Theory MLTL_Encoding

section ‹ MLTL Encoding ›
theory MLTL_Encoding

imports Main

begin

subsection ‹ Syntax ›

datatype (atoms_mltl: 'a) mltl =
    True_mltl                                     ("True⇩_m")
  | False_mltl                                    ("False⇩_m")
  | Prop_mltl 'a                                  ("Prop⇩_m '(_')")
  | Not_mltl "'a mltl"                            ("Not⇩_m _" [85] 85)
  | And_mltl "'a mltl" "'a mltl"                  ("_ And⇩_m _" [82, 82] 81)
  | Or_mltl "'a mltl" "'a mltl"                   ("_ Or⇩_m _" [81, 81] 80)
  | Future_mltl "nat" "nat" "'a mltl"             ("F⇩_m '[_',_'] _" [88, 88, 88] 87)
  | Global_mltl "nat" "nat" "'a mltl"             ("G⇩_m '[_',_'] _" [88, 88, 88] 87)
  | Until_mltl "'a mltl" "nat" "nat" "'a mltl"    ("_ U⇩_m '[_',_'] _" [84, 84, 84, 84] 83)
  | Release_mltl "'a mltl" "nat" "nat" "'a mltl"  ("_ R⇩_m '[_',_'] _" [84, 84, 84, 84] 83)

definition Implies_mltl ("_ Implies⇩_m _" [81, 81] 80)
  where "φ Implies⇩_m ψ ≡ Not⇩_m φ Or⇩_m ψ"

definition Iff_mltl ("_ Iff⇩_m _" [81, 81] 80)
  where "φ Iff⇩_m ψ ≡ (φ Implies⇩_m ψ) And⇩_m (ψ Implies⇩_m φ)"

subsubsection ‹ Binding Examples ›
(*Not binds more tightly than And, Or*)
value "Not⇩_m Prop⇩_m (p) And⇩_m Prop⇩_m (q) =
       And_mltl (Not_mltl (Prop_mltl p)) (Prop_mltl q)"
(*And binds more tightly than Or*)
value "p And⇩_m q Or⇩_m r = Or_mltl (And_mltl p q) r"
(*Future and Global binds tighest*)
value "F⇩_m [0, 1] p And⇩_m q = And_mltl (Future_mltl 0 1 p) q"
(*Until and Release bind tighter than And/Or*)
value "p U⇩_m [0,1] q And⇩_m r = And_mltl (Until_mltl p 0 1 q) r"

subsection ‹ Semantics ›

(* NOTE: Added π ≠ [] in Prop_mltl *)
primrec semantics_mltl :: "['a set list, 'a mltl] ⇒ bool" ("_ ⊨⇩_m _" [80,80] 80)
where
  "π ⊨⇩_m True⇩_m = True"
| "π ⊨⇩_m False⇩_m = False"
| "π ⊨⇩_m Prop⇩_m (q) = (π ≠ [] ∧ q ∈ (π ! 0))"
| "π ⊨⇩_m Not⇩_m φ = (¬ π ⊨⇩_m φ)"
| "π ⊨⇩_m φ And⇩_m ψ = (π ⊨⇩_m φ ∧ π ⊨⇩_m ψ)"
| "π ⊨⇩_m φ Or⇩_m ψ = (π ⊨⇩_m φ ∨ π ⊨⇩_m ψ)"
| "π ⊨⇩_m (F⇩_m [a, b] φ) = (a ≤ b ∧ length π > a ∧
      (∃i::nat. (i ≥ a ∧ i ≤ b) ∧ (drop i π) ⊨⇩_m φ))"
| "π ⊨⇩_m (G⇩_m [a, b] φ) = (a ≤ b ∧ (length π ≤ a ∨
      (∀i::nat. (i ≥ a ∧ i ≤ b) ⟶ (drop i π) ⊨⇩_m φ)))"
| "π ⊨⇩_m (φ U⇩_m [a, b] ψ) =  (a ≤ b ∧ length π > a ∧
      (∃i::nat. (i ≥ a ∧ i ≤ b) ∧ ((drop i π) ⊨⇩_m ψ
        ∧ (∀j. j ≥ a ∧ j<i ⟶ (drop j π) ⊨⇩_m φ))))"
| "π ⊨⇩_m (φ R⇩_m [a, b] ψ) = (a ≤ b ∧ (length π ≤ a ∨
      (∀i::nat. (i ≥ a ∧ i ≤ b) ⟶ (((drop i π) ⊨⇩_m ψ))) ∨
      (∃j. j ≥ a ∧ j ≤ b-1 ∧ (drop j π) ⊨⇩_m φ ∧
         (∀k. a ≤ k ∧ k ≤ j ⟶ (drop k π) ⊨⇩_m ψ))))"

subsubsection ‹ Examples ›

lemma
  "[{0::nat}] ⊨⇩_m Not⇩_m (F⇩_m [0,2] Prop⇩_m (0)) = False"
  by auto

lemma
  "[{0::nat}] ⊨⇩_m F⇩_m [0,2] (Not⇩_m Prop⇩_m (0)) = True"
  proof-
    have "¬ (drop 1 [{0}] ≠ [] ∧ 0 ∈ drop 1 [{0}] ! 0)"
      by simp
    then have "(∃i. (0 ≤ i ∧ i ≤ 2) ∧ ¬ (drop i [{0}] ≠ [] ∧ 0 ∈ drop i [{0}] ! 0))"
      by auto
    then show ?thesis
      unfolding semantics_mltl.simps
      by blast
  qed

lemma
  "[{0::nat}] ⊨⇩_m G⇩_m [0,2] Prop⇩_m (0::nat) = False"
  by auto


end