Theory Weakening
theory Weakening
imports Weak_Bisimulation
begin
locale weak = env +
assumes weaken: "Ψ ↪ Ψ ⊗ Ψ'"
begin
lemma entWeaken:
fixes Ψ :: 'b
and φ :: 'c
assumes "Ψ ⊢ φ"
shows "Ψ ⊗ Ψ' ⊢ φ"
using assms weaken
by(auto simp add: AssertionStatImp_def)
lemma assertWeaken:
fixes Ψ :: 'b
and Ψ' :: 'b
shows "Ψ ↪ Ψ ⊗ Ψ'"
by(auto simp add: AssertionStatImp_def entWeaken)
lemma frameWeaken:
fixes F :: "'b frame"
and G :: "'b frame"
shows "F ↪⇩F F ⊗⇩F G"
proof -
obtain A⇩F Ψ⇩F where FrF: "F = ⟨A⇩F, Ψ⇩F⟩" and "A⇩F ♯* F" and "A⇩F ♯* G"
by(rule_tac F=F and C="(F, G)" in freshFrame) auto
obtain A⇩G Ψ⇩G where FrG: "G = ⟨A⇩G, Ψ⇩G⟩" and "A⇩G ♯* F" and "A⇩G ♯* G" and "A⇩G ♯* A⇩F" and "A⇩G ♯* Ψ⇩F"
by(rule_tac F=G and C="(F, G, A⇩F, Ψ⇩F)" in freshFrame) auto
from FrG ‹A⇩F ♯* G› ‹A⇩G ♯* A⇩F› have "A⇩F ♯* Ψ⇩G" by auto
have "Ψ⇩F ↪ Ψ⇩F ⊗ Ψ⇩G" by(rule weaken)
hence "⟨A⇩G, Ψ⇩F⟩ ↪⇩F ⟨A⇩G, Ψ⇩F ⊗ Ψ⇩G⟩" by(rule_tac frameImpResChainPres) auto
with ‹A⇩G ♯* Ψ⇩F› have "⟨ε, Ψ⇩F⟩ ↪⇩F ⟨A⇩G, Ψ⇩F ⊗ Ψ⇩G⟩" using frameResFreshChain
by(rule_tac FrameStatImpTrans) (auto simp add: FrameStatEq_def)
with FrF FrG ‹A⇩G ♯* A⇩F› ‹A⇩G ♯* Ψ⇩F› ‹A⇩F ♯* Ψ⇩G› show ?thesis
by(force simp add: frameChainAppend intro: frameImpResChainPres)
qed
lemma unitAssertWeaken:
fixes Ψ :: 'b
shows "𝟭 ↪ Ψ"
proof -
have "𝟭 ↪ 𝟭 ⊗ Ψ" by(rule assertWeaken)
moreover have "𝟭 ⊗ Ψ ↪ Ψ" by(metis Identity AssertionStatEq_def Commutativity AssertionStatEqTrans)
ultimately show ?thesis by(rule AssertionStatImpTrans)
qed
lemma unitFrameWeaken:
fixes F :: "'b frame"
shows "⟨ε, 𝟭⟩ ↪⇩F F"
proof -
have "⟨ε, 𝟭⟩ ↪⇩F ((⟨ε, 𝟭⟩) ⊗⇩F F)" by(rule frameWeaken)
moreover obtain A⇩F Ψ⇩F where FrF: "F = ⟨A⇩F, Ψ⇩F⟩"
by(rule_tac F=F and C="()" in freshFrame) auto
hence "(⟨ε, 𝟭⟩) ⊗⇩F F ≃⇩F F"
by simp (metis frameIntIdentity frameIntCommutativity FrameStatEqTrans FrameStatEqSym)
ultimately show ?thesis by(metis FrameStatImpTrans FrameStatEq_def)
qed
lemma insertAssertionWeaken:
fixes F :: "'b frame"
and Ψ :: 'b
shows "⟨ε, Ψ⟩ ↪⇩F insertAssertion F Ψ"
proof -
have "⟨ε, Ψ⟩ ↪⇩F (⟨ε, Ψ⟩) ⊗⇩F F" by(rule frameWeaken)
thus ?thesis by simp
qed
lemma frameImpStatEq:
fixes A⇩F :: "name list"
and Ψ :: 'b
and Ψ' :: 'b
and φ :: 'c
assumes "(⟨A⇩F, Ψ⟩) ⊢⇩F φ"
and "Ψ ≃ Ψ'"
shows "(⟨A⇩F, Ψ'⟩) ⊢⇩F φ"
proof -
obtain p::"name prm" where "(p ∙ A⇩F) ♯* φ" and "(p ∙ A⇩F) ♯* Ψ" and "(p ∙ A⇩F) ♯* Ψ'"
and "distinctPerm p" and S: "set p ⊆ set A⇩F × set(p ∙ A⇩F)"
by(rule_tac c="(φ, Ψ, Ψ')" in name_list_avoiding) auto
from ‹(⟨A⇩F, Ψ⟩) ⊢⇩F φ› ‹(p ∙ A⇩F) ♯* Ψ› S have "(⟨(p ∙ A⇩F), p ∙ Ψ⟩) ⊢⇩F φ" by(simp add: frameChainAlpha)
hence "(p ∙ Ψ) ⊢ φ" using ‹(p ∙ A⇩F) ♯* φ› by(rule frameImpE)
moreover from ‹Ψ ≃ Ψ'› have "(p ∙ Ψ) ≃ (p ∙ Ψ')" by(rule AssertionStatEqClosed)
ultimately have "(p ∙ Ψ') ⊢ φ" by(simp add: AssertionStatEq_def AssertionStatImp_def)
hence "(⟨(p ∙ A⇩F), p ∙ Ψ'⟩) ⊢⇩F φ" using ‹(p ∙ A⇩F) ♯* φ›
by(rule_tac frameImpI) auto
with ‹(p ∙ A⇩F) ♯* Ψ'› S show ?thesis by(simp add: frameChainAlpha)
qed
lemma statImpTauDerivative:
fixes Ψ :: 'b
and P :: "('a, 'b, 'c) psi"
and P' :: "('a, 'b, 'c) psi"
assumes "Ψ ⊳ P ⟼τ ≺ P'"
shows "insertAssertion (extractFrame P) Ψ ↪⇩F insertAssertion (extractFrame P') Ψ"
proof(auto simp add: FrameStatImp_def)
fix φ :: 'c
obtain A⇩P Ψ⇩P where FrP: "extractFrame P = ⟨A⇩P, Ψ⇩P⟩" and "A⇩P ♯* P" and "A⇩P ♯* φ" and "A⇩P ♯* Ψ" and "distinct A⇩P"
by(rule_tac C="(P, φ, Ψ)" in freshFrame) auto
with ‹Ψ ⊳ P ⟼τ ≺ P'› obtain Ψ' A⇩P' Ψ⇩P' where FrP': "extractFrame P' = ⟨A⇩P', Ψ⇩P'⟩" and "Ψ⇩P ⊗ Ψ' ≃ Ψ⇩P'"
and "A⇩P' ♯* P'" and "A⇩P' ♯* φ" and "A⇩P' ♯* Ψ"
by(rule_tac C="(Ψ, φ)" in expandTauFrame) auto
assume "insertAssertion (extractFrame P) Ψ ⊢⇩F φ"
with FrP ‹A⇩P ♯* φ› ‹A⇩P ♯* Ψ› have "Ψ ⊗ Ψ⇩P ⊢ φ" by(auto dest: frameImpE)
hence "(Ψ ⊗ Ψ⇩P) ⊗ Ψ' ⊢ φ" by(rule entWeaken)
hence "Ψ ⊗ Ψ⇩P' ⊢ φ" using ‹Ψ⇩P ⊗ Ψ' ≃ Ψ⇩P'›
by(rule_tac statEqEnt, auto) (metis Associativity compositionSym AssertionStatEqTrans AssertionStatEqSym Commutativity)
with ‹A⇩P' ♯* φ› ‹A⇩P' ♯* Ψ› FrP' show "insertAssertion (extractFrame P') Ψ ⊢⇩F φ"
by(force intro: frameImpI)
qed
lemma weakenTransition:
fixes Ψ :: 'b
and P :: "('a, 'b, 'c) psi"
and Rs :: "('a, 'b, 'c) residual"
and Ψ' :: 'b
assumes "Ψ ⊳ P ⟼ Rs"
shows "Ψ ⊗ Ψ' ⊳ P ⟼ Rs"
using assms
proof(nominal_induct avoiding: Ψ' rule: semantics.strong_induct)
case(cInput Ψ M K xvec N Tvec P Ψ')
from ‹Ψ ⊢ M ↔ K› have "Ψ ⊗ Ψ' ⊢ M ↔ K" by(rule entWeaken)
thus ?case using ‹distinct xvec› ‹set xvec ⊆ (supp N)› ‹length xvec = length Tvec›
by(rule Input)
next
case(Output Ψ M K N P Ψ')
from ‹Ψ ⊢ M ↔ K› have "Ψ ⊗ Ψ' ⊢ M ↔ K" by(rule entWeaken)
thus ?case by(rule semantics.Output)
next
case(Case Ψ P Rs φ Cs Ψ')
have "Ψ ⊗ Ψ' ⊳ P ⟼ Rs" by(rule Case)
moreover note ‹(φ, P) mem Cs›
moreover from ‹Ψ ⊢ φ› have "Ψ ⊗ Ψ' ⊢ φ" by(rule entWeaken)
ultimately show ?case using ‹guarded P›
by(rule semantics.Case)
next
case(cPar1 Ψ Ψ⇩Q P α P' Q A⇩Q Ψ')
have "(Ψ ⊗ Ψ⇩Q) ⊗ Ψ' ⊳ P ⟼α ≺ P'" by(rule cPar1)
hence "(Ψ ⊗ Ψ') ⊗ Ψ⇩Q ⊳ P ⟼α ≺ P'"
by(metis statEqTransition Composition Associativity Commutativity AssertionStatEqTrans)
thus ?case using ‹extractFrame Q = ⟨A⇩Q, Ψ⇩Q⟩› ‹bn α ♯* Q› ‹A⇩Q ♯* Ψ› ‹A⇩Q ♯* Ψ'› ‹A⇩Q ♯* P› ‹A⇩Q ♯* α›
by(rule_tac Par1) auto
next
case(cPar2 Ψ Ψ⇩P Q α Q' P A⇩P Ψ')
have "(Ψ ⊗ Ψ⇩P) ⊗ Ψ' ⊳ Q ⟼α ≺ Q'" by(rule cPar2)
hence "(Ψ ⊗ Ψ') ⊗ Ψ⇩P ⊳ Q ⟼α ≺ Q'"
by(metis statEqTransition Composition Associativity Commutativity AssertionStatEqTrans)
thus ?case using ‹extractFrame P = ⟨A⇩P, Ψ⇩P⟩› ‹bn α ♯* P› ‹A⇩P ♯* Ψ› ‹A⇩P ♯* Ψ'› ‹A⇩P ♯* Q› ‹A⇩P ♯* α›
by(rule_tac Par2) auto
next
case(cComm1 Ψ Ψ⇩Q P M N P' A⇩P Ψ⇩P Q K xvec Q' A⇩Q Ψ')
have "(Ψ ⊗ Ψ⇩Q) ⊗ Ψ' ⊳ P ⟼M⦇N⦈ ≺ P'" by(rule cComm1)
hence "(Ψ ⊗ Ψ') ⊗ Ψ⇩Q ⊳ P ⟼M⦇N⦈ ≺ P'"
by(metis statEqTransition Composition Associativity Commutativity AssertionStatEqTrans)
moreover note ‹extractFrame P = ⟨A⇩P, Ψ⇩P⟩›
moreover have "(Ψ ⊗ Ψ⇩P) ⊗ Ψ' ⊳ Q ⟼K⦇ν*xvec⦈⟨N⟩ ≺ Q'" by(rule cComm1)
hence "(Ψ ⊗ Ψ') ⊗ Ψ⇩P ⊳ Q ⟼K⦇ν*xvec⦈⟨N⟩ ≺ Q'"
by(metis statEqTransition Composition Associativity Commutativity AssertionStatEqTrans)
moreover note ‹extractFrame Q = ⟨A⇩Q, Ψ⇩Q⟩›
moreover from ‹Ψ ⊗ Ψ⇩P ⊗ Ψ⇩Q ⊢ M ↔ K› have "(Ψ ⊗ Ψ⇩P ⊗ Ψ⇩Q) ⊗ Ψ' ⊢ M ↔ K" by(rule entWeaken)
hence "(Ψ ⊗ Ψ') ⊗ Ψ⇩P ⊗ Ψ⇩Q ⊢ M ↔ K" by(metis statEqEnt Composition Associativity Commutativity AssertionStatEqTrans)
ultimately show ?case using ‹A⇩P ♯* Ψ› ‹A⇩P ♯* Ψ'› ‹A⇩P ♯* P› ‹A⇩P ♯* Q› ‹A⇩P ♯* M› ‹A⇩P ♯* A⇩Q›
‹A⇩Q ♯* Ψ› ‹A⇩Q ♯* Ψ'› ‹A⇩Q ♯* P› ‹A⇩Q ♯* Q› ‹A⇩Q ♯* K› ‹xvec ♯* P›
by(rule_tac Comm1) (assumption | auto)+
next
case(cComm2 Ψ Ψ⇩Q P M xvec N P' A⇩P Ψ⇩P Q K Q' A⇩Q Ψ')
have "(Ψ ⊗ Ψ⇩Q) ⊗ Ψ' ⊳ P ⟼M⦇ν*xvec⦈⟨N⟩ ≺ P'" by(rule cComm2)
hence "(Ψ ⊗ Ψ') ⊗ Ψ⇩Q ⊳ P ⟼M⦇ν*xvec⦈⟨N⟩ ≺ P'"
by(metis statEqTransition Composition Associativity Commutativity AssertionStatEqTrans)
moreover note ‹extractFrame P = ⟨A⇩P, Ψ⇩P⟩›
moreover have "(Ψ ⊗ Ψ⇩P) ⊗ Ψ' ⊳ Q ⟼K⦇N⦈ ≺ Q'" by(rule cComm2)
hence "(Ψ ⊗ Ψ') ⊗ Ψ⇩P ⊳ Q ⟼K⦇N⦈ ≺ Q'"
by(metis statEqTransition Composition Associativity Commutativity AssertionStatEqTrans)
moreover note ‹extractFrame Q = ⟨A⇩Q, Ψ⇩Q⟩›
moreover from ‹Ψ ⊗ Ψ⇩P ⊗ Ψ⇩Q ⊢ M ↔ K› have "(Ψ ⊗ Ψ⇩P ⊗ Ψ⇩Q) ⊗ Ψ' ⊢ M ↔ K" by(rule entWeaken)
hence "(Ψ ⊗ Ψ') ⊗ Ψ⇩P ⊗ Ψ⇩Q ⊢ M ↔ K" by(metis statEqEnt Composition Associativity Commutativity AssertionStatEqTrans)
ultimately show ?case using ‹A⇩P ♯* Ψ› ‹A⇩P ♯* Ψ'› ‹A⇩P ♯* P› ‹A⇩P ♯* Q› ‹A⇩P ♯* M› ‹A⇩P ♯* A⇩Q›
‹A⇩Q ♯* Ψ› ‹A⇩Q ♯* Ψ'› ‹A⇩Q ♯* P› ‹A⇩Q ♯* Q› ‹A⇩Q ♯* K› ‹xvec ♯* Q›
by(rule_tac Comm2) (assumption | auto)+
next
case(cOpen Ψ P M xvec yvec N P' x Ψ')
have "Ψ ⊗ Ψ' ⊳ P ⟼M⦇ν*(xvec@yvec)⦈⟨N⟩ ≺ P'" by(rule cOpen)
thus ?case using ‹x ∈ supp N› ‹x ♯ Ψ› ‹x ♯ Ψ'› ‹x ♯ M› ‹x ♯ xvec› ‹x ♯ yvec›
by(rule_tac Open) auto
next
case(cScope Ψ P α P' x Ψ')
have "Ψ ⊗ Ψ' ⊳ P ⟼α ≺ P'" by(rule cScope)
thus ?case using ‹x ♯ Ψ› ‹x ♯ Ψ'› ‹x ♯ α› by(rule_tac Scope) auto
next
case(Bang Ψ P Rs Ψ')
have "Ψ ⊗ Ψ' ⊳ P ∥ !P⟼ Rs" by(rule Bang)
thus ?case using ‹guarded P› by(rule semantics.Bang)
qed
end
end