Theory Labeled_Strands

(*  Title:      Labeled_Strands.thy
    Author:     Andreas Viktor Hess, DTU
    Author:     Sebastian A. Mödersheim, DTU
    Author:     Achim D. Brucker, The University of Sheffield
    SPDX-License-Identifier: BSD-3-Clause
*)

section ‹Labeled Strands›
theory Labeled_Strands
imports Strands_and_Constraints
begin

subsection ‹Definitions: Labeled Strands and Constraints›
datatype 'l strand_label =
  LabelN (the_LabelN: "'l") ("ln _")
| LabelS ("⋆")

text ‹Labeled strands are strands whose steps are equipped with labels›
type_synonym ('a,'b,'c) labeled_strand_step = "'c strand_label × ('a,'b) strand_step"
type_synonym ('a,'b,'c) labeled_strand = "('a,'b,'c) labeled_strand_step list"

abbreviation has_LabelN where "has_LabelN n x ≡ fst x = ln n"
abbreviation has_LabelS where "has_LabelS x ≡ fst x = ⋆"

definition unlabel where "unlabel S ≡ map snd S"
definition proj where "proj n S ≡ filter (λs. has_LabelN n s ∨ has_LabelS s) S"
abbreviation proj_unl where "proj_unl n S ≡ unlabel (proj n S)"

abbreviation wfrestrictedvars⇩l⇩s⇩t where "wfrestrictedvars⇩l⇩s⇩t S ≡ wfrestrictedvars⇩s⇩t (unlabel S)"

abbreviation subst_apply_labeled_strand_step (infix "⋅⇩l⇩s⇩t⇩p" 51) where
  "x ⋅⇩l⇩s⇩t⇩p θ ≡ (case x of (l, s) ⇒ (l, s ⋅⇩s⇩t⇩p θ))"

abbreviation subst_apply_labeled_strand (infix "⋅⇩l⇩s⇩t" 51) where
  "S ⋅⇩l⇩s⇩t θ ≡ map (λx. x ⋅⇩l⇩s⇩t⇩p θ) S"

abbreviation trms⇩l⇩s⇩t where "trms⇩l⇩s⇩t S ≡ trms⇩s⇩t (unlabel S)"
abbreviation trms_proj⇩l⇩s⇩t where "trms_proj⇩l⇩s⇩t n S ≡ trms⇩s⇩t (proj_unl n S)"

abbreviation vars⇩l⇩s⇩t where "vars⇩l⇩s⇩t S ≡ vars⇩s⇩t (unlabel S)"
abbreviation vars_proj⇩l⇩s⇩t where "vars_proj⇩l⇩s⇩t n S ≡ vars⇩s⇩t (proj_unl n S)"

abbreviation bvars⇩l⇩s⇩t where "bvars⇩l⇩s⇩t S ≡ bvars⇩s⇩t (unlabel S)"
abbreviation fv⇩l⇩s⇩t where "fv⇩l⇩s⇩t S ≡ fv⇩s⇩t (unlabel S)"

abbreviation wf⇩l⇩s⇩t where "wf⇩l⇩s⇩t V S ≡ wf⇩s⇩t V (unlabel S)"


subsection ‹Lemmata: Projections›
lemma has_LabelS_proj_iff_not_has_LabelN:
  "list_all has_LabelS (proj l A) ⟷ ¬list_ex (has_LabelN l) A"
by (induct A) (auto simp add: proj_def)

lemma proj_subset_if_no_label:
  assumes "¬list_ex (has_LabelN l) A"
  shows "set (proj l A) ⊆ set (proj l' A)"
    and "set (proj_unl l A) ⊆ set (proj_unl l' A)"
using assms by (induct A) (auto simp add: unlabel_def proj_def)

lemma proj_in_setD:
  assumes a: "a ∈ set (proj l A)"
  obtains k b where "a = (k, b)" "k = (ln l) ∨ k = ⋆"
using that a unfolding proj_def by (cases a) auto

lemma proj_set_mono:
  assumes "set A ⊆ set B"
  shows "set (proj n A) ⊆ set (proj n B)"
    and "set (proj_unl n A) ⊆ set (proj_unl n B)"
using assms unfolding proj_def unlabel_def by auto

lemma unlabel_nil[simp]: "unlabel [] = []"
by (simp add: unlabel_def)

lemma unlabel_mono: "set A ⊆ set B ⟹ set (unlabel A) ⊆ set (unlabel B)"
by (auto simp add: unlabel_def)

lemma unlabel_in: "(l,x) ∈ set A ⟹ x ∈ set (unlabel A)"
unfolding unlabel_def by force

lemma unlabel_mem_has_label: "x ∈ set (unlabel A) ⟹ ∃l. (l,x) ∈ set A"
unfolding unlabel_def by auto

lemma proj_ident:
  assumes "list_all (λs. has_LabelN l s ∨ has_LabelS s) S"
  shows "proj l S = S"
using assms unfolding proj_def list_all_iff by fastforce

lemma proj_elims_label:
  assumes "k ≠ l"
  shows "¬list_ex (has_LabelN l) (proj k S)"
using assms unfolding proj_def list_ex_iff by force

lemma proj_nil[simp]: "proj n [] = []" "proj_unl n [] = []"
unfolding unlabel_def proj_def by auto

lemma singleton_lst_proj[simp]:
  "proj_unl l [(ln l, a)] = [a]"
  "l ≠ l' ⟹ proj_unl l' [(ln l, a)] = []"
  "proj_unl l [(⋆, a)] = [a]"
  "unlabel [(l'', a)] = [a]"
unfolding proj_def unlabel_def by simp_all

lemma unlabel_nil_only_if_nil[simp]: "unlabel A = [] ⟹ A = []"
unfolding unlabel_def by auto

lemma unlabel_Cons[simp]:
  "unlabel ((l,a)#A) = a#unlabel A"
  "unlabel (b#A) = snd b#unlabel A"
unfolding unlabel_def by simp_all

lemma unlabel_append[simp]: "unlabel (A@B) = unlabel A@unlabel B"
unfolding unlabel_def by auto

lemma proj_Cons[simp]:
  "proj n ((ln n,a)#A) = (ln n,a)#proj n A"
  "proj n ((⋆,a)#A) = (⋆,a)#proj n A"
  "m ≠ n ⟹ proj n ((ln m,a)#A) = proj n A"
  "l = (ln n) ⟹ proj n ((l,a)#A) = (l,a)#proj n A"
  "l = ⋆ ⟹ proj n ((l,a)#A) = (l,a)#proj n A"
  "fst b ≠ ⋆ ⟹ fst b ≠ (ln n) ⟹ proj n (b#A) = proj n A"
unfolding proj_def by auto

lemma proj_append[simp]:
  "proj l (A'@B') = proj l A'@proj l B'"
  "proj_unl l (A@B) = proj_unl l A@proj_unl l B"
unfolding proj_def unlabel_def by auto

lemma proj_unl_cons[simp]:
  "proj_unl l ((ln l, a)#A) = a#proj_unl l A"
  "l ≠ l' ⟹ proj_unl l' ((ln l, a)#A) = proj_unl l' A"
  "proj_unl l ((⋆, a)#A) = a#proj_unl l A"
unfolding proj_def unlabel_def by simp_all

lemma trms_unlabel_proj[simp]:
  "trms⇩s⇩t⇩p (snd (ln l, x)) ⊆ trms_proj⇩l⇩s⇩t l [(ln l, x)]"
by auto

lemma trms_unlabel_star[simp]:
  "trms⇩s⇩t⇩p (snd (⋆, x)) ⊆ trms_proj⇩l⇩s⇩t l [(⋆, x)]"
by auto

lemma trms⇩l⇩s⇩t_union[simp]: "trms⇩l⇩s⇩t A = (⋃l. trms_proj⇩l⇩s⇩t l A)"
proof (induction A)
  case (Cons a A)
  obtain l s where ls: "a = (l,s)" by atomize_elim auto
  have "trms⇩l⇩s⇩t [a] = (⋃l. trms_proj⇩l⇩s⇩t l [a])"
  proof -
    have *: "trms⇩l⇩s⇩t [a] = trms⇩s⇩t⇩p s" using ls by simp
    show ?thesis
    proof (cases l)
      case (LabelN n)
      hence "trms_proj⇩l⇩s⇩t n [a] = trms⇩s⇩t⇩p s" using ls by simp
      moreover have "∀m. n ≠ m ⟶ trms_proj⇩l⇩s⇩t m [a] = {}" using ls LabelN by auto
      ultimately show ?thesis using * ls by fastforce
    next
      case LabelS
      hence "∀l. trms_proj⇩l⇩s⇩t l [a] = trms⇩s⇩t⇩p s" using ls by auto
      thus ?thesis using * ls by fastforce
    qed
  qed
  moreover have "∀l. trms_proj⇩l⇩s⇩t l (a#A) = trms_proj⇩l⇩s⇩t l [a] ∪ trms_proj⇩l⇩s⇩t l A"
    unfolding unlabel_def proj_def by auto
  hence "(⋃l. trms_proj⇩l⇩s⇩t l (a#A)) = (⋃l. trms_proj⇩l⇩s⇩t l [a]) ∪ (⋃l. trms_proj⇩l⇩s⇩t l A)" by auto
  ultimately show ?case using Cons.IH ls by auto
qed simp

lemma trms⇩l⇩s⇩t_append[simp]: "trms⇩l⇩s⇩t (A@B) = trms⇩l⇩s⇩t A ∪ trms⇩l⇩s⇩t B"
by (metis trms⇩s⇩t_append unlabel_append)

lemma trms_proj⇩l⇩s⇩t_append[simp]: "trms_proj⇩l⇩s⇩t l (A@B) = trms_proj⇩l⇩s⇩t l A ∪ trms_proj⇩l⇩s⇩t l B"
by (metis (no_types, lifting) filter_append proj_def trms⇩l⇩s⇩t_append)

lemma trms_proj⇩l⇩s⇩t_subset[simp]:
  "trms_proj⇩l⇩s⇩t l A ⊆ trms_proj⇩l⇩s⇩t l (A@B)"
  "trms_proj⇩l⇩s⇩t l B ⊆ trms_proj⇩l⇩s⇩t l (A@B)"
using trms_proj⇩l⇩s⇩t_append[of l] by blast+

lemma trms⇩l⇩s⇩t_subset[simp]:
  "trms⇩l⇩s⇩t A ⊆ trms⇩l⇩s⇩t (A@B)"
  "trms⇩l⇩s⇩t B ⊆ trms⇩l⇩s⇩t (A@B)"
proof (induction A)
  case (Cons a A)
  obtain l s where *: "a = (l,s)" by atomize_elim auto
  { case 1 thus ?case using Cons * by auto }
  { case 2 thus ?case using Cons * by auto }
qed simp_all

lemma vars⇩l⇩s⇩t_union: "vars⇩l⇩s⇩t A = (⋃l. vars_proj⇩l⇩s⇩t l A)"
proof (induction A)
  case (Cons a A)
  obtain l s where ls: "a = (l,s)" by atomize_elim auto
  have "vars⇩l⇩s⇩t [a] = (⋃l. vars_proj⇩l⇩s⇩t l [a])"
  proof -
    have *: "vars⇩l⇩s⇩t [a] = vars⇩s⇩t⇩p s" using ls by auto
    show ?thesis
    proof (cases l)
      case (LabelN n)
      hence "vars_proj⇩l⇩s⇩t n [a] = vars⇩s⇩t⇩p s" using ls by simp
      moreover have "∀m. n ≠ m ⟶ vars_proj⇩l⇩s⇩t m [a] = {}" using ls LabelN by auto
      ultimately show ?thesis using * ls by fast
    next
      case LabelS
      hence "∀l. vars_proj⇩l⇩s⇩t l [a] = vars⇩s⇩t⇩p s" using ls by auto
      thus ?thesis using * ls by fast
    qed
  qed
  moreover have "∀l. vars_proj⇩l⇩s⇩t l (a#A) = vars_proj⇩l⇩s⇩t l [a] ∪ vars_proj⇩l⇩s⇩t l A"
    unfolding unlabel_def proj_def by auto
  hence "(⋃l. vars_proj⇩l⇩s⇩t l (a#A)) = (⋃l. vars_proj⇩l⇩s⇩t l [a]) ∪ (⋃l. vars_proj⇩l⇩s⇩t l A)"
    using strand_vars_split(1) by auto
  ultimately show ?case using Cons.IH ls strand_vars_split(1) by auto
qed simp

lemma unlabel_Cons_inv:
  "unlabel A = b#B ⟹ ∃A'. (∃n. A = (ln n, b)#A') ∨ A = (⋆, b)#A'"
proof -
  assume *: "unlabel A = b#B"
  then obtain l A' where "A = (l,b)#A'" unfolding unlabel_def by atomize_elim auto
  thus "∃A'. (∃l. A = (ln l, b)#A') ∨ A = (⋆, b)#A'" by (metis strand_label.exhaust)
qed

lemma unlabel_snoc_inv:
  "unlabel A = B@[b] ⟹ ∃A'. (∃n. A = A'@[(ln n, b)]) ∨ A = A'@[(⋆, b)]"
proof -
  assume *: "unlabel A = B@[b]"
  then obtain A' l where "A = A'@[(l,b)]"
    unfolding unlabel_def by (induct A rule: List.rev_induct) auto
  thus "∃A'. (∃n. A = A'@[(ln n, b)]) ∨ A = A'@[(⋆, b)]" by (cases l) auto
qed

lemma proj_idem[simp]: "proj l (proj l A) = proj l A"
unfolding proj_def by auto

lemma proj_ik⇩s⇩t_is_proj_rcv_set:
  "ik⇩s⇩t (proj_unl n A) =
    {t. ∃ts. ((ln n, Receive ts) ∈ set A ∨ (⋆, Receive ts) ∈ set A) ∧ t ∈ set ts} "
using ik⇩s⇩t_is_rcv_set unfolding unlabel_def proj_def by force

lemma unlabel_ik⇩s⇩t_is_rcv_set:
  "ik⇩s⇩t (unlabel A) = {t | l t ts. (l, Receive ts) ∈ set A ∧ t ∈ set ts}"
using ik⇩s⇩t_is_rcv_set unfolding unlabel_def by force

lemma proj_ik_union_is_unlabel_ik:
  "ik⇩s⇩t (unlabel A) = (⋃l. ik⇩s⇩t (proj_unl l A))"
proof
  show "(⋃l. ik⇩s⇩t (proj_unl l A)) ⊆ ik⇩s⇩t (unlabel A)"
    using unlabel_ik⇩s⇩t_is_rcv_set[of A] proj_ik⇩s⇩t_is_proj_rcv_set[of _ A] by auto

  show "ik⇩s⇩t (unlabel A) ⊆ (⋃l. ik⇩s⇩t (proj_unl l A))"
  proof
    fix t assume "t ∈ ik⇩s⇩t (unlabel A)"
    then obtain l ts where "(l, Receive ts) ∈ set A" "t ∈ set ts"
      using ik⇩s⇩t_is_rcv_set unlabel_mem_has_label[of _ A]
      by atomize_elim blast
    thus "t ∈ (⋃l. ik⇩s⇩t (proj_unl l A))" using proj_ik⇩s⇩t_is_proj_rcv_set[of _ A] by (cases l) auto
  qed
qed

lemma proj_ik_append[simp]:
  "ik⇩s⇩t (proj_unl l (A@B)) = ik⇩s⇩t (proj_unl l A) ∪ ik⇩s⇩t (proj_unl l B)"
using proj_append(2)[of l A B] ik_append by auto

lemma proj_ik_append_subst_all:
  "ik⇩s⇩t (proj_unl l (A@B)) ⋅⇩s⇩e⇩t I = (ik⇩s⇩t (proj_unl l A) ⋅⇩s⇩e⇩t I) ∪ (ik⇩s⇩t (proj_unl l B) ⋅⇩s⇩e⇩t I)"
using proj_ik_append[of l] by auto

lemma ik_proj_subset[simp]: "ik⇩s⇩t (proj_unl n A) ⊆ trms_proj⇩l⇩s⇩t n A"
by auto

lemma prefix_unlabel:
  "prefix A B ⟹ prefix (unlabel A) (unlabel B)"
unfolding prefix_def unlabel_def by auto

lemma prefix_proj:
  "prefix A B ⟹ prefix (proj n A) (proj n B)"
  "prefix A B ⟹ prefix (proj_unl n A) (proj_unl n B)"
unfolding prefix_def proj_def by auto

lemma suffix_unlabel:
  "suffix A B ⟹ suffix (unlabel A) (unlabel B)"
unfolding suffix_def unlabel_def by auto

lemma suffix_proj:
  "suffix A B ⟹ suffix (proj n A) (proj n B)"
  "suffix A B ⟹ suffix (proj_unl n A) (proj_unl n B)"
unfolding suffix_def proj_def by auto


subsection ‹Lemmata: Well-formedness›
lemma wfvarsoccs⇩s⇩t_proj_union:
  "wfvarsoccs⇩s⇩t (unlabel A) = (⋃l. wfvarsoccs⇩s⇩t (proj_unl l A))"
proof (induction A)
  case (Cons a A)
  obtain l s where ls: "a = (l,s)" by atomize_elim auto
  have "wfvarsoccs⇩s⇩t (unlabel [a]) = (⋃l. wfvarsoccs⇩s⇩t (proj_unl l [a]))"
  proof -
    have *: "wfvarsoccs⇩s⇩t (unlabel [a]) = wfvarsoccs⇩s⇩t⇩p s" using ls by auto
    show ?thesis
    proof (cases l)
      case (LabelN n)
      hence "wfvarsoccs⇩s⇩t (proj_unl n [a]) = wfvarsoccs⇩s⇩t⇩p s" using ls by simp
      moreover have "∀m. n ≠ m ⟶ wfvarsoccs⇩s⇩t (proj_unl m [a]) = {}" using ls LabelN by auto
      ultimately show ?thesis using * ls by fast
    next
      case LabelS
      hence "∀l. wfvarsoccs⇩s⇩t (proj_unl l [a]) = wfvarsoccs⇩s⇩t⇩p s" using ls by auto
      thus ?thesis using * ls by fast
    qed
  qed
  moreover have
      "wfvarsoccs⇩s⇩t (proj_unl l (a#A)) =
       wfvarsoccs⇩s⇩t (proj_unl l [a]) ∪ wfvarsoccs⇩s⇩t (proj_unl l A)"
    for l
    unfolding unlabel_def proj_def by auto
  hence "(⋃l. wfvarsoccs⇩s⇩t (proj_unl l (a#A))) =
         (⋃l. wfvarsoccs⇩s⇩t (proj_unl l [a])) ∪ (⋃l. wfvarsoccs⇩s⇩t (proj_unl l A))"
    using strand_vars_split(1) by auto
  ultimately show ?case using Cons.IH ls strand_vars_split(1) by auto
qed simp

lemma wf_if_wf_proj:
  assumes "∀l. wf⇩s⇩t V (proj_unl l A)"
  shows "wf⇩s⇩t V (unlabel A)"
using assms
proof (induction A arbitrary: V rule: List.rev_induct)
  case (snoc a A)
  hence IH: "wf⇩s⇩t V (unlabel A)" using proj_append(2)[of _ A] by auto
  obtain b l where b: "a = (ln l, b) ∨ a = (⋆, b)" by (cases a, metis strand_label.exhaust)
  hence *: "wf⇩s⇩t V (proj_unl l A@[b])"
    by (metis snoc.prems proj_append(2) singleton_lst_proj(1) proj_unl_cons(1,3))
  thus ?case using IH b snoc.prems proj_append(2)[of l A "[a]"] unlabel_append[of A "[a]"]
  proof (cases b)
    case (Receive ts)
    have "fv⇩s⇩e⇩t (set ts) ⊆ wfvarsoccs⇩s⇩t (unlabel A) ∪ V"
    proof
      fix x assume "x ∈ fv⇩s⇩e⇩t (set ts)"
      hence "x ∈ V ∪ wfvarsoccs⇩s⇩t (proj_unl l A)" using wf_append_exec[OF *] b Receive by auto
      thus "x ∈ wfvarsoccs⇩s⇩t (unlabel A) ∪ V" using wfvarsoccs⇩s⇩t_proj_union[of A] by auto
    qed
    hence "fv⇩s⇩e⇩t (set ts) ⊆ wfrestrictedvars⇩s⇩t (unlabel A) ∪ V"
      using vars_snd_rcv_strand_subset2(4)[of "unlabel A"] by blast
    hence "wf⇩s⇩t V (unlabel A@[Receive ts])" by (rule wf_rcv_append'''[OF IH])
    thus ?thesis using b Receive unlabel_append[of A "[a]"] by auto
  next
    case (Equality ac s t)
    have "fv t ⊆ wfvarsoccs⇩s⇩t (unlabel A) ∪ V" when "ac = Assign"
    proof
      fix x assume "x ∈ fv t"
      hence "x ∈ V ∪ wfvarsoccs⇩s⇩t (proj_unl l A)" using wf_append_exec[OF *] b Equality that by auto
      thus "x ∈ wfvarsoccs⇩s⇩t (unlabel A) ∪ V" using wfvarsoccs⇩s⇩t_proj_union[of A] by auto
    qed
    hence "fv t ⊆ wfrestrictedvars⇩l⇩s⇩t A ∪ V" when "ac = Assign"
      using vars_snd_rcv_strand_subset2(4)[of "unlabel A"] that by blast
    hence "wf⇩s⇩t V (unlabel A@[Equality ac s t])"
      by (cases ac) (metis wf_eq_append'''[OF IH], metis wf_eq_check_append''[OF IH])
    thus ?thesis using b Equality unlabel_append[of A "[a]"] by auto
  qed auto
qed simp

end