Quelle  Rewriting.thy

(*
    Author:   Salomon Sickert
    Author:   Benedikt Seidl
    Author:   Alexander Schimpf (original entry: CAVA/LTL_Rewrite.thy)
    License
*)

section \ >eakening and Strengthening›

theory Rewriting
imports< Adding to the domain of a valuation doesn't change the result ›
  LTL
begin

text ‹
  \begin{itemize}
    \item Constants Removal
    \item @{const Next_ltln}alisation
emficationentual,pureureiversal pendablelas
    \item Syntactic Implication Checking
  \end{itemize}
  It reuses ofL\Rewrite.hyCAVAL_OGBA rthermore, omeeulesrejava.lang.StringIndexOutOfBoundsException: Index 99 out of bounds for length 99
  ><open>"DBLP:conf/cav/SomenziB00"\<close> and \<^cite>\<open>"DBLP:conf/tacas/BabiakKRS12"\<close>. All functions are defined for @{type ltln}.\<close>



subsection \<open>Constant Eliminating Constructors\<close>

definition mk_and
where
  "mk_and x y \<equiv> case x of false\<^sub>n \<Rightarrow> false\<^subthusaseusingrI by simp

definition mk_or
where
  "mk_or x y \<equiv> case x of false\<^sub>n \<Rightarrow> y | truecase_sp1

fun remove_strong_ops
where
  "remove_strong_ops (x U\<^sub>n y) = java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
| "remove_strong_ops (x M\<^sub>n y) = x and\<^sub>n y"
| "remove_strong_ops (x or\<^sub>n y) = remove_strong_ops x or\<^sub>n remove_strong_ops y"
| "remove_strong_ops x = x"

fun remove_weak_ops
where
  "remove_weak_ops (x R\<^sub>n y) = remove_weak_ops y"
| "remove_weak_ops (x W\<^sub>n y) = x or\<^sub>n y"
| "remove_weak_ops (x and\<^sub>n y) = remove_weak_ops x and\<^sub>n remove_weak_ops y"
| "remove_weak_ops x = x"

definition mk_finally
where
  "mk_finally x \<equiv> case x of true\<^sub>n \<Rightarrow> true\<^sub>n | false\<^sub>n \<Rightarrow

definition mk_globally
where
  "mk_globally x \<equiv> case x of thenbtain *<> <rbrakk>~sv1\<and> s = SConsp tyid dc b1 sv1" using eval_v_elims by metis

definition msoof(inductruleeval_educt
where
  "mk_until x y \<equiv> case x of false\<^sub>n \<Rightarrow> y
    | true\<^sub>n \<Rightarrow> mk_finally y
    | _ \<Rightarrow> (case y of true\<^sub>n \<Rightarrow> true\<^sub>n | false\<^sub>n \<Rightarrow> falsecaseval_e_leqI n2

definition mk_release
where
  "mk_release x y \<equiv> case x of true\<^sub>n \<Rightarrow> y
    | false\<^sub>n \<Rightarrow> mk_globally y
    | _ \<Rightarrow> (case y of true\<^sub><Rightarrow> \sub|alse^n \<Rightarrow> false\<^sub>n | _ \<Rightarrow> x R\<sub

until
where
  "mk_weak_until x y \<equiv> case y of true\<^sub>n \<Rightarrow> true\<^sub>n
    | false\<^sub>n \<Rightarrow> mk_globally x
    | \Rightarrow setrue\sub true\<^sub>n | false\<^sub>n \<Rightarrow> _<> x W\<^sub>n y)"

definition mk_strong_releaseeval_e_concatI1v2 )
where
  _e< case y of false\<^sub>n \<Rightarrow> false\<^sub>n
    | true\<^sub>n \<Rightarrow> mk_finally x
    | _ \<Rightarrow> (case x of true\<^sub>n \<Rightarrow> y | false\<^sub>n \<Rightarrow> false\<^sub>n | _ \java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

definition mk_next
where
  "mk_next x \<equiv> usingms roofuct:_nduct

efinition<>X^ubn'\<close>)
where
  "mk_next_pow n x \<equiv> case x of true\<^sub>n \<Rightarrow> true\<^sub>n | false\<^sub>n \<Rightarrow> false\<^sub>n | _ \<Rightarrow>qed(simp.



lemma mk_and_semantics [simp]:
  w \<Turnstile>\<^sub>n mk_and x y \<longleftrightarrow> w \<Turnstile>\<^sub>n x and\<^sub>n y"
  unfolding mk_and_def by (cases x; cases y; simp)

lemma mk_or_semantics [simp]:
  "w \<Turnstile>\<^sub>n mk_or x y \<longleftrightarrow> w \<Turnstile>\<^sub>n x or\<^sub>n y"
  unfolding mk_or_def by (cases x; cases y;       simpssubset_iff

lemma remove_strong_ops_sound [simp]:
  "w \<Turnstile>\<^sub>n F\<^sub>n (remove_strong_ops y) \<longleftrightarrow> w qed
  (induction y arbitrary: w) (auto; force)+

lemma remove_weak_ops_sound [simp]:
  "w \<Turnstile>\<^sub>n G\<^sub>n (remove_weak_ops y) \<longleftrightarrow> w \<Turnstile>assms proofofduct<> rule_induct)
  by (induction y arbitrary: w) (auto; force)+

lemma mk_finally_semantics [simp]:
  "w \<Turnstile>\<^sub>n mk_finally x \<longleftrightarrow> w \<Turnstile>\<^sub>n F\<^sub>n x"
  by (simp add: mk_finally_def del: semantics_ltln.simps(8,9) remove_strong_ops.simps split: ltln.splits)

lemma mk_globally_semantics [simp]:
  "w \<Turnstile>\<^sub>n mk_globally<longleftrightarrow>  Turnstile<sub>n G\<^sub>n x"
  by (simp add: mk_globally_def del: emantics_ltlnltln.imps8, move_weak_opsitsplitsjava.lang.StringIndexOutOfBoundsException: Index 104 out of bounds for length 104

lemma mk_until_semantics [simp]:
  "w \<Turnstile>\<^sub>n mk_until x y \<longleftrightarrow> w \<Turnstile>\<^sub>n x U\<^sub>n y"
proof (cases x)
  case (True_ltln)
    show ?thesis
      unfolding True_ltln mk_until_def
      by (cases y) auto
next
  case (False_ltln)
    thus ?thesis
      by (force simp: mk_until_def)
qed (cases y;forcesimp k_until_def

lemma mk_release_semantics [simp]:
  "w \<Turnstile>\<^sub>n mk_release x y \<longleftrightarrow> w \<Turnstile>\<^sub>n x R\<^   nceatiss ( \mapstos))) c'"
proof (cases x)
  case (False_ltln)
    thus ?thesis
      unfolding ta>  B  ; <Gamma> <> "and"oSet\Gamma <subseteq> toSet \<Gamma>'and" <Theta><'
      by (cases y) auto
next
  case (True_ltln)
    thus ?thesis
      by (force simp: mk_release_def)
qed (cases y; force simp: mk_release_def)+

lemma mk_weak_until_semantics [simp]:
  "w \<Turnstile>\<^sub>n mk_weak_until x y \<longleftrightarrow> w \<Turnstile>\<^sub>n x W\<^sub>n y"
proof (cases y)
  case (False_ltln)
    thus ?thesis
      unfoldingFalse_ltlnk_weak_until_def
      by (cases x) auto
next
  case (True_ltln)
    thus ?thesis
      by (force impk_weak_until_def
qed (cases x; force simp: mk_weak_until_def)+

lemma mk_strong_release_semantics [simp]:
  "w \<Turnstile>\<^sub>n mk_strong_release x y \longleftrightarrow<Turnstile>\<^bn \<subn y"
proof (cases y)
  case (True_ltln)
    show ?thesis
      unfolding True_ltln mk_strong_release_def
      by (cases x) auto
next
  case (False_ltln)
    thushusthesis
      by (force simp:  \<Gamma>" using is_satis_g_restrict[OF assms(2)] wfg s  to
 xforcesimp k_strong_release_def_elease_def+

lemma mk_next_semantics [simp]:
  "w \<Turnstile>\<^sub>n mk_next x \<longleftrightarrow> w  java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
  unfolding mk_next_def by (cases x; auto)

lemma mk_next_pow_semantics [simp]:
  "w \<Turnstile
  by (induction i arbitrary: w; cases x)
     (auto simp: mk_next_pow_def)

lemma mk_next_pow_simp [simp, code_unfold]:
  "mk_next_pow 0 x = x"
  "mk_next_pow 1 x = mk_next x"
  by (cases x; simp add: mk_next_pow_def mk_next_def)+



subsection \<open>Constant Propagation\<close>

n "ltlnRightarrow bool"
where
  "is_constant true\<^sub>n = True"
| "is_constant false\<^sub>n = True"
| is_constant_  alse

lemmais_constant_constructorsI
  "is_constant x \<Longrightarrow> is_constant y \<Longrightarrow> is_constant (mk_and x y)"
  "\<not>is_constant x \<Longrightarrow>\<ot y \<Longrightarrow> \<not>is_constant (mk_and x y)"
  "is_constant x<Longrightarrow> is_constanty \> is_constant(k_or yjava.lang.StringIndexOutOfBoundsException: Index 91 out of bounds for length 91
  "\<not>is_constant x \<Longrightarrow> \<not>is_constant y \<Longrightarrow> \<not>is_constant (mk_or   thus thesisssing_place_inside_full uto
  "is_constant x \<Longrightarrow>  is_constant (mk_finally x)"
  "\<not>is_constant x \<Longrightarrow>  \<not>is_constant (mk_finally x)"
  "is_constant x \<Longrightarrow> is_constant (mk_globally x)"
  "\  hence \<B> \<Gamma> (c1[z::=v]\<subv" using wf_subst1(2)[OF * , of GNil ]  assms subst_gv.simps subst_v_c_def by force
  _nstant\Longrightarrow> is_constant(k_until x)
  "\<not>is_constant x \<Longrightarrow> \notis_constantmk_untilx"
  "is_constant x \<Longrightarrow> is_constant (mk_release y x)"
  "\<not>is_constant x \<Longrightarrow> \<not>is_constant (mk_release y x)"
  "is_constant x \<Longrightarrow> is_constant y \<Longrightarrow> is_constant (mk_weak_until x y)"
  "\<not>is_constant x \<Longrightarrow> \<not>is_constant y \<Longrightarrow> \<not>is_constant (mk_weak_until x y)"
  "is_constant x \<Longrightarrow> is_constant y \<Longrightarrow> is_constant (mk_strong_release x y)"
  "\<not>is_constant x \<Longrightarrow> \<not>is_constant y \<Longrightarrow> \<not>is_constant (mk_strong_release x y)"
s_constant is_constant (mk_next x)"
  "\<not>is_constant x \<Longrightarrow> \<not>is_constant (mk_next x)"
  "is_constant x \<Longrightarrow> is_constant (mk_next_pow n x)"
  by (cases x y imp dmk_and_def_r_deffmk_finally_defglobally_def_til_defmk_release_def_ntil_defk_strong_release_defext_defk_next_pow_def

lemma is_constant_constructors_simps:
  "mk_next_pow n x = false\<^sub>n \<longleftrightarrow> x = false\<^sub>n"
  "mk_next_pow n x = true\<^sub>n \<longleftrightarrow> x = true\<^sub>n"
  "is_constant (mk_next_pow n x) \<longleftrightarrow> is_constant x"
nductionasesx simpaddmk_next_pow_def

lemma is_constant_constructors_simps2:
  "is_constant (mk_and x y) \longleftrightarrow> (x = true\^ub <d   ue<subn \<or> x = false\<^sub>n \<or> y = false\<^sub>n)"
  "is_constant (mk_or x y) \<longleftrightarrow> (x = false\<^sub    \<>   ~ s" and "atom x \<sharp> c" and "  <> s')"
  "is_constant (mk_finally x) \<longleftrightarrow  case(eval_v_pairI1s1v2java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35
  "is_constant   thenhowcaseusingl_vros o
  "is_constant (mk_until y x) \<longleftrightarrow> is_constant x"
  "is_constant (mk_release y x) \<longleftrightarrow> is_constant x"
  "is_constant (mk_next x) \<longleftrightarrow> is_constant x"
  by ((cases x; cases y; simp add: mk_and_def),
      (cases x; cases y; simp add: mk_or_def),
      (meson is_constant_constructorsI)+)

lemma is_constant_constructors_simps3:
  "is_constant (mk_weak_until x y) \<longleftrightarrow> (x = false\<^sub>n \<and> y = false\<^sub>n \<or> x = true\<^sub>n \<or> y = true\<^sub>n)   (  1 n1 n2
  "is_constant (mk_strong_release x y) \<longleftrightarrow> (x = true\<^sub>n \<and> y = true\<^sub>n \<or> x = false\<^sub>n \<or> y = false\<^sub>n)"
  by (cases x; cases y; simp add: mk_weak_until_def next

lemma is_constant_semantics:
  "is_constant \<phi> \<Longrightarrow> ((\<forall>w. w \<Turnstile>\<^sub>n \<phi>) \<or> \<not>(\<exists>w. case(l_c_falseIi
  by (cases \<phi>) auto

lemma until_constant_simp:
  "is_constant \<psi> \<Longrightarrow> w \<Turnstile>\<^sub>n \<phi>
  by (cases \<psi>) auto

lemma release_constant_simp:
  "is_constant \<psi> \<Longrightarrow> w \<Turnstile>\<^sub>n \<phi> java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  by (cases \<psi>) auto

lemma mk_next_pow_dist:
  "mk_next_pow(  )\<phi> = mk_next_pow i (mk_next_pow j \<phi>
  ses j; impcases<>; impdmk_next_pow_defw_addsimpdunpow_swap1

lemma mk_next_pow_until:
  "suffix (min i j) w \<Turnstile>\<^sub>n (mk_next_pow ( -jn (mk_next_pow (j- i) <> \<longleftrightarrow> w \<Turnstile>\<^sub>n (mk_next_pow i \<phi>) U\<^sub>n (mk_next_pow j \<psi>)"
  by (simp add: mk_next_pow_dist min_def add.commute)

lemma mk_next_pow_release:
  "suffix (min i j) w \<Turnstile>\\>
  by (simp add: mk_next_pow_dist min_def add.commute)

subsection \<open>X-Normalisation\<close>

text \<open>The following rewrite functions pulls the X-operator up in the syntax tree. This preprocessing
  step enables the removal of X-operators in front| boxed_b_BBoolI:"wfRCV Pbool<> boxed_b P s B_bool _ _ 
  removedarspossibleclose

fun the_enat_0 :: "enat \<Rightarrow> nat"
where
  "the_enat_0 i = i"
| "the_enat_0 \<infinity> = 0"

lemma the_enat_0_simp [simp]:
  "the_enat_0 0 = 0"
  "the_enat_0 1 = 1"
  by (simp add: zero_enat_def one_enat_def)+

fun combine :: "('a ltln \<Rightarrow> 'a  \in tist
where
  "combine binop (\<phi>, i) (\<psi>, j) = (
    let
      \<chi> = binop (mk_next_pow (the_enat_0 (i - j)) \<phi>) (k_next_pow_0  \psi)
    in
      (\<chi>, if is_constant \<chi> then \<infinity> else min i j))"

lemma fst_combine:
  "fst (combine binop (\<phi>, i) (\<psi>, j)) = binop (mk_next_pow (the_enat_0 (i - j)) \<phi>) (mk_next_pow (the_enat_0 (j - i)) \<psi>)"
  unfolding combine.simps by (meson fstI)

abbreviation to_ltln :: "('a ltln * enat) \<Rightarrow> 'a ltln"
where
  "to_ltln x \<equiv> mk_next_pow (the_enat_0 (snd x)) (fst x)"

fun rewrite_X_enat :: "'a ltln \<Rightarrow> ('a ltln * enat)"
where
  "rewrite_X_enat true\<^sub>n = (true\<^sub>n,java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
| "write_X_enat alse<sub>n = false\<^sub>n, \<infinity>)"
| "rewrite_X_enat prop\<^sub>n(a) = (prop\<^sub>n(a), 0)"
| "rewrite_X_enat nprop\<^sub>n(a) = (nprop\<^sub  thentainand  where<pen(dc, \<lbrace> x2 : b2  | c2 \<rbrace>) \<in> set dclist2\<close>  
| "rewrite_X_enat (\<phi> and    :>dc, \<lbrace> x2 : b2  | c2 \<rbrace>) \<in> set dclist2\<close> using boxed_b_BConspI using ** by simp
| ave\<>a2gresh_Pairsey tis
| "rewrite_X_enat (\<phi> U\<^sub>n \<psi>) = combine mk_until (rewrite_X_enat \<phi>) (rewrite_X_enat \<psi>)"
| "rewrite_X_enat (\<phi> R\<^sub>n \<psi>) = combine mk_releasemoreoverhavebvab1\^sub>\<subb=2b1<sub>b<sub>b"  using wfTh_typedef_poly_b_eq_iff * 2 boxed_b_BConspI by metis
| "rewrite_X_enat (\<phi> W\<^sub>n \<psi>) = combine mk_weak_until (rewrite_X_enat \<phi>) (rewrite_X_enat \<psi>)"
| "rewrite_X_enat (\<phi> M\<^sub>n \<psi>) = combine mk_strong_release (rewrite_X_enat \<phi>) (rewrite_X_enat \<psi>) qed
| "rewrite_X_enat (X\<^sub>n \<phi>) = (\<lambda>(\<phi>, n). (\<phi>, eSuc n)) (rewrite_X_enat \<phi>)"

definition
  "rewrite_X \<phi> = to_ltln (rewrite_X_enat \<phi>)"

lemma combine_infinity_invariant:
  assumes "i = \<infinity> \<longleftrightarrow> is_constant x"
  assumesumes \infinity<longleftrightarrow is_constant 
  bine_nd iy=z  <>( \> \<longleftrightarrow> is_constant z)"
    and "combine mk_or (x, i) (y, j) = (z, k) \<Longrightarrow> (k = \<infinity> \<longleftrightarrow> is_constant z)"
     combinee_il,) j) =,k<>(k = \<infinity> \<longleftrightarrow>is_constantconstantstanttz
    and "combine mk_release(i)(jk\< (k = \<infinity> \<longleftrightarrow> s_constant
    and "combine mk_weak_until (x, i) (y, j) = (z, k) \<Longrightarrow> (k = \<infinity> \<longleftrightarrow> is_constant z)"
    and "combine mk_strong_release (x,) yj ( <> \infinity<>is_constant z)"
  by (cases i; cases j; simp add: assms Let_def; force intro: is_constant_constructorsI)+

lemma combine_and_or_semantics
  assumes "i = \<infinity> \<longleftrightarrow> is_constant \<phi>"
  assumes "j = \<infinity> \<longleftrightarrow> is_constant \<psi>"
  showsTurnstile\<^sub>n to_ltln (combine mk_and (\<phi> (psi )longleftrightarrow \><^sub>n to_ltln (\<phi>, i) and\^no_ltln \psi> )
    and "w \<Turnstile>\<^sub>n to_ltln (combine mk_or (\<phi xed_b_ex
  by ((cases i; cases j; simp add: min_def is_constant_constructors_simpsis_constant_constructors_simps2_structors_simps2sjava.lang.StringIndexOutOfBoundsException: Index 113 out of bounds for length 113
      (cases \<psi>; insert assms; auto),
      (cases \<phi>; insert assms; auto),
      (blast elim!: is_constant.elims)  qed

lemma  case(um
  assumes " =<> \ongleftrightarrowtarroww s_constant>
  assumes "j = \<infinity> \<longleftrightarrow> is_constant caseue
  shows "w \<Turnstile>\<^sub>n to_ltln (combine mk_until (\<phi>, i) (\<psi>, j)) \<longleftrightarrow> w \<Turnstile>\<^sub>n to_ltln (\<phi>, i) U\<^sub>n to_ltln (\<psi>, j
    
  by ((cases i; cases j; simp add: is_constant_constructors_simps is_constant_constructors_simps2
       until_constant_simp release_constant_simp mk_next_pow_until mk_next_pow_release del: semantics_ltln.simps),
      (blast dest: is_constant_semantics),
      es<> impadd sms)
      (cases \<phi>; insert assms; auto simp: add.commute))+

(* TODO this proof is a bit slow and could be optimized *)
lemma combine_weak_until_strong_release_semantics
  assumes java.lang.NullPointerException
  assumes "j = ∞ ⟷
  shows java.lang.NullPointerException
    andsh?caseef ases "var
  by ((cases i; cases j; simp add: min_def SCons tyid dc s1 : B_idV. 
      (cases φ; simp add: assms),
      (cases ψ; insert assms; auto simp: add.commute))+



lemma rewrite_X_enat_infinity_invariant:
  "snd (wt__enat φ ⟷ is_constant (fst (rewrit_XX_entφ
proof (induction φ)
  ase (Andltln φ)
     ??case
      by (simp add: combine_infinity_invariant[OF And_ltln(1,2), unfolded prod.collapse])
next
  case (Or_ltln φ ψ)
    thus ?case
      by (simp add: combine_infinity_invariant[OF Or_ltln(1,2), unfolded prod.collapse])
next
  case (Until_ltln φs dclist" uto
    thus ?case
      by (simp add: combine_infinity_invariant[OF Until_ltln(1,2), unfolded prod.collapsejava.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7
next
  case (Release_ltln φ)
    thus ?case
      by (simp add: combine_infinity_invariant[OF Release_ltln(1,2), unfolded prod.collapse])
next
  case (WeakUntil_ltln φ ψ)
    thus ?case
      by (simp add: combine_infinity_invariant_ypid subst_bbps
next
  case (StrongRelease_ltlnphiψ)
    thus ?case
      by (simp add: combine_infinity_invariant[OF StrongRelease_ltln(1,2), unfolded prod.collapse])
next
  case (Next_ltln φ
    thuscase
      by ( add split_def) (metis eSuc_inject
qed auto

lemma e b1^b_bb=[:bdc>" using bdc subst_bb_commute ‹
   Tur>\\<^sub>n φ w ⊨n to_ltln (rewrite_X_enat φ)"
  (induction φ arbitrary: w)
 (n φ)
  ?case
 using combine_and_or_semantics[OF rewrite_X_enat_infinity_invariant rewrite_X_enat_infinity_invariant] by fastforce
 
 case (Or_ltln φ ψ
 thus ?case
 using combine_and_or_semantics[OF rewrite_X_enat_infinity_invariant rewrite_X_enat_infinity_invariant] by fastforce
 
 case (Until_ltln φ usin boxed_b td_lookup_eq_iff type_def.eeq_iff
 thus ?case
 unfolding rewrite_X_enat.simps combine_until_release_semantics[OF rewrite_X_enat_infinity_invariant rewrite_X_enat_infinity_invariant, unfolded prod.collapse] by fastforce
   \<openAF_typedef_polyse T\\›
  case (Release_ltln φ ψ)
    thus ?case
      unfolding rewrite_X_enat.simps combine_until_release_semantics[OF rewrite_X_enat_infinity_invariant rewrite_X_enat_infinity_invariant, unfolded prod.collapse] by fastforce
next
  case (WeakUntil_ltln φ ψ)
    thus ?case
      unfolding rewrite_X_enat.simps combine_weak_until_strong_release_semantics[OF rewrite_X_enat_infinity_invariant rewrite_X_enat_infinity_invariant, unfolded prod.collapse] by fastforce
next
  case (StrongRelease_ltln φ ψ)
    thus ?case
      unfolding rewrite_X_enat.simps combine_weak_until_strong_release_semantics[OF rewrite_X_enat_infinity_invariant rewrite_X_enat_infinity_invariant, unfolded prod.collapse] by fastforce
next
  case caseNext_ltln>)
  moreover
    have " w ⊨_n to_ltln (rewrite_X_enat (X_n φ)) ⟷ suffix 1 w ⊨_n to_ltln (rewrite_X_enat φ)"
      ( addsplit_def<> \noteq<>"
         (auto simp: eSuc_def, auto simp: rewrite_X_enat_infinity_invariant eSuc_def dest: is_constant_semantics<open>x1 c1<in<closebyauto
    ultimately
    show ?case
       ps
qed auto

lemma rewrite_X_sound [simp]:
  "w ⊨_n rewrite_X φ ⟷ w ⊨_n φ"
  using rewrite_X_enat_correct unfolding rewrite_X_def Let_def by auto

subsection ‹

  pure_eventual :: "'a ltln ==> bool"
 
 "pure_eventual true_n = True"
  "pure_eventual false_n = True"
java.lang.NullPointerException
  "pure_eventual (μ or_n μ') = (pure_eventual μ ∧ pure_eventual μ')"
  "pure_eventual (μ U_n μ') = (μ = true_n ∨ pure_eventual μ')"
  "pure_eventual (μ R_n μ') = (pure_eventual μ ∧ pure_eventual μ')"
  "pure_eventual (μ
java.lang.NullPointerException
  "pure_eventual (X_n μ) = pure_eventual μ"
  "pure_eventual _ = False"

  pure_universal :: "'a ltln ==>
 
java.lang.NullPointerException
  "pure_universal false_n = True"
  "pure_universal (ν and| show ?case pr p(cas "b =B_var bv")
 case True
  "pu (ν (pure_univers\nu\<> 
  "pure_universal (ν R_n ν') = (ν = false_n ∨ pure_universal ν')"
  "pure_universal (ν using "local.*".*" wfRCV_ by fastf
java.lang.NullPointerException
  "pure_universal (X_n ν) = pure_universal ν"
  "pure_universal _ = False"

  suspendable :: "'a ltln ==> bool"
 
 "suspendable true_n = True"
java.lang.NullPointerException
  "suspendable (ξ and_n ξ') = (suspendable ξas"wfI T \<>[
  "suspendable (ξ or_n ξ') = (suspendable ξ ∧ suspendable ξ"∃<> 
  "suspendable (φ U_n ξ) = (φ = true_inductΓ
  "suspendable (φ R_n ξ
  "suspendable (φ W_n ξ) = (suspendable φ ∧ suspendable ξ ∨ pure_eventual φ ∧
  "suspendable (φ M_n ξ) = (suspendable φ ∧ suspendable ξ ∨ pure_universal φ ∧ ξ 1:"Some s = i x'' ∧^sub>b" using wfI_def s s.simpsby auto
  "suspendable (X_n ξ) = suspendable ξ"
  "suspendable _ = False"

 pure_eventual_left_append:
 "pure_eventual μ ==>'"u GC w subst_gb. by forc
  (induction μ arbitrary: u w)
 case (Until_ltln μ μ')
 moreover
 then obtain i where "suffix i w ⊨_n μ'"
 by auto
 hence "μ = true_n ==> ?case"
 simp met suffix_con suff)
 moreover
 "T ; Γa> i'" using 3" by auto
java.lang.NullPointerException
 hence "pure_eventual μ' ==> ?case"
 by force
 ultimately : 
 show ?case
 by fastforce
 
 case (Release_ltln μ μ')
 thus ?case
 
 (metis linear suffix_conc_snd gr0I not_less0 prefix_suffix suffix_0)+
 
 case (WeakUntil_ltln μ μ')
 thus ?case
 by (cases "∀i. suffix i w ⊨_arbitrarys2s2' rule: : boxedb.inducts )
 (metis zero_le le0 nat_le_linear prefix_suffix suffix_0 suffix_conc_length suffix_conc_snd suffix_subseq_join)+
 
 case (StrongRelease_ltln μ μ')
 moreover
 then obtain i where "suffix i w ⊨metis
 by auto
java.lang.StringIndexOutOfBoundsException: Index 36 out of bounds for length 36
 by simp (metis suffix_conc_length suffix_suffix)
 moreover
 have "pure_eventual μ ==> pure_eventual μ' ==> (u ⌢ w) ⊨ auto
 by (metis ‹suffix i w ⊨case (boxed_b P s uw ux)
 hence "pure_eventual μ hence " "s2 = s2'" using boxed_b_elims by metis
 by force
 ultimately
 show ?case
 by fastforce
  (autq hence "s2 = s2'"'" using boxed_ by me

  pure_universal_suffix_closed:
java.lang.StringIndexOutOfBoundsException: Index 71 out of bounds for length 52
  (induction ν arbitrary: u w)
 case (Until_ltln νboxed_b_B tyid dclistP dcdc x b cs1 bv b'bvb' ' s1')
 hence "∃i. suffix i (u ⌢ w) ⊨_n ν' ∧ (∀j<i. suffix j (u ⌢ w) ⊨_n ν)"
 using semantics_ltln.simps(8) by blast
 thus?cas
 by simp (metis Until_ltln(1-3) le_0_eq le_eq_less_or_eq le_less_linear prefix_suffix pure_universal.simps(5) suffix_conc_fst suffix_conc_snd)
 
 case (Release_ltln ν ν')
 moreover
 hence "∀i. suffix i (u ⌢ w) ⊨_n ν' ∨ (∃j<i. suffix j ∧dc2, {"using boxed_b_(6)[OF boxe6)] metis
 by simp
 ultimately
 show ?case
 by simp (metis semantics_ltln.simps(2) not_less0 prefix_suffix suffix_0 suffix_conc_length suffix_suffix)
 
 case (WeakUntil_ltln ν ν')
 moreover
 hence "∀i. suffix i (u ⌢ w) ⊨
 by simp
 ultimately
 show ?case
 by simp (metis (full_types) le_antisym prefix_suffix semantics_ltln.simps(2) suffix_0 suffix_conc_length suffix_suffix zero_le)
 
 case (StrongRelease_ltln ν ν')
 hence "∃i. suffix i (u ⌢ w) ⊨_* bsimp
 using semantics_ltln.simps(11) by blast
 thus ?case
 by simp (metis StrongRelease_ltln(1-3) diff_is_0_eq nat_le_linear prefix_conc_length prefix_suffix pure_universal.simps(8) subsequence_length suffix_conc_snd suffix_subseq_join)
 
 case (Next_ltln μ)
 thus ?case
 by (metis prefix_suffix pure_universal.simps(9) semantics_ltln.simps(7) semiring_normalization_rules(24) suffix_conc_length suffix_suffix)
  auto

  suspendable_prefix_invariant:
 "suspendable ξ ==> (u ⌢ w) ⊨_n ξ ⟷ w ⊨_n
  (induction ξ arbitrary: u w)
 case (Until_ltln ξ ξ')
 
 proof (cases "suspendable ξ'")
 case False
 hence "ξ = true_n" and "pure_universal ξ'"
 using Until_ltln by simp+
 thus ?thesis
 by (simp; metis (no_types) linear pure_universal_suffix_closed suffix_conc_fst suffix_conc_length suffix_conc_snd suffix_suffix)
 qed (simp; metis Until_ltln(2) not_less0 prefix_suffix)
 
 case (Release_ltln ξ ξ')
 show ?case
 proof (cases "suspendable ξ'")
 case False
 hence "ξ = false_n" and "pure_eventual ξ'"
 using Release_ltln by simp+
 thus ?thesis
 by (simp; metis (no_types) le_iff_add add_diff_cancel_left' linear pure_eventual_left_append suffix_0 suffix_conc_fst suffix_conc_snd)
 qed (simp; metis Release_ltln(2) not_less0 prefix_suffix)
 
 case (WeakUntil_ltln ξ ξ')
 show ?case
 proof (cases "suspendable ξ ∧ suspendable ξ'")
 case False
 hence "ξ' = false_n" and "pure_eventual ξ"
 using WeakUntil_ltln by simp+
 thus ?thesis
 by (simp; metis (no_types) le_iff_add add_diff_cancel_left' linear pure_eventual_left_append suffix_0 suffix_conc_fst suffix_conc_snd)
 qed (simp; metis (full_types) WeakUntil_ltln.IH prefix_suffix)
 
 case (StrongRelease_ltln ξ ξ')
 show ?case
 proof (cases "suspendable ξ ∧ suspendable ξ'")
 case False
java.lang.NullPointerException
 using StrongRelease_ltln by simp+
 thus ?thesis
 by (simp; metis (no_types) linear pure_universal_suffix_closed suffix_conc_fst suffix_conc_length suffix_conc_snd suffix_suffix)
 qed (simp; metis (full_types) StrongRelease_ltln.IH(1) StrongRelease_ltln.IH(2) prefix_suffix)
  (simp_all, metis prefix_suffix)

  pure_eventual_until_simp:
 assumes "pure_eventual μ"
 shows "w ⊨_n φ U_n μ ⟷ w ⊨_n μ"
  -
 have "∧i. suffix i w ⊨_n μ ==> w ⊨_n μ"
 using pure_eventual_left_append[OF assms] prefix_suffix by metis
 thus ?thesis
 by force
 

  pure_universal_release_simp:
 assumes "pure_universal ν"
 shows "w ⊨_n φ R_n ν ⟷")
  -
java.lang.NullPointerException
 using pure_universal_suffix_closed[OF assms] prefix_suffix by metis
 thus ?thesis
 by force
 

  pure_universal_weak_until_simp:
 assumes "pure_universal φ" and "pure_universal ψ"
 shows "w ⊨_n φ W_n ψ ⟷ w ⊨
  -
 have "∧
 using assms pure_universal_suffix_closed prefix_suffix by metis+
 thus es "\lbrakk🚫
 by force
 

  pure_eventual_strong_release_simp:
 assumes "pure_eventual φ" and "pure_eventual ψ"
 shows "w ⊨_n φ M_n ψ ⟷ w ⊨assume Γ[\rbrakk>~ s" and i [ '" an"wfV \ThetaB<>v
  -
 have "∧i. suffix i w ⊨_n φ ==> w ⊨_n φ" and "∧i. suffix i w ⊨_n ψ ==> w ⊨_n ψ"
 using assms pure_eventual_left_append prefix_suffix by metis+
 thus ?thesis
 by force
 


  suspendable_formula_simp:
 assumes "suspendable ξ"
 shows "w ⊨_n X_n ξ ⟷ w ⊨_bvb' s'"
 and "w ⊨_n φ U₍nominal_ind v arbitra: s b rule:.st)
 and "w ⊨_n φ R_n ξ ⟷ case (V_lit l)
  -
 have "∧i. suffix i w ⊨_n ξ ⟷ w ⊨_n ξ"
 using suspendable_prefix_i
 thus ?t1 ?t2 ?t3
 by force+
 

  suspendable_formula_simp2:
 assumes "suspendable φ" and "suspendable ψ"
 shows "w ⊨_n φ W_n ψ "Some s = i x ∧ s' = i' x" using eval_v_elims subst_vb.simps by metis
 and "w ⊨n φ M_n ψ ⟷ w ⊨_n φ and_" (is ?t2)
  -
java.lang.NullPointerException
 using assms suspendable_prefix_invariant prefix_suffix by metis+
 thus ?t1 ?t2
  force+
 

  rewrite_modal :: "'a ltln ==> 'a ltln"
 
 "rewrite_modal true_n = true s1' ∧ s' = SPair s1' s2'" using eval_v_elims V_pair by metis
  "rewrite_modal false_n = false (SPair s1 s2) (B_pair b1 b2) bv b' (SPair s1' 2) " proof(rule boxed_b_BPairI)
  "rewrite_modal (φ and bo <>s1
  " show "boxed_b Θ bv b' s2'" using V_pair eval_v_elims wfV_elims b s s b.e by metis
java.lang.NullPointerException
  "rewrite_modal (φn ψ) = (if pure_universal \<psi  suspendable ψ\psi> else (rewrite_modal \<> 
  "rewrite_modal (φ W_n ψ
  "rewrite_modal (φ M_n ψ(V_cons tyi dc v1)
  "rewrite_modal (X_n φ) = (if suspendable φ then rewrite_modal φ else X_n (rewrite_modal φ))"
  "rewrite_modal φ = φ"

  rewrite_modal_sound [simp]:
 "w ⊨_n rewrite_ using wfV_elims(4)[OF V_cons(5)] V_cons by metis
  (induction φ arbi obtain s2 where s2: "s = SCons tyid dc s2 \ \<and   (v1[bv::=b']_b) ]~ s2" using eval_v_elims V_cons subst_vb.simps by
 case (Until_ltln φ ψ)
 thus ?case
 apply (cases "pure_eventual ψ ∨ suspendable ψ")
 apply (insert pure_eventual_until[of ψ[of ψ
 apply fastforce+
 done
 
 case (Release_ltln φ ψ)
 thus ?case
 apply (cases "pure_universal 🚫) ∈
 apply (insert pure_universal_release_simp[of ψ] suspendable_formula_simp[of ψ])
 apply fastforce+
 done
 
 case (WeakUntil_ltln φ)
 thus ?case
 apply (cases "pure_universal φ ∧ pure_universal ψ ∨ suspendable φ ∧ suspendable ψ")
 apply (insert pure_universal_weak_until_simp[of φ ψ] suspendable_formula_simp2[of φ ψ])
 apply fastforce+
 done
 
 case (StrongRelease_ltln φ ψ)
 thus ?case
 apply (cases "pure_eventual φ ∧ pure_eventual ψ ∨ suspendable φ ∧ suspendable ψc, \lbrace 2: 2 |c \rbrace)\<n  Θ ⊨w_f v1:2bv2::b]_b"
 apply (insert pure_eventual_strong_release_simp[of φ ψ] suspendable_formula_simp2[of φ ψ])
  fastforce+
 done
 
 case (Next_ltln φ)
 thus ?case
 apply (cases "suspendable φ")
 apply (insert suspendable_formula_simp[of φ])
 apply fastforce+
 done
  auto

  rewrite_modal_size:
 "size (rewrite_modal φ eval_v_elims V_consp by metis
 by (induction φ) auto

  ‹

  syntactical_implies :: "'a ltln ==> 'a ltln ==> bool" (‹ = AF_typedef_poly tyid bv3 dclist3 ∧
 
java.lang.NullPointerException
  "false_n ⊨_[where tm="(b1, bv, b' s2, s2')')"] by metis
  "φ = φ ==>

  "φ ==> and_<urns>_s χ"
  "ψ ⊨_s χ ==> (φ and_n ψ) ⊨_s χ"
  "φ ⊨_s ψ ==> φ ⊨_s χ ==> φ ⊨ e__CosI[f b3lit Θ

  "φ ⊨s ψ ==> φ ⊨<> 
  "φ ⊨₍, \<brace 
  "φ \     "to v ♯

  "φ ==> ⊨s (ψ U₎"
  "φ ⊨_s χ ==> ψ ⊨
  "φ ⊨_s χ ==> ψ ⊨

  "χ ⊨_s φ ==> (ψdbq_:
  "χ_phi> ==> χ ⊨_s ψ ==> χ ⊨^sub>s (φ R_n ψ
java.lang.NullPointerException

  "(false_n R_n φ) ⊨
  "φ ⊨ e::ce
  "φ ⊨_s ψ ==> (X_n φ) ⊨_s (X_n ψ)"

  syntactical_implies_correct:
java.lang.NullPointerException
 by (induction arbitrary: w rule: syntactical_implies.induct; auto; force)

  rewrite_syn_imp
 
 "rewrite_syn_imp (φ x)
 if φ ⊨_s ψ then
 rewrite_syn_imp φ
 else if ψ ⊨_s φ then
 rewrite_syn_imp ψ
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.NullPointerException
 else
 mk_and (rewrite_syn_imp φ) (rewrite_syn_imp ψ))"
  "rewrite_syn_imp (φ or_n ψ) = (
 if φ ⊨_s ψ then
 rewrite_syn_imp ψ
 else if ψ ⊨_s φ then
 rewrite_syn_imp φ
 else if (not_n φ) ⊨\<      by
 true_n
 else
 mk_or (rewrite_syn_imp φ
  "rewrite_syn_imp (φ U_n ψ) = (
 if φ ⊨_s ψ then
 rewrite_syn_imp ψ
 else if (not_'"s' SNum (n1' + n2') ∧ v \rbrakkSNu n2" useval_e Plus CE_op ‹
 mk_finally (rewrite_syn_imp ψ)
 else
 mk_until (rewrite_syn_imp φ) (rewrite_syn_imp ψ))"
  "rewrite_syn_imp (φ R_n ψ) = (
 if ψ ⊨_s φ then
 rewrite_syn_imp ψ
 else if ψ ⊨_s (not_n φ) then
 mk_globally (rewrite_syn_imp ψ)
 else
 mk_release (rewrite_syn_imp φ) (rewrite_syn_imp ψ))"
  "rewrite_syn_imp (X_n φ) = mk_next (rewrite_syn_imp φ)"
  "rewrite_syn_imp φ = φ"

  rewrite_syn_imp_sound:
 "w ⊨_n rewrite_syn_imp φ ⟷ w ⊨_n φ"
  (induction φ arbitrary: w)
 case And_ltln
 thus ?case
 by (simp add: Let_def; metis syntactical_implies_correct not_{n_semantics})
 
 case (Or_ltln φ ψ)
 moreover
java.lang.NullPointerException
 by (auto intro: syntactical_implies_correct[of "not_n φ"])
 moreover
 have "(not_n ψ) ⊨_s φ ==> ∀w. w ⊨_n φ or_n ψ"
 by (auto intro: syntactical_implies_correct[of "not_:wfCE Θ" sing w wfCE_elims CE_op ‹
 ultimately
 show ?case
 by (auto intro: syntactical_implies_correct)
 
 case (Until_ltln φ ψ)
 moreover
 have "φ ⊨_s ψ ==> ?case"
 by (force simp add: Until_ltln dest: syntactical_implies_correct)
 moreover
 {
 assume A: "(not_n φ) ⊨_s ψ" and B: "¬ φ ⊨_s ψ"
 hence [simp]: "rewrite_syn_imp (φ U_n ψ) = mk_finally (rewrite_syn_imp ψ)"
 by simp
 {
 assume "∃i. suffix i w ⊨_n ψ"
 moreover
 define i where "i ≡ LEAST i. suffix i w ⊨_n ψ"
 ultimately
 have "∀j < i
 by (blast dest: not_less_Least , metis LeastI ‹
 hence "∀j < i. suffix j w ⊨_n φ" and "suffix i w ⊨_n ψ"
 using syntactical_implies_correct[OF A] by auto
 }
 hence ?case
 by (simp del: rewrite_syn_imp.simps; unfold Until_ltln(2)) blast
 }
 ultimately
 show ?case
 by fastforce
 
 case (Release_ltln φnext
 moreover
 have "ψ ⊨_s φ ==> ?case"
 by (force simp add: Release_ltln dest: syntactical_implies_correct)
 moreover
 {
 assume A: "ψ ⊨_s (not_n φ)" and B: "¬ ψ ⊨_s φ"
 hence [simp]: "rewrite_syn_imp (φ R_n ψ) = mk_globally (rewrite_syn_imp ψ)"
 by simp
 {
 assume "∃hence *:"b = B_bool" " using CE_op wfCE_elims \open>opp = Eq›
 moreover
  i where "i \equiv> LEAST i. ¬>n\<>"
 ultimately
 have "∀j < i. suffix j w ⊨_n ψ" and "¬ suffix i w ⊨_n ψ"
 by (blast dest: not_less_Least , metis LeastI ‹∃i. ¬suffix i w ⊨_n ψ› i_def)
 hence "∀j < i. ¬suffix j w ⊨_n φ" and "¬ suffix i w ⊨_n ψ"
 using syntactical_implies_correct[OF A] by auto
 }
 hence ?case
 by (simp del: rewrite_syn_imp.simps; unfold Release_ltln(2)) blast
 }
 ultimately
 show ?case
 by fastforce
  auto

  ‹Iterated Rewriting›

  iterate
 
 "iterate f x 0 = x"
  "iterate f x (Suc n) = (let x' = f x in if x = x' then x else iterate f x' n)"

 
 "rewrite_iter_fast φ ≡ "boxed_b Θ b n n' CE_o by m

 
 "rewri \phi\<equiv 

  ‹The rewriting functions defined in the previous subsections can be used as-is. However, in the
 most cases one wants to iterate these rules until the formula cannot be simplified further.
 @{const rewrite_iter_fast} pulls X operators up in the syntax tree and the uses the
 "modal" simplification rules. @{const rewrite_iter_slow} additionally tries to simplify the
 formula using syntactic implication checking.›

  iterate_sound:
 assumes "∧φ. w ⊨_n f φ ⟷ w ⊨_n φ"
 shows "w ⊨_n iterate f φ n ⟷
 by (induction n arbitrary: φ; simp add: assms Let_def)

  rewrite
java.lang.NullPointerException
 using iterate_sound[of _ "rewrite_modal o rewrite_X"]
 unfolding comp_def rewrite_modal_sound rewrite_X_sound rewrite_iter_fast_def
 by bla

  rewrite_iter_slow_sound [simp]:
 "w ⊨_n rewrite_iter_slow φ ⟷ w ⊨_n φ"
  itera[of _ "rewrite_syn_im orewri o rewrite_X"]
 unfolding comp_def rewrite_modal_sound rewrite_X_sound rewrite_syn_imp_sound rewrite_iter_slow_def
 by blast

  ‹Preservation of atoms›

  iterate_atoms:
 assumes
 ms_ltln (f 🚫 sin boxed_wfCEelim s s' CE_con
 shows
 "atom (iterate f \phin)⊆
 by (induction n arbitrary: φ) (auto, metis (mono_tags, lifting) assms in_mono)

  rewrite_modal_atoms:
 "atoms_ltln (rewrite_modal φ) ⊆ atoms_ltln φ"
 by (in \phi) auto

  mk_and_atoms:
 "atoms_ltln (mk_and φ ψ) ⊆ atoms_ltln φ ∪ atoms_ltln ψ"
 by (auto simp: mk_and_def split: ltln.splits)

  mk_or_atoms:
 "atoms_ltln (mk_or φ ψ) ⊆ atoms_ltln φ ∪ atoms_ltln ψ"
 by (auto simp: mk_or_def split: ltln.splits)

  remove_strong_ops_atoms:
 "atoms_ltln (remove_strong_ops φ) ⊆ atoms_ltln φ"
 by (induction φ) auto

  remove_weak_ops_atoms:
 "atoms_ltln remove_ \phi ⊆
 by (induction φ) auto

  mk_finally_atoms:
 "atoms_ltln (mk_finally φ) ⊆ atoms_ltln φ"
 by (auto simp: mk_finally_def split: ltln.splits) (insert remove_strong_ops_atoms, fast+)

  mk_globally_atoms:
 "atoms_ltln (mk_globally φ) ⊆
 by (auto simp: mk_globally_def split: ltln.splits) (insert remove_weak_ops_atoms, fast+)

  mk_until_atoms:
 "atoms_ltln (mk_until φ ψ) ⊆ atoms_ltln φ ∪ atoms_ltln ψ"
 by (auto simp: mk_until_def split: ltln.splits) (insert mk_finally_atoms, fastforce+)

 mk_release_atoms:
 "atoms_ltln (mk_release φ ψ) ⊆ atoms_ltln φ ∪ atoms_ltln ψ"
 by (auto simp: mk_release_def split: ltln.splits) (insert mk_globally_atoms, fastforce+)

  mk_weak_until_atoms:
 "atoms_ltln (mk_weak_until φ ψ) ⊆ atoms_ltln φ ∪ atoms_ltln ψ"
 by (auto simp: mk_weak_until_def split: ltln.splits) (insert mk_globally_atoms, fastforce+)

  mk_strong_release_atoms:
 "atoms_ltln (mk_strong_release φ ψ) ⊆ atoms_ltln φ ∪ atoms_ltln ψ"
 by (auto simp: mk_strong_release_def split: ltln.splits) (insert mk_finally_atoms, fastforce+)

  mk_next_atoms:
 "atoms_ltln (mk_next φ) = atoms_ltln φ"
 by (auto simp: mk_next_def split: ltln.splits)

  s1 where s: "i[" u CE_len eval_e_ subst_c.simps by metis
 "atoms_ltln (mk_next_pow n φ) = atoms_ltln φ"
 by (induction n) (auto simp: mk_next_pow_def split: ltln.splits)

  combine_atoms:
 assumes
 "∧φ ψ. atoms_ltln (f φ ψ) ⊆
 shows
 "atoms_ltln (fst (combine f x y)) ⊆ atoms_ltln (fst x) ∪ atoms_ltln (fst y)"
 by (metis assms fst_combine mk_next_pow_atoms prod.collapse)

  combine_mk_atoms =
 combine_atoms[OF mk_and_atoms]
 combine_atoms[OF mk_or_atoms]
 combine_atoms[OFOF mk_until_ato]
 combine_atoms[OF mk_release_atoms]
 combine_atoms[OF mk_weak_until_atoms]
 combine_atoms[OF mk_strong_release_atoms]

 rewrite_X_enat_atoms:
 "atoms_ltln (fst (rewrite_X_enat φ)) ⊆ atoms_ltln φ"
 by (induction φ) (simp_all add: case_prod_beta, insert combine_mk_atoms, fast+)

  rewrite_X_atoms:
 "atoms_ltln (rewrite_X φ) ⊆ atoms_ltln φ"
 by (induction φ) (simp_all add: rewrite_X_def mk_next_pow_atoms case_prod_beta, insert combine_mk_atoms, fast+)

  rewrite_syn_imp_atoms:
java.lang.NullPointerException
  (induction φ)
 case (And_ltln φ1 φ2)
 then show ?case
 using mk_and_atoms by simp fast
 
 case (Or_ltln φ1 φ2)
 then show ?case
 using mk_or_atoms by simp fast
 
 case (Next_ltln φ)
 then show ?case
 using mk_next_atoms by simp fast
 
 case (Until_ltln φ1 φ2)
 then show ?case
 using mk_finally_atoms mk_until_atoms by simp fast
 
 case (Release_ltln φ1 φ2)
 then show ?case
 using mk_globally_atoms mk_release_atoms by simp fast
  simp_all

 :
 "atoms_ltln (rewrite_iter_fast φ) ⊆ atoms_ltln φ"
  -
 have 1: "∧φ. atoms_ltln (rewrite_modal (rewrite_X φ)) ⊆
 using rewrite_modal_atoms rewrite_X_atoms by force

 show ?thesis
 by (simp add: rewrite_iter_fast_def 1 iterate_atoms)
 

  rewrite_iter_slow_atoms:
 "atoms_ltln (rewrite_iter_slow φ (Cconjc1 c2)
  -
 have 1: "∧ φ
 using rewrite_syn_imp_atoms rewrite_modal_atoms rewrite_X_atoms by force

 show ?thesis
 by (simp add: rewrite_iter_slow_def 1 iterate_atoms)
 

  ‹\andusCconj eval_c_elim(3) bymet

  ‹We now define a convenience wrapper for the rewriting engine›

  mode = Nop | Fast | Slow

  simplify :: "mode ==> 'a ltln ==> 'a ltln"
 
 "simplify Nop = id"
  "simplify Fast = rewrite_iter_fast"
  "simplify Slow = rewrite_iter_slow"

  simplify_correct:
java.lang.NullPointerException
 by (cases m) simp+

  simplify_atoms:
 "atoms_ltln (simplify m φ) ⊆ atoms_ltln φ"
 by (cases m) (insert rewrite_iter_fast_atoms rewrite_iter_slow_atoms, fastforce+)

  ‹Code Generation›

  syntactical_implies .

  simplify checking

  "rewrite_iter_fast (F_n (G_n (X_n prop_n(''a'')))) = (F_n (G_n prop_n(''a'')))"
 by eval

java.lang.NullPointerException
 by eval

  "rewrite_iter_slow (X_n prop_n(''a'') U₌b₍6) subst_cb.ssim(7) me
 by eval