_pre_sts_simp nzip_def)
apply (simp add: ZZZq)
apply (simp add: ZZZc)
by (simp add: TTTc)
lemma TTTr: "U = UUc u a f g x ⟹ (INF x. (λ((u, y), x) ((u', y'), x'). rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (u || x) (u' || y') ∧ x = x') ^^ x OO eqtop (x - Suc 0))
((u, (y::nat ⇒ 'c)), x) ((u', y'::nat ⇒ 'c), x') =
(x = x' ∧ (∀xa. ∃aa . (((xa = 0 ⟶ u = aa) ∧ (0 < xa ⟶ ((U xa = aa ∧
(∀i<xa - Suc 0. aa i = u' i) ∧ (∀k<xa - Suc 0. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = y' k))))))))"
apply (subst TTTd)
apply simp
by (subst TTTf, simp)
lemma TTTt: "U = UUc u a f g x ⟹ (INF x. (λ((u, y), x) ((u', y'), x'). rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (u || x) (u' || y') ∧ x = x') ^^ x OO eqtop (x - Suc 0))
((u, (y::nat ⇒ 'c)), x) ((u', y'::nat ⇒ 'c), x') =
(x = x' ∧ (∀xa. (((xa = 0 ⟶ True) ∧ (0 < xa ⟶ ((
(∀i<xa - Suc 0. U xa i = u' i) ∧ (∀k<xa - Suc 0. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = y' k))))))))"
by (subst TTTr, simp_all, auto)
lemma TTTy: "U = UUc u a f g x ⟹ (INF x. (λ((u, y), x) ((u', y'), x'). rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (u || x) (u' || y') ∧ x = x') ^^ x OO eqtop (x - Suc 0))
((u, (y::nat ⇒ 'c)), x) ((u', y'::nat ⇒ 'c), x') =
(x = x' ∧ (∀xa. (((0 < xa ⟶ ((
(∀i<xa - Suc 0. U xa i = u' i) ∧ (∀k<xa - Suc 0. h (U (xa - Suc 0) k) (ssc a (U (xa - Suc 0)) g x (xa - Suc 0) k) (x k) = y' k))))))))"
by (subst TTTt, simp_all)
lemma TTTz: "(INF x. (λ((u, y), x) ((u', y'), x'). rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (u || x) (u' || y') ∧ x = x') ^^ x OO eqtop (x - Suc 0))
((u, (y::nat ⇒ 'c)), x) ((u', y'::nat ⇒ 'c), x') =
(x = x' ∧ (∀xa>0::nat. (∀i<xa - Suc (0::nat). f (SS a g f x i) (x i) = u' i) ∧ (∀k<xa - Suc (0::nat). h (f (SS a g f x k) (x k)) (SS a g f x k) (x k) = y' k)))"
apply (subst TTTy, simp)
by (simp add: UU_SS)
lemma TTTyt: "(INF x. (λ((u, y), x) ((u', y'), x'). rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (u || x) (u' || y') ∧ x = x') ^^ x OO eqtop (x - Suc 0))
((u, (y::nat ⇒ 'c)), x) ((u', y'::nat ⇒ 'c), x') = (x = x' ∧ (∀ k . f (SS a g f x k) (x k) = u' k) ∧ (∀k . h (f (SS a g f x k) (x k)) (SS a g f x k) (x k) = y' k))"
apply (subst TTTz)
by (simp add: TTTza)
lemma TTT: "(INF x. (λ((u, y), x) ((u', y'), x'). rel_pre_sts (λb. b = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (u || x) (u' || y') ∧ x = x') ^^ x OO eqtop (x - Suc 0))
= (λ ((u, (y::nat ⇒ 'c)), x) ((u', y'::nat ⇒ 'c), x') . (x = x' ∧ (λ k . f (SS a g f x k) (x k)) = u' ∧ (λ k . h (f (SS a g f x k) (x k)) (SS a g f x k) (x k)) = y'))"
apply (unfold fun_eq_iff)
apply clarify
apply (cut_tac f = f and g = g and x = ba and a = a and u = aa and y = b and y' = bb and x = ba and x' = bc and u' = ab and h = h in TTTyt)
apply (unfold fun_eq_iff)
by simp
lemma IterateOmegaA_DelayFeedback: "IterateOmegaA ([-λ((u, y), x). ((u, x), x)-] ∘ ([-λ(x, y). x || y-]
∘ DelayFeedback (λx. x = a) ({.(s, u, x).p (u, s, x).} ∘ [-λ(s, u, x). (g u s x, f s x, h u s x)-]) ∘ [-z ↝ fst ∘ z, snd ∘ z-]) ** Skip) =
{.((ua, ya), xa).∀n xb. p (UUc ua a f g xa n xb, ssc a (UUc ua a f g xa n) g xa n xb, xa xb).} ∘
[:((u, y), x)↝((u', y'), x').x = x' ∧ (λ k . f (SS a g f x k) (x k)) = u' ∧ (λ k. h (f (SS a g f x k) (x k)) (SS a g f x k) (x k)) = y':]"
proof -
have [simp]: "(λx y. y = (case x of (s, u, xa) ⇒ (g u s xa, f s xa, h u s xa))) = (λ(s, u, x) y. y = (g u s x, f s x, h u s x))"
by (simp add: fun_eq_iff)
have [simp]: "DelayFeedback (λx. x = a) ({.(s, u, x).p (u, s, x).} ∘ [-λ(s, u, x). (g u s x, f s x, h u s x)-]) =
{. prec_pre_sts (λx. x = a) (λ(s, u, x). p (u, s, x))(λ(s, u, x) y. y = (g u s x, f s x, h u s x)) .} ∘
[: rel_pre_sts (λx. x = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) :]"
by (simp add: update_def DelayFeedback_simp)
have "⋀ r . [:r:] o [-z ↝ fst ∘ z, snd ∘ z-] = [:x ↝ v, y . r x (v || y):]"
apply (simp add: demonic_def update_def fun_eq_iff nzip_def_abs le_fun_def, safe)
by (drule_tac x = "a || b" in spec, simp add:, simp add: nzip_def_abs, auto)
have [simp]: "⋀ p r . [- (u, x) ↝ u || x -] ∘ ({. p .} ∘ [:r:]) ∘ [-z ↝ fst ∘ z, snd ∘ z-]
= {.(u, x) . p (u || x).} o [:u, x ↝ v, y . r (u || x) (v || y):]"
apply (simp add: update_def comp_assoc demonic_demonic)
apply (simp add: comp_assoc[symmetric] demonic_assert_comp)
apply (simp add: comp_assoc demonic_demonic)
apply (rule prec_rel_eq)
apply (subst fun_eq_iff, simp)
apply (subst (2) fun_eq_iff)
apply (subst (2) fun_eq_iff, simp add: OO_def, safe)
apply (simp add: nzip_split)
by (rule_tac x = "aa || ba" in exI, simp)
have "IterateOmegaA ([-λ((u, y), x). ((u, x), x)-] ∘ ([-λ(x, y). x || y-]
∘ DelayFeedback (λx. x = a) ({.(s, u, x).p (u, s, x).} ∘ [-λ(s, u, x). (g u s x, f s x, h u s x)-]) ∘ [-z ↝ fst ∘ z, snd ∘ z-]) ** Skip)
= IterateOmegaA([- ((u, y), x) ↝ ((u, x), x) -] ∘
({.(x, y).prec_pre_sts (λx. x = a) (λ(s, u, x). p (u, s, x)) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (x || y).} ∘
[:(x, y)↝(aa, b).rel_pre_sts (λx. x = a) (λ(s, u, x) y. y = (g u s x, f s x, h u s x)) (x || y) (aa || b):]) **
Skip)"
by simp
also have "... = {.((ua, ya), xa).∀n xb. p (UUc ua a f g xa n xb, ssc a (UUc ua a f g xa n) g xa n xb, xa xb).} ∘
[:((u, y), x)↝((u', y'), x').x = x' ∧ (λk. f (SS a g f x k) (x k)) = u' ∧ (λk. h (f (SS a g f x k) (x k)) (SS a g f x k) (x k)) = y':]"
by (simp add: IterateOmegaA_simp_a AAAAAk AAAAt BBBk BBBq TTT)
finally show ?thesis
by simp
qed
lemma angelic_not_demonic: "p = (r ⊓ (λ x uy . x = snd uy)) ⟹ {:x↝ uy . p x uy:} o [:uy ↝ z . q (snd uy) z:] = {.x . (∃ u . p x (u, x)).} o [:y ↝ z . q y z:]"
by (simp add: fun_eq_iff demonic_def angelic_def assert_def le_fun_def)
lemma SS_simp: "⋀ xa . i < xa ⟹ ssc a (λi. f (SS a g f x i) (x i)) g x xa i = SS a g f x i"
by (induction i, simp_all)
lemma SS_simp_a:"⋀ xa . xa ≤ i ⟹ u = (λ i . f (SS a g f x i) (x i)) ⟹ ssc a u g x xa i = SS a g f x i"
apply (induction i, simp_all)
apply (case_tac xa, simp_all)
apply (case_tac "i < Suc nat")
apply (simp add: SS_simp)
by auto
lemma SS_simp_b: "u = (λ i . f (SS a g f x i) (x i)) ⟹ ssc a u g x xa i = SS a g f x i"
apply (case_tac "i < xa")
apply (simp add: SS_simp)
by (simp add: SS_simp_a)
lemma UU_SS_simp: "⋀ i . u = (λ i . f (SS a g f x i) (x i)) ⟹ UUc u a f g x xa i = f (SS a g f x i) (x i) ∧ ssc a (UUc u a f g x xa) g x xa i = SS a g f x i"
apply (induction xa, simp_all)
by (simp_all add: SS_simp_b)
declare ssc.simps [simp del]
declare SS.simps [simp del]
declare UUc.simps [simp del]
lemma SSS: "(∃aa. ∀n xb. p (UUc aa a f g x n xb, ssc a (UUc aa a f g x n) g x n xb, x xb))
= (∀ n. p (f (SS a g f x n) (x n) , SS a g f x n, x n))"
apply auto
apply (drule_tac x = "Suc (Suc n)" in spec)
apply (drule_tac x = "n" in spec)
apply (simp add: UU_SS)
apply (rule_tac x = "λ n . f (SS a g f x n) (x n)" in exI, safe)
apply (case_tac "xb < n")
apply (simp add: UU_SS)
by (simp add: UU_SS_simp)
lemma SSSa: "∀fa<xaa. s (Suc fa) = g (f (s fa) (x fa)) (s fa) (x fa) ⟹ i ≤ xaa ⟹ s i = SS (s 0) g f x i"
by (induction i, auto simp add: SS.simps)
lemma SSSb: "prec_pre_sts (λ s . s = a) (λpa. p (f (fst pa) (snd pa), pa)) (λp y. y = (g (f (fst p) (snd p)) (fst p) (snd p), h (f (fst p) (snd p)) (fst p) (snd p)))
= (λ x . ∀ n. p (f (SS a g f x n) (x n) , SS a g f x n, x n))"
apply (simp add: prec_pre_sts_simp fun_eq_iff)
apply safe
apply (drule_tac x = "SS a g f x" in spec, safe)
apply (simp_all add: SS.simps)
apply (drule_tac x = "λ fa. h (f (SS a g f x fa) (x fa)) (SS a g f x fa) (x fa)" in spec, simp)
apply (case_tac "∀ k < n. u (Suc k) = g (f (u k) (x k)) (u k) (x k)")
by (drule_tac i = n and f = f in SSSa, simp_all)
lemma SSSc: "∀fa. s (Suc fa) = g (f (s fa) (x fa)) (s fa) (x fa) ⟹ SS (s 0) g f x i = s i"
by (induction i, auto simp add: SS.simps)
lemma SSSd: "(rel_pre_sts (λ s. s = a) (λp y. y = (g (f (fst p) (snd p)) (fst p) (snd p), h (f (fst p) (snd p)) (fst p) (snd p))))
= (λ x y . y = (λk. h (f (SS a g f x k) (x k)) (SS a g f x k) (x k)))"
apply (simp add: rel_pre_sts_simp fun_eq_iff)
apply (safe)
apply (simp add: fun_eq_iff)
apply (simp add: SSSc)
by (rule_tac x = "SS a g f x" in exI, simp add: SS.simps)
thm IterateOmegaA_spec
lemma IterateOmegaA_update: "IterateOmegaA [-f-] = [: INF n. (λ x y . f x = y) ^^ n OO eqtop (n - 1) :]"
proof -
have A: "{.⊤.} o [: x ↝ y . f x = y:] = [-f-]"
by (simp add: fun_eq_iff update_def demonic_def assert_def le_fun_def)
have "IterateOmegaA [-f-] = IterateOmegaA ({.⊤.} o [: x ↝ y . f x = y:])"
by (simp add: A)
also have "... = [: INF x. (λx y. (f x) = y) ^^ x OO eqtop (x - Suc 0) :]"
by (subst IterateOmegaA_spec, simp add: assert_true_skip_a)
finally show ?thesis
by simp
qed
lemma power_example: "(n::nat) > 0 ⟹
((λ((u::nat ⇒ 'a, y::nat ⇒ 'a), x::nat ⇒ 'b) ((u', y'), x'). u = u' ∧ u = y' ∧ x = x') ^^ n)
= (λ((u, y), x) ((u', y'), x'). u = u' ∧ u = y' ∧ x = x')"
apply (induction n, auto)
apply (case_tac n, simp_all)
by (simp_all add: OO_def, auto)
lemma power_example_a: "(n::nat) > 0 ⟹
((λ((u::nat ⇒ 'a, y::nat ⇒ 'a), x::nat ⇒ 'b) ((u', y'), x'). u = u' ∧ u = y' ∧ x = x') ^^ n) ((a,b), c) ((a', b'), c')
= (a = a' ∧ a = b' ∧ c = c')"
by (subst power_example, simp_all)
lemma example_simp: "{:x ↝ ((u, y), x').x = x':} ∘ [:((u, y), x)↝((u', y'), x').u = u' ∧ u = y' ∧ x = x':] ∘ [-λ((u, y), x). y-] = {: ⊤ :}"
by (simp add: fun_eq_iff demonic_def angelic_def update_def le_fun_def)
lemma Feedback_example: "Feedback([-u::nat ⇒ 'a, x::nat ⇒ 'b ↝ u, u-]) = {:⊤:}"
proof -
have A:"[-λ((u, y), x). ((u, x), x)-] ∘ [-λ(u, x). (u, u)-] ** Skip = [-λ((u, y), x) . ((u,u), x)-]"
apply (simp add: prod_update_skip update_comp)
by (rule_tac f = update in arg_cong, auto)
have B: " (λx. (=) (case x of (x, xa) ⇒ (case x of (u, y) ⇒ Pair (u, u)) xa))
= (λ ((u::nat ⇒ 'a,y::nat ⇒ 'a),x::nat ⇒ 'b) ((u', y'), x') . u = u' ∧ u = y' ∧ x = x')"
by auto
have C: "(INF n. (λ((u::nat ⇒ 'a, y::nat ⇒ 'a), x::nat ⇒ 'b) ((u'::nat ⇒ 'a, y'::nat ⇒ 'a), x'::nat ⇒ 'b). u = u' ∧ u = y' ∧ x = x') ^^ n OO eqtop (n - Suc 0))
= (λ((u, y), x) ((u', y'), x'). u = u' ∧ u = y' ∧ x = x')"
apply (subst fun_eq_iff, subst (4) fun_eq_iff, safe)
apply (simp_all add: OO_def)
apply (subst fun_eq_iff, safe)
apply (drule_tac x = "Suc (Suc x)" in spec, safe)
apply (subst (asm) power_example_a)
apply simp
apply (simp add: eqtop_prod_def)
apply (subst fun_eq_iff, safe)
apply (drule_tac x = "Suc (Suc x)" in spec, safe)
apply (subst (asm) power_example_a)
apply simp
apply (simp add: eqtop_prod_def, auto)
apply (subst fun_eq_iff, safe)
apply (drule_tac x = "Suc (Suc x)" in spec, safe)
apply (subst (asm) power_example_a)
apply simp
apply (simp add: eqtop_prod_def)
apply (case_tac n, simp)
by (subst power_example_a, simp_all)
have "Feedback([-u::nat ⇒ 'a,x::nat ⇒ 'b ↝ u,u-]) = {:x ↝ ((u, y), x').x = x':} ∘
IterateOmegaA ([-λ((u, y), x) . ((u,u), x)-]) ∘ [-λ((u, y), x). y-]"
by (simp add: Feedback_def A)
also have "... = {:x ↝ ((u, y::nat ⇒ 'a), x').x = x':}
∘ [: INF n. (λ((u, y), x) ((u', y'), x'). u = u' ∧ u = y' ∧ x = x') ^^ n
OO eqtop (n - Suc 0) :] ∘ [-λ((u, y), x). y-]"
by (simp add: IterateOmegaA_update B)
also have "... = {:x ↝ ((u, y::nat ⇒ 'a), x').x = x':} ∘ [:((u, y), x)↝((u', y'), x').u = u' ∧ u = y' ∧ x = x':] ∘ [-λ((u, y), x). y-]"
by (simp add: C)
also have "... = {:⊤:}"
by (simp add: example_simp)
finally show ?thesis
by simp
qed
lemma Feedback_deterministic: "init = (λ x . x = a) ⟹
DelayFeedback init (feedback({.(u, s, x). p (u, s, x).} ∘ [-λ(u, s, x). (f s x, g u s x, h u s x)-])) =
Feedback ([- u,x ↝ u || x -] o (DelayFeedback init ([- λ (s,(u,x)) . (u, s, x) -]
o ({. p .} ∘ [- u, s, x ↝ f s x, g u s x, h u s x -])
o [- v, s, y ↝ s, v, y -])) o [- z ↝ fst o z, snd o z -])"
apply (subst DelayFeedback_feedback_simp, simp)
apply (subst input_output_switch)
apply (simp add: Feedback_def)
apply (simp add: IterateOmegaA_DelayFeedback)
apply (unfold comp_assoc)
apply (simp add: update_def demonic_demonic OO_def split_def)
apply (unfold comp_assoc [THEN sym])
apply (simp add: angelic_assert)
apply (subst angelic_not_demonic [of _ "(λb c. (∀n xb. p (UUc (fst (fst c)) a f g (snd c) n xb, ssc a (UUc (fst (fst c)) a f g (snd c) n) g (snd c) n xb, snd c xb)))"])
apply auto [1]
apply simp
apply (simp add: SSS)
apply (simp add: SSSb)
by (simp add: SSSd)
lemma DF_fb_simp: "init = (λ x . x = a) ⟹
DelayFeedback init (feedback({.(u, s, x). p (u,s, x).} ∘ [- u, s, x ↝ f s x, g u s x, h u s x-])) =
{.x.∀n. p (f (SS a g f x n) (x n), SS a g f x n, x n).} ∘ [:y↝z. z = (λk. h (f (SS a g f y k) (y k)) (SS a g f y k) (y k)):]"
apply (subst DelayFeedback_feedback_simp, simp)
apply (simp add: update_def demonic_demonic OO_def split_def)
apply (simp add: SSSb)
by (simp add: SSSd)
lemma DF_fb_simp_a: "init = (λ x . x = a) ⟹
DelayFeedback init (feedback({. p .} ∘ [-λ(u, s, x). (f s x, g u s x, h u s x)-])) =
{.x.∀n. p (f (SS a g f x n) (x n), SS a g f x n, x n).} ∘ [:y↝z. z = (λk. h (f (SS a g f y k) (y k)) (SS a g f y k) (y k)):]"
by (simp add: DF_fb_simp [THEN sym])
lemma FB_DF_simp: "init = (λ x . x = a) ⟹
Feedback ([- u,x ↝ nzip u x -] o (DelayFeedback init ([- λ (s,(u,x)) . (u, s, x) -]
o ({.(u, s, x). p (u, s, x).} ∘ [- u, s, x ↝ f s x, g u s x, h u s x-])
o [- v, s, y ↝ s, v,y -])) o [- z ↝ fst o z, snd o z -])
= {.x.∀n. p (f (SS a g f x n) (x n), SS a g f x n, x n).} ∘ [:y↝z. z = (λk. h (f (SS a g f y k) (y k)) (SS a g f y k) (y k)):]"
apply (subst input_output_switch)
apply (simp add: Feedback_def)
apply (simp add: IterateOmegaA_DelayFeedback)
apply (unfold comp_assoc)
apply (simp add: update_def demonic_demonic OO_def split_def)
apply (unfold comp_assoc [THEN sym])
apply (simp add: angelic_assert)
apply (subst angelic_not_demonic [of _ "(λb c. (∀n xb. p (UUc (fst (fst c)) a f g (snd c) n xb, ssc a (UUc (fst (fst c)) a f g (snd c) n) g (snd c) n xb, snd c xb)))"])
apply auto [1]
apply simp
by (simp add: SSS)
definition "init_ex = (λ s . s = (0::nat))"
definition "p1 = (λ(u,s,x). u = s + 1)"
definition "f1 = (λ s x. s + 1)"
definition "g1 = (λ u s x. s + 1)"
definition "h1 = (λ u s x. x)"
definition "spec_ex = {.(u, s, x). p1 (u, s, x).} o [-λ (u, s, x). (f1 s x, g1 u s x, h1 u s x)-]"
lemma DelayFeedback_feedback_ex: "DelayFeedback init_ex (feedback ( spec_ex )) = [:y ↝ z. z = y:] "
apply (simp add: spec_ex_def)
by (cut_tac init=init_ex and p=p1 and f=f1 and g=g1 and h=h1 in DF_fb_simp, simp_all add: f1_def g1_def h1_def p1_def assert_true_skip_a init_ex_def)
lemma jjj: " [:x↝((x'', y), x').x'' = x ∧ x = x':] ∘ ([: λs. □ (λs. s 0 = b) :] ** Skip) ** Skip = [:x↝((x'', y), x').(□ (λs. s 0 = b)) x'' ∧ x' = x:]"
apply (simp add: Prod_demonic_skip)
apply (simp add: demonic_demonic)
apply(rule_tac f ="demonic" in arg_cong)
apply (simp add: fun_eq_iff OO_def)
by auto
lemma [simp]: "(∀a. (□ (λs. s 0 = b)) a ⟶ (∀n xb. UUc a 0 (λs x. Suc s) (λu s x. Suc s) x n xb = Suc (ssc 0 (UUc a 0 (λs x. Suc s) (λu s x. Suc s) x n) (λu s x. Suc s) x n xb)))
= ((∀n xb. UUc (λ i . b) 0 (λs x. Suc s) (λu s x. Suc s) x n xb = Suc (ssc 0 (UUc (λ i . b) 0 (λs x. Suc s) (λu s x. Suc s) x n) (λu s x. Suc s) x n xb)))"
apply auto
apply (simp_all add: always_def at_fun_def)
apply (subgoal_tac "a = (λ i . b)")
apply simp
by (simp add: fun_eq_iff)
lemma [simp]: "((∀n xb. UUc (λ i . b) 0 (λs x. Suc s) (λu s x. Suc s) x n xb = Suc (ssc 0 (UUc (λ i . b) 0 (λs x. Suc s) (λu s x. Suc s) x n) (λu s x. Suc s) x n xb))) = False"
apply safe
apply (frule_tac x = 0 in spec)
apply (drule_tac x = 0 in spec)
apply (drule_tac x = "Suc 0" in spec)
apply (drule_tac x = "Suc (Suc 0)" in spec)
by (simp add: UUc.simps ssc.simps)
lemma FeedbackA_example: "init = (λ s . s = b) ⟹
FeedbackA (InitDF init) ([- u,x ↝ nzip u x -] o (DelayFeedback init_ex ([- λ (s,(u,x)) . (u, s, x) -]
o spec_ex
o [- v, s, y ↝ s, v, y -])) o [- z ↝ fst o z, snd o z -]) =
⊥"
apply (simp add: spec_ex_def InitDF_def init_ex_def)
apply (simp add: FeedbackA_def)
apply (subst input_output_switch)
apply (simp add: IterateOmegaA_DelayFeedback)
apply (unfold comp_assoc)
apply (simp add: update_def demonic_demonic OO_def)
apply (unfold comp_assoc [THEN sym])
apply (simp add: jjj)
apply (simp add: demonic_assert_comp)
by (simp add: comp_assoc demonic_demonic split_def OO_def p1_def f1_def g1_def h1_def)
definition "init_ex_a = (λ s . s = (0::nat))"
definition "p1_a = (λ (u, s, x) . u = s + 1)"
definition "f1_a = (λ s x. s + 1)"
definition "g1_a = (λ u s x. s + 1)"
definition "h1_a = (λ u s x. x + s)"
definition "spec_ex_a = {.p1_a.} o [-λ (u, s, x). (f1_a s x, g1_a u s x, h1_a u s x)-]"
lemma [simp]: "SS 0 (λu s x. Suc s) (λs x. Suc s) y k = k"
by (induction k, simp_all add: SS.simps)
lemma DelayFeedback_feedback_ex_a: "DelayFeedback init_ex_a (feedback ( spec_ex_a )) = [:y ↝ z. z = (λk. y k + k):] "
apply (simp add: spec_ex_a_def)
apply (subst DF_fb_simp_a, simp add: init_ex_a_def)
by (simp add: f1_a_def g1_a_def h1_a_def p1_a_def assert_true_skip_a init_ex_def)
end