Theory After_Ext_Operator
chapter ‹Extension of the After Operator›
section‹ The After‹⇩✓› Operator ›
theory After_Ext_Operator
imports After_Operator
begin
locale AfterExt = After Ψ
for Ψ :: ‹[('a, 'r) process⇩p⇩t⇩i⇩c⇩k, 'a] ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k ›
+
fixes Ω :: ‹[('a, 'r) process⇩p⇩t⇩i⇩c⇩k, 'r] ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k›
begin
subsection ‹Definition›
text ‹We just defined \<^term>‹P after e› for @{term [show_types] ‹P :: ('a, 'r) process⇩p⇩t⇩i⇩c⇩k›}
and @{term [show_types] ‹e :: 'a›}; in other words we cannot handle \<^term>‹✓(r)›.
We now introduce a generalisation for @{term [show_types] ‹e :: ('a, 'r) event⇩p⇩t⇩i⇩c⇩k›}.›
text ‹In the previous version, we agreed to get \<^const>‹STOP› after a termination,
but only if \<^term>‹P› was not \<^term>‹⊥› since otherwise we kept \<^term>‹⊥›.
We were not really sure about this choice, and we even introduced a variation
where the result after a termination was always \<^const>‹STOP›.
In this new version we use a placeholder instead: \<^term>‹Ω›.
We define \<^term>‹P› after \<^term>‹✓(r)› being equal to \<^term>‹Ω P r›.›
text ‹For the moment we have no additional assumption on \<^term>‹Ω›. This will be discussed later.›
definition After⇩t⇩i⇩c⇩k :: ‹[('a, 'r) process⇩p⇩t⇩i⇩c⇩k, ('a, 'r) event⇩p⇩t⇩i⇩c⇩k] ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k› (infixl ‹after⇩✓› 86)
where ‹P after⇩✓ e ≡ case e of ev x ⇒ P after x | ✓(r) ⇒ Ω P r›
lemma not_initial_After⇩t⇩i⇩c⇩k:
‹e ∉ initials P ⟹ P after⇩✓ e = (case e of ev x ⇒ Ψ P x | ✓(r) ⇒ Ω P r)›
by (auto simp add: After⇩t⇩i⇩c⇩k_def After_BOT intro: not_initial_After split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma initials_After⇩t⇩i⇩c⇩k:
‹(P after⇩✓ e)⇧0 =
(case e of ✓(r) ⇒ (Ω P r)⇧0
| ev a ⇒ if ev a ∈ P⇧0 then {e. [ev a, e] ∈ 𝒯 P} else (Ψ P a)⇧0)›
by (simp add: After⇩t⇩i⇩c⇩k_def initials_After split: event⇩p⇩t⇩i⇩c⇩k.split)
subsection ‹Projections›
lemma F_After⇩t⇩i⇩c⇩k:
‹ℱ (P after⇩✓ e) =
(case e of ✓(r) ⇒ ℱ (Ω P r)
| ev a ⇒ if ev a ∈ P⇧0 then {(s, X). (ev a # s, X) ∈ ℱ P} else ℱ (Ψ P a))›
by (simp add: After⇩t⇩i⇩c⇩k_def F_After split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma D_After⇩t⇩i⇩c⇩k:
‹𝒟 (P after⇩✓ e) =
(case e of ✓(r) ⇒ 𝒟 (Ω P r)
| ev a ⇒ if ev a ∈ P⇧0 then {s. ev a # s ∈ 𝒟 P} else 𝒟 (Ψ P a))›
by (simp add: After⇩t⇩i⇩c⇩k_def D_After split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma T_After⇩t⇩i⇩c⇩k:
‹𝒯 (P after⇩✓ e) =
(case e of ✓(r) ⇒ 𝒯 (Ω P r)
| ev a ⇒ if ev a ∈ P⇧0 then {s. ev a # s ∈ 𝒯 P} else 𝒯 (Ψ P a))›
by (simp add: After⇩t⇩i⇩c⇩k_def T_After split: event⇩p⇩t⇩i⇩c⇩k.split)
subsection ‹Monotony›
lemma mono_After⇩t⇩i⇩c⇩k_T :
‹e ∈ Q⇧0 ⟹ (case e of ✓(r) ⇒ Ω P r ⊑⇩T Ω Q r) ⟹ P ⊑⇩T Q ⟹ P after⇩✓ e ⊑⇩T Q after⇩✓ e›
and mono_After⇩t⇩i⇩c⇩k_F :
‹e ∈ Q⇧0 ⟹ (case e of ✓(r) ⇒ Ω P r ⊑⇩F Ω Q r) ⟹ P ⊑⇩F Q ⟹ P after⇩✓ e ⊑⇩F Q after⇩✓ e›
and mono_After⇩t⇩i⇩c⇩k_D :
‹e ∈ Q⇧0 ⟹ (case e of ✓(r) ⇒ Ω P r ⊑⇩D Ω Q r) ⟹ P ⊑⇩D Q ⟹ P after⇩✓ e ⊑⇩D Q after⇩✓ e›
and mono_After⇩t⇩i⇩c⇩k_FD :
‹e ∈ Q⇧0 ⟹ (case e of ✓(r) ⇒ Ω P r ⊑⇩F⇩D Ω Q r) ⟹ P ⊑⇩F⇩D Q ⟹ P after⇩✓ e ⊑⇩F⇩D Q after⇩✓ e›
and mono_After⇩t⇩i⇩c⇩k_DT :
‹e ∈ Q⇧0 ⟹ (case e of ✓(r) ⇒ Ω P r ⊑⇩D⇩T Ω Q r) ⟹ P ⊑⇩D⇩T Q ⟹ P after⇩✓ e ⊑⇩D⇩T Q after⇩✓ e›
using mono_After_T mono_After_F mono_After_D mono_After_FD mono_After_DT
by (auto simp add: After⇩t⇩i⇩c⇩k_def split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma mono_After⇩t⇩i⇩c⇩k :
‹⟦P ⊑ Q;
(case e of ev a ⇒ (ev a ∈ Q⇧0 ∨ Ψ P a ⊑ Ψ Q a));
(case e of ✓(r) ⇒ Ω P r ⊑ Ω Q r)⟧ ⟹
P after⇩✓ e ⊑ Q after⇩✓ e›
by (force simp add: After⇩t⇩i⇩c⇩k_def split: event⇩p⇩t⇩i⇩c⇩k.split intro: mono_After)
subsection ‹Behaviour of @{const [source] After⇩t⇩i⇩c⇩k} with \<^const>‹STOP›, \<^const>‹SKIP› and \<^term>‹⊥››
lemma After⇩t⇩i⇩c⇩k_STOP: ‹STOP after⇩✓ e = (case e of ev a ⇒ Ψ STOP a | ✓(r) ⇒ Ω STOP r)›
and After⇩t⇩i⇩c⇩k_SKIP: ‹SKIP r after⇩✓ e = (case e of ev a ⇒ Ψ (SKIP r) a | ✓(s) ⇒ Ω (SKIP r) s)›
and After⇩t⇩i⇩c⇩k_BOT : ‹⊥ after⇩✓ e = (case e of ev x ⇒ ⊥ | ✓(r) ⇒ Ω ⊥ r)›
by (simp_all add: After⇩t⇩i⇩c⇩k_def After_STOP After_SKIP After_BOT split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_is_BOT_iff:
‹P after⇩✓ e = ⊥ ⟷
(case e of ✓(r) ⇒ Ω P r = ⊥
| ev a ⇒ if ev a ∈ P⇧0 then [ev a] ∈ 𝒟 P else Ψ P a = ⊥)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_is_BOT_iff split: event⇩p⇩t⇩i⇩c⇩k.split)
subsection ‹Behaviour of @{const [source] After⇩t⇩i⇩c⇩k} with Operators of \<^session>‹HOL-CSP››
text ‹Here again, we lose determinism.›
lemma After⇩t⇩i⇩c⇩k_Mprefix_is_After⇩t⇩i⇩c⇩k_Mndetprefix:
‹a ∈ A ⟹ (□a ∈ A → P a) after⇩✓ ev a = (⊓a ∈ A → P a) after⇩✓ ev a›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Mprefix_is_After_Mndetprefix)
lemma After⇩t⇩i⇩c⇩k_Det_is_After⇩t⇩i⇩c⇩k_Ndet:
‹ev a ∈ P⇧0 ∪ Q⇧0 ⟹ (P □ Q) after⇩✓ ev a = (P ⊓ Q) after⇩✓ ev a›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Det_is_After_Ndet)
lemma After⇩t⇩i⇩c⇩k_Sliding_is_After⇩t⇩i⇩c⇩k_Ndet:
‹ev a ∈ P⇧0 ∪ Q⇧0 ⟹ (P ⊳ Q) after⇩✓ ev a = (P ⊓ Q) after⇩✓ ev a›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Sliding_is_After_Ndet)
lemma After⇩t⇩i⇩c⇩k_Ndet:
‹(P ⊓ Q) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (P ⊓ Q) r
| ev a ⇒ if ev a ∈ P⇧0 ∩ Q⇧0
then P after⇩✓ ev a ⊓ Q after⇩✓ ev a
else if ev a ∈ P⇧0
then P after⇩✓ ev a
else if ev a ∈ Q⇧0
then Q after⇩✓ ev a
else Ψ (P ⊓ Q) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Ndet split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_Det:
‹(P □ Q) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (P □ Q) r
| ev a ⇒ if ev a ∈ P⇧0 ∩ Q⇧0
then P after⇩✓ ev a ⊓ Q after⇩✓ ev a
else if ev a ∈ P⇧0
then P after⇩✓ ev a
else if ev a ∈ Q⇧0
then Q after⇩✓ ev a
else Ψ (P □ Q) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Det split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_Sliding:
‹(P ⊳ Q) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (P ⊳ Q) r
| ev a ⇒ if ev a ∈ P⇧0 ∩ Q⇧0
then P after⇩✓ ev a ⊓ Q after⇩✓ ev a
else if ev a ∈ P⇧0
then P after⇩✓ ev a
else if ev a ∈ Q⇧0
then Q after⇩✓ ev a
else Ψ (P ⊳ Q) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Sliding split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_Mprefix:
‹(□ a ∈ A → P a) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (□ a ∈ A → P a) r
| ev a ⇒ if a ∈ A then P a else Ψ (□ a ∈ A → P a) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Mprefix split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_Mndetprefix:
‹(⊓ a ∈ A → P a) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (⊓ a ∈ A → P a) r
| ev a ⇒ if a ∈ A then P a else Ψ (⊓ a ∈ A → P a) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Mndetprefix split: event⇩p⇩t⇩i⇩c⇩k.split)
corollary After⇩t⇩i⇩c⇩k_write0:
‹(a → P) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (a → P) r
| ev b ⇒ if b = a then P else Ψ (a → P) b)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_write0 split: event⇩p⇩t⇩i⇩c⇩k.split)
corollary ‹(a → P) after⇩✓ ev a = P› by (simp add: After⇩t⇩i⇩c⇩k_write0)
corollary After⇩t⇩i⇩c⇩k_read:
‹(c❙?a∈A → P a) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (c❙?a∈A → P a) r
| ev b ⇒ if b ∈ c ` A then P (inv_into A c b) else Ψ (c❙?a∈A → P a) b)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_read split: event⇩p⇩t⇩i⇩c⇩k.split)
corollary After⇩t⇩i⇩c⇩k_ndet_write:
‹(c❙!❙!a∈A → P a) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (c❙!❙!a∈A → P a) r
| ev b ⇒ if b ∈ c ` A then P (inv_into A c b) else Ψ (c❙!❙!a∈A → P a) b)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_ndet_write split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_Seq:
‹(P ❙; Q) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (P ❙; Q) r
| ev a ⇒ if range tick ∩ P⇧0 = {} ∨ (∀r. ✓(r) ∈ P⇧0 ⟶ ev a ∉ Q⇧0)
then if ev a ∈ P⇧0 then P after⇩✓ ev a ❙; Q else Ψ (P ❙; Q) a
else if ev a ∈ P⇧0 then (P after⇩✓ ev a ❙; Q) ⊓ Q after⇩✓ ev a
else Q after⇩✓ ev a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Seq split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_Sync:
‹(P ⟦S⟧ Q) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (P ⟦S⟧ Q) r
| ev a ⇒ if P = ⊥ ∨ Q = ⊥ then ⊥
else if ev a ∈ P⇧0 ∩ Q⇧0
then if a ∈ S then P after⇩✓ ev a ⟦S⟧ Q after⇩✓ ev a
else (P after⇩✓ ev a ⟦S⟧ Q) ⊓ (P ⟦S⟧ Q after⇩✓ ev a)
else if ev a ∈ P⇧0 ∧ a ∉ S then P after⇩✓ ev a ⟦S⟧ Q
else if ev a ∈ Q⇧0 ∧ a ∉ S then P ⟦S⟧ Q after⇩✓ ev a
else Ψ (P ⟦S⟧ Q) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Sync split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma Hiding_FD_Hiding_After⇩t⇩i⇩c⇩k_if_initial_inside:
‹ev a ∈ P⇧0 ⟹ a ∈ A ⟹ P \ A ⊑⇩F⇩D P after⇩✓ ev a \ A›
and After⇩t⇩i⇩c⇩k_Hiding_FD_Hiding_After⇩t⇩i⇩c⇩k_if_initial_notin:
‹ev a ∈ P⇧0 ⟹ a ∉ A ⟹ (P \ A) after⇩✓ ev a ⊑⇩F⇩D P after⇩✓ ev a \ A›
by (simp add: After⇩t⇩i⇩c⇩k_def Hiding_FD_Hiding_After_if_initial_inside)
(simp add: After⇩t⇩i⇩c⇩k_def After_Hiding_FD_Hiding_After_if_initial_notin)
lemmas Hiding_F_Hiding_After⇩t⇩i⇩c⇩k_if_initial_inside =
Hiding_FD_Hiding_After⇩t⇩i⇩c⇩k_if_initial_inside[THEN leFD_imp_leF]
and After⇩t⇩i⇩c⇩k_Hiding_F_Hiding_After⇩t⇩i⇩c⇩k_if_initial_notin =
After⇩t⇩i⇩c⇩k_Hiding_FD_Hiding_After⇩t⇩i⇩c⇩k_if_initial_notin[THEN leFD_imp_leF]
and Hiding_D_Hiding_After⇩t⇩i⇩c⇩k_if_initial_inside =
Hiding_FD_Hiding_After⇩t⇩i⇩c⇩k_if_initial_inside[THEN leFD_imp_leD]
and After⇩t⇩i⇩c⇩k_Hiding_D_Hiding_After⇩t⇩i⇩c⇩k_if_initial_notin =
After⇩t⇩i⇩c⇩k_Hiding_FD_Hiding_After⇩t⇩i⇩c⇩k_if_initial_notin[THEN leFD_imp_leD]
and Hiding_T_Hiding_After⇩t⇩i⇩c⇩k_if_initial_inside =
Hiding_FD_Hiding_After⇩t⇩i⇩c⇩k_if_initial_inside[THEN leFD_imp_leF, THEN leF_imp_leT]
and After⇩t⇩i⇩c⇩k_Hiding_T_Hiding_After⇩t⇩i⇩c⇩k_if_initial_notin =
After⇩t⇩i⇩c⇩k_Hiding_FD_Hiding_After⇩t⇩i⇩c⇩k_if_initial_notin[THEN leFD_imp_leF, THEN leF_imp_leT]
corollary Hiding_DT_Hiding_After⇩t⇩i⇩c⇩k_if_initial_inside:
‹ev a ∈ P⇧0 ⟹ a ∈ A ⟹ P \ A ⊑⇩D⇩T P after⇩✓ ev a \ A›
and After⇩t⇩i⇩c⇩k_Hiding_DT_Hiding_After⇩t⇩i⇩c⇩k_if_initial_notin:
‹ev a ∈ P⇧0 ⟹ a ∉ A ⟹ (P \ A) after⇩✓ ev a ⊑⇩D⇩T P after⇩✓ ev a \ A›
by (simp add: Hiding_D_Hiding_After⇩t⇩i⇩c⇩k_if_initial_inside
Hiding_T_Hiding_After⇩t⇩i⇩c⇩k_if_initial_inside leD_leT_imp_leDT)
(simp add: After⇩t⇩i⇩c⇩k_Hiding_D_Hiding_After⇩t⇩i⇩c⇩k_if_initial_notin
After⇩t⇩i⇩c⇩k_Hiding_T_Hiding_After⇩t⇩i⇩c⇩k_if_initial_notin leD_leT_imp_leDT)
end
text ‹As with \<^locale>‹After›, we need to "duplicate" the locale
to formalize the result for the \<^const>‹Renaming› operator.›
locale AfterExtDuplicated = After⇩t⇩i⇩c⇩k⇩α: AfterExt Ψ⇩α Ω⇩α + After⇩t⇩i⇩c⇩k⇩β: AfterExt Ψ⇩β Ω⇩β
for Ψ⇩α :: ‹[('a, 'r) process⇩p⇩t⇩i⇩c⇩k, 'a] ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k›
and Ω⇩α :: ‹[('a, 'r) process⇩p⇩t⇩i⇩c⇩k, 'r] ⇒ ('a, 'r) process⇩p⇩t⇩i⇩c⇩k›
and Ψ⇩β :: ‹[('b, 's) process⇩p⇩t⇩i⇩c⇩k, 'b] ⇒ ('b, 's) process⇩p⇩t⇩i⇩c⇩k›
and Ω⇩β :: ‹[('b, 's) process⇩p⇩t⇩i⇩c⇩k, 's] ⇒ ('b, 's) process⇩p⇩t⇩i⇩c⇩k›
sublocale AfterExtDuplicated ⊆ AfterDuplicated .
context AfterExtDuplicated
begin
notation After⇩t⇩i⇩c⇩k⇩α.After (infixl ‹after⇩α› 86)
notation After⇩t⇩i⇩c⇩k⇩β.After (infixl ‹after⇩β› 86)
notation After⇩t⇩i⇩c⇩k⇩α.After⇩t⇩i⇩c⇩k (infixl ‹after⇩✓⇩α› 86)
notation After⇩t⇩i⇩c⇩k⇩β.After⇩t⇩i⇩c⇩k (infixl ‹after⇩✓⇩β› 86)
lemma After⇩t⇩i⇩c⇩k_Renaming:
‹Renaming P f g after⇩✓⇩β e =
(case e of ✓(s) ⇒ Ω⇩β (Renaming P f g) s
| ev b ⇒ if P = ⊥ then ⊥
else if ∃a. ev a ∈ P⇧0 ∧ f a = b
then ⊓ a∈{a. ev a ∈ P⇧0 ∧ f a = b}. Renaming (P after⇩α a) f g
else Ψ⇩β (Renaming P f g) b)›
by (auto simp add: After⇩t⇩i⇩c⇩k⇩α.After⇩t⇩i⇩c⇩k_def After⇩t⇩i⇩c⇩k⇩β.After⇩t⇩i⇩c⇩k_def
After_Renaming split: event⇩p⇩t⇩i⇩c⇩k.split)
end
context AfterExt
begin
subsection ‹Behaviour of @{const [source] After⇩t⇩i⇩c⇩k} with Operators of \<^session>‹HOL-CSPM››
lemma After⇩t⇩i⇩c⇩k_GlobalDet_is_After⇩t⇩i⇩c⇩k_GlobalNdet:
‹ev a ∈ (⋃a ∈ A. (P a)⇧0) ⟹
(□ a ∈ A. P a) after⇩✓ ev a = (⊓ a ∈ A. P a) after⇩✓ ev a›
by (simp add: After⇩t⇩i⇩c⇩k_def After_GlobalDet_is_After_GlobalNdet)
lemma After⇩t⇩i⇩c⇩k_GlobalNdet:
‹(⊓ a ∈ A. P a) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (⊓ a ∈ A. P a) r
| ev a ⇒ if ev a ∈ (⋃a ∈ A. (P a)⇧0)
then ⊓ x ∈ {x ∈ A. ev a ∈ (P x)⇧0}. P x after⇩✓ ev a
else Ψ (⊓ a ∈ A. P a) a)›
and After⇩t⇩i⇩c⇩k_GlobalDet:
‹(□ a ∈ A. P a) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (□ a ∈ A. P a) r
| ev a ⇒ if ev a ∈ (⋃a ∈ A. (P a)⇧0)
then ⊓ x ∈ {x ∈ A. ev a ∈ (P x)⇧0}. P x after⇩✓ ev a
else Ψ (□ a ∈ A. P a) a)›
by (simp_all add: After⇩t⇩i⇩c⇩k_def After_GlobalNdet After_GlobalDet split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_Throw:
‹(P Θ a ∈ A. Q a) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (P Θ a ∈ A. Q a) r
| ev a ⇒ if P = ⊥ then ⊥
else if ev a ∈ P⇧0
then if a ∈ A
then Q a
else P after⇩✓ ev a Θ a ∈ A. Q a
else Ψ (P Θ a ∈ A. Q a) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Throw split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_Interrupt:
‹(P △ Q) after⇩✓ e =
(case e of ✓(r) ⇒ Ω (P △ Q) r
| ev a ⇒ if ev a ∈ P⇧0 ∩ Q⇧0
then Q after⇩✓ ev a ⊓ (P after⇩✓ ev a △ Q)
else if ev a ∈ P⇧0 ∧ ev a ∉ Q⇧0
then P after⇩✓ ev a △ Q
else if ev a ∉ P⇧0 ∧ ev a ∈ Q⇧0
then Q after⇩✓ ev a
else Ψ (P △ Q) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_Interrupt split: event⇩p⇩t⇩i⇩c⇩k.split)
subsection ‹Behaviour of @{const [source] After⇩t⇩i⇩c⇩k} with Reference Processes›
lemma After⇩t⇩i⇩c⇩k_DF:
‹DF A after⇩✓ e =
(case e of ✓(r) ⇒ Ω (DF A) r
| ev a ⇒ if a ∈ A then DF A else Ψ (DF A) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_DF split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_DF⇩S⇩K⇩I⇩P⇩S:
‹DF⇩S⇩K⇩I⇩P⇩S A R after⇩✓ e =
(case e of ✓(r) ⇒ Ω (DF⇩S⇩K⇩I⇩P⇩S A R) r
| ev a ⇒ if a ∈ A then DF⇩S⇩K⇩I⇩P⇩S A R else Ψ (DF⇩S⇩K⇩I⇩P⇩S A R) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_DF⇩S⇩K⇩I⇩P⇩S split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_RUN:
‹RUN A after⇩✓ e =
(case e of ✓(r) ⇒ Ω (RUN A) r
| ev a ⇒ if a ∈ A then RUN A else Ψ (RUN A) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_RUN split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_CHAOS:
‹CHAOS A after⇩✓ e =
(case e of ✓(r) ⇒ Ω (CHAOS A) r
| ev a ⇒ if a ∈ A then CHAOS A else Ψ (CHAOS A) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_CHAOS split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma After⇩t⇩i⇩c⇩k_CHAOS⇩S⇩K⇩I⇩P⇩S:
‹CHAOS⇩S⇩K⇩I⇩P⇩S A R after⇩✓ e =
(case e of ✓(r) ⇒ Ω (CHAOS⇩S⇩K⇩I⇩P⇩S A R) r
| ev a ⇒ if a ∈ A then CHAOS⇩S⇩K⇩I⇩P⇩S A R else Ψ (CHAOS⇩S⇩K⇩I⇩P⇩S A R) a)›
by (simp add: After⇩t⇩i⇩c⇩k_def After_CHAOS⇩S⇩K⇩I⇩P⇩S split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma DF_FD_After⇩t⇩i⇩c⇩k:
‹DF A ⊑⇩F⇩D P ⟹ e ∈ P⇧0 ⟹ DF A ⊑⇩F⇩D P after⇩✓ e›
by (cases e, simp add: After⇩t⇩i⇩c⇩k_def DF_FD_After)
(metis anti_mono_initials_FD event⇩p⇩t⇩i⇩c⇩k.distinct(1) image_iff initials_DF subsetD)
lemma DF⇩S⇩K⇩I⇩P⇩S_FD_After⇩t⇩i⇩c⇩k:
‹DF⇩S⇩K⇩I⇩P⇩S A R ⊑⇩F⇩D P ⟹ ev a ∈ P⇧0 ⟹ DF⇩S⇩K⇩I⇩P⇩S A R ⊑⇩F⇩D P after⇩✓ ev a›
by (simp add: After⇩t⇩i⇩c⇩k_def DF⇩S⇩K⇩I⇩P⇩S_FD_After)
lemma deadlock_free_After⇩t⇩i⇩c⇩k:
‹e ∈ P⇧0 ⟹ deadlock_free P ⟹
deadlock_free (P after⇩✓ e) ⟷
(case e of ev a ⇒ True | ✓(r) ⇒ deadlock_free (Ω P r))›
using deadlock_free_After by (auto simp add: After⇩t⇩i⇩c⇩k_def split: event⇩p⇩t⇩i⇩c⇩k.split)
lemma deadlock_free⇩S⇩K⇩I⇩P⇩S_After⇩t⇩i⇩c⇩k:
‹e ∈ P⇧0 ⟹ deadlock_free⇩S⇩K⇩I⇩P⇩S P ⟹
deadlock_free⇩S⇩K⇩I⇩P⇩S (P after⇩✓ e) ⟷
(case e of ev a ⇒ True | ✓(r) ⇒ deadlock_free⇩S⇩K⇩I⇩P⇩S (Ω P r))›
using deadlock_free⇩S⇩K⇩I⇩P⇩S_After by (auto simp add: After⇩t⇩i⇩c⇩k_def split: event⇩p⇩t⇩i⇩c⇩k.split)
subsection ‹Characterizations for Deadlock Freeness›
lemma deadlock_free_imp_not_initial_tick: ‹deadlock_free P ⟹ range tick ∩ P⇧0 = {}›
by (rule ccontr, simp add: disjoint_iff)
(meson anti_mono_initials_FD deadlock_free_def initial_tick_iff_FD_SKIP non_deadlock_free_SKIP subsetD)
lemma initial_tick_imp_range_ev_in_refusals: ‹✓(r) ∈ P⇧0 ⟹ range ev ∈ ℛ P›
unfolding initials_def image_def
by (simp add: Refusals_iff is_processT6_TR_notin)
lemma deadlock_free_After⇩t⇩i⇩c⇩k_characterization:
‹deadlock_free P ⟷ range ev ∉ ℛ P ∧ (∀e. ev e ∈ P⇧0 ⟶ deadlock_free (P after⇩✓ ev e))›
(is ‹deadlock_free P ⟷ ?rhs›)
proof (intro iffI)
from event⇩p⇩t⇩i⇩c⇩k.exhaust_sel have ‹range ev = UNIV - range tick› by blast
hence ‹range ev ∉ ℛ P ⟷ UNIV - range tick ∉ ℛ P› by metis
thus ‹deadlock_free P ⟹ ?rhs›
by (intro conjI)
(solves ‹simp add: deadlock_free_F failure_refine_def,
subst (asm) F_DF, auto simp add: Refusals_iff›,
use DF_FD_After⇩t⇩i⇩c⇩k deadlock_free_def in blast)
next
assume ‹?rhs›
hence * : ‹range ev ∉ ℛ P›
‹ev e ∈ P⇧0 ⟹ {(s, X) |s X. (ev e # s, X) ∈ ℱ P} ⊆ ℱ (DF UNIV)› for e
by (simp_all add: deadlock_free_F failure_refine_def F_After⇩t⇩i⇩c⇩k subset_iff)
show ‹deadlock_free P›
proof (unfold deadlock_free_F failure_refine_def, safe)
fix s X
assume ** : ‹(s, X) ∈ ℱ P›
show ‹(s, X) ∈ ℱ (DF UNIV)›
proof (cases s)
show ‹s = [] ⟹ (s, X) ∈ ℱ (DF UNIV)›
by (subst F_DF, simp)
(metis "*"(1) "**" Refusals_iff image_subset_iff is_processT4)
next
fix e s'
assume *** : ‹s = e # s'›
from "**"[THEN F_T, simplified this, THEN initials_memI]
initial_tick_imp_range_ev_in_refusals "*"(1)
obtain x where ‹e = ev x› ‹ev x ∈ P⇧0›
by (cases e) (simp_all add: initial_tick_imp_range_ev_in_refusals)
with "*"(2)[OF this(2)] "**" "***" show ‹(s, X) ∈ ℱ (DF UNIV)›
by (subst F_DF) (simp add: subset_iff)
qed
qed
qed
lemma deadlock_free⇩S⇩K⇩I⇩P⇩S_After⇩t⇩i⇩c⇩k_characterization:
‹deadlock_free⇩S⇩K⇩I⇩P⇩S P ⟷
UNIV ∉ ℛ P ∧ (∀e ∈ P⇧0 - range tick. deadlock_free⇩S⇩K⇩I⇩P⇩S (P after⇩✓ e))›
(is ‹deadlock_free⇩S⇩K⇩I⇩P⇩S P ⟷ ?rhs›)
proof (intro iffI)
show ?rhs if ‹deadlock_free⇩S⇩K⇩I⇩P⇩S P›
proof (intro conjI)
from ‹deadlock_free⇩S⇩K⇩I⇩P⇩S P› show ‹UNIV ∉ ℛ P›
by (simp add: deadlock_free⇩S⇩K⇩I⇩P⇩S_def failure_refine_def)
(subst (asm) F_DF⇩S⇩K⇩I⇩P⇩S, auto simp add: Refusals_iff)
next
from ‹deadlock_free⇩S⇩K⇩I⇩P⇩S P› show ‹∀e∈P⇧0 - range tick. deadlock_free⇩S⇩K⇩I⇩P⇩S (P after⇩✓ e)›
by (auto simp add: deadlock_free⇩S⇩K⇩I⇩P⇩S_After⇩t⇩i⇩c⇩k split: event⇩p⇩t⇩i⇩c⇩k.split)
qed
next
assume assm : ‹?rhs›
have * : ‹ev e ∈ P⇧0 ⟹ {(s, X) |s X. (ev e # s, X) ∈ ℱ P} ⊆ ℱ (DF⇩S⇩K⇩I⇩P⇩S UNIV UNIV)› for e
using assm[THEN conjunct2, rule_format, of ‹ev e›, simplified]
by (simp add: deadlock_free⇩S⇩K⇩I⇩P⇩S_def failure_refine_def F_After⇩t⇩i⇩c⇩k image_iff)
show ‹deadlock_free⇩S⇩K⇩I⇩P⇩S P›
proof (unfold deadlock_free⇩S⇩K⇩I⇩P⇩S_def failure_refine_def, safe)
fix s X
assume ** : ‹(s, X) ∈ ℱ P›
show ‹(s, X) ∈ ℱ (DF⇩S⇩K⇩I⇩P⇩S UNIV UNIV)›
proof (cases s)
from assm[THEN conjunct1] "**" show ‹s = [] ⟹ (s, X) ∈ ℱ (DF⇩S⇩K⇩I⇩P⇩S UNIV UNIV)›
by (subst F_DF⇩S⇩K⇩I⇩P⇩S, simp add: Refusals_iff)
(metis UNIV_eq_I event⇩p⇩t⇩i⇩c⇩k.exhaust)
next
fix e s'
assume *** : ‹s = e # s'›
show ‹(s, X) ∈ ℱ (DF⇩S⇩K⇩I⇩P⇩S UNIV UNIV)›
proof (cases e)
fix a assume ‹e = ev a›
with "**" "***" initials_memI F_T have ‹ev a ∈ P⇧0› by blast
with "*"[OF this] "**" "***" ‹e = ev a› show ‹(s, X) ∈ ℱ (DF⇩S⇩K⇩I⇩P⇩S UNIV UNIV)›
by (subst F_DF⇩S⇩K⇩I⇩P⇩S) (simp add: subset_iff)
next
fix r assume ‹e = ✓(r)›
hence ‹s = [✓(r)]›
by (metis "**" "***" event⇩p⇩t⇩i⇩c⇩k.disc(2) front_tickFree_Cons_iff is_processT2)
thus ‹(s, X) ∈ ℱ (DF⇩S⇩K⇩I⇩P⇩S UNIV UNIV)›
by (subst F_DF⇩S⇩K⇩I⇩P⇩S, simp)
qed
qed
qed
qed
subsection ‹Continuity›
lemma After⇩t⇩i⇩c⇩k_cont [simp] :
assumes cont_ΨΩ : ‹case e of ev a ⇒ cont (λP. Ψ P a) | ✓(r) ⇒ cont (λP. Ω P r)›
and cont_f : ‹cont f›
shows ‹cont (λx. f x after⇩✓ e)›
by (cases e, simp_all add: After⇩t⇩i⇩c⇩k_def)
(use After_cont cont_ΨΩ cont_f in ‹auto intro: cont_compose›)
end
end