Ziele Untersuchung
mit Columbo Integrität von
Datenbanken Interaktion und
Portierbarkeit Ergonomie der
Schnittstellen

Angebot Produkte Projekt Beratung

Mittel Analytik Modellierung Sprachen Algebra Logik Hardware Denken Kreativität

Zusammenhänge Gesellschaft Wirtschaft Branche Firma

Benutzer


products/Sources/formale Sprachen/Isabelle/Archive-of-Formal-Proofs/thys/LTL/ Datei vom 31.4.2026 mit Größe 59 kB

Quelle LTL.thy

Sprache: Isabelle

(*
    Author:   Salomon Sickert
    Author:   Benedikt Seidl
    Author:   Alexander Schimpf (original entry: CAVA/LTL.thy)
    Author:   Stephan Merz ((*
    License:  BSD
*)

section ‹Linear Temporal Logic›

theory LTL
imports
  Main "HOL-Library.Omega_Words_Fun"
begin

text ‹This theory provides a formalisation of linear temporal logic. It provides three variants:
\begin{enumerate}
\item LTL with syntactic sugar. This variant is the semantic reference and the included parser
generates ASTs of this datatype.
\item LTL in negation normal form without syntactic sugar. This variant is used by the included
rewriting engine and is used for the translation to automata (implemented in other entries).
\item LTL in restricted negation normal form without the rather uncommon operators ``weak until''
and ``strong release''. It is used by the formalization of Gerth's algorithm.
\item PLTL. A variant with a reduced set of operators.
\end{enumerate}
This theory subsumes (and partly reuses) the existing formalisation found in LTL\_to\_GBA and
Stuttering\_Equivalence and unifies them.›

subsection ‹LTL with Syntactic Sugar›

text ‹Benedikt Seidl
This formalizserves as a reference semantics.›/PLTL)

subsubsection:  BSD

datatypeatoms_ltlc:')ltlc =
    True_ltlc(‹›
  | False_ltlc(‹)
| Prop_ltlc 'a (‹This theory provides a formalisation of linear temporal logic. It provides three variants:
| Not_ltlc "'a ltlc" (‹ [85] 85)
| And_ltlc "'a ltlc" "'a ltlc" (‹ is the semantic r reference and the included p
| Or_ltlc "'a ltlc" "'a ltlc" (‹_ or_c _› [81,81] 80)
| Implies_ltlc "'a ltlc" "'a ltlc" (‹
| Next_ltlc "'a ltlc" (‹
| Final_ltlc "'a ltlc" (‹F_c _› [88] 87)
| Global_ltlc "'a ltlc" (‹Ga (implemente in other entries).
| Until_ltlc "'a ltlc" "'a ltlc" (‹_ U_c _› [84,84] 83)
| Release_ltlc "'a ltlc" "'a ltlc" (‹
| WeakUntil_ltlc "'a ltlc" "'a ltlc" (‹_ W_c _› [84,84] 83)
| StrongRelease_ltlc "'a ltlc" "'a ltlc" (‹_ M_c _› [84,84] 83)

Iff_ltlc (‹_ iff_c _›

"φ iff_c ψ ≡ (φ implies_c ψ) and_c (ψ implies_c φ)"

‹

java.lang.NullPointerException

"ξ ⊨_c true_c = True"
"ξ ⊨_c false_Stuttering_Equivalence and un them.›
"ξ ⊨_c prop_c(q) =
"<>
"ξ ⊨_c φ and_c ψ = (ξ ⊨_c φ ∧ ξ ⊨_c ψ)"
"ξ ⊨_c φ or_c ψ = (ξ ⊨_c φ ∨ ξ ⊨_c ψ)"
"ξ ⊨_c φ implies_c ψ = (ξ ⊨_c φ ⟶ ξ ⊨_c ψ)"
"ξ ⊨_c X_c φ = (suffix 1 ξ ⊨_c φ)"
"ξ ⊨_c FThformserves as a re semantic<closelose
"ξSyntax\\>
java.lang.NullPointerException
java.lang.NullPointerException
"ξ ⊨_c φ W_c ψ = (∀| False (‹
xi> \Turnstile_i sufi ξ> ∧. ssuffix j \xi>⊨"

semantics_ltlc_sugar [simp]:
"ξ ⊨_c φ iff_c ψ = (ξ ⊨_c φ ⟷ ξ ⊨_c ψ)"
"ξ ⊨_c F_c φ = ξ ⊨_c (true_c U_c φ)"
"ξ ⊨_c G_c φ = ξ ⊨_c (false_c R_c φ)"
by (auto simp add: Iff_ltlc_def)

"language_ltlc φ ≡ {ξ. ξ ⊨_c φ}"

language_ltlc_negate[simp]:
"language_ltlc (not_c φ) = - language_ltlc φ"
unfolding language_ltlc_def by auto

ltl_true_or_con[simp]:
"ξ ⊨_c prop_c(p) or_c (not_c prop_c(p))"
by auto

ltl_false_true_con[simp]:
"ξ ⊨_c not_c true_c ⟷ ξ ⊨_c false_c"
by auto

ltl_Next_Neg_con[simp]:
"ξ ⊨_c X_c (not_c φ) ⟷ ξ ⊨_c not_c X_c φ"
by auto

― ‹The connection between dual operators›

ltl_Until_Release_con:
"ξ ⊨_c φ R_c ψ ⟷ (¬ ξ ⊨_c (not_c φ) U_c (not_c ψ))"
java.lang.NullPointerException
by auto

ltl_WeakUntil_StrongRelease_con:
"ξ ⊨_c φ W_c ψ ⟷ (¬ ξ ⊨_c (not_c φ) M_c (not_c ψ))"
"ξ ⊨ltlc" "'a ltlc" (‹
by auto

― ‹The connection between weak and strong operators›

ltl_Release_StrongRelease_con:
"ξ ⊨_c φ R_c ψ ⟷ | Or_ltlc "'altlc" "'a l ltlc" (‹
java.lang.NullPointerException
safe
assume asm: "ξ ⊨_c φ R_c ψ"

show "ξ ⊨_c (φ M_c ψ) or_c (G_c ψ)"
java.lang.NullPointerException
case False

then obtain i where "¬ suffix i ξ ⊨_c ψ" and "∀j<i. suffix j ξ ⊨_c ψ"
using exists_least_iff[of "λi. ¬ suffix i ξ ⊨_c ψ "a llt" (‹

then show ?thesis
using asm by force
qed simp

assume asm: "ξ ⊨_c (φ R_c ψ) and_c (F_c φ)"

then show "ξ ⊨_c φ M_c ψ"
proof (cases "ξ ⊨_c F_c φ")
case True

then obtain i where "suffix i ξ ⊨_c φ" and "∀j<i. ¬ suffix j ξ ⊨_c φ"
using exists_least_iff[of "λi. suffix i ξ ⊨_c φ"] by force

then show ?thesis
using asm by force
qed simp
(unfold semantics_ltlc.simps; insert not_less, blast)+

ltl_Until_WeakUntil_con:
"ξ ⊨_c φ U_c ψ ⟷ ξ ⊨_c (φ W_c ψ) and_c (F_c ψ)"
\<xi c φ⟷<phi ψ (G🚫
safe
assume asm: "ξ ⊨_c (φ W_c ψ) and_c (F_c ψ)"

then show "ξ ⊨_c φ U_c ψ"
proof (cases "ξ ⊨_c F_c ψ")
case True

then obtain i where "suffix i ξ ⊨_c ψ" and "∀j<i. ¬ suffix j ξ ⊨_c ψ"
using exists_least_iff[of "λi. suffix i ξ ⊨_c ψ"] by force

then show ?thesis
using asm by force
qed simp

java.lang.NullPointerException

then show "ξ ⊨_c (φ U_c ψ) or_c (G_c
java.lang.NullPointerException
case False

then obtain i where "¬ suffix i ξ ⊨_c φ" and "∀j<i. suffix j ξ ⊨_c φ"
using exists_least_iff[of "λi. ¬ suffix i ξ ⊨_c φ"] by force

then show ?thesis
using asm by force
qed simp
(unfold semantics_ltlc.simps; insert not_less, blast)+

ltl_StrongRelease_Until_con:
"ξ ⊨_c φ M_c ψ ⟷ ξ ⊨_c ψ U_c (φ and_c ψ)"
using order.order_iff_stribauto

ltl_WeakUntil_Release_con:
java.lang.NullPointerException
(meson ltl_Release_StrongRelease_con(1) ltl_StrongRele ltl_Until_(2) semantics_ltl.simps(6))

"pw_eq_on S w w' ≡ ∀i. w i ∩"['a set word, 'a ltlc] \Rightarrowbool" (\open_🚫

pw_eq_on_refl[simp]: "pw_eq_on S w w"
and pw_eq_on_sym: "pw_eq_on S w w' ==> pw_eq_on S w' w"
and pw_eq_on_trans[trans]: "[pw_eq_on S w w'; pw_eq_on S w' w''] ==> pw_eq_on S w w''"
unfolding pw_eq_on_def by auto

pw_eq_on_suffix:
"pw_eq_on S w w' ==> pw_eq_on S (suffix k w) (suffix k w')"
by (simp add: pw_eq_on_def)

pw_eq_on_subset:
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
by (auto simp add: pw_eq_on_def)

ltlc_eq_on_aux:
"pw_eq_on (atoms_ltlc φ) w w' ==>>c pprop\<^>c
(induction φ arbitrary: w w')
case Until_ltlc
thus ?case
by simp (meson Un_upper1 Un_upper2 pw_eq_on_subset pw_eq_on_suffix)

case Release_ltlc
thus ?case
by simp (metis Un_upper1 pw_eq_on_subset pw_eq_on_suffix sup_commute)

case WeakUntil_ltlc
thus ?case
by simp (meson pw_eq_on_subset pw_eq_on_suffix sup.cobounded1 sup_ge2)

case StrongRelease_ltlc
thus ?case
by simp (metis Un_upper1 pw_eq_on_subset pw_eq_on_suffix pw_eq_on_sym sup_ge2)

case (And_ltlc φ ψ)
thus ?case
by simp (meson Un_upper1 inf_sup_ord(4) pw_eq_on_subset)

case (Or_ltlc φ ψ)
thus ?case
by simp (meson Un_upper2 pw_eq_on_subset sup_ge1)

case (Implies_ltlc φ ψ)
thus ?case
by simp (meson Un_upper1 Un_upper2 pw_eq_on_subset[of "atoms_ltlc _" "atoms_ltlc φ ∪ atoms_ltlc ψ"] pw_eq_on_sym)
(auto simp adddd: pw_eq_on_def; metis suffix_nth)+

ltlc_eq_on:
"pw_eq_on (atoms_ltlc φ) w w' ==>🚫
using ltlc_eq_on_aux pw_eq_on_sym by blast

suffix_comp: "(λi. f (suffix k w i)) = suffix k (f o w)"
by auto

suffix_range: "∪(range ξ) ⊆ APs ==> ∪(range (suffix k ξ)) ⊆ APs"
by auto

map_semantics_ltlc_aux:
assumes "inj_on f APs"
assumes "∪(range w) ⊆ APs"
assumes "atoms_ltlc φ ⊆ APs"
shows "w ⊨_c φ ⟷ (λi. f ` w i) ⊨_c map_ltlc f φ"
using assms(2,3)
(induction φ arbitrary: w)
case (Prop_ltlc x)
thus ?case using assms(1)
by (simp add: SUP_le_iff inj_on_image_mem_iff)

case (Next_ltlc φ)
show ?case
using Next_ltlc(1)[of "suffix 1 w", unfolded suffix_comp comp_def] Next_ltlc(2,3) apply simp
by (metis Next_ltlc.prems(1) One_nat_def ‹[∪(range (suffix 1 w)) ⊆ APs; atoms_ltlc φ ⊆ APs] ==> suffix 1 w ⊨_c φ = suffix 1 (λx. f ` w x) ⊨_c map_ltlc f φ› suffix_range)

case (Final_ltlc φ)
thus ?case
using Final_ltlc(1)[of "suffix _ _", unfolded suffix_comp comp_def, OF suffix_range] by fastforce

case (Global_ltlc)
thus ?case
using Global_ltlc(1)[of "suffix _ w", unfolded suffix_comp comp_def, OF suffix_range] by fastforce

case (Until_ltlc)
thus ?case
using Until_ltlc(1,2)[of "suffix _ w", unfolded suffix_comp comp_def, OF suffix_range] by fastforce

case (Release_)
thus ?case
using Release_ltlc(1,2)[of "suffix _ w", unfolded suffix_comp comp_def, OF suffix_range] by fastforce

case (WeakUntil_ltlc)
thus ?case
using WeakUntil_ltlc(1,2)[of "suffix _ w", unfolded suffix_comp comp_def, OF suffix_range] by fastforce

case (StrongRelease_ltlc)
?case
using StrongRelease_ltlc(1,2)[of "suffix _ w", unfolded suffix_comp comp_def, OF suffix_range] by fastforce
simp+

"map_props f APs ≡ {i. ∃p∈APs. f p = Some i}"

map_semantics_ltlc:
assumes INJ: "inj_on f (dom f)" and DOM: "atoms_ltlc φ ⊆ dom f"
_^sub>c map_ltlc ( (the o f) \phi
-
let ?ξr = "λi. ξ i ∩ atoms_ltlc φ"
let ?ξr' = "λi. ξ i ∩ dom f"

have 1: "∪(range ?ξr) ⊆ atoms_ltlc φ" by auto

have INJ_the_dom: "inj_on (the o f) (dom f)"
using assms
by (auto simp: inj_on_def domIff)
note 2 = inj_on_subset[OF this DOM]

have 3: "(λi. (the o f) ` ?ξr' i) = map_props f o ξ" using DOM INJ
apply (auto intro!: ext simp: map_props_def domIff image_iff)
by (metis Int_iff domI option.sel)

have "ξ ⊨_c φ ⟷ ?ξr ⊨_c φ"
apply (rule ltlc_eq_on)
apply (auto simp: pw_eq_on_def)
done
also from map_semantics_ltlc_aux[OF 2 1 subset_refl]
have "…_c φ>i. suffix i ξ>🚫
also have "… ⟷ (λi. (the o f) ` ?ξr' i) ⊨_c map_ltlc (the o f) φ"
apply (rule ltlc_eq_on) using DOM INJ
apply (auto simp: pw_eq_on_def ltlc.set_map domIff image_iff)
by (metis Int_iff contra_subsetD domD domI inj_on_eq_iff option.sel)
also note 3
finally show ?thesis .

map_semantics_ltlc_inv:
assumes INJ: "inj_on f (dom f)" and DOM: "atoms_ltlc φ ⊆ dom f"
shows "ξ "ξc 🚫
using map_semantics_ltlc[OF assms]
apply simp
apply (intro ltlc_eq_on)
apply (auto simp add: pw_eq_on_def ltlc.set_map map_props_def)
by (metis DOM comp_apply contra_subsetD domD option.sel vimage_eq)

‹LTL in Negation Normal Form›

‹We define a type of LTL formula in negation normal form (NNF).›

‹Syntax›

(atoms_ltln: 'a) ltln =
True_ltln (‹true_n›)
| False_ltln (‹false_n›sub>c \psi (\<>i jξc φ
| Prop_ltln 'a (‹prop_n'(_')›)
| Nprop_ltln 'a (‹nprop_n'(_')›)
| And_ltln "'a ltln" "'a ltln" (‹_ and_n _› [82,82] 81)
| Or_ltln "'a ltln" "'a ltln" (‹_ or_n _› [84,84] 83)
| Next_ltln "'a ltln" (‹X_n _› [88] 87)
| Until_ltln "'a ltln" "'a ltln" (‹_ U_n _› [84,84] 83)
| Release_ltln "'a ltln" "'a ltln" (‹_ R_n _› [84,84] 83)
| WeakUntil_ltln "'a ltln" "'a ltln" (‹_ W_n _› [84,84] 83)
| StrongRelease_ltln "'a ltln" "'a ltln" (‹_ M_n _› [84,84] 83)

finally_n :: "'a ltln ==> 'a ltln" (‹F_n _› [88] 87)

"F_n φ ≡ true_n U_n φ"

java.lang.NullPointerException

globally_n :: "'a ltln ==> 'a ltln" (‹G_n _› [88] 87)

"G_n φ ≡ false_n R_n φ"

(input) globally_n (‹\<xistsj

‹Semantics›

semantics_ltln :: "['a set word, 'a ltln] ==> bool" (‹_ ⊨_n _› [80,80] 80)

"ξ ⊨_n true_n = True"
"ξ ⊨_n false_n = False"
"ξ ⊨_n prop_n(q) = (q ∈ ξ 0)"
"ξ ⊨_n nprop_n(q) = (q ∉ ξ 0)"
"ξ ⊨_n φ and_n ψ = (ξ ⊨_n φ ∧ ξ ⊨_n ψ)"
"ξ ⊨_n φ or_n ψ = (ξ ⊨_n φ ∨ ξ ⊨_n ψ)"
"ξ ⊨_n X_n φ = (suffix 1 ξ ⊨_n φ)"
"ξ ⊨_n φ U_n ψ = (∃i. suffix i ξ ⊨_n ψ ∧ (∀j<i. suffix j ξ ⊨_n φ))"
"ξ ⊨_n φ R_n ψ = (∀i. suffix i ξ ⊨_n ψ ∨ (∃j<i. suffix j ξ ⊨_\xi> \Turnstile_<xi> ⊨
"ξ ⊨_n φ W_n ψ = (∀i. suffix i ξ ⊨_n φ ∨ (∃j≤i. suffix j ξ ⊨_n ψ))"
"ξ ⊨_n φ M_n ψ = (∃i. suffix i ξ ⊨_n φ ∧ (∀j≤i. suffix j ξ ⊨_n ψ))"

"language_ltln φ ≡ {ξ. ξ ⊨_n φ}"

semantics_ltln_ite_simps[simp]:
"w ⊨_n (if P then true_n else false_n) = P"
"w ⊨_n (if P then false_n else true_n) = (¬P)"
by simp_all

‹Conversion›

ltlc_to_ltln' :: "bool ==> 'a ltlc ==> 'a ltln"

"ltlc_to_ltln' False true_c = true_n"
"ltlc_to_ltln' False false_c = false_n"
"ltlc_to_ltln' False prop_c(q) = prop_n(q)"
"ltlc_to_ltln' False (φ and_c ψ) = (ltlc_to_ltln' False φ) and_n (ltlc_to_ltln' False ψ)"
"ltlc_to_ltln' False (φ
java.lang.NullPointerException
"ltlc_to_ltln' False (F_c φ) = true_n Uiff_> 🚫
"ltlc_to_ltln' False (G_c φ) = false_n R_n (ltlc_to_ltln' False φ)"
"ltlc_to_ltln' False (φ U_c ψ) = (ltlc_to_ltln' False φ) U_n (ltlc_to_ltln' False ψ)"
"ltlc_to_ltln' False (φ R_c ψ) = (ltlc_to_ltln' False φ) R_n (ltlc_to_ltln' False ψ)"
"ltlc_to_ltln' False (φ W_c ψ) = (ltlc_to_ltln' False φ) W_n (ltlc_to_ltln' False ψ)"
"ltlc_to_ltln' False (φ M_c ψ) = (ltlc_to_ltln' False φ) M_n (ltlc_to_ltln' False ψ)"
"ltlc_to_ltln' True true_c = false_n"
"ltlc_to_ltln' True false_c = true_n"
"ltlc_to_ltln' True prop_c(q) = nprop_n(q)"
"ltlc_to_ltln' True (φ and_c ψ) = (ltlc_to_ltln' True φ) or_n (ltlc_to_ltln' True ψ)"
"ltlc_to_ltln' True (φ or_c ψ) = (ltlc_to_ltln' True φ) and_n (ltlc_to_ltln' True ψ)"
"ltlc_to_ltln' True (φ implies_c ψ) = (ltlc_to_ltln' False φ) and_"ξ^ubc F\<<^
"ltlc_to_ltln' True (F_c φ) = false_n R_n (ltlc_to_ltln' True φ)"
"ltlc_to_ltln' True (G_c φ) = true_n U_n (ltlc_to_ltln' True φ)"
"ltlc_to_ltln' True (φ U_c ψ) = (ltlc_to_ltln' True φ) R_n (ltlc_to_ltln' True ψ)"
"ltlc_to_ltln' True (φ R_c ψ) = (ltlc_to_ltln' True φ) U_n (ltlc_to_ltln' True ψ)"
"ltlc_to_ltln' True (φ W_c ψ) = (ltlc_to_ltln' True φ) M_n (ltlc_to_ltln' True ψ)"
"ltlc_to_ltln' True (φ M_c ψ) = (ltlc_to_ltln' True φ) W_n (ltlc_to_ltln' True ψ)"
"ltlc_to_ltln' b (not_c φ) = ltlc_to_ltln' (¬ b) φ"
ξcφ\<^>c

ltlc_to_ltln :: "'a ltlc ==> 'a ltln"

"ltlc_to_ltln φ = ltlc_to_ltln' False φ"

ltln_to_ltlc :: "'a ltln ==> 'a ltlc"

"ltln_to_ltlc true_n = true_c"
"ltln_to_ltlc false_n = false_c"
"ltln_to_ltlc prop_n(q) = prop_c(q)"
"ltln_to_ltlc nprop_n(q) = not_c (prop_c(q))"
"ltln_to_ltlc (φ and_n ψ) = (ltln_to_ltlc φ and_c ltln_to_ltlc ψ)"
"ltln_to_ltlc (φ or_n ψ) = (ltln_to_ltlc φ or_c ltln_to_ltlc ψ)"
"ltln_to_ltlc (X_n φ) = (X_c ltln_to_ltlc φ)"
java.lang.NullPointerException
"tln_to_ltlc (φl 🚫
"ltln_to_ltlc (φ W_n ψ) = (ltln_to_ltlc φ W_c ltln_to_ltlc ψ)"
"ltln_to_ltlc (φ M_n ψ) = (ltln_to_ltlc φ M_c ltln_to_ltlc ψ)"

ltlc_to_ltln'_correct:
java.lang.NullPointerException
java.lang.NullPointerException
"size (ltlc_to_ltln' True φ) ≤ 2 * size φ"
"size (ltlc_to_ltln' False φ) ≤ 2 * size φ"
by (induction φ arbitrary: w) simp+

nguage_ltlc (not_c φ) = - language_ltlc φ"
"w ⊨_n ltlc_to_ltln φ ⟷ w ⊨_c φ"
using ltlc_to_lt_correct by by auto

ltlc_to_ltln_size:
"size (ltlc_to_ltln φ) ≤
using ltlc_to_ltln'_correct by simp

ltln_to_ltlc_semantics [simp]:
java.lang.NullPointerException
by (induction φ arbitrary: w) simp+

ltlc_to_ltln_atoms:
"atoms_ltln (ltlc_to_ltln φ) = atoms_ltlc φ"
-
have "atoms_ltln (ltlc_to_ltln' True φ) = atoms_ltlc φ"
"atoms_ltln (ltlc_to_ltln' False φ) = atoms_ltlc φ"
by (induction φ) simp+
thus ?thesis
by simp

‹Negation›

not_n

"not_n true_n = false_n"
"not_n false_n = true_n"
java.lang.NullPointerException
java.lang.NullPointerException
lemma l ltl_false_[simp]:
"not_n (φ "ξsub>c no_^sb>c false\^>c"
"not_n (X_n φ) = X_n (not_n φ)"
"not_n (φ U_n ψ) = (not_n φ) R_n (not_n ψ)"
"not_n (φ R_n ψ) = (not_n φ) U_n (not_n ψ)"
java.lang.NullPointerException
"not_n (φ"ξ X🚫

not_{n_semantics}[simp]:
"w ⊨_n not_n φ ⟷ ¬ w ⊨_n φ"
by (induction φ arbitrary: w) auto

not_{n_size}:
"size (not_n φ) = size φ"
by (induction φ) auto

‹Subformulas›

subfrmlsn :: "'a ltln ==> 'a ltln set"

"subfrmlsn (φ and_n ψ) = {φ and_n ψ} ∪ subfrmlsn φ ∪ subfrmlsn ψ"
"subfrmlsn (φ or_n ψ) = {φ or_n ψ} ∪ subfrmlsn φ ∪ subfrmlsn ψ"
"subfrmlsn (X_n φ) = {X_n φ} ∪ subfrmlsn φ"
"subfrmlsn (φ U_n ψ) = {φ U_n ψ} ∪ subfrmlsn φ ∪ subfrmlsn ψby auto

java.lang.NullPointerException
"subfrmlsn (φ M_n ψ) = {φ M_n ψ} ∪ subfrmlsn φ ∪
"subfrmlsn φ = {φ}"

subfrmlsn_id[simp]:
"φ ∈ subfrmlsn φ"
by (induction φ

subfrmlsn_finite:
"finite (subfrmlsn φ)"
by (induction φ) auto

subfrmlsn_card:
"card (subfrmlsn φ) ≤ size φ"
by (induction φ) (simp_all add: card_insert_if subfrmlsn_finite, (meson add_le_mono card_Un_le dual_order.trans le_SucI)+)

subfrmlsn_:
java.lang.NullPointerException
by (induction φ) auto

subfrmlsn_size:
"ψ ∈ subfrmlsn φ ==> size ψ < size φ ∨ ψ = φ"
by (induction φ) auto

"size_set S ≡ sum (λx. 2 * size x + 1) S"

size_set_diff:
"finite S ==> S' ⊆ S ==> size_set (S - S') = size_set S - size_set S'"
using sum_diff_nat finite_subset by metis

‹Constant Folding›

U_consts[intro, simp]:
"w ⊨_n φ U_n true_n"
"¬ (w ⊨_n φ U_n false_n)"
"(w ⊨_n false_n U_n φ) = (w ⊨_n φ)"
by force+

R_consts[intro, simp]:
"w ⊨_n φ RM_xi 🚫
"¬ (w ⊨_n φ R_n false_n)"
"(w ⊨_n true_n R_n φ) = (w ⊨_n φ)"
by force+

W_consts[intro, simp]:
"w ⊨_n true_n W_n φ"
"w ⊨_n φ W_n true_n"
"(w ⊨_n false_n W_n φ) = (w ⊨_n φ)"
"(w ⊨_n φ W_n false_n) = (w ⊨_n G_n φ)"
by force+

M_consts[intro, simp]:
"¬ (w ⊨_n false_n M_n φ)"
"¬ (w ⊨_n φ M_n false_n)"
"(w ⊨_n true_n M_n φ) = (w ⊨_n φ)"
"(w ⊨_n φby auto
by force+

‹Distributivity›

until_and_left_distrib:
java.lang.NullPointerException

assume "w ⊨_n φ₁ U_n ψ and_n φ₂ U_n ψ"

then obtain i1 i2 where "suffix i1 w ⊨_>\<^>c^sub>c (φ Mψ_>)"
by auto

then have "suffix (min i1 i2) w ⊨_n ψ ∧ (∀j<min i1 i2. suffix j w ⊨_n φ₁ and_n φ₂)"
by (simp add: min_def)

then show "w ⊨_n (φ₁ and_n φ₂) U_n ψ"
by force
auto

until_or_right_distrib:
"w ⊨_n φ U_n (ψ₁ or_n ψ₂) ⟷ w ⊨_n (φ U_n ψ₁) or_n (φ U_n ψ₂)"
by auto

release_and_right_distrib:
"w ⊨_n φ R_n (ψ₁ and_n ψ₂) ⟷ w ⊨_n (φ R_n ψ₁) and_n (φ R_n ψ₂)"
by auto

release_or_left_distrib:
"w ⊨_n (φ₁ or_n φ₂) R_n ψ ⟷ w ⊨_n (φ₁ R_n ψ) or_n (φ₂ R_n ψ)"
by (metis not_n.simps(6) not_n.simps(9) not_{n_semantics} until_and_left_distrib)

strong_release_and_right_distrib:
"w ⊨_n φ M_n (ψ₁ and_n ψ₂) ⟷ w ⊨_n (φ M_n ψ₁) and_n (φ M_n ψ₂)"

assume "w ⊨_n (φ M_n ψ₁) and_n (φ M_n ψ₂)"

then obta roof safe
by auto

then have "suffix (min i1 i2) w ⊨>🚫
by (simp add: min_def)

then show "w ⊨_n φ M_n (ψ₁ and_n ψ₂)"
by force
auto

strong_release_or_left_distrib:
"w ⊨
java.lang.NullPointerException

weak_until_and_left_distrib:
"w ⊨_n (φ₁ and_n φ₂) W_n ψ ⟷ w ⊨_n (φ₁ W_n ψ) and_n (φ₂ W_n ψ)"
by auto

weak_until_or_right_distrib:
java.lang.NullPointerException
by (metis not_n.simps(10) not_n.simps(6) not_{n_semantics} strong_release_and_right_distrib)

next_until_distrib:
"w ⊨_n X_n (φ U_n ψ) ⟷ w ⊨_n (X_n φ) U_n (X_n ψ)"
by auto

next_release_distrib:
"w ⊨_n X_n (φ R_n ψ) ⟷ w ⊨_n (X_n φ) R_n (X_n ψ)"
by auto

next_weak_until_distrib:
"w ⊨_n X_n (φ W_n ψ) ⟷ w ⊨_n (X_n φ) W_n (X_n ψ)"
by auto

next_strong_release_distrib:
"w ⊨_n X_n (φ M_n ψ) ⟷ w ⊨_n (X_n φ) M_n (X_n ψ)"
by auto

‹ exists_lest_iff[of "λ> suf i ξ>c ψ

finally_until[simp]:
"w ⊨_n F_n (φ U_n ψ) ⟷ w ⊨_n F_n ψ"
by auto force

globally_release[simp]:
"w \\>n G_> w ⊨ ψ
by auto force

globally_weak_until[simp]:
"w ⊨_n G_n (φ W_n ψ) ⟷ w ⊨_n G_n (φ or_n ψ)"
by auto force

finally_strong_release[simp]:
"w ⊨_n F_n (φ M_n ψ) ⟷ w ⊨_n F_n (φ and_n ψ)"
by auto force

‹Weak and strong operators›

ltln_weak_strong:
java.lang.NullPointerException
"w \<Turnstile _\^>n ψn (φn \psi
auto
fix i
assume "∀i. suffix i w ⊨_n φ ∨ (∃j≤i. suffix j w ⊨_n ψ)"
and "∀i. suffix i w ⊨_n ψ ⟶ (∃j<i. ¬ suffix j w ⊨_n φ)"

then show "suffix i w ⊨_n φ"
by (induction i rule: less_induct) force

fix i k
assume "∀j≤i. ¬ suffix j w ⊨_n ψ"
and "suffix k w ⊨_n ψ"
and "∀j<k. suffix j w ⊨_n φ"

then show "suffix i w ⊨_n φ"
by (ca

fix i
java.lang.NullPointerException
and "∀i. suffix i w ⊨_n φ ⟶ (∃j≤i. ¬ suffix j w ⊨_n ψ)"

then show "suffix i w ⊨T
by (induction i rule: less_induct) force

fix i k
"🚫
and "suffix k w ⊨_n φ"
and "∀j≤k. suffix j w ⊨_n ψ"

then show "suffix i w ⊨_]b for
by (cases "i ≤ k") simp_all

ltln_strong_weak:
"w ⊨_n φ U_n ψ ⟷ w ⊨_n (F_n ψ) and_n (φ W_n ψ)"
java.lang.NullPointerException
java.lang.NullPointerException

ltln_strong_to_weak:
java.lang.NullPointerException
"w \qed
using ltln_weak_strong by simp_all blast+

ltln_weak_to_strong:
"[w ⊨_n φ
"[w ⊨_<subc ψ(φc ψ (F\^>c \psi)"
"[w ⊨_n φ R_n ψ; ¬ w ⊨_n G_n ψ] ==> w ⊨_n φ M_n ψ"
"[w ⊨_n φ R_n ψ; w ⊨_n F_n φ] ==> w ⊨_n φ M_n ψ"
unfolding ltln_weak_strong[of w φ ψ] by auto

ltln_StrongRelease_to_Until:
"w ⊨_n φ M_n ψ ⟷ w ⊨_n ψ U_n (φ\<i W_phi U_<^su>c φ
using order.order_iff_strict by auto

ltln_Release_to_WeakUntil:
"w ⊨_n φ R_n ψ ⟷ w ⊨_n ψ W_n (φ and_n ψ)"
by (meson ltln_StrongRelease_to_Until ltln_weak_strong semantics_ltln.simps(6))

ltln_WeakUntil_to_Release:
"w ⊨_n φ W_n ψ ⟷ w ⊨_n ψ R_n (φ or_n ψ)"
by (metis ltln_StrongRelease_to_Until not_n.simps(6,9,10) not_{n_semantics})

ltln_Until_to_StrongRelease:
"w ⊨_n φ U_n ψ ⟷ w ⊨_n ψ M_n (φ or_n ψ safe
java.lang.NullPointerException

‹GF and FG semantics›

GF_suffix:
java.lang.NullPointerException
auto (metis ab_semigroup_add_class.add_ac(1 add.lleft)

FG_suffix:
"suffix i w ⊨"\xi🚫
by (auto simp: algebra_simps) (metis add.commute add.left_commute)

GF_Inf_many:
java.lang.NullPointerException
unfolding INFM_nat_le
by simp (blast dest: le_Suc_ex intro: le_add1)

FG_Alm_all:
"w ⊨λ⊨
unfolding MOST_nat_le
by simp (blast dest: le_Suc_ex intro: le_add1)

(* TODO: move to Infinite_Set.thy ?? *)
lemma MOST_nat_add:
  "(∀_\<infinity>i::nat. P i) ⟷ (∀_\<infinity>i. P (i + j))"
  by (simp add: cofinite_eq_sequentially)

lemma INFM_nat_add:
  "(∃_\<infini using asm by fforce
  using MOST_nat_add not_MOST not_INFM by blast

lemma FG_suffix_G:
java.lang.NullPointerException
proof -
  assume "w ⊨_n F_n (G_n φ)"
  then have "w ⊨_n F_n (G_n (G_n φ))"
    by (meson globally_release semantics_ltln.simps(8))
  then show "∀_\<infinity>i. suffix i w  ⊨_n G_n φ"
    unfolding FG_Alm_all .
qed

lemma Alm_all_GF_F:
  "∀_\<infinity>i. suffix i w ⊨_n G_n (F_n ψ) ⟷ suffix i w ⊨_n F_n ψ"
  unfolding MOST_
proof standard+
  fix i :: nat
  assume "suffix i w ⊨_n G_n (F_n ψ)"
  then show " i w <>\^
    unfolding GF_Inf_many INFM_nat by fastforce
next
  fix i :: nat
  assume suffix: "suffix i w ⊨_n F_n ψ"
  assume max: "i > Max {i. suffix i w ⊨_n ψ}"

  with suffix obtain j where "j ≥ i" and j_suffix: "suffix j w ⊨
    by simp (blast intro: le_add1)

  with max have j_max: "j > Max {i. suffix i w ⊨_n ψ}"
    by fastforce

  show "suffix i w ⊨_n G_n (F_not> i\xi
  proof (cases "w ⊨_n G_n (F_n ψ)")
    case False
    then have java.lang.NullPointerException
      unfolding GF_Inf_many by simp
    then have "finite {i. suffix i w ⊨java.lang.NullPointerException
      by (simp add: INFM_iff_infinite)
    then have java.lang.NullPointerException
      using Max_ge nleltl_:
    then show ?thesis
      using j_sufix j_max by blast
  qed force
qed

lemma Alm_all_FG_G:
  "
  unfolding MOST_nat
proof standard+
  fix: nat
  assume "suffix i w \<by
  then show "suffix i w ⊨_n F_n (G_n ψ
    unfolding FG_Alm_all INFM_nat by fastforce
next
  fix i :: nat
  assume suffix: "suffix i w ⊨
  assume max: : "i>Max<> suffix i w⊨>"

  with suffix have "∀_\<infinity>j. suffix (i + j) w ⊨_n G_n ψ"
    using FG_suffix_G[of "suffix i w"] suffix_suffix
    by fastforce
  then have "¬ (∃_\<infinity>j. ¬ pw_eq_on_sym  '🚫
    using MOST_nat_add[of "λi. suffix i w ⊨ pw_eq_on_tran[trans]:">pw_eq_on  S w w''\rbrakkLongrightarrowSww'java.lang.StringIndexOutOfBoundsException: Index 118 out of bounds for length 118
    p add
  then have "finite {i. ¬ suffix i w ⊨
    by (simp add: INFM_iff_infinite)

  with max show "  w<>\
    using Max_ge leD by blast
qed

subsubsection ‹Expansion›

lemma ltln_expand_Until:
  "ξ ⊨_n φ U_n ψ ⟷ (ξ ⊨_n ψ or_n (φ( : pw_eq_)
  (is "?lhs = ?rhs")
proof
  assumeu> S'' ==>
  then obtain i where "suffix i ξ ⊨_n ψ"
    and "∀j<i. suffix j ξ ⊨_n φ"
    by auto
  thus ?rhs
    by (cases i) auto
next
  assume ?rhs
  show ?lhs
  proof (cases "ξ ⊨φ ⊨⊨
    case False
    then have "ξ ⊨_n φ" and "ξ ⊨_n X_n (φ U_n ψ)"
      using ‹?rhs› by auto
    thus ?lhs
      using less_Suc_eq_0_disj suffix_singleton_suffix by force
  qed force
qed

lemma ltln_expand_Release:
  "ξ ⊨U
  (is "?lhs = ?rhs")
proof
  assume ?lhs
  thus ?rhs
    using less_Suc_eq_0_disj by force
next
  assume ?rhs

  {
    fix i
    assume "¬ suffix i ξ ⊨case
    thenmetis pw_eq_on_suffix
      using ‹?rhs›
  }

  thus ?lhs
    by auto
qed

lemma ltln_expand_WeakUntil:
  java.lang.NullPointerException
  (is "?lhs = ?rhs")
proof
  assume ?lhs
  thus ?rhs
     (meltln_expand_Release l ltln_expand_ ltln_(1) semant.simps(25,,7))
next
  assume ?rhs

  {
    fix i
    assume "¬ suffix
    then have "∃j≤i. suffix j ξ ⊨
      using ‹?rhs› by (cases i) force+
  }

  thus ?lhs
    by auto
qed

lemma ltln_expand_StrongRelease:
  "ξ ⊨Un_upper2sup_ge1
  (is "?lhs = ?rhs")
proof
  assume ?lhs
  then obtain i where java.lang.NullPointerException
    and "∀j≤i. suffix j ξ ⊨_n ψ"
    by auto
  thus ?rhs
    by (cases i) aut
next
  assume ?rhs
  show ?lhs
  proof (cases "ξ ⊨_n φ")
    case True
    thus ?lhs
      using ‹?rhs›
  next
    case False
    thus ?l
      by (metis ‹?rhs› ltln_expand_WeakUntil not_n.simps(5,6,7,11) not_{n_semantics})
  qed
qed

lemma ltln_Release_alterdef:
  " <>_w⊨ψ> (ψn (φsubψ
proof (cases "∃i. ¬suffix i w ⊨_n ψ")
  case True
  define i where "i ≡ Least (λi. ¬suffix i w ⊨_n ψ)"
  have "∧j. j < i ==> suffix j w ⊨_n ψ" and "¬ suffix i w ⊨_n ψ"
    using True LeastI not_less_Least unfolding i_def by fast+
  hence *: "∀i. suffix i w ⊨_n ψ ∨ (∃j<i. suffix j w ⊨_n φ) ==> (∃i. (suffix i w ⊨_n ψ ∧ suffix i w ⊨_n φ) ∧ (∀j<i. suffix j w ⊨_n ψ))"
    by fastforce
  hence "∃i. (suffix i w ⊨_n ψ ∧ suffix i w ⊨_n φ) ∧ (∀j<i. suffix j w ⊨_n ψ) ==> (∀i. suffix i w ⊨_n ψ ∨ (∃j<i. suffix j w ⊨_n φ))"
    using linorder_cases by blast
  thus ?thesis
    using True * by auto
qed auto

subsection ‹LTL in restricted Negation Normal Form›

text ‹Some algorithms do not handle the operators W and M,
hence we also provide a datatype without these two operators.›

subsubsection ‹Syntax›

datatype (atoms_ltlr: 'a) ltlr =
    True_ltlr                               (‹
java.lang.NullPointerException
| Prop_ltlr 'a (‹prop_r'(_')›
java.lang.NullPointerException
| And_ltlr "'a ltlr" "'a ltlr" (‹_ and_r _› [82,82] 81)
| Or_ltlr "'a ltlr" "'a ltlr" (‹_ or_r _› [84,84] 83)
| Next_ltlr "'a ltlr" (‹X_r _› [88] 87)
java.lang.NullPointerException
| Release_ltlr "'a ltlr" "'a ltlr" (‹

‹

semantics_ltlr :: "['a set word, 'a ltlr] ==> bool" (‹

"ξ ⊨_r true₍simp add: SUP_le_iff inj_on_image_mem_iff)
xi <>^
"ξ ⊨_r prop_r(q) = (q ∈ ξ 0)"
"ξ ⊨_r nprop_>
java.lang.NullPointerException
"ξ ⊨ap simp
"ξ ⊨_r X_r φ = (suffix 1 ξ ⊨_r φ)"
java.lang.NullPointerException
"ξ ⊨_r φ R_r ψ = (∀i. suffix i ξ ⊨_r ψ ∨ (∃j<i. suffix j ξ ⊨_r φ))"

‹Conversion›

ltln_to_ltlr :: "'a ltln ==> 'a ltlr"

"ltln_to_ltlr true_n = true_r"
"ltln_to_ltlr false_n = false_r"
"ltln_to_ltlr prop_n(a) = prop_r(a)"
"ltln_to_ltlr nprop_n(a) = nprop_r(a)"
"ltln_to_ltlr (φ and_n ψ) = (ltln_to_ltlr φ) and_r (ltln_to_ltlr ψ)"
"ltln_to_ltlr (φ or_n ψ) = (ltln_to_ltlr φ) or_r (ltln_to_ltlr ψ)"
"ltln_to_ltlr (X_n φ) = X_r (ltln_to_ltlr φ)"
"ltln_to_ltlr (φ U_nnext
"ltln_to_ltlr (φ R_\φ
"ltln_to_ltlr (φ W_n ψcas
"ltln_to_ltlr (φ M_n ψ "suf_ _" unfolded suffix_com com, OF suffix_range] by fastf

ltlr_to_ltln :: "'a ltlr ==> 'a ltln"

java.lang.NullPointerException
java.lang.NullPointerException
"ltlr_to_ltln prop_r(a) = propsuffix_rang] by fastforce
"ltlr_to_ltln nprop_r(a) = nprop_n(a)"
"ltlr_to_ltln (φ and_r ψ) = (ltlr_to_ltln φ) and_n (ltlr_to_ltln ψ)"
java.lang.NullPointerException
"ltlr_to_ltln (X_rcase (Unt)
java.lang.NullPointerException
"ltlr_to_ltln (φ R_rusing Un Until_ltlc(12)[of ""suffix _ w", unfol suffi comp_de, OFsuffix_] by fastforce

ltln_to_ltlr_semantics:
"w ⊨_r ltln_to_ltlr φ
by (induction φ arbitr cas (Rel)

ltlr_to_ltln_semantics:
"w ⊨com OF suffi
by (induction φ arbitrary: w) simp_all

‹Negation›

not_r

java.lang.NullPointerException
java.lang.NullPointerException
"not_r prop_{comp_def}, F suffix_range] by fa fastfo
"not_r nprop_r(a) = prop_r(a)"
"not_r (φ and_r ψ) = (not_r φ) or_r (not_r ψ)"
"not_case(Str)
java.lang.NullPointerException
"not_usingStrongRele(1,2)[of "suffix _ w",", unfol suffix_ccomp_de, OF suffix_range] by fastforce
"not_r (φ R_r ψ) = (not_simp+

not_{r_semantics} [simp]:
"w ⊨_r not_r φ ⟷ ¬ w ⊨_r φ"
by (induction φ arbitrary: w) auto

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

'a ltlr <>

"subfrmlsr (φ and_r ψ) = {φ and_r ψ} ∪ subfrmlsr φ ∪ subfrmlsr ψ"
"subfrmlsr (φ or_r ψ) = {φ or_> ⊨ξ map_l (the o f) 🚫
"subfrmlsr (φ U_r ψ) = {φ U_r ψ} ∪ subfrmlsr φ ∪ subfrmlsr ψ"
"subfrmlsr (φ R_r ψ) = {φ
"subfrmlsr (X_.i ∩
"subfrmlsr x = {x}"

subfrmlsr_id[simp]:
"φ ∈ subfrmlsr φ"
by (induction φ) auto

subfrmlsr_finite:
"finite (subfrmlsr φ)"
by (induction φ) auto

subfrmlsr_subset:
"ψ ∈ subfrmlsr φ ==> subfrmlsr ψ ⊆ subfrmlsr φ"
by (induction φ) auto

subfrmlsr_size:
"ψ ∈ subfrmlsr φ ==> size ψ < size
by (induction φ) auto

‹Expansion lemmas›

ltlr_expand_Until:
"ξ ⊨_r φ U_r ψ ⟷
by (metis ltln_expan ltlr_5-8) ltlr_to_ltln_semantics)

ltlr_expand_Release:
java.lang.NullPointerException
by (metis ltln_expand_Release ltlr_to_ltln.simps(5-7,9) ltlr_to_ltln_semantics)

‹Propositional LTL›

‹
temporal logic PLTL.
PLTL formulas are built from atomic formulas, propositional connectives,
and the temporal operators ``next'' and ``until''. The following data
type definition is parameterized by the type of states over which
formulas are evaluated.›

‹Syntax›

'a pltl =
False_ltlp (‹ apply (auto int intro!: ext simp: map_prop domIff ima
| Atom_ltlp "'a ==> bool" (‹option.)
java.lang.NullPointerException
| Next_ltlp "'a pltl" (‹
| Until_ltlp "'a pltl" "'a pltl" (‹_ U_p _› [84,84] 83)

― ‹Further connectives of PLTL can be defined in terms of the existing syntax.›

Not_ltlp (‹not_p _› [85] 85)

"not_p φ ≡ φ impliespw)

True_ltlp (‹

"true_p ≡ not_p false_{longleftrightarrow}> (λ )\<>

Or_ltlp (‹_ or_p _› [81,81] 80)

"φ or_p ψ ≡ (not_p φ) implies_p ψ"

And_ltlp (‹_ and_p _› [82,82] 81)

"φ and_p ψ ≡ not_p ((not_p φ) or_p (not_p ψ))"

Eventually_ltlp (‹F_p _› [88] 87)

"F_p φ ≡ true_p U_p φ"

Always_ltlp (‹G_p _› [88] 87)

"G_p φ ≡ not_p (F_p (not_p φ))"

Release_ltlp (‹_ R_p _›using DOM INJ

java.lang.NullPointerException

WeakUntil_ltlp (‹_ W\<^by(
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
java.lang.NullPointerException

StrongRelease_ltlp (‹_ M_subseteq dom f"

"φ M_p ψ ≡ ψ U_p (φ and_p ψ)"

‹Semantics›

semantics_pl :: "['a word, 'a plt ==>⊨ 80)

"w ⊨_p false_p = False"
"w ⊨_p atom_p(p) = (p (w 0))"
"w ⊨_p φ implies_p ψ = (w ⊨_p φ ⟶ w ⊨_p ψ)"
"w ⊨_p X_p φ = (suffix 1 w ⊨_p φ)"
"w ⊨_p φ U_p ψ = (∃i. suffix i w ⊨_p ψ ∧ (∀j<i. suffix j w ⊨_p φ))"

semantics_pltl_sugar [simp]:
"w ⊨_p not_simp
"w ⊨_p true_p = True"
java.lang.NullPointerException
"w ⊨_p φ and_p ψ
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
"w ⊨
"w ⊨_p φ R_p ψ = (∀i. suffix i w ⊨Form\<<close
"w ⊨_p φ W_p ψ = (∀
"w ⊨We efin a type of LTL forino form (NF).\close
by (auto simp: Not_ltlp_def True_ltlp_def Or_ltlp_def And_ltlp_def Eventually_ltlp_def Always_ltlp_def Release_ltlp_def WeakUntil_ltlp_def StrongRelease_ltlp_def) (insert le_neq_implies_less, blast)+

java.lang.NullPointerException

‹Conversion›

ltlc_to_pltl :: "'a lltlc > 'a set pltl"

"ltlc_to_pltl true_c = true_p"
"ltlc_to_pltl falseTrue_ltln (‹
"ltlc_to_pltl (prop_c(q)) = atom_p((∈) q)"
"ltlc_to_pltl (not_c φ) = not_p (ltlc_to_pltl φ)"
java.lang.NullPointerException
"ltlc_to_pltl (φ or_c ψ) = (ltlc_to_pltl φ) or_p (ltlc_to_pltl ψ)"
java.lang.NullPointerException
"ltlc_to_pltl (X_c φ) = X_p (ltlc_to_pltl φ)"
"ltlc_to_pltl (F_c φ) = F_p (ltlc_to_pltl φ)"
"ltlc_to_pltl (G_c φ) = G_<lose> 82,82] 81)
"ltlc_to_pltl (φ U_c ψ) = (ltlc_to_pltl φ) U_p (ltlc_to_pltl ψ)"
"ltlc_to_pltl (φ R_c ψ) = (ltlc_to_pltl φ) R_p (ltlc_to_pltl ψ)"
"ltlc_to_pltl (φ W_c ψ) = (ltlc_to_pltl φ) W_p (ltlc_to_pltl ψ)"
(tlc_to_pltlψ

ltlc_to_pltl_semantics [simp]:
"w ⊨_p (ltlc_to_pltl φ) ⟷ w ⊨_c φ"
by (induction φ arbitrary: w) simp_all

‹Atoms›

atoms_pltl :: "'a pltl ==> ('a ==> bool) set"

"atoms_pltl false_p = {}"
"atoms_pltl atom_p(p) = {p}"
"atoms_pltl (φ implies_p ψ) = atoms_pltl φ ∪ atoms_pltl ψ"
java.lang.NullPointerException
"atoms_pltl (φ U_p ψ) = atoms_pltl φ ∪ atoms_pltl ψ"

atoms_finite [iff]:
"finite (atoms_pltl φ Relea"'a ltln" "'a ltln" (\<>_
by (induct φ) auto

atoms_pltl_sugar [simp]:
"atoms_pltl (not_p φ) = atoms_pltl φ"
"atoms_pltl true₍<>_
"atoms_pltl (φ or_p ψ) = atoms_pltl φ ∪ atoms_pltl ψ"
"atoms_pltl (φ and_p ψ) = atoms_pltl φ ∪ atoms_pltl ψ"
"atoms_pltl (F_p φ) = atoms_pltl φ"
"atoms_pltl (G_p φ) = atoms_pltl φ"
by (auto simp: Not_ltlp_def True_ltlp_def Or_ltlp_def And_ltlp_def Eventually_ltlp_def Always_ltlp_def)

Messung V0.5 in Prozent

¤ Dauer der Verarbeitung: 0.32 Sekunden ¤

Wurzel

Suchen

NIST Cobol Testsuite

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.