open HolKernel Parse boolLib bossLib; (* quietdec := true; val home_dir = (Globals.HOLDIR ^ "/examples/temporal_deep/"); loadPath := (home_dir ^ "src/deep_embeddings") :: (home_dir ^ "src/tools") :: !loadPath; map load ["infinite_pathTheory", "prop_logicTheory", "pred_setTheory", "arithmeticTheory", "tuerk_tacticsLib", "numLib", "symbolic_kripke_structureTheory", "set_lemmataTheory"]; *) open pred_setTheory arithmeticTheory infinite_pathTheory prop_logicTheory tuerk_tacticsLib numLib set_lemmataTheory symbolic_kripke_structureTheory open Sanity; (* show_assums := false; show_assums := true; show_types := true; show_types := false; quietdec := false; *) val _ = hide "S"; val _ = hide "I"; val _ = new_theory "rltl"; val _ = ParseExtras.temp_loose_equality() (****************************************************************************** * Syntax and semantic ******************************************************************************) val rltl_def = Hol_datatype `rltl = RLTL_PROP of 'prop prop_logic (* b! *) | RLTL_NOT of rltl (* not f *) | RLTL_AND of rltl # rltl (* f1 and f2 *) | RLTL_NEXT of rltl (* X! f *) | RLTL_SUNTIL of rltl # rltl (* [f1 U f2] *) | RLTL_ACCEPT of rltl # 'prop prop_logic`; (* f abort b *) val rltl_induct = save_thm ("rltl_induct", Q.GEN `P` (MATCH_MP (DECIDE ``(A ==> (B1 /\ B2)) ==> (A ==> B1)``) (SIMP_RULE std_ss [pairTheory.FORALL_PROD, PROVE[]``(!x y. P x ==> Q(x,y)) = !x. P x ==> !y. Q(x,y)``, PROVE[]``(!x y. P y ==> Q(x,y)) = !y. P y ==> !x. Q(x,y)``] (Q.SPECL [`P`,`\(f,b). P f`,`\(f1,f2). P f1 /\ P f2`] (TypeBase.induction_of ``:'a rltl``))))); val RLTL_SEM_TIME_def = Define `(RLTL_SEM_TIME t v a r (RLTL_PROP b) = ((P_SEM (v t) a) \/ ((P_SEM (v t) b) /\ ~(P_SEM (v t) r)))) /\ (RLTL_SEM_TIME t v a r (RLTL_NOT f) = ~(RLTL_SEM_TIME t v r a f)) /\ (RLTL_SEM_TIME t v a r (RLTL_AND (f1,f2)) = RLTL_SEM_TIME t v a r f1 /\ RLTL_SEM_TIME t v a r f2) /\ (RLTL_SEM_TIME t v a r (RLTL_NEXT f) = ((P_SEM (v t) a) \/ (~(P_SEM (v t) r) /\ RLTL_SEM_TIME (SUC t) v a r f))) /\ (RLTL_SEM_TIME t v a r (RLTL_SUNTIL(f1,f2)) = ?k. (k >= t) /\ (RLTL_SEM_TIME k v a r f2) /\ (!j. (t <= j /\ j < k) ==> (RLTL_SEM_TIME j v a r f1))) /\ (RLTL_SEM_TIME t v a r (RLTL_ACCEPT (f, b)) = RLTL_SEM_TIME t v (P_OR(a, P_AND(b, P_NOT(r)))) r f)`; val RLTL_SEM_def = Define `RLTL_SEM v f = RLTL_SEM_TIME 0 v P_FALSE P_FALSE f`; val RLTL_KS_SEM_def = Define `RLTL_KS_SEM M f = !p. IS_INITIAL_PATH_THROUGH_SYMBOLIC_KRIPKE_STRUCTURE M p ==> RLTL_SEM p f`; (****************************************************************************** * Syntactic Sugar ******************************************************************************) val RLTL_TRUE_def = Define `RLTL_TRUE = RLTL_PROP P_TRUE`; val RLTL_FALSE_def = Define `RLTL_FALSE = RLTL_PROP P_FALSE`; val RLTL_OR_def = Define `RLTL_OR(f1,f2) = RLTL_NOT (RLTL_AND((RLTL_NOT f1),(RLTL_NOT f2)))`; val RLTL_IMPL_def = Define `RLTL_IMPL(f1, f2) = RLTL_OR(RLTL_NOT f1, f2)`; val RLTL_COND_def = Define `RLTL_COND(c, f1, f2) = RLTL_AND(RLTL_IMPL(c, f1), RLTL_IMPL(RLTL_NOT c, f2))`; val RLTL_EQUIV_def = Define `RLTL_EQUIV(b1, b2) = RLTL_AND(RLTL_IMPL(b1, b2),RLTL_IMPL(b2, b1))`; val RLTL_REJECT_def = Define `RLTL_REJECT(f,b) = RLTL_NOT (RLTL_ACCEPT((RLTL_NOT f),b))`; val RLTL_EVENTUAL_def = Define `RLTL_EVENTUAL f = RLTL_SUNTIL (RLTL_PROP(P_TRUE),f)`; val RLTL_ALWAYS_def = Define `RLTL_ALWAYS f = RLTL_NOT (RLTL_EVENTUAL (RLTL_NOT f))`; val RLTL_UNTIL_def = Define `RLTL_UNTIL(f1,f2) = RLTL_OR(RLTL_SUNTIL(f1,f2),RLTL_ALWAYS f1)`; val RLTL_BEFORE_def = Define `RLTL_BEFORE(f1,f2) = RLTL_NOT(RLTL_SUNTIL(RLTL_NOT f1,f2))`; val RLTL_SBEFORE_def = Define `RLTL_SBEFORE(f1,f2) = RLTL_SUNTIL(RLTL_NOT f2,RLTL_AND(f1, RLTL_NOT f2))`; val RLTL_WHILE_def = Define `RLTL_WHILE(f1,f2) = RLTL_NOT(RLTL_SUNTIL(RLTL_OR(RLTL_NOT f1, RLTL_NOT f2),RLTL_AND(f2, RLTL_NOT f1)))`; val RLTL_SWHILE_def = Define `RLTL_SWHILE(f1,f2) = RLTL_SUNTIL(RLTL_NOT f2,RLTL_AND(f1, f2))`; val RLTL_EQUIV_PATH_STRONG_def = Define `RLTL_EQUIV_PATH_STRONG (t:num) v1 v2 a r = ?k. (k >= t) /\ (((P_SEM (v1 k) a) /\ (P_SEM (v2 k) a) /\ ~(P_SEM (v1 k) r) /\ ~(P_SEM (v2 k) r)) \/ ((P_SEM (v1 k) r) /\ (P_SEM (v2 k) r) /\ ~(P_SEM (v1 k) a) /\ ~(P_SEM (v2 k) a))) /\ (!l. (t <= l /\ l < k ==> ((v1 l) = (v2 l))))`; val RLTL_EQUIV_PATH_def = Define `RLTL_EQUIV_PATH t v1 v2 a r = (EQUIV_PATH_RESTN t v1 v2) \/ (RLTL_EQUIV_PATH_STRONG t v1 v2 a r)`; (****************************************************************************** * Classes of RLTL ******************************************************************************) val IS_RLTL_G_def = Define `(IS_RLTL_G (RLTL_PROP p) = T) /\ (IS_RLTL_G (RLTL_NOT f) = IS_RLTL_F f) /\ (IS_RLTL_G (RLTL_AND (f,g)) = (IS_RLTL_G f /\ IS_RLTL_G g)) /\ (IS_RLTL_G (RLTL_NEXT f) = IS_RLTL_G f) /\ (IS_RLTL_G (RLTL_SUNTIL(f,g)) = F) /\ (IS_RLTL_G (RLTL_ACCEPT (f,p)) = IS_RLTL_G f) /\ (IS_RLTL_F (RLTL_PROP p) = T) /\ (IS_RLTL_F (RLTL_NOT f) = IS_RLTL_G f) /\ (IS_RLTL_F (RLTL_AND (f,g)) = (IS_RLTL_F f /\ IS_RLTL_F g)) /\ (IS_RLTL_F (RLTL_NEXT f) = IS_RLTL_F f) /\ (IS_RLTL_F (RLTL_SUNTIL(f,g)) = (IS_RLTL_F f /\ IS_RLTL_F g)) /\ (IS_RLTL_F (RLTL_ACCEPT (f,p)) = IS_RLTL_F f)`; val IS_RLTL_PREFIX_def = Define `(IS_RLTL_PREFIX (RLTL_NOT f) = IS_RLTL_PREFIX f) /\ (IS_RLTL_PREFIX (RLTL_AND (f,g)) = (IS_RLTL_PREFIX f /\ IS_RLTL_PREFIX g)) /\ (IS_RLTL_PREFIX (RLTL_ACCEPT (f, p)) = (IS_RLTL_PREFIX f)) /\ (IS_RLTL_PREFIX f = (IS_RLTL_G f \/ IS_RLTL_F f))`; val IS_RLTL_GF_def= Define `(IS_RLTL_GF (RLTL_PROP p) = T) /\ (IS_RLTL_GF (RLTL_NOT f) = IS_RLTL_FG f) /\ (IS_RLTL_GF (RLTL_AND (f,g)) = (IS_RLTL_GF f /\ IS_RLTL_GF g)) /\ (IS_RLTL_GF (RLTL_NEXT f) = IS_RLTL_GF f) /\ (IS_RLTL_GF (RLTL_SUNTIL(f,g)) = (IS_RLTL_GF f /\ IS_RLTL_F g)) /\ (IS_RLTL_GF (RLTL_ACCEPT (f,p)) = IS_RLTL_GF f) /\ (IS_RLTL_FG (RLTL_PROP p) = T) /\ (IS_RLTL_FG (RLTL_NOT f) = IS_RLTL_GF f) /\ (IS_RLTL_FG (RLTL_AND (f,g)) = (IS_RLTL_FG f /\ IS_RLTL_FG g)) /\ (IS_RLTL_FG (RLTL_NEXT f) = IS_RLTL_FG f) /\ (IS_RLTL_FG (RLTL_SUNTIL(f,g)) = (IS_RLTL_FG f /\ IS_RLTL_FG g)) /\ (IS_RLTL_FG (RLTL_ACCEPT (f,p)) = IS_RLTL_FG f)`; val IS_RLTL_STREET_def = Define `(IS_RLTL_STREET (RLTL_NOT f) = IS_RLTL_STREET f) /\ (IS_RLTL_STREET (RLTL_AND (f,g)) = (IS_RLTL_STREET f /\ IS_RLTL_STREET g)) /\ (IS_RLTL_STREET (RLTL_ACCEPT (f, p)) = (IS_RLTL_STREET f)) /\ (IS_RLTL_STREET f = (IS_RLTL_GF f \/ IS_RLTL_FG f))`; val IS_RLTL_THM = save_thm("IS_RLTL_THM", LIST_CONJ [IS_RLTL_G_def, IS_RLTL_GF_def, IS_RLTL_PREFIX_def, IS_RLTL_STREET_def]); (****************************************************************************** * Tautologies und Contradictions ******************************************************************************) val RLTL_EQUIVALENT_def = Define `RLTL_EQUIVALENT l1 l2 = !w t a r. (RLTL_SEM_TIME t w a r l1) = (RLTL_SEM_TIME t w a r l2)`; val RLTL_EQUIVALENT_INITIAL_def = Define `RLTL_EQUIVALENT_INITIAL l1 l2 = !w. (RLTL_SEM w l1) = (RLTL_SEM w l2)`; val RLTL_IS_CONTRADICTION_def = Define `RLTL_IS_CONTRADICTION l = (!v. ~(RLTL_SEM v l))`; val RLTL_IS_TAUTOLOGY_def = Define `RLTL_IS_TAUTOLOGY l = (!v. RLTL_SEM v l)`; val RLTL_TAUTOLOGY_CONTRADICTION_DUAL = store_thm ("RLTL_TAUTOLOGY_CONTRADICTION_DUAL", ``(!l. RLTL_IS_CONTRADICTION (RLTL_NOT l) = RLTL_IS_TAUTOLOGY l) /\ (!l. RLTL_IS_TAUTOLOGY (RLTL_NOT l) = RLTL_IS_CONTRADICTION l)``, REWRITE_TAC[RLTL_IS_TAUTOLOGY_def, RLTL_IS_CONTRADICTION_def, RLTL_SEM_def, RLTL_SEM_TIME_def]); val RLTL_TAUTOLOGY_CONTRADICTION___TO___EQUIVALENT_INITIAL = store_thm ("RLTL_TAUTOLOGY_CONTRADICTION___TO___EQUIVALENT_INITIAL", ``(!l. RLTL_IS_CONTRADICTION l = RLTL_EQUIVALENT_INITIAL l RLTL_FALSE) /\ (!l. RLTL_IS_TAUTOLOGY l = RLTL_EQUIVALENT_INITIAL l RLTL_TRUE)``, REWRITE_TAC[RLTL_IS_TAUTOLOGY_def, RLTL_IS_CONTRADICTION_def, RLTL_SEM_TIME_def, RLTL_EQUIVALENT_INITIAL_def, RLTL_FALSE_def, P_SEM_THM, RLTL_TRUE_def, RLTL_SEM_def] THEN PROVE_TAC[]); val RLTL_EQUIVALENT_INITIAL___TO___TAUTOLOGY = store_thm ("RLTL_EQUIVALENT_INITIAL___TO___TAUTOLOGY", ``!l1 l2. RLTL_EQUIVALENT_INITIAL l1 l2 = RLTL_IS_TAUTOLOGY (RLTL_EQUIV(l1, l2))``, REWRITE_TAC[RLTL_IS_TAUTOLOGY_def, RLTL_SEM_TIME_def, RLTL_EQUIV_def, RLTL_IMPL_def, RLTL_OR_def, RLTL_EQUIVALENT_INITIAL_def, RLTL_SEM_def] THEN PROVE_TAC[]); (****************************************************************************** * Some simple Lemmata ******************************************************************************) val RLTL_SEM_PROP_RLTL_OPERATOR_EQUIV = store_thm ("RLTL_SEM_PROP_RLTL_OPERATOR_EQUIV", ``(!t v a r f. (~(P_SEM (v t) a) \/ ~(P_SEM (v t) r)) ==> (RLTL_SEM_TIME t v a r (RLTL_PROP (P_NOT f)) = RLTL_SEM_TIME t v a r (RLTL_NOT (RLTL_PROP f)))) /\ (!t v a r f1 f2. (RLTL_SEM_TIME t v a r (RLTL_PROP (P_AND(f1, f2))) = RLTL_SEM_TIME t v a r (RLTL_AND (RLTL_PROP f1, RLTL_PROP f2))))``, REPEAT STRIP_TAC THEN ASM_REWRITE_TAC[RLTL_SEM_TIME_def, P_SEM_def] THEN PROVE_TAC[]) val RLTL_USED_VARS_def= Define `(RLTL_USED_VARS (RLTL_PROP p) = P_USED_VARS p) /\ (RLTL_USED_VARS (RLTL_NOT f) = RLTL_USED_VARS f) /\ (RLTL_USED_VARS (RLTL_AND (f,g)) = (RLTL_USED_VARS f UNION RLTL_USED_VARS g)) /\ (RLTL_USED_VARS (RLTL_NEXT f) = RLTL_USED_VARS f) /\ (RLTL_USED_VARS (RLTL_SUNTIL(f,g)) = (RLTL_USED_VARS f UNION RLTL_USED_VARS g)) /\ (RLTL_USED_VARS (RLTL_ACCEPT (f, p)) = (RLTL_USED_VARS f UNION P_USED_VARS p))`; val RLTL_USED_VARS_INTER_SUBSET_THM = store_thm ("RLTL_USED_VARS_INTER_SUBSET_THM", ``!f t a r v S. ((RLTL_USED_VARS f) SUBSET S /\ (P_USED_VARS a) SUBSET S /\ (P_USED_VARS r) SUBSET S) ==> (RLTL_SEM_TIME t v a r f = RLTL_SEM_TIME t (PATH_RESTRICT v S) a r f)``, INDUCT_THEN rltl_induct ASSUME_TAC THENL [ SIMP_TAC std_ss [RLTL_SEM_TIME_def, RLTL_USED_VARS_def, PATH_RESTRICT_def, PATH_MAP_def] THEN METIS_TAC[P_USED_VARS_INTER_SUBSET_THM, UNION_SUBSET], REWRITE_TAC[RLTL_SEM_TIME_def, RLTL_USED_VARS_def] THEN FULL_SIMP_TAC std_ss [UNION_SUBSET], FULL_SIMP_TAC std_ss [RLTL_SEM_TIME_def, RLTL_USED_VARS_def, UNION_SUBSET] THEN PROVE_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def, RLTL_USED_VARS_def] THEN FULL_SIMP_TAC std_ss [UNION_SUBSET] THEN REPEAT STRIP_TAC THEN BINOP_TAC THENL [ SIMP_TAC std_ss [PATH_RESTRICT_def, PATH_MAP_def] THEN METIS_TAC[P_USED_VARS_INTER_SUBSET_THM], BINOP_TAC THENL [ SIMP_TAC std_ss [PATH_RESTRICT_def, PATH_MAP_def] THEN METIS_TAC[P_USED_VARS_INTER_SUBSET_THM], METIS_TAC[] ] ], REWRITE_TAC[RLTL_SEM_TIME_def, RLTL_USED_VARS_def] THEN FULL_SIMP_TAC std_ss [UNION_SUBSET] THEN METIS_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def, RLTL_USED_VARS_def] THEN FULL_SIMP_TAC std_ss [UNION_SUBSET] THEN REPEAT STRIP_TAC THEN `(P_USED_VARS (P_OR (a,P_AND (p_2,P_NOT r)))) SUBSET S` by ASM_REWRITE_TAC[P_USED_VARS_def, P_OR_def, UNION_SUBSET] THEN METIS_TAC[] ]); val RLTL_USED_VARS_INTER_THM = store_thm ("RLTL_USED_VARS_INTER_THM", ``!f t a r v. (RLTL_SEM_TIME t v a r f = RLTL_SEM_TIME t (PATH_RESTRICT v (RLTL_USED_VARS f UNION P_USED_VARS a UNION P_USED_VARS r)) a r f)``, REPEAT STRIP_TAC THEN MATCH_MP_TAC RLTL_USED_VARS_INTER_SUBSET_THM THEN SIMP_TAC std_ss [SUBSET_DEF, IN_UNION]); val RLTL_RESTN_SEM = store_thm ("RLTL_RESTN_SEM", ``!f v a r t1 t2. ((RLTL_SEM_TIME (t1+t2) v a r f) = (RLTL_SEM_TIME t1 (PATH_RESTN v t2) a r f))``, INDUCT_THEN rltl_induct ASSUME_TAC THENL [ REWRITE_TAC[RLTL_SEM_TIME_def, PATH_RESTN_def] THEN METIS_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def] THEN METIS_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def] THEN METIS_TAC[], FULL_SIMP_TAC arith_ss [RLTL_SEM_TIME_def, PATH_RESTN_def] THEN `!t1 t2. SUC (t1 + t2) = SUC t1 + t2` by DECIDE_TAC THEN METIS_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def] THEN REPEAT STRIP_TAC THEN EQ_TAC THEN REPEAT STRIP_TAC THENL [ EXISTS_TAC ``(k:num)-(t2:num)`` THEN REPEAT STRIP_TAC THENL [ DECIDE_TAC, `((k - t2) + t2) = k` by DECIDE_TAC THEN METIS_TAC[], `(t1 + t2 <= j+t2) /\ (j+t2 < k)` by DECIDE_TAC THEN `RLTL_SEM_TIME (j+t2) v a r f` by METIS_TAC[] THEN METIS_TAC[] ], EXISTS_TAC ``(k:num)+(t2:num)`` THEN REPEAT STRIP_TAC THENL [ DECIDE_TAC, METIS_TAC[], `(t1 <= j - t2) /\ (j-t2 < k)` by DECIDE_TAC THEN `RLTL_SEM_TIME (j-t2) (PATH_RESTN v t2) a r f` by METIS_TAC[] THEN `((j - t2) + t2) = j` by DECIDE_TAC THEN METIS_TAC[] ] ], REWRITE_TAC[RLTL_SEM_TIME_def] THEN METIS_TAC[] ]); val RLTL_SEM_TIME___TIME_ELIM = store_thm ("RLTL_SEM_TIME___TIME_ELIM", ``!f v a r t. ((RLTL_SEM_TIME t v a r f) = (RLTL_SEM_TIME 0 (PATH_RESTN v t) a r f))``, `!t. t = 0+t` by DECIDE_TAC THEN METIS_TAC[RLTL_RESTN_SEM]); val RLTL_SEM_TIME___EQUIV_PATH = store_thm ("RLTL_SEM_TIME___EQUIV_PATH", ``!f v1 v2 a r t. (EQUIV_PATH_RESTN t v1 v2) ==> ((RLTL_SEM_TIME t v1 a r f) = (RLTL_SEM_TIME t v2 a r f))``, ONCE_REWRITE_TAC[RLTL_SEM_TIME___TIME_ELIM] THEN PROVE_TAC[EQUIV_PATH_RESTN___PATH_RESTN]); val RLTL_SEM_TIME___ACCEPT_REJECT_EQUIV = store_thm ("RLTL_SEM_TIME___ACCEPT_REJECT_EQUIV", ``!f v a1 a2 r t. (PROP_LOGIC_EQUIVALENT a1 a2) ==> (((RLTL_SEM_TIME t v a1 r f) = (RLTL_SEM_TIME t v a2 r f)) /\ ((RLTL_SEM_TIME t v r a1 f) = (RLTL_SEM_TIME t v r a2 f)))``, REWRITE_TAC[PROP_LOGIC_EQUIVALENT_def] THEN INDUCT_THEN rltl_induct ASSUME_TAC THEN REPEAT GEN_TAC THEN DISCH_TAC THEN RES_TAC THEN ASM_REWRITE_TAC[RLTL_SEM_TIME_def] THEN `(!s. P_SEM s (P_OR (a1,P_AND (p_2,P_NOT r))) = P_SEM s (P_OR (a2,P_AND (p_2,P_NOT r)))) /\ (!s. P_SEM s (P_OR (r,P_AND (p_2,P_NOT a1))) = P_SEM s (P_OR (r,P_AND (p_2,P_NOT a2))))` by ASM_REWRITE_TAC[P_SEM_THM] THEN RES_TAC THEN ASM_REWRITE_TAC[]); val RLTL_SEM_TIME___ACCEPT_REJECT_EQUIV___BOTH = store_thm ("RLTL_SEM_TIME___ACCEPT_REJECT_EQUIV___BOTH", ``!f v a1 a2 r1 r2 t. (PROP_LOGIC_EQUIVALENT a1 a2) ==> (PROP_LOGIC_EQUIVALENT r1 r2) ==> ((RLTL_SEM_TIME t v a1 r1 f) = (RLTL_SEM_TIME t v a2 r2 f))``, PROVE_TAC[RLTL_SEM_TIME___ACCEPT_REJECT_EQUIV]); val RLTL_REJECT_SEM = store_thm ("RLTL_REJECT_SEM", ``!v a r f b t.((RLTL_SEM_TIME t v a r (RLTL_REJECT(f,b))) = RLTL_SEM_TIME t v a (P_OR(r, P_AND(b, P_NOT(a)))) f)``, REWRITE_TAC[RLTL_REJECT_def, RLTL_SEM_TIME_def]); val RLTL_OR_SEM = store_thm ("RLTL_OR_SEM", ``!v a r f1 f2 t.((RLTL_SEM_TIME t v a r (RLTL_OR(f1,f2))) = ((RLTL_SEM_TIME t v a r f1) \/ (RLTL_SEM_TIME t v a r f2)))``, REWRITE_TAC[RLTL_OR_def, RLTL_SEM_TIME_def] THEN SIMP_TAC std_ss []); val RLTL_IMPL_SEM = store_thm ("RLTL_IMPL_SEM", ``!v a r f1 f2 t.((RLTL_SEM_TIME t v a r (RLTL_IMPL(f1,f2))) = ((RLTL_SEM_TIME t v r a f1) ==> (RLTL_SEM_TIME t v a r f2)))``, REWRITE_TAC[RLTL_IMPL_def, RLTL_OR_SEM,RLTL_SEM_TIME_def] THEN METIS_TAC[]); val RLTL_EVENTUAL_SEM = store_thm ("RLTL_EVENTUAL_SEM", ``!v a r f t. ((RLTL_SEM_TIME t v a r (RLTL_EVENTUAL f)) = (?k. (k >= t) /\ (RLTL_SEM_TIME k v a r f) /\ (!j. t <= j /\ j < k ==> P_SEM (v j) a \/ ~P_SEM (v j) r)))``, REWRITE_TAC[RLTL_EVENTUAL_def,RLTL_SEM_TIME_def, P_SEM_def]); val RLTL_ALWAYS_SEM = store_thm ("RLTL_ALWAYS_SEM", ``!v a r f t. (RLTL_SEM_TIME t v a r (RLTL_ALWAYS f)) = (!k. ((k >= t) /\ (!j. (t <= j /\ j < k) ==> (P_SEM (v j) r \/ ~P_SEM (v j) a))) ==> (RLTL_SEM_TIME k v a r f))``, SIMP_TAC std_ss [RLTL_ALWAYS_def, RLTL_EVENTUAL_def,RLTL_SEM_TIME_def, P_SEM_def] THEN PROVE_TAC[]); val RLTL_SEM_THM = LIST_CONJ [RLTL_SEM_def, RLTL_SEM_TIME_def, RLTL_OR_SEM, RLTL_IMPL_SEM, RLTL_ALWAYS_SEM, RLTL_EVENTUAL_SEM]; val _ = save_thm("RLTL_SEM_THM",RLTL_SEM_THM); val RLTL_EQUIV_PATH_STRONG___SYM_PATH = store_thm ("RLTL_EQUIV_PATH_STRONG___SYM_PATH", ``!v1 v2 a r t. RLTL_EQUIV_PATH_STRONG t v1 v2 a r = RLTL_EQUIV_PATH_STRONG t v2 v1 a r``, REWRITE_TAC[RLTL_EQUIV_PATH_STRONG_def] THEN METIS_TAC[]); val RLTL_EQUIV_PATH_STRONG___SYM_ACCEPT_REJECT = store_thm ("RLTL_EQUIV_PATH_STRONG___SYM_ACCEPT_REJECT", ``!v1 v2 a r t. RLTL_EQUIV_PATH_STRONG t v1 v2 a r = RLTL_EQUIV_PATH_STRONG t v1 v2 r a``, REWRITE_TAC[RLTL_EQUIV_PATH_STRONG_def] THEN METIS_TAC[]); val RLTL_EQUIV_PATH___SYM_PATH = store_thm ("RLTL_EQUIV_PATH___SYM_PATH", ``!v1 v2 a r t. RLTL_EQUIV_PATH t v1 v2 a r = RLTL_EQUIV_PATH t v2 v1 a r``, REWRITE_TAC[RLTL_EQUIV_PATH_def] THEN PROVE_TAC[EQUIV_PATH_RESTN_SYM, RLTL_EQUIV_PATH_STRONG___SYM_PATH]); val RLTL_EQUIV_PATH___SYM_ACCEPT_REJECT = store_thm ("RLTL_EQUIV_PATH___SYM_ACCEPT_REJECT", ``!v1 v2 a r t. RLTL_EQUIV_PATH t v1 v2 a r = RLTL_EQUIV_PATH t v1 v2 r a``, REWRITE_TAC[RLTL_EQUIV_PATH_def] THEN PROVE_TAC[RLTL_EQUIV_PATH_STRONG___SYM_ACCEPT_REJECT]); val RLTL_EQUIV_PATH_STRONG___GREATER_IMPL = store_thm ("RLTL_EQUIV_PATH_STRONG___GREATER_IMPL", ``!v1 v2 t t2 a r. (t2 >= t /\ (RLTL_EQUIV_PATH_STRONG t v1 v2 a r) /\ (!j. (t <= j /\ j < t2) ==> ((~(P_SEM (v1 j) a) \/ ~(P_SEM (v2 j) a)) /\ (~(P_SEM (v1 j) r) \/ ~(P_SEM (v2 j) r))))) ==> (RLTL_EQUIV_PATH_STRONG t2 v1 v2 a r)``, REWRITE_TAC [RLTL_EQUIV_PATH_STRONG_def] THEN REPEAT STRIP_TAC THEN ( `~(k < t2)` by PROVE_TAC[GREATER_EQ] THEN EXISTS_TAC ``k:num`` THEN ASM_SIMP_TAC arith_ss [] )); val RLTL_EQUIV_PATH___GREATER_IMPL = store_thm ("RLTL_EQUIV_PATH___GREATER_IMPL", ``!v1 v2 t t2 a r. (t2 >= t /\ (RLTL_EQUIV_PATH t v1 v2 a r) /\ (!j. (t <= j /\ j < t2) ==> ((~(P_SEM (v1 j) a) \/ ~(P_SEM (v2 j) a)) /\ (~(P_SEM (v1 j) r) \/ ~(P_SEM (v2 j) r))))) ==> (RLTL_EQUIV_PATH t2 v1 v2 a r)``, REWRITE_TAC[RLTL_EQUIV_PATH_def] THEN REPEAT STRIP_TAC THENL [ PROVE_TAC[EQUIV_PATH_RESTN___GREATER_IMPL], ASSUME_TAC RLTL_EQUIV_PATH_STRONG___GREATER_IMPL THEN RES_TAC THEN ASM_REWRITE_TAC[] ]); val RLTL_EQUIV_PATH_STRONG___SUC = store_thm ("RLTL_EQUIV_PATH_STRONG___SUC", ``!v1 v2 t a r. ((RLTL_EQUIV_PATH_STRONG t v1 v2 a r) /\ (~(P_SEM (v1 t) a) \/ ~(P_SEM (v2 t) a)) /\ (~(P_SEM (v1 t) r) \/ ~(P_SEM (v2 t) r))) ==> (RLTL_EQUIV_PATH_STRONG (SUC t) v1 v2 a r)``, `!t. SUC t >= t /\ (!j. (t <= j /\ j < SUC t) ==> (j = t))` by DECIDE_TAC THEN METIS_TAC[RLTL_EQUIV_PATH_STRONG___GREATER_IMPL]); val RLTL_EQUIV_PATH___SUC = store_thm ("RLTL_EQUIV_PATH___SUC", ``!v1 v2 t a r. ((RLTL_EQUIV_PATH t v1 v2 a r) /\ (~(P_SEM (v1 t) a) \/ ~(P_SEM (v2 t) a)) /\ (~(P_SEM (v1 t) r) \/ ~(P_SEM (v2 t) r))) ==> (RLTL_EQUIV_PATH (SUC t) v1 v2 a r)``, `!t. SUC t >= t /\ (!j. (t <= j /\ j < SUC t) ==> (j = t))` by DECIDE_TAC THEN METIS_TAC[RLTL_EQUIV_PATH___GREATER_IMPL]); val RLTL_EQUIV_PATH_STRONG___INITIAL = store_thm ("RLTL_EQUIV_PATH_STRONG___INITIAL", ``!v1 v2 t a r. (RLTL_EQUIV_PATH_STRONG t v1 v2 a r) ==> (((P_SEM (v1 t) a) = (P_SEM (v2 t) a)) /\ ((P_SEM (v1 t) r) = (P_SEM (v2 t) r)))``, REWRITE_TAC [RLTL_EQUIV_PATH_STRONG_def] THEN REPEAT GEN_TAC THEN STRIP_TAC THEN ( Cases_on `k = t` THENL [ PROVE_TAC[], `t < k` by DECIDE_TAC THEN PROVE_TAC[LESS_EQ_REFL] ] )); val RLTL_EQUIV_PATH___INITIAL = store_thm ("RLTL_EQUIV_PATH___INITIAL", ``!v1 v2 t a r. (RLTL_EQUIV_PATH t v1 v2 a r) ==> (((P_SEM (v1 t) a) = (P_SEM (v2 t) a)) /\ ((P_SEM (v1 t) r) = (P_SEM (v2 t) r)))``, REWRITE_TAC [RLTL_EQUIV_PATH_def] THEN REPEAT GEN_TAC THEN STRIP_TAC THENL [ FULL_SIMP_TAC std_ss [EQUIV_PATH_RESTN_def], PROVE_TAC[RLTL_EQUIV_PATH_STRONG___INITIAL] ] ); val RLTL_ACCEPT_REJECT_THM = store_thm ("RLTL_ACCEPT_REJECT_THM", ``!f v a r t. (((P_SEM (v t) a) /\ ~(P_SEM (v t) r)) ==> RLTL_SEM_TIME t v a r f) /\ ((~(P_SEM (v t) a) /\ (P_SEM (v t) r)) ==> ~(RLTL_SEM_TIME t v a r f))``, INDUCT_THEN rltl_induct ASSUME_TAC THENL [ REWRITE_TAC[RLTL_SEM_TIME_def] THEN METIS_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def] THEN METIS_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def] THEN METIS_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def] THEN METIS_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def] THEN REPEAT STRIP_TAC THENL [ EXISTS_TAC ``t:num`` THEN ASM_SIMP_TAC arith_ss [], `(t <= t) /\ ((t < k) \/ (t = k))` by DECIDE_TAC THEN METIS_TAC[] ], REWRITE_TAC[RLTL_SEM_TIME_def] THEN METIS_TAC[P_SEM_THM] ]); val RLTL_SEM_TIME___STRANGE_NEGATION_EXAMPLE = store_thm ("RLTL_SEM_TIME___STRANGE_NEGATION_EXAMPLE", ``!v a r p1 p2 t. (P_SEM (v t) a /\ P_SEM (v t) r /\ (!j:num. j > t ==> ( ~(P_SEM (v j) p1) /\ ~(P_SEM (v j) p2) /\ ~(P_SEM (v j) r))) /\ (!j:num. (P_SEM (v j) a = (j <= SUC t)))) ==> ((RLTL_SEM_TIME t v a r (RLTL_SUNTIL(RLTL_PROP p1, RLTL_NOT(RLTL_PROP p2)))) /\ (RLTL_SEM_TIME t v a r (RLTL_NOT(RLTL_SUNTIL(RLTL_PROP p1, RLTL_NOT(RLTL_PROP p2))))))``, REPEAT STRIP_TAC THEN ASM_SIMP_TAC std_ss [RLTL_SEM_THM] THENL [ EXISTS_TAC ``SUC t`` THEN ASM_SIMP_TAC arith_ss [], REPEAT STRIP_TAC THEN Cases_on `k >= t` THEN ASM_REWRITE_TAC[] THEN Cases_on `k <= SUC t` THEN ASM_REWRITE_TAC[] THEN `k > SUC t` by DECIDE_TAC THEN DISJ2_TAC THEN EXISTS_TAC ``SUC t`` THEN ASM_SIMP_TAC arith_ss [] ]); val RLTL_SEM_TIME___ACCEPT_REJECT_IMP_ON_PATH = store_thm ("RLTL_SEM_TIME___ACCEPT_REJECT_IMP_ON_PATH", ``!f t v a1 a2 r. (IMP_ON_PATH_RESTN t v a1 a2) ==> ((RLTL_SEM_TIME t v a1 r f ==> RLTL_SEM_TIME t v a2 r f) /\ (RLTL_SEM_TIME t v r a2 f ==> RLTL_SEM_TIME t v r a1 f))``, INDUCT_THEN rltl_induct ASSUME_TAC THENL [ REWRITE_TAC[RLTL_SEM_TIME_def, IMP_ON_PATH_RESTN_def] THEN METIS_TAC[LESS_EQ_REFL, GREATER_EQ], REWRITE_TAC[RLTL_SEM_TIME_def] THEN METIS_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def] THEN METIS_TAC[], REWRITE_TAC[RLTL_SEM_TIME_def] THEN REPEAT STRIP_TAC THENL [ METIS_TAC[IMP_ON_PATH_RESTN_def, LESS_EQ_REFL, GREATER_EQ], `SUC t >= t` by DECIDE_TAC THEN `IMP_ON_PATH_RESTN (SUC t) v a1 a2` by METIS_TAC[IMP_ON_PATH_RESTN___GREATER_IMPL] THEN METIS_TAC[], ASM_REWRITE_TAC[], `~ P_SEM (v t) a1` by METIS_TAC[IMP_ON_PATH_RESTN_def, LESS_EQ_REFL, GREATER_EQ] THEN `SUC t >= t` by DECIDE_TAC THEN `IMP_ON_PATH_RESTN (SUC t) v a1 a2` by METIS_TAC[IMP_ON_PATH_RESTN___GREATER_IMPL] THEN METIS_TAC[] ], ONCE_REWRITE_TAC[RLTL_SEM_TIME_def, IMP_ON_PATH_RESTN___GREATER_IMPL] THEN REPEAT STRIP_TAC THEN EXISTS_TAC ``k:num`` THEN METIS_TAC[GREATER_EQ], REWRITE_TAC[RLTL_SEM_TIME_def] THEN REPEAT GEN_TAC THEN DISCH_TAC THEN REPEAT STRIP_TAC THENL[ `IMP_ON_PATH_RESTN t v (P_OR (a1,P_AND (p_2,P_NOT r))) (P_OR (a2,P_AND (p_2,P_NOT r)))` by (FULL_SIMP_TAC std_ss [P_SEM_def, P_SEM_THM, IMP_ON_PATH_RESTN_def] THEN METIS_TAC[]) THEN METIS_TAC[], `IMP_ON_PATH_RESTN t v (P_OR (r,P_AND (p_2,P_NOT a2))) (P_OR (r,P_AND (p_2,P_NOT a1)))` by (FULL_SIMP_TAC std_ss [P_SEM_def, P_SEM_THM, IMP_ON_PATH_RESTN_def] THEN METIS_TAC[]) THEN METIS_TAC[] ] ]); val RLTL_SEM_TIME___ACCEPT_REJECT_EQUIV_ON_PATH = store_thm ("RLTL_SEM_TIME___ACCEPT_REJECT_EQUIV_ON_PATH", ``!f t v a1 a2 r. (EQUIV_ON_PATH_RESTN t v a1 a2) ==> ((RLTL_SEM_TIME t v a1 r f = RLTL_SEM_TIME t v a2 r f) /\ (RLTL_SEM_TIME t v r a1 f = RLTL_SEM_TIME t v r a2 f))``, METIS_TAC[EQUIV_ON_PATH_RESTN___IMP_ON_PATH_RESTN, RLTL_SEM_TIME___ACCEPT_REJECT_IMP_ON_PATH]); val RLTL_SEM_TIME___ACCEPT_REJECT_EQUIV_ON_PATH___BOTH = store_thm ("RLTL_SEM_TIME___ACCEPT_REJECT_EQUIV_ON_PATH___BOTH", ``!f t v a1 a2 r1 r2. (EQUIV_ON_PATH_RESTN t v a1 a2) ==> (EQUIV_ON_PATH_RESTN t v r1 r2) ==> (RLTL_SEM_TIME t v a1 r1 f = RLTL_SEM_TIME t v a2 r2 f)``, METIS_TAC[EQUIV_ON_PATH_RESTN___IMP_ON_PATH_RESTN, RLTL_SEM_TIME___ACCEPT_REJECT_IMP_ON_PATH]); val RLTL_SEM_TIME___ACCEPT_REJECT_IMPL_EQUIV = store_thm ("RLTL_SEM_TIME___ACCEPT_REJECT_IMPL_EQUIV", ``!t v r a1 a2. (!f. (RLTL_SEM_TIME t v r a2 f ==> RLTL_SEM_TIME t v r a1 f)) = (!f. (RLTL_SEM_TIME t v a1 r f ==> RLTL_SEM_TIME t v a2 r f))``, METIS_TAC[RLTL_SEM_TIME_def]); val RLTL_EQUIV_PATH_STRONG_THM = store_thm ("RLTL_EQUIV_PATH_STRONG_THM", ``!f t a r v1 v2. (RLTL_EQUIV_PATH_STRONG t v1 v2 a r) ==> (RLTL_SEM_TIME t v1 a r f = RLTL_SEM_TIME t v2 a r f)``, INDUCT_THEN rltl_induct ASSUME_TAC THEN REPEAT STRIP_TAC THENL [ FULL_SIMP_TAC std_ss [RLTL_SEM_TIME_def, RLTL_EQUIV_PATH_STRONG_def] THEN (Cases_on `k = t` THENL [ METIS_TAC[], `t <= t /\ t < k` by DECIDE_TAC THEN METIS_TAC[] ]), ASM_SIMP_TAC std_ss [RLTL_SEM_TIME_def, RLTL_EQUIV_PATH_STRONG___SYM_ACCEPT_REJECT], ASM_SIMP_TAC std_ss [RLTL_SEM_TIME_def] THEN METIS_TAC[], REWRITE_TAC [RLTL_SEM_TIME_def] THEN METIS_TAC [RLTL_EQUIV_PATH_STRONG___SUC, RLTL_EQUIV_PATH_STRONG___INITIAL], REMAINS_TAC `!v1 v2. RLTL_EQUIV_PATH_STRONG t v1 v2 a r /\ RLTL_SEM_TIME t v1 a r (RLTL_SUNTIL (f,f')) ==> RLTL_SEM_TIME t v2 a r (RLTL_SUNTIL (f,f'))` THEN1 ( METIS_TAC[RLTL_EQUIV_PATH_STRONG___SYM_PATH] ) THEN WEAKEN_HD_TAC THEN SIMP_TAC arith_ss [RLTL_EQUIV_PATH_STRONG_def, RLTL_SEM_TIME_def] THEN REPEAT STRIP_TAC THEN ( `?l. MIN k k' = l` by METIS_TAC[] THEN SUBGOAL_TAC `l <= k /\ l <= k' /\ l >= t` THEN1 ( REWRITE_TAC[GSYM (ASSUME ``MIN k k' = l``), MIN_DEF] THEN Cases_on `k < k'` THEN ASM_REWRITE_TAC[] THEN DECIDE_TAC ) THEN SUBGOAL_TAC `!j. (t <= j /\ j <= l) ==> (RLTL_EQUIV_PATH_STRONG j v1 v2 a r)` THEN1 ( REWRITE_TAC[RLTL_EQUIV_PATH_STRONG_def] THEN REPEAT STRIP_TAC THEN `k >= j /\ !j':num. (j <= j') ==> (t <= j')` by DECIDE_TAC THEN EXISTS_TAC ``k:num`` THEN METIS_TAC[] ) THEN EXISTS_TAC ``l:num`` THEN `l >= t` by DECIDE_TAC THEN ASM_REWRITE_TAC [] THEN REPEAT STRIP_TAC ) THENL [ `(l = k) \/ (l = k')` by METIS_TAC[MIN_DEF] THENL [ METIS_TAC[RLTL_ACCEPT_REJECT_THM], METIS_TAC[GREATER_EQ, LESS_EQ_REFL] ], `t <= j /\ j < k' /\ j <= l` by DECIDE_TAC THEN METIS_TAC[], `(k < k') \/ (l = k')` by METIS_TAC[MIN_DEF] THENL [ METIS_TAC[RLTL_ACCEPT_REJECT_THM, GREATER_EQ], METIS_TAC[GREATER_EQ, LESS_EQ_REFL] ], `t <= j /\ j < k' /\ j <= l` by DECIDE_TAC THEN METIS_TAC[] ], SIMP_TAC std_ss [RLTL_SEM_TIME_def] THEN SUBGOAL_TAC `RLTL_EQUIV_PATH_STRONG t v1 v2 (P_OR (a,P_AND (p_2,P_NOT r))) r` THEN1 ( REWRITE_ALL_TAC[RLTL_EQUIV_PATH_STRONG_def, P_SEM_THM] THEN EXISTS_TAC ``k:num`` THEN ASM_REWRITE_TAC[] ) THEN METIS_TAC[] ]); val RLTL_EQUIV_PATH_THM = store_thm ("RLTL_EQUIV_PATH_THM", ``!f t a r v1 v2. (RLTL_EQUIV_PATH t v1 v2 a r) ==> (RLTL_SEM_TIME t v1 a r f = RLTL_SEM_TIME t v2 a r f)``, METIS_TAC[RLTL_EQUIV_PATH_def, RLTL_SEM_TIME___EQUIV_PATH, RLTL_EQUIV_PATH_STRONG_THM]); val RLTL_SEM_TIME___ACCEPT_BEFORE_ON_PATH = store_thm ("RLTL_SEM_TIME___ACCEPT_BEFORE_ON_PATH", ``!t v a1 a2 r f. (NAND_ON_PATH_RESTN t v a1 r /\ BEFORE_ON_PATH_RESTN t v a1 a2) ==> ((RLTL_SEM_TIME t v a2 r f ==> RLTL_SEM_TIME t v a1 r f))``, REPEAT GEN_TAC THEN REPEAT DISCH_TAC THEN CLEAN_ASSUMPTIONS_TAC THEN Cases_on `NOT_ON_PATH_RESTN t v a2` THENL [ `IMP_ON_PATH_RESTN t v a2 a1` by (REWRITE_ALL_TAC [IMP_ON_PATH_RESTN_def, NOT_ON_PATH_RESTN_def, GREATER_EQ] THEN METIS_TAC[]) THEN METIS_TAC[RLTL_SEM_TIME___ACCEPT_REJECT_IMP_ON_PATH], SUBGOAL_TAC `?u. (t <= u /\ P_SEM (v u) a1) /\ (!u'. (t <= u' /\ u' < u) ==> (~P_SEM (v u') a1) /\ ~P_SEM (v u') a2)` THEN1 ( SIMP_ALL_TAC std_ss [NOT_ON_PATH_RESTN_def] THEN SUBGOAL_TAC `?k. (P_SEM (v k) a2 /\ t <= k) /\ !k'. (t <= k' /\ k' < k) ==> ~(P_SEM (v k') a2)` THEN1 ( ASSUME_TAC (EXISTS_LEAST_CONV ``?k. (P_SEM (v k) a2) /\ t <= k``) THEN METIS_TAC[] ) THEN REWRITE_ALL_TAC [BEFORE_ON_PATH_RESTN_def] THEN `?k'. t <= k' /\ k' <= k /\ P_SEM (v k') a1` by METIS_TAC[] THEN SUBGOAL_TAC `?u. (P_SEM (v u) a1 /\ t <= u) /\ !l'. (t <= l' /\ l' < u) ==> ~(P_SEM (v l') a1)` THEN1 ( ASSUME_TAC (EXISTS_LEAST_CONV ``?u. (P_SEM (v u) a1) /\ t <= u``) THEN METIS_TAC[] ) THEN EXISTS_TAC ``u:num`` THEN ASM_REWRITE_TAC[] THEN `~(k' < u)` by METIS_TAC[] THEN `!u'. u' < u ==> u' < k` by DECIDE_TAC THEN METIS_TAC[] ) THEN `~P_SEM (v u) r` by (SIMP_ALL_TAC arith_ss [NAND_ON_PATH_RESTN_def] THEN METIS_TAC[GREATER_EQ, LESS_EQ_REFL]) THEN Cases_on `t = u` THEN1 (METIS_TAC[RLTL_ACCEPT_REJECT_THM]) THEN `t < u` by DECIDE_TAC THEN `?w. (\n. if (u < n) then (v t) else v n) = w` by METIS_TAC[] THEN SUBGOAL_TAC `RLTL_SEM_TIME t v (P_OR(a1, a2)) r f` THEN1 ( SUBGOAL_TAC `IMP_ON_PATH_RESTN t v a2 (P_OR (a1,a2))` THEN1 ( SIMP_TAC std_ss [IMP_ON_PATH_RESTN_def, P_SEM_THM] ) THEN METIS_TAC[RLTL_SEM_TIME___ACCEPT_REJECT_IMP_ON_PATH] ) THEN SUBGOAL_TAC `(RLTL_EQUIV_PATH_STRONG t v w a1 r) /\ (RLTL_EQUIV_PATH_STRONG t v w (P_OR(a1, a2)) r)` THEN1 ( REWRITE_TAC[RLTL_EQUIV_PATH_STRONG_def, GREATER_EQ, P_SEM_THM] THEN REPEAT STRIP_TAC THEN EXISTS_TAC ``u:num`` THEN `w u = v u` by METIS_TAC[] THEN ASM_REWRITE_TAC[] THEN REPEAT STRIP_TAC THEN `~(u < l)` by DECIDE_TAC THEN METIS_TAC[] ) THEN SUBGOAL_TAC `IMP_ON_PATH_RESTN t w (P_OR(a1,a2)) a1` THEN1 ( REWRITE_TAC [IMP_ON_PATH_RESTN_def, GREATER_EQ, P_SEM_THM] THEN REPEAT STRIP_TAC THEN Cases_on `u < t'` THENL [ `w t' = v t` by METIS_TAC[] THEN METIS_TAC[LESS_EQ_REFL], `w t' = v t'` by METIS_TAC[] THEN Cases_on `t' = u` THENL [ METIS_TAC[], `t' < u` by DECIDE_TAC THEN METIS_TAC[] ] ]) THEN PROVE_TAC[RLTL_EQUIV_PATH_STRONG_THM, RLTL_SEM_TIME___ACCEPT_REJECT_IMP_ON_PATH] ]); val RLTL_SEM_TIME___REJECT_BEFORE_ON_PATH = store_thm ("RLTL_SEM_TIME___REJECT_BEFORE_ON_PATH", ``!t v a1 a2 r f. (NAND_ON_PATH_RESTN t v a1 r /\ BEFORE_ON_PATH_RESTN t v a1 a2) ==> ((RLTL_SEM_TIME t v r a1 f ==> RLTL_SEM_TIME t v r a2 f))``, REPEAT GEN_TAC THEN DISCH_TAC THEN `!f. RLTL_SEM_TIME t v a2 r f ==> RLTL_SEM_TIME t v a1 r f` by PROVE_TAC[RLTL_SEM_TIME___ACCEPT_BEFORE_ON_PATH] THEN PROVE_TAC[RLTL_SEM_TIME___ACCEPT_REJECT_IMPL_EQUIV]); val RLTL_SEM_TIME___ACCEPT_OR_THM = store_thm ("RLTL_SEM_TIME___ACCEPT_OR_THM", ``!t v a1 a2 r f. (NAND_ON_PATH_RESTN t v a1 r /\ NAND_ON_PATH_RESTN t v a2 r) ==> ((RLTL_SEM_TIME t v (P_OR (a1, a2)) r f = (RLTL_SEM_TIME t v a1 r f \/ RLTL_SEM_TIME t v a2 r f)))``, REPEAT STRIP_TAC THEN EQ_TAC THENL [ DISJ_CASES_TAC (SPECL [``v:num->'a set``, ``t:num``, ``a1:'a prop_logic``, ``a2:'a prop_logic``] BEFORE_ON_PATH_CASES) THENL [ SUBGOAL_TAC `BEFORE_ON_PATH_RESTN t v a1 (P_OR (a1,a2))` THEN1 ( REWRITE_ALL_TAC [BEFORE_ON_PATH_RESTN_def, P_SEM_THM] THEN PROVE_TAC[LESS_EQ_REFL] ) THEN PROVE_TAC[RLTL_SEM_TIME___ACCEPT_BEFORE_ON_PATH], SUBGOAL_TAC `BEFORE_ON_PATH_RESTN t v a2 (P_OR (a1,a2))` THEN1 ( REWRITE_ALL_TAC [BEFORE_ON_PATH_RESTN_def, P_SEM_THM] THEN PROVE_TAC[LESS_EQ_REFL] ) THEN PROVE_TAC[RLTL_SEM_TIME___ACCEPT_BEFORE_ON_PATH] ], REPEAT STRIP_TAC THENL [ `IMP_ON_PATH_RESTN t v a1 (P_OR(a1, a2))` by PROVE_TAC[IMP_ON_PATH_RESTN_def, P_SEM_THM, LESS_EQ_REFL], `IMP_ON_PATH_RESTN t v a2 (P_OR(a1, a2))` by PROVE_TAC[IMP_ON_PATH_RESTN_def, P_SEM_THM, LESS_EQ_REFL] ] THEN PROVE_TAC[RLTL_SEM_TIME___ACCEPT_REJECT_IMP_ON_PATH] ]); val RLTL_SEM_TIME___REJECT_OR_THM = store_thm ("RLTL_SEM_TIME___REJECT_OR_THM", ``!t v a r1 r2 f. (NAND_ON_PATH_RESTN t v r1 a /\ NAND_ON_PATH_RESTN t v r2 a) ==> ((RLTL_SEM_TIME t v a (P_OR (r1, r2)) f = (RLTL_SEM_TIME t v a r1 f /\ RLTL_SEM_TIME t v a r2 f)))``, REPEAT STRIP_TAC THEN `RLTL_SEM_TIME t v a (P_OR (r1,r2)) f = ~(RLTL_SEM_TIME t v (P_OR (r1,r2)) a (RLTL_NOT f))` by REWRITE_TAC[RLTL_SEM_TIME_def] THEN ASM_REWRITE_TAC[] THEN `(RLTL_SEM_TIME t v (P_OR (r1,r2)) a (RLTL_NOT f)) = (RLTL_SEM_TIME t v r1 a (RLTL_NOT f) \/ RLTL_SEM_TIME t v r2 a (RLTL_NOT f))` by METIS_TAC[RLTL_SEM_TIME___ACCEPT_OR_THM] THEN ASM_REWRITE_TAC[RLTL_SEM_TIME_def] THEN PROVE_TAC[]); val RLTL_SEM_TIME___ACCEPT_REJECT_IS_ON_PATH = store_thm ("RLTL_SEM_TIME___ACCEPT_REJECT_IS_ON_PATH", ``!v t a b r f. ((RLTL_SEM_TIME t v a r f /\ ~RLTL_SEM_TIME t v b r f) \/ (RLTL_SEM_TIME t v r b f /\ ~RLTL_SEM_TIME t v r a f)) ==> IS_ON_PATH_RESTN t v a``, REPEAT STRIP_TAC THEN CCONTR_TAC THEN `IMP_ON_PATH_RESTN t v a b` by PROVE_TAC[IS_ON_PATH_RESTN_def, NOT_ON_PATH___IMP_ON_PATH] THEN PROVE_TAC [RLTL_SEM_TIME___ACCEPT_REJECT_IMP_ON_PATH]); val RLTL_SEM_TIME___ACCEPT_REJECT_BEFORE_ON_PATH_STRONG = store_thm ("RLTL_SEM_TIME___ACCEPT_REJECT_BEFORE_ON_PATH_STRONG", ``!v t a1 a2 r f. (NAND_ON_PATH_RESTN t v a2 r /\ ((RLTL_SEM_TIME t v a1 r f /\ ~RLTL_SEM_TIME t v a2 r f) \/ (~RLTL_SEM_TIME t v r a1 f /\ RLTL_SEM_TIME t v r a2 f))) ==> BEFORE_ON_PATH_RESTN_STRONG t v a1 a2``, REPEAT STRIP_TAC THEN CCONTR_TAC THEN `BEFORE_ON_PATH_RESTN t v a2 a1` by METIS_TAC[BEFORE_ON_PATH_RESTN___NEGATION_IMPL] THENL [ METIS_TAC[RLTL_SEM_TIME___ACCEPT_BEFORE_ON_PATH], METIS_TAC[RLTL_SEM_TIME___REJECT_BEFORE_ON_PATH] ]); val RLTL_WEAK_UNTIL___ALTERNATIVE_DEF = store_thm ("RLTL_WEAK_UNTIL___ALTERNATIVE_DEF", ``!v a r t f1 f2. (RLTL_SEM_TIME t v a r (RLTL_UNTIL(f1,f2)) = RLTL_SEM_TIME t v a r (RLTL_NOT (RLTL_SUNTIL(RLTL_NOT f2, RLTL_AND(RLTL_NOT f1, RLTL_NOT f2)))))``, SIMP_TAC std_ss [RLTL_UNTIL_def, RLTL_SEM_THM] THEN REPEAT STRIP_TAC THEN EQ_TAC THEN REPEAT STRIP_TAC THENL [ Cases_on `k < k'` THENL [ `t <= k` by DECIDE_TAC THEN METIS_TAC[], Cases_on `~(k' >= t)` THEN1 ASM_REWRITE_TAC[] THEN Cases_on `k' = k` THEN1 ASM_REWRITE_TAC[] THEN `t <= k' /\ k' < k` by DECIDE_TAC THEN METIS_TAC[] ], Cases_on `(!j. t <= j /\ j < k ==> P_SEM (v j) r \/ ~P_SEM (v j) a)` THENL [ PROVE_TAC[], PROVE_TAC[RLTL_ACCEPT_REJECT_THM] ], Cases_on `!k. k >= t ==> RLTL_SEM_TIME k v a r f1` THENL [ PROVE_TAC[], DISJ1_TAC THEN SIMP_ASSUMPTIONS_TAC std_ss [] THEN SUBGOAL_TAC `?k. (k >= (t:num) /\ ~RLTL_SEM_TIME k v a r f1) /\ !k'. k' < k ==> ~(k' >= t /\ ~RLTL_SEM_TIME k' v a r f1)` THEN1 ( ASSUME_TAC (EXISTS_LEAST_CONV ``?k. k >= (t:num) /\ ~RLTL_SEM_TIME k (v:num -> 'a set) a r f1``) THEN RES_TAC THEN PROVE_TAC[] ) THEN SUBGOAL_TAC `?l:num. l >= (t:num) /\ l <= (k':num) /\ RLTL_SEM_TIME l v a r f2` THEN1 ( Cases_on `RLTL_SEM_TIME k' v a r f2` THENL [ EXISTS_TAC ``k':num`` THEN ASM_SIMP_TAC arith_ss [], `?j. t <= j /\ j < k' /\ RLTL_SEM_TIME j v a r f2` by METIS_TAC[] THEN EXISTS_TAC ``j:num`` THEN ASM_SIMP_TAC arith_ss [] ] ) THEN EXISTS_TAC ``l:num`` THEN ASM_SIMP_TAC arith_ss [] THEN REPEAT STRIP_TAC THEN `j < k' /\ j >= t` by DECIDE_TAC THEN PROVE_TAC[] ] ]); val RLTL_NEGATION_NORMAL_FORM = store_thm ("RLTL_NEGATION_NORMAL_FORM", ``!v t a r f f1 f2 b p. (~(P_SEM (v t) a /\ P_SEM (v t) r) ==> ((RLTL_SEM_TIME t v a r (RLTL_NOT(RLTL_PROP p)) = RLTL_SEM_TIME t v a r (RLTL_PROP (P_NOT p))) /\ (RLTL_SEM_TIME t v a r (RLTL_NOT(RLTL_NEXT f)) = RLTL_SEM_TIME t v a r (RLTL_NEXT(RLTL_NOT f))))) /\ (RLTL_SEM_TIME t v a r (RLTL_NOT(RLTL_NOT f)) = RLTL_SEM_TIME t v a r f) /\ (RLTL_SEM_TIME t v a r (RLTL_NOT(RLTL_AND(f1, f2))) = RLTL_SEM_TIME t v a r (RLTL_OR (RLTL_NOT f1, RLTL_NOT f2))) /\ (RLTL_SEM_TIME t v a r (RLTL_NOT(RLTL_SUNTIL(f1,f2))) = RLTL_SEM_TIME t v a r (RLTL_BEFORE(RLTL_NOT f1, f2))) /\ (RLTL_SEM_TIME t v a r (RLTL_NOT(RLTL_ACCEPT(f,b))) = RLTL_SEM_TIME t v a r (RLTL_REJECT (RLTL_NOT f, b)))``, SIMP_TAC std_ss [RLTL_BEFORE_def, RLTL_SEM_TIME_def, P_SEM_def, RLTL_OR_def, RLTL_REJECT_def] THEN PROVE_TAC[]); val IS_RLTL_RELATIONS = store_thm ("IS_RLTL_RELATIONS", ``!f. ((IS_RLTL_F f = IS_RLTL_G (RLTL_NOT f)) /\ (IS_RLTL_G f = IS_RLTL_F (RLTL_NOT f)) /\ (IS_RLTL_FG f = IS_RLTL_GF (RLTL_NOT f)) /\ (IS_RLTL_GF f = IS_RLTL_FG (RLTL_NOT f)) /\ (IS_RLTL_F f ==> IS_RLTL_FG f) /\ (IS_RLTL_G f ==> IS_RLTL_GF f) /\ (IS_RLTL_G f ==> IS_RLTL_FG f) /\ (IS_RLTL_F f ==> IS_RLTL_GF f) /\ (IS_RLTL_PREFIX f ==> (IS_RLTL_FG f /\ IS_RLTL_GF f)))``, INDUCT_THEN rltl_induct ASSUME_TAC THEN REWRITE_TAC[IS_RLTL_G_def, IS_RLTL_PREFIX_def, IS_RLTL_GF_def] THEN METIS_TAC[] ); val RLTL_VAR_RENAMING_def= Define `(RLTL_VAR_RENAMING f (RLTL_PROP p) = RLTL_PROP (P_VAR_RENAMING f p)) /\ (RLTL_VAR_RENAMING f (RLTL_NOT r) = RLTL_NOT (RLTL_VAR_RENAMING f r)) /\ (RLTL_VAR_RENAMING f (RLTL_AND (r1,r2)) = RLTL_AND(RLTL_VAR_RENAMING f r1, RLTL_VAR_RENAMING f r2)) /\ (RLTL_VAR_RENAMING f (RLTL_NEXT r) = RLTL_NEXT (RLTL_VAR_RENAMING f r)) /\ (RLTL_VAR_RENAMING f (RLTL_SUNTIL(r1,r2)) = RLTL_SUNTIL(RLTL_VAR_RENAMING f r1, RLTL_VAR_RENAMING f r2)) /\ (RLTL_VAR_RENAMING f (RLTL_ACCEPT (r, p)) = RLTL_ACCEPT(RLTL_VAR_RENAMING f r, P_VAR_RENAMING f p))`; val RLTL_SEM_TIME___VAR_RENAMING = store_thm ("RLTL_SEM_TIME___VAR_RENAMING", ``!f' t v a r f. (INJ f (PATH_USED_VARS v UNION RLTL_USED_VARS f' UNION P_USED_VARS a UNION P_USED_VARS r) UNIV) ==> ((RLTL_SEM_TIME t v a r f') = (RLTL_SEM_TIME t (PATH_VAR_RENAMING f v) (P_VAR_RENAMING f a) (P_VAR_RENAMING f r) (RLTL_VAR_RENAMING f f')))``, INDUCT_THEN rltl_induct ASSUME_TAC THENL [ SIMP_TAC std_ss [RLTL_SEM_TIME_def, RLTL_VAR_RENAMING_def, PATH_VAR_RENAMING_def, PATH_MAP_def] THEN REPEAT STRIP_TAC THEN REMAINS_TAC `INJ f ((v t) UNION P_USED_VARS a) UNIV /\ INJ f ((v t) UNION P_USED_VARS p) UNIV /\ INJ f ((v t) UNION P_USED_VARS r) UNIV` THEN1 ( ASM_SIMP_TAC std_ss [GSYM P_SEM___VAR_RENAMING] ) THEN STRIP_TAC THEN REPEAT STRIP_TAC THEN UNDISCH_HD_TAC THEN MATCH_MP_TAC INJ_SUBSET_DOMAIN THEN REWRITE_TAC [SUBSET_DEF, IN_UNION, RLTL_USED_VARS_def, GSYM PATH_USED_VARS_THM] THEN PROVE_TAC[], SIMP_TAC std_ss [RLTL_SEM_TIME_def, RLTL_USED_VARS_def, RLTL_VAR_RENAMING_def] THEN REPEAT STRIP_TAC THEN POP_NO_ASSUM 1 MATCH_MP_TAC THEN PROVE_TAC[UNION_COMM, UNION_ASSOC], SIMP_TAC std_ss [RLTL_SEM_TIME_def, RLTL_USED_VARS_def, RLTL_VAR_RENAMING_def] THEN REPEAT STRIP_TAC THEN REMAINS_TAC `INJ f (PATH_USED_VARS v UNION RLTL_USED_VARS f'' UNION P_USED_VARS a UNION P_USED_VARS r) UNIV /\ INJ f (PATH_USED_VARS v UNION RLTL_USED_VARS f' UNION P_USED_VARS a UNION P_USED_VARS r) UNIV` THEN1 ( RES_TAC THEN ASM_REWRITE_TAC[] ) THEN NTAC 2 (WEAKEN_NO_TAC 1) THEN STRIP_TAC THEN UNDISCH_HD_TAC THEN MATCH_MP_TAC INJ_SUBSET_DOMAIN THEN SIMP_TAC std_ss [SUBSET_DEF, IN_UNION] THEN PROVE_TAC[], SIMP_TAC std_ss [RLTL_SEM_TIME_def, RLTL_USED_VARS_def, RLTL_VAR_RENAMING_def] THEN REPEAT STRIP_TAC THEN Q_SPECL_NO_ASSUM 1 [`SUC t`, `v`, `a`, `r`, `f`] THEN UNDISCH_HD_TAC THEN ASM_REWRITE_TAC[] THEN STRIP_TAC THEN ASM_REWRITE_TAC[] THEN WEAKEN_HD_TAC THEN REMAINS_TAC `INJ f ((v t) UNION P_USED_VARS a) UNIV /\ INJ f ((v t) UNION P_USED_VARS r) UNIV` THEN1 ( ASM_SIMP_TAC std_ss [GSYM P_SEM___VAR_RENAMING, PATH_VAR_RENAMING_def, PATH_MAP_def] ) THEN STRIP_TAC THEN UNDISCH_HD_TAC THEN MATCH_MP_TAC INJ_SUBSET_DOMAIN THEN SIMP_TAC std_ss [SUBSET_DEF, IN_UNION, GSYM PATH_USED_VARS_THM] THEN PROVE_TAC[], SIMP_TAC std_ss [RLTL_SEM_TIME_def, RLTL_USED_VARS_def, RLTL_VAR_RENAMING_def] THEN REPEAT STRIP_TAC THEN REMAINS_TAC `INJ f (PATH_USED_VARS v UNION RLTL_USED_VARS f'' UNION P_USED_VARS a UNION P_USED_VARS r) UNIV /\ INJ f (PATH_USED_VARS v UNION RLTL_USED_VARS f' UNION P_USED_VARS a UNION P_USED_VARS r) UNIV` THEN1 ( RES_TAC THEN ASM_REWRITE_TAC[] ) THEN NTAC 2 (WEAKEN_NO_TAC 1) THEN STRIP_TAC THEN UNDISCH_HD_TAC THEN MATCH_MP_TAC INJ_SUBSET_DOMAIN THEN SIMP_TAC std_ss [SUBSET_DEF, IN_UNION] THEN PROVE_TAC[], SIMP_TAC std_ss [RLTL_SEM_TIME_def, RLTL_USED_VARS_def, RLTL_VAR_RENAMING_def, GSYM P_VAR_RENAMING_def, P_OR_def] THEN REPEAT STRIP_TAC THEN REMAINS_TAC `INJ f (PATH_USED_VARS v UNION RLTL_USED_VARS f' UNION P_USED_VARS (P_NOT (P_AND (P_NOT a,P_NOT (P_AND (p_2,P_NOT r))))) UNION P_USED_VARS r) UNIV` THEN1 ( RES_TAC THEN ASM_REWRITE_TAC[] ) THEN UNDISCH_HD_TAC THEN MATCH_MP_TAC INJ_SUBSET_DOMAIN THEN SIMP_TAC std_ss [SUBSET_DEF, IN_UNION, P_USED_VARS_def] THEN PROVE_TAC[] ]); val RLTL_SEM_TIME___VAR_RENAMING___PATH_RESTRICT = store_thm ("RLTL_SEM_TIME___VAR_RENAMING___PATH_RESTRICT", ``!f' t v a r f. (INJ f (RLTL_USED_VARS f' UNION P_USED_VARS a UNION P_USED_VARS r) UNIV) ==> ((RLTL_SEM_TIME t v a r f') = (RLTL_SEM_TIME t (PATH_VAR_RENAMING f (PATH_RESTRICT v (RLTL_USED_VARS f' UNION P_USED_VARS a UNION P_USED_VARS r))) (P_VAR_RENAMING f a) (P_VAR_RENAMING f r) (RLTL_VAR_RENAMING f f')))``, REPEAT STRIP_TAC THEN CONV_TAC (LHS_CONV (ONCE_REWRITE_CONV [RLTL_USED_VARS_INTER_THM])) THEN MATCH_MP_TAC RLTL_SEM_TIME___VAR_RENAMING THEN UNDISCH_HD_TAC THEN MATCH_MP_TAC INJ_SUBSET_DOMAIN THEN SIMP_TAC std_ss [SUBSET_DEF, IN_UNION, GSYM PATH_USED_VARS_THM, PATH_RESTRICT_def, PATH_MAP_def, IN_INTER] THEN PROVE_TAC[]); val RLTL_SEM___VAR_RENAMING___PATH_RESTRICT = store_thm ("RLTL_SEM___VAR_RENAMING___PATH_RESTRICT", ``!f' v f. (INJ f (RLTL_USED_VARS f') UNIV) ==> ((RLTL_SEM v f') = (RLTL_SEM (PATH_VAR_RENAMING f (PATH_RESTRICT v (RLTL_USED_VARS f'))) (RLTL_VAR_RENAMING f f')))``, REPEAT STRIP_TAC THEN REWRITE_TAC[RLTL_SEM_def] THEN SUBGOAL_TAC `P_FALSE = P_VAR_RENAMING f P_FALSE` THEN1 ( SIMP_TAC std_ss [P_FALSE_def, P_VAR_RENAMING_def] ) THEN ASM_REWRITE_TAC[] THEN ASSUME_TAC RLTL_SEM_TIME___VAR_RENAMING___PATH_RESTRICT THEN Q_SPECL_NO_ASSUM 0 [`f'`, `0:num`, `v`, `P_FALSE`, `P_FALSE`, `f`] THEN UNDISCH_HD_TAC THEN ASM_SIMP_TAC std_ss [P_USED_VARS_EVAL, UNION_EMPTY]); val _ = export_theory();