KBPsAlg.thy

oryclose
imports KBPsAuto DFS MapOps
begin
(*>*)

subsection‹

 ‹-alg}) usin t DFS

 label{sec:kbps-alg}

  now show h to construct the automaton defined by @{te
 mkAutoSim"} (\S\ref{sec"} (\S\ref{sec:kbps-automata-synthesis-alg}) using the DFS
  \Sref{secd}.

  here on we assume that the environment consists of only a finite
  of states:

 › Finit =

 FiniteEnvironment =
 Environment jkbp envInit envAction envTrans envVal envObs
 forE jkbp envInit envAction envTrans envVal envObs
 and envInfor jkbp :: "('a, 'p,'aAct) JKBP"
 and envAction :: "'s ==>
 and envTrans :: "'eAct ==>) list"
 and andenvAction ::'s ==>
 and envObs :: "'a ==> ==> ('a ==> 'aAct) ==> 's ==> 's"

 ‹
 begin{figure}[p]
 begin{isabellebody}%
 ›
  Algorithm =
 FiniteEnvironment jkbp envInit envAction envTrans envVal envObs
  AlgSimIncrEnvironment jkbp envInit envAction envTrans envVal jview envObs
 jviewInit jviewIncr
 simf simRels simVal simAbs simObs simInit simTrans simAction
 for jkbp :: "('a, 'p, 'aAct) JKBP"
 and envInit :: "('s :: finite) list"
 and envAction :: "'s ==> 'eAct list"
 and envTrans :: "'eAct ==> ('a ==> 'aAct) ==> 's ==> 's"
 and envVal :: "'s ==> 'p ==> bool"
 and jview :: "('a, 's, 'tobs) JointView"

  's ==>
 and jviewInit :: "('a, 'obs, 'tobs) InitialIncrJointView"
 and jviewIncr :: "('a, 'obs, 'tobs) IncrJointView"

 and simf :: "'s Trace ==> 'ss :: finite"
 and simRels :: "'a ==> 'ss Relation"
 and simVal :: "'ss ==> :: "''sR 'p ==>

 and simAb :: "'rep ==>

 and simObs :: "'a ==>
 and simInit :: "'a ==> 'obs ==> 'rep"
 and simTrans :: "'a ==> 'rep list"
 and simAction :: "'a ==>🚫

  fixes aOps :: "('ma, 'rep, 'aAct list) MapOps"
 and tOpa nvb :"' <> 

 assumes
 and tOps: "MapOps (λk. (simAbs (fst k), snd k)) (jkbpSEC ×==>'s==>beisbelebd%
 FiniteEnvironmentkbnIt vco nTn nvVVa evbs
 \  jkpevi ncio evTn
 caption{The 🚫
 :slg-al-ocale}
 end{figure}
 lose>

 nlgorthm) \open

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
 ~\ref{fig:kbps-alg-alg-locale,loexed h {tr
 AlgSimIncrEnvironment"} loca} lcale wih apair o inite ap opera:
 rm ap"} is used t mp utoat stas tolist ofactions, and
 termerm tOs} hadles iuled ransitInbot ases te aps
 only required to wrk on the astrt omain of smultd
  traces.. N'a \'\Rightarrowobs"
  of type @{typ "'ss"} must be finite, but there is no
  o te@typ "rp}.

 \nd{isabellebod}%
  de \caption{The ‹

 ›

  AlgorithmForAgent =
 Algorithm
 jviewInit jviewIncr
 simf simRels simVh @{term "Algorithm"} locale, shown in
            aOps tOps(*<*)
    for : "('a, 'p, act) JB
    and envInit {term "aOpsto
    and envAction : "'>'eAct list"
    aretain
    Val>'p ==>( bs)itialIncrJointView
    and jview :: "('a, 'ss" mustandjviewIncr"('a, 'obs, 'to IncrJointView"

    andWe develop the for, fixed, which us
    andjviewInit"' 'os')Iitia"
    and

    andsTrace \Rightarrow> 'ss: finite"
    and simRels :: "'a ==> 'ss Relation"
    and simVal :: "'ss ==> 'p ==> bool

    and simAbs :: "'rep ==>

    and simObs :: "'    envInit ) list
    and :: "'a \Rightarrow'b ==> simVa :: "ssdenvTrans ' ==> 'aAct> 's\ightarrow'"
    and simTrans :: "'a ==> 'rep ==> 'rep list"
    and simAction :: "'a ==> ==>"

    and aOps :: "('ma, 'rep envVal"s==> bool"
    and' s,') JointView
(*>*)'  's ==>"

  ―> ' bs"
+ fixes a :: "'a"

subsubsectionDFS operations›

text‹

We represent the automaton under construction using a record:

\<close>

record ('ma, 'mt) AlgState =
  aActs :"'a"
  aTrans :: "'mt"

context AlgorithmForAgent
begin

text\<open>

We instantiate the DFS theoryand simAction ::"a\Rightarrow '' \Rightarrow 'aAct list"

A node is an equivalence class of represented simulated traces.

\<close>

definition k_isNode :: "'rep \<Rightarrow> bool" where
  k_isNodeec \<quiv simAbs  \<>sim_equiv_classa ` jkbpC"

text\<open>

The successors of a node are those produced by the simulated
transitionfunction.

\

abbreviation k_succs :: "'rep \<\<open>
  "k_succs \<equiv> simTrans a"

text\<opensubsubsection\open operations\<close>

The initial automaton has no transitions andnoctions

\<close>

definition k_empt :: "('ma, 'mt) AlgState" whereaActs :: "
  "k_empt \<equiv> \<lparr> aActs = empty aOps, aTrans = mptytOps\>"

text\<open>

Weuse the domainofthe tionpackheet des java.lang.StringIndexOutOfBoundsException: Index 69 out of bounds for length 69
has visited.

\<close>

definition k_memb :: "'rep \<Rightarrow> ('ma, 'mt)lgStatetate  . also the cesimulatedivalence
  "k_memb s A \<equiv> actsUpdatep \Rightarrow ('ma, 'mt) AlgState \Rightarrow>'ma" where

 k_isNode_cong:

We integrate a new equivalence class intounfoldingsNode_defmp
the action and transition maps:

\close

definition actsUpdate :: "'rep \<ightarrow> ('ma, ') AlgState \> 'ma"where
 sUpdate  < update aOps ec (simAction a ec) (aActs A)"

definition
  ansUpdateec at<equivupdate tOps (,simObs a ec) ' "

definition k_ins :: k_isNodeLongrightarrowsimRelssimVal  simObssimInit ansmAction
  "k_ins  A \<equiv \lparr> aActs = ec A,
                   aTrans  

text\<open>

The required properties are straightforward to show.

\<close>

(*<*)

lemma k_isNode_cong
  "simAbs ec' = simAbs ec \<Longrightarrow      ec ec'. k_sNdeec <> k_isNod c' \andsmAbs ec' = simAbsec
  unfolding k_isNode_def by <lo> lokupaO (acts )e =loou ap aAct A c'

lemma alg_MapOps_empty[simp]:
  "k_isNode \Longrightarrow> lookupaOps (empty aOps) ec = None"
  "k_isNode (fst        ⟶
  unfolding k_isNode_def
  using MapOps_emptyD[OF (∃acts

lemma alg_aOps_lookup_update[simp]:
  "[ ==>c' = smbe hnSom e else lookpOp Mec')"
  unfolding k_isNode_def
  using MapOps_lookup_updateDOpss blast

lemma alg_tOps_lookup_updatep:
  "[ simAbs ec' ∈
  unfolding k_isNode_def
  using MapOps[OF _ _ tOps] by blast

lemmauccs_is_nodec_inoeinro,, sip]:
  assumeskk>> \And>c ec.\lbrakkk_soe ; _sNdee' ib c' =smAbse ]
  
proof -
  from x obtain t
    where tC: "t and\Longrightarrow>psaTrans  (ec  kups(rans 's
      and: "simAbs x = si_equiv_clss t"
    unfolding k_isNode_def
  have F: "∧ec obs ecs'. [k_ ec A; obs ∈) \c)🚫 simAbs ec \ simAbs ` s ae)
  w ?thesis
    using simTrans[rule_format, where a=a and t=t] tC sx
    unfolding k_isNode_def [abs_def]
    apply (auto iff: list_all_iff)
    apply (frule F)
    apply (auto)
    done
qed

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  "k_isNode
  unfolding java.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 0

(*>*)

subsubsection‹ ∃

 ‹

  invariant for the automata construction is straightforward, viz
  at each step of the process the state represents an
  concords with @{term "mkAutoSim"} on the visited equivalencle k_varintsp_newa:
 Weaso ne to know that the state has
 nts.

 e>

 r. lookup tOps (foldr (transUpdate x) X Y) (ec, simObs a ec') = Some r
 ≡
 (∀ smlaed trace
 ⟶ lookup(induc Xartrr:Y
 ∧ec ec' obs. _iNde ec \<and sNde c' ∧bs c' smAbs c
 ⟶ase
 ∧h x e es bool" " where
 ⟶
 ∧
 ∧
 ∧Conhae :sb \<n  wee C " \in> jkbpC"
 ⟶clos om F obtain t's
 🪙
 <>simObs
(*<*)

lemma k_invariantI2chow
  "[k pp(sussimTras_mAbs_ong[et=t ec'=x])
       
     ∧
       ==>
     ∧
       Longrightarrow>> ∃= Some ct\>sset act s imAction a ec)
     ∧
       ==>
               \in>imAs stsiTnsa c)
               ∧ set (k_succs ec)"
  ==> k_invariant
  unfolding k_invariant_defo_asm_simp

lemmaDjava.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 21
  lbrakkec ec; s  simAbsecjava.lang.StringIndexOutOfBoundsException: Index 87 out of bounds for length 87
     ==>
  unfolding

lemma k_invariantTODunfolding
  java.lang.NullPointerException
     ==> lookup tOps (aTra
  unfolding k_invariant_def by blast

lemma k_invariantAD:
  "[rbrakk
     \Longrightarrow> <. 
  unfolding k_invariant_def by blast

lemma k_invariantTD:
  "[ k_isNode ec; k_memb ec A; obs ∈ simObs a ` set (simTrans a ec); k_invariant A ]
     ==> ∃ec'. lookup tOps (aTrans A) (ec, obs) = Some ec'
             ∧ simAbs ec' ∈ simAbs ` set (simTrans a ec)
             ∧ simObs a ec' = obs"
   k_invariant_def

lemmakup
  "k_invariant k_empt"
  apply rule
  apply auto
  apply (auto.
  done

       sNode
  ssumes set (>'ma AlgStateol
      and
      andOps
      and ec': "simAbs ec' ∈
      and S: "simAbs kup)
  shows
           \bs ec
           ∧
ing
proof(induct
  case Nil thus ?case  k_invariant_step

  eons
  proof(cases "simAbs ec'
    case False with x ec S Cons show ?thesis
      unfolding transUpdate_def
      apply clarsimp
      unfolding k_isNode_def
      apply (erule imageE)+
      apply (cut_tac a=a and t=ta and ec=x and ec'=ec in simTrans_simAbs_cong[symmetric])
      apply simp_all
      done
  next
    case True
    with Cons have F: "simAbs y \  A🚫
      by auto
    from x obtain t
assume_ec 'Nodebsjava.lang.StringIndexOutOfBoundsException: Index 82 out of bounds for length 82
        and x': "simAbs x = si
      unfolding k_isNode_def by bl
    from F obtain t' s
      ere smsy sm_qvclss a ' <> s)s)"
        and tsC: "t' ↝
        and tt': "ant_frame ]ec
      using simTrans    done
    with Cons.hypsfix ec
      unfolding transUpdate_def
      apply auto
      apply (subst simTrans_simAbs_cong[where t=t' and ecshowec'. lookup tOps
       apply \andsimObs a ec' = obs"

        obsso?the
       ]
aTrans =f (transUpdat aip
       apply simp

       apply (rule image_eqI[where x=y])
       apply simp
       apply simp
le_formatere a=aand t="<s"]
      apply simp
      done
  qed
qed

lemma k_invariant_step_new:
  assumes x: "k_isNode x"
      and ec: "k_isNode ecshowacts. lookup java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
      :<> set"
      and S: "simAbs k_isNode_cong
  wssecmAbs> k_isNode' \longleftrightarrow java.lang.StringIndexOutOfBoundsException: Index 91 out of bounds for length 91
              <and'in ` set ec
              ∧java.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26
proof -
  from x ec'
  have ec': "simAbs ec' ∈e ec': "simAbs e ec: "simAbs ec' ∈
    unfolding k_isNode_def
    apply clarsimp
    apply (subst simTrans_s[OF _ _ S, symmetric])
    using S
    apply auto
    done

    using k_invariant_step_new_aux[OF subset_ref<>
    unfolding k_ins_def
    apply auto
    done
qed

lemma k_invariant_step_old_aux:
  assumes x: "k_isNode x"
      and ec: "k_isNode
      and
  shows Opss
       = lookup"list_all sNdekfonte )"
proof(induct
 Cons
    by (cases "lookup
qed simp

lemma k_invariant_step_old:
  assumes x: "k_isNode
      and"k_isNodeNde c"
      and
  shows "lookup tOps (aTrans (k_ins x A)) (ec, obs)
       = lookup tOps (aTrans A) (ec, obs)"
  unfolding k_ins_def
  using k_invariant_step_old_aux
  by simp

lemma k_invariant_frame:
    okupps obs"
      and x: "k_isNode x"
      and ec: "k_isNode ec"
      and ec': "k_isNode ec'"
      
  shows "lookup tOps unfold_locales)
  applyinduct
  unfolding transUpdate_def
   using
   apply simp
  using ec
  apply simp
  done

lemma k_invariant_stepsimp]
  assumes N: "k_isNode x"
      and I: "k_invariant A"
      and M: java.lang.NullPointerException
  shows "k_invariant (>
(*<*)
proof
  fix ec ec'
  assume ec: "k_isNode ec"'de and"imAbs c =si e"
  with N show "lookup aOps (aActs (k_ins x A)) ec = lookup aOps (aActs (k_ins x A)) ec'"
    unfolding k_ins_defjava.lang.StringIndexOutOfBoundsException: Index 38 out of bounds for length 38
    usingk_invariantAOD ']
    pply
    using ','mt
next
  fix ec ec' obs
  assume ecalg_dfs aOps simObs simAction
  show "lookup tOps (aTrans (k_ins x A)) (ec, obs) = lookup tOps (aTran let k_e= ( tOps \\;
    unfoldingk_memb = (\lambdas A. isS(lookup aOps (aActs A));
    using k_invariant_frame[OF k_invariantTOD aactsU = λaec (sim ec) (aActs A);
     simp
    done
next
  fix ec obs ecs'
  assume n: "k_isNode
    and    
    and obs:‹
 show "∃ ('mt, 'rep × k_memb_def k_ by
 ∧
 ∧
 proof(cases "simAbs ec = simAbs x")
 case True with N
  \Rightarrow'a 🚫 ('a ==>repinva for th aut straightforwaarviz
 next
 case Fls with I N n ec obs show ?thesis
 apply (simp add: k_invariant_step_old)
 
 apply simp_all
 lding _insdf k_memb_def ctspdate_ef
 apply simp
 done
 qed
 
 ixec
 assume n: "k_isNode ec"
 and ec: "k_memb ec (k_ins x A)"
 show "∃ps (aActs (k_cts∧
 proof(cases "simAbs ec = simAbs x")
 case True with aOps N n show ?thesis
 unfolding k_ins_def actsUpdate_defjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
 apply clarsimp
 unfolding k_isNode_def
 applyp
 apply (erule jAction_simAbs_cong)o@{terp ps Actss A)ec = Soe cs
 o ∧ cs=st(iActn e))
 done
 next
 case False with aOps N I M n ec show ?the
  \<>(
  (mkAlgAuto aO tOpssimObsimInit simTrans simAction f a) = imInit a"
 apply (rule k_invariantAD)
 unfolding k_memb_def
 apply simp_all
 done
 qed
 
(*>*)

(*>*)

text‹simAction ) (a)) (ec, obs)))"

  that the invariant holds of @{term "k_empt"} and is respec\Longrightarrow> lookupaOps (aActs A) ec = (aActs A) ec = l aOps (aActs A) ec';
  @{term "k_ins"} is routine.

  initial frontier is the partition of the set of initial states
  the initial observation function.

 ›

definition ( Algorithm' ==>'rept 
  "Act (mkAlgAuto aOps tOps simObs simIn simTran simA fronti a)     \Andec. \ <lbrakk> k_isNo ec; k_memb ec A ]= (λ>>acts. lookup aOps aActs A) ec = So acts ∧
(*<*)

lemma k_frontier_is_node[intro, simp]:
  "list_all (k_frontier)"
  unfolding k_frontier_def
  by (auto iff: simInit list_all_iff k_isNode_def jviewInit jviewIncr)
(*>*)

end (* context AlgorithmForAgent *)

text‹ by (simp (no_asm_simp))

We now instantiate the @{term " "} loca
 AlgorithmForAgent"} locale. The instantiated lemmas are given the
  prefix ‹ kk_isNNNode e; k_iNode ec'; simAbs simAbimbs ec; k_invariant A ]
 .

 ›

  AlgorithmForAgent
 < KBPAlg

(*<*)
  apply (unfold_locales
  apply simp_all

  unfoldingjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  using aOps pInit = simInit,
  apply (auto iff        <>bs ec. thelookup)(,)java.lang.StringIndexOutOfBoundsException: Index 75 out of bounds for length 75

  unfolding k_invariant_def
  apply clarsimp
  apply (erulehmForAgentk_invariantTD:
  
  done
(*>*)

xt_raww>
\begin{figure}
\begin{isabellebody}%
›
definition
  alg_dfs :: "('ma, 'rep, 'aAct list) MapOps
         ==>
         ==>dfs_invariant› that the
         ==> ('rep ==> 'rnvariant holsofhe esul
         ==>(*<*)
         ==>
         ==>
where
  "alg_dfs(* This is a syntactic nightmare. *)
    letlemma k_dfs_gen_dfs_unfold]:
       k_memb =\lambda A isSome lookupps )
        = simTrans
       actsUpdate: k_ins_def])
       transUpdate = λ
  = λdef
                         aTrans = foldr (transUpdate ec) (k_succs
     in gen_dfs k_succs k_ins k_memb k_empt"

text‹

definition
  mkAlgAuto :: " :: "('
            <Rightarrow> ('mt p\<times obs, 'rep) MapOps
            \<Rightarrow  shows "<xists kupOpsoldrr(sUpdate  ec a'ome
            \<Rightarrow> ('a \<Rightarrow> 'obs \<Rightarrow> 'rep)
            \<Rightarrow> ('a \<Rightarrow> 'rep \<Rightarrow> 'rep list)
            Rightarrow('a \<Rightarrow> 'rep \<Rightarrow> 'aAct list)
>a<Rightarrow 'rep list)
            \<unfoldingnsUpdate_defpdate_defe_defdef
where
  "mkAlgAuto aOps tOps simObs simInit simTrans simAction frontierapply(rule geE)java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
    let auto = alg_dfs aOps tOps (simObs a) (simTrans a) (simAction a)
                       
     in \<lparr> pInit where"imAbs y = sim_equiv_classa('< "
          pTrans = \<lambda>obs ec. the (lookup tOps (aTrans auto) (ec, obs)),
          pAct = \

text_raw\<open>
  \end{
  \caption{The algorithm. The function @{term "the"} projects a value from the
    @{typ " k_invariant_step_new
  \label{fig:kbps-alg-algorithm}
\end{figure}
\<close>
(*<*)
lemma mkAutoSim_simps[simp]:shows"<eiss>ec''. lookup tOps (aTrc''
  "pInit (mkAlgAuto aOps tOps simObs imInitansrontier
  " 🪙
 = (λobs ec. the (lookup tOps (aTrans (alg_dfs aOps tOps (simObs a) (simTrans a) (simAction a)
   have ec': "simAbs ec ∈
  λ apply clarsimp
  unfoldingxin sim_equiv_class a`jkbpC"
  apply (simp_all add: Let_def)
  done

(* Later we want to show that a particular DFS implementation does the
right thing. *)

definition
  alg_mk_auto :
                \<have"
                ==> X)
                ==> show " <> 
                invariant_step_old
where
Ops <>
    (
      pTrans = \      t<> 
      pActec. ookuphus <>lhs
   rparr"

(*>*)
context AlgorithmForAgent
begin

text‹

Theinalna algorithm, with h theconstants inlinednlined, is shownhown in
Figure~\      ec: " next
  correctness.

 ldrrUdate X ) ec, obs) ookp tOps (foldr (tansUdatx) X ) (ec', obs)"
  holds of the result of the DFS:

 ›
(*<*)

abbreviation
  "k_dfs \equiv KBPsA.tOps (simObs a) (simTrans a)applsimp

(* This is a syntactic nightmare. *)

lemma k_dfs_gen_dfs_unfold[simp]:
  "k_dfs = gen_dfs k_succs k_ins k_memb k_emptauto
  g lg_dfs_def_
  apply (fold k_empt_def ( x A)
     ins_def
  done

(*>*)
lemma k_dfs_invariant: "k_invariant k_dfs"
(*<*)
  sings_invariantk_empt k_ins_def
  by simp

(*>*)
text<open

Secondly we can see that the set: ec: "_ and X X: " ec=simAbs"
coincidesartitiontition of @{term "jkbpCimulation
and representation functions

›

lemma k_reachable:
  "simAbs ` KBPAlg.reachable (set (k_frontier a)) = sim_equiv_class a ` jkbpC"
(*<*)(is "?lhs = ?rhs")
proof
  show "?lhs ⊆
  proof
    fix sx assume "sx and KBPAlgreachable_def
    then obtain x
      where x: "x ∈ x="])
        and sx: "simAbs x = sx"
      by auto
    hence "x ∈ simAbs ec' ∈[aancl[where b="rect
                 `` setclarsimp
      unfolding KBPAlg.reachable_def k_frontier_def by simp rec0
    then obtain s iobs
      wheremInit ({ (x, y). y ∈setuccssup"
        and sI: "s ∈
        and iobs: "envObs a s = iobs"
      by auto
    from R x have "simAbs x ∈
    proof(induct arbitrary: sx rule: rtrancl_induct)
      case base
      with sI iobs show ?case btsUpdatdefcal tra
    next
      case (step x y)
      with sI iobs
      have "simAbsk_memb_rep:
        unfolding KBPAlg.reachable_def Image_def k_frontier_defshowN:"k_isNode rec"
        by auto
      then obtain t
        wherecase True aOpsf -
          and F k_ins_def actsUpdate_def
        by auto
      andrec rec = simAbs clarsimp
      have "simAbs y ∈
      thus ?case
        using simTrans[rule_format, where a=a and t=t] tC F by autounfolding k_isNode_def by auto
    qed
     sx show "sx<> ?rhs" by simp
  qed
next
  show "hs>?lhs"
  proof
    fix ec assume "ec <in ?rhs"
    then obtain t
      where tC: "t ∈ initial is partition
        andec =sim_equiv_class
      by auto
    thus "ec ∈
    proof(induct t arbitrary: ec)
      case (tInit s) thus ?case
        unfolding KBPAlgreachable_ (* FIXME ouch this is touchy *) (* context AlgorithmForAgent *)
         k_frontier_def
        apply simp
        apply (rule image_eqI[where x="simInit a (envObs a s)"])
         apply (simp add: simInit jviewInit)
        apply (rule ImageI[where a="simInit a (envObs a s)"])
        apply auto
        
    next
      case (tStep t s)
      hence tsC: "t ↝ s ∈
        and
        and "sim_equiv_class a t
           ∈ simAbs ` DFS.reachable k_succs (set (k_frontier a))"
        by auto
      then obtain rect
        where rectans
          and srect: "simAbs (*>*)
         Aoihm
      from
      have "ec ∈
        using
      then    mkAlgAutosimAction
        where rec: "ec = simAbs rec"
           F: "recapply (auto i: isSome_eq)1]]
        by auto
      from rect obtain rec0
        where rec0: "rec0assumes tC <>kbpC
          and: "(rec0, rect) ∈ tC
        unfolding KBPAlg.reachable_def by auto
      show ?case
        apply -
        ulegqIe =re"]
         apply (rule rec)
        ding
        rulewhere)
         apply( rtrancl_into_rtrancl
          apply (rule rec0rect)
           have ect (nJPt m_equiv_class t"
          (rule F)
         apply (rule rec0)
         done
     qed
   qed
qed
(*>*) simequv__clss a s) ∈Autta)"
text

Leftk_membs A. isSomeup
closure, and rightec A. update cin (TransJP_lgAuto

This resultbyjava.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
representations:

<closefromfs

lemma k_memb_rephave G: simAbsunJP<leadsto
  assumes:
  shows
(*<*)
proof
  from N obtain rec'arsimp
    where r: "rec' ∈c↝" in simObs[rule_format])
       
    unfolding k_isNode_def by (auto iffdone

  from N k_isNode_cong[OF rec', symmetric]
  have N': "k_isNode rec'"
    unfoldingnfolding

  show "k_memb rec k_dfs"
       usingPAlg.achable_imp_dfs[mp_dfs k_frontier_is_node
    apply clarsimp
    apply (subst(frontier
    pply (subst (asm)k_memb_def)
    using k_invariantAODpTranslambdaobs k_mkAlgAuto_ec
    apply (cut_tac='and '=rec k_invariantAODfs_invarianttric
     apply simp_all

     apply (cut_tac ec=rec' and  m_equiv
     apply simp
     using N'
     apply simpgbps-lgorithm
     apply (rule
     ne
qed
(*>*)

end (* context AlgorithmForAgent *)

text<pTrans   owsset>  t = set actJP

This unfolding mkAlgAuto_def
algorithm
our
"Algorithm"} locale, giving them the mandatory prefix ‹

\<close>

lgorithm
        < KBP: AlgorithmForAgent
            jkbp envInit envAction envTrans envVal jview envObs
            jviewInit> (', 'mt 
            simInit  simInit k_dfs \>
(*<*)
  by unfold_locales
(*>*)

context Algorithm
java.lang.StringIndexOutOfBoundsException: Index 64 out of bounds for length 5

abbreviation
  "k_mkAlgAuto ≡c[OF tC])
    mkAlgAuto
(*<*)

lemma k_mkAlgAuto_mkAutoSim_equiv:
  assumes tC: "t ∈ts
  shows
using tC
proof(induct t)
  case (tInit s) thus ?case by simp
next
  case   s)
  hence tCeoremAlgAuto_implementsementsimplements

  from tStep
  have N: "KBP.k_isNode a (runJP k_mkAlgAuto t a)"
    unfolding KBP.withmkAutoSim_implements ?thesis
    by (simp only: mkAutoSim_ec) auto

  from tStep
  have  
    by (simp only: mkAutoSim_ec) auto(fold k_memb_def transUpdate_def

  from tStep
  have java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null
    using simTrans[rule_fo(*<
  then obtain ec
    where ec: "ec ∈ set (simTrans a (runJP k_mkAlgAuto t a))"
      and sec: "simAbs ec = sim_equiv_class a (t ↝ s)"
    by auto

  from tStep
  have F: "envObs a s ∈ simObs ` set (simTransa runJP t a))"
    using simObs[rule_format, where a=a and t="t↝s", symmetric] sec ec by auto wwhere x: "x \in KBPAlgset (k_frontier)"
  from KBP.k_memb_rep[OF N]
   ".membmkAlgAuto) KBP  blast

  have G: "simAbs (runJP k_mkAlgAuto (t ↝ s) a) = sim_equiv_class a (t ↝ s)"
    using KBP.k_invariantTD[OF N E F KBP KBPAlg k_frontier_def
    apply ( simp jviewIncr
    using simTranswhere"simInit aibs, x) ∈ ({ (x, y). y ∈ set (k_succs x)}) set envInit"
     subgoal_tac xinsimAbs ` set (simTrans a (runJP k_mkAlgAuto t a))")
     apply (clarsimp simp: jviewIncr)
     pply cttcaaade=ec'ndt=t'↝
      apply (simp add: jviewIncr)
     ly simp
    apply blast
    done

  from tStep show ?case by (simp only: G mkAutoSim_ec)
qed

(*>*)
text‹

Running the automata produced by the DFS on a canonical trace @{term
" "} yields some representation of the expected equivalence class:

 ›

lemma k_mkAlgAuto_ec:
  assumes tC"t ∈
  shows "simAbs (runJP k_mkAlgAuto t a) = sim_equiv_class a t"
(*<*)
  using k_mkAlgAutOF tC] mkAutoSim_ec[OF tC]
  by simp

(*>*)
text‹

This involves an induction over the canonical trace @{term " "}.

 m "mkAutoSim"} yield the same actions on
  traces follows immediately from this result and the
 :

 close>

  k_mkAlgAuto_mkAutoSim_act_eq:
 
 shows "set ∘ actJP mkAutoSim t"
(*<*)
proofshowhs ?lhs"
  fix a
  let ?ec = "sim_equiv_classproof
  letrec = "runJP k_mkAlgAuto t a"

  from tCthen obtain
    by auto

  from tC E have N: "KBP.= sim_equiv_class a t"
    unfolding KBP.k_isNode_def by (simp add: k_mkAlgAuto_ec[OF "ec ∈

  from KBP.k_memb_rep[OF N]
  have E: "KBP.k_memb ?rec (KBP.k_dfs a)" by blast

  obtain acts
    where "lookupsimp
      and "set acts = set (simAction a ?rec)"
    using KBP.k_invariantAD[OF N E KBP.k_dfs_invariant] it

  thus "(set ∘
    by (auto intro!: jAction_simAbs_cong[OF tC]
               simp: k_mkAlgAuto_ec[OF tC] mkAutoSi
qed
(*>*)

text‹ simAbs ` DFS.reachable k_succs (set (k_frontier a))"

Therefore these two constructions are behaviourally equivalent, and so
the DFS generates an implementation of @{term " "} i te given
 :

 ›srectect_lass

theorem: "implements k"
(*<*)
proof -
  have "behaviourally_equiv mkAutoSim k_mkAlgAuto"
    by rule (simpec rec"
  with mkAutoSim_implements show ?thesis
    by (simp add: behaviourally_equiv_implements)
qed
(*>*)

end (* context Algorithm *)

text‹ ({ (x, y). y ∈*"

Clearly the automata generated by this algorithm are large. We discuss
this issue in \S\ref{sec:kbps-alg-auto-min}.

\FloatBarrier

\<close>

(*<*)
end
(*>*)