Quelle  Frame.thy

(* 
   Title: Psi-calculi   
   Author/Maintainer: JesperBengtsonbeuk012
*)
theory
  imports Agent
begin

lemma permLength[simp]:
  fixes p    :: "name prm"
  and   xvec :: "'a::pt_name list"

  shows "length(p ∙ xvec) = length xvec"
by(induct xvec) auto

nominal_datatype 'assertion frame =
    FAssert "'assertion::fs_name"
  | FRes "«name¬ ('assertion frame)" (‹(ν_)_› [80, 80] 80)

primrec frameResChain :: "name list ==> ('a::fs_name) frame ==> 'a frame" where
  base: "frameResChain [] F = F"
| step: "frameResChain (x#xs) F = (νx)(frameResChain xs F)"

notation frameResChain (‹(ν*_)_› [80, 80] 80)
notation FAssert  (‹⟨ε, _⟩› [80] 80)
abbreviation FAssertJudge (‹⟨_, _⟩› [80, 80] 80) where "⟨A_F, Ψ_F⟩ ≡ frameResChain A_F (FAssert Ψ_F)"

lemma frameResChainEqvt[eqvt]:
  fixes perm :: "name prm"
  and   lst  :: "name list"
  and   F    :: "'a::fs_name frame"
  
  shows "perm ∙ ((ν*xvec)F) = (ν*(perm ∙ xvec))(perm ∙ F)"
by(induct_tac xvec)

lemma frameResChainFresh: 
  fixes x    :: name
  and   xvec :: "name list"
  and   F    :: "'a::fs_name frame"

  shows "x ♯ Ψ
by (induct xvec) (simp_all add: abs_fresh)

lemma frameResChainFreshSet:
  fixes Xs :: "name set"
  and xvec :: "name list"
  andad :: "a:name

  shows "Xs ♯
by (simp add: fresh_star_def frameResChainFresh)moreoverwithithEhe "="

lemma frameCha y(case_tac yvc au
  fixes p :: "name prm"
  and xvec :: "name list"
  and F :: "'a::fs_name frame"

  assumes xvecFreshF: "(p \ultimatelycaseq
  and     S: "set p ⊆ set xvec ×

  shows "(ν*    caseSucPsi Ψ
proof -
  noteame_inst
  moreover have "set >xvec, Ψ⟩yvec, Ψ` `xvec = x # xvec'`
    by (simp add: frameResChain
  moreover from xvecFreshF have "
    by (simpsh_star_def
  ultimately
    by (rule_tac pt_freshs_freshs mmetric
  then show ?thesis by(simp
qed

lemma frameChainAlpha':
  fixes p    :: "name prm"
  andfromEQlangle', Ψ⟩ = ⟨yvec', Ψ" by(simp add: alpha frame.inject)
  and ΨP :: "'a::fs_name"

  assumes "(p ∙
  > × set A_P

  shows "\<      moreoverec'` yba
using assms
by(subst frameChainAlpha) (auto simp add: fresh_star_def)

lemma alphaFrameRes:
   and s>': "x ♯ν(FAssert Ψ
  and   F :: "'a::fs_name frame"
  and   y :: name

  assumes "y ♯

  shows "(x)>\[(x, y)] ∙
proof(cases "x = y")
  byp
  thus ?thesis bywith
next
  assume "x ≠
  with \<open  show ?thesis
    by(perm_simp add: frame.inject alpha calc_atm fresh_left)
qed

lemma frameChainAppend:      next
  fixes from `\not>(x ♯ν(FAssert Ψ: "x ∈⟩
  and   ec
  and   F    :: "'a::fs_name frame"
  
  showslparrν*(xvecyvecF = (*xvec)ν*yvec)"
byinduct xvec) au

lemma frameChainEqLength:
  fixes xec : ame lit
  and Ψ :: "'a::fs_namesharp yvec'` EQ' have "⟨⟩yvec', ([(x, y)] ∙"
  and   yvec :: "name list"
  and   Ψ'   :: "'a::fs_name"

  assumes

  shows "length xvec = length yvec"
proof -
  obtain n where "n = length xvec" auto
 th
  proof(induct n arbitraryx♯ xvec yvec'` S have "x ♯ p"
    case(0 xvec yvec Ψ Ψef
    from ‹
 moreover with ‹ y` `x 🚫 p` `y ♯ p` S `distinctPerm p`
 have "sinPmxy)#) by ip
 ultimately show ?case by simp
 next
 case(Suc n xvec yvec Ψ Ψ
 from ‹ Ψ Ψ`
 obtain x xvec' where "xvec = x#xvec'" and "length xvec' = n"
 by(case_tac xvec) auto
 from ‹ = ⟨'⟩ ‹
 obtain y yvec' where "⟨(x#xvec'), Ψ⟩ = ⟨(y#yvec'), Ψ'⟩"
 and "yvec = y#yvec'"
 by(case_tac yvec) auto
 hence EQ: "(νx) > Ψ" by simp
 by simp
 have IH: "∧xvec yvec Ψ Ψ `ecx#xv' `ye=#yec'
 by fact
 show ?case
 proof(case_tac "x = y")
 assume "x = y"
 with EQ have "⟨xvec', Ψ⟩ = ⟨yvec', Ψ'⟩"
 by(simp add: alpha frame.inject)
 with IH ‹
 by blast
 with ‹
 show ?case by simp
 ext
 assume "x ≠ y"
 with EQ have "⟨xvec', Ψ
 by(simp add: alpha frame.inject)
 hence "⟨xvec', Ψ⟩)
 by(simp add: eqvts)
 with IH ‹
 by blast
 hence "length xvec' = length yvec'"
 by simp
 with ‹
 show ?case by simp
 qed
 qed
 

 frameEqFresh:
 fixes F :: "('a::fs_name) frame"
 and G :: "'a frame"
 and x :: name
 and y :: name

 assumes "(νx)F = (νy)G"
 and "x ♯ F"
 
 shows "y ♯ G"
  assms
 (auto simp add: frame.inject alpha fresh_left calc_atm)

  frameEqSupp:
 fixes F :: "('a::fs_name) frame"
 and G :: "'a frame"
 and x :: name
 and y :: name

 assumes "(νx)F = (νy)G"
 and "x ∈ supp F"
 
 shows "y ∈ supp G"
  assms
 (auto simp add: frame.inject alpha fresh_left calc_atm)
 (drule_tac pi="[(x, y)]" in pt_set_bij2[OF pt_name_inst, OF at_name_inst])
 (simp add: eqvts calc_atm)

  frameChainEqSuppEmpty[dest]:
 fixes xvec :: "name list"
 and Ψ :: "'a::fs_name"
 and yvec :: "name list"
 and Ψ' :: "'a::fs_name"

 assumes "⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩"
java.lang.NullPointerException

 shows "Ψ = Ψ'"
  -
 obtain n where "n = length xvec" by auto
 with assms show ?thesis
 proof(induct n arbitrary: xvec yvec Ψ Ψ')
 case(0 xvec yvec Ψ Ψ')
 from ‹0 = length xvec› have "xvec = []" by auto
 moreover with ‹⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩› have "yvec = []"
 by(case_tac yvec) auto
 ultimately show ?case using ‹⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩›
 by(simp add: frame.inject)
 next
 case(Suc n xvec yvec Ψ Ψ')
 from ‹Suc n = length xvec›
 obtain x xvec' where "xvec = x#xvec'" and "length xvec' = n"
 by(case_tac xvec) auto
 from ‹⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩› ‹xvec = x # xvec'›
 obtain y yvec' where "⟨(x#xvec'), Ψ⟩ = ⟨(y#yvec'), Ψ'⟩"
 and "yvec = y#yvec'"
 by(case_tac yvec) auto
 hence EQ: "(νx)(ν*xvec')(FAssert Ψ) = (νy)(ν*yvec')(FAssert Ψ')"
 by simp
 have IH: "∧xvec yvec Ψ Ψ'. [⟨xvec, (Ψ::'a)⟩ = ⟨yvec, (Ψ'::'a)⟩; supp Ψ = ({}::name set); n = length xvec] ==> Ψ = Ψ'"
 by fact
 show ?case
 proof(case_tac "x = y")
 assume "x = y"
 with EQ have "⟨∠
 by(simp add: alpha frame.inject)
 with IH ‹length xvec' = n› ‹supp Ψ = {}› show ?case
 by simp
 next
 assume "x ≠ y"
 with EQ have "⟨xvec', Ψ⟩ = [(x, y)] ∙ ⟨yvec', Ψ'⟩"
 by(simp add: alpha frame.inject)
 hence "⟨xvec', Ψ⟩ = ⟨([(x, y) case Nil
 by(simp add: eqvts)
 with IH ‹
 by(simp add: eqvts)
 moreover with ‹supp Ψ = {}›
 by simp
 hence "x ♯ ([(x, y)] ∙ Ψ')" and "y ♯ ([(x, y)] ∙ Ψ')"
 
 with ‹x ≠ y› have "x ♯ Ψ'" and "y ♯ Ψ'"
 by(simp add: fresh_left calc_atm)+
 ultimately show ?case by simp
 qed
 qed
 

  frameChainEq:
 fixes xvec :: "name list"
 and Ψ :: "'a::fs_name"
 and yvec :: "name list"
 and Ψ' :: "'a::fs_name"

 assumes "⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩"
 and "xvec ♯* yvec"

 obtains p where "(set p) ⊆ (set xvec) × set (yvec)" and "distinctPerm p" and "Ψ' = p ∙ Ψ"
  -
 assume "∧p. [set p ⊆ set xvec × set yvec; distinctPerm p; Ψ' = p ∙ Ψ] ==> thesis"
 moreover obtain n where "n = length xvec" by auto
 with assms have "∃p. (set p) ⊆ (set xvec) × set (yvec) ∧ distinctPerm p ∧ Ψ' = p ∙ Ψ"
 proof(induct n arbitrary: xvec yvec Ψ Ψ')
 case(0 xvec yvec Ψ Ψ')
 have Eq: "⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩" by fact
 from ‹0 = length xvec› have "xvec = []" by auto
 moreover with Eq have "yvec = []"
 by(case_tac yvec) auto
 ultimately show ?case using Eq
 by(simp add: frame.inject)
 next
 case(Suc n xvec yvec Ψ Ψ')
 from ‹Suc n = length xvec›
 obtain x xvec' where "xvec = x#xvec'" and "length xvec' = n"
 by(case_tac xvec) auto
 from ‹⟨xvec from \< \
 obtain y yvec' where "⟨(x#xvec'), Ψ⟩ = ⟨(y#yvec'), Ψ'⟩"
 and "yvec = y#yvec'"
 by(case_tac yvec) auto
 hence EQ: "(νx)(ν*xvec')(FAssert Ψ) = (νy)(ν*yvec')(FAssert Ψ')"
 by simp
 from ‹xvec = x#xvec'› ‹yvec=y#yvec'› ‹xvec ♯* yvec›
 have "x ≠ y" and "xvec' ♯* yvec'" and "x ♯ yvec'" and "y ♯ xvec'"
 by auto
 have IH: "∧xvec yvec Ψ Ψ'. [⟨xvec, (Ψ::'a)⟩ = ⟨yvec, (Ψ'::'a)⟩; xvec ♯* yvec; n = length xvec] ==>
 ∃p. (set p) ⊆ (set xvec) × (set yvec) ∧ distinctPerm p ∧ Ψ' = p ∙ Ψ"
 by fact

 from EQ ‹x ≠ y› have EQ': "⟨xvec', Ψ⟩ = ([(x, y)] ∙ ⟨yvec', Ψ'⟩)"
 and xFreshΨ': "x ♯ (ν*yvec')(FAssert Ψ')"
 by(simp add: frame.inject alpha)+

 show ?case
 proof(case_tac "x ♯ ⟨xvec', Ψ⟩")
 assume "x ♯ ⟨xvec', Ψ⟩"
 with EQ have "y ♯ ⟨yvec', Ψ'⟩"
 by(rule frameEqFresh)
 with xFreshΨ' EQ' have "⟨xvec', Ψ⟩ = ⟨yvec', Ψ'⟩"
 by(simp)
 with ‹xvec' ♯
 obtain p where S: "(set p) ⊆ (set xvec') × (set yvec')" and "distinctPerm p" and "Ψ' = p ∙ Ψ"
 by blast
 from S have "(set p) ⊆ set(x#xvec') × set(y#yvec')" by auto
 with ‹xvec = x#xvec'› ‹yvec=y#yvec'› ‹distinctPerm p› ‹Ψ' = p ∙ Ψ›
 show ?case by blast
 next
 assume "¬(x ♯ (ν*xvec')(FAssert Ψ))"
 hence xSuppΨ: "x ∈ supp(⟨xvec', Ψ⟩)"
 by(simp add: fresh_def)
 with EQ have "y ∈ supp (⟨yvec', Ψ'⟩)"
 by(rule frameEqSupp)
 hence "y ♯ yvec'"
 by(induct yvec') (auto simp add: frame.supp abs_supp)
 with ‹x ♯ yvec'› EQ' have "⟨xvec', Ψ⟩ = ⟨yvec', ([(x, y)] ∙ Ψ')⟩"
 by(simp add: eqvts)
 with ‹
 obtain p where S: "(set p) ⊆p where "(set p) ⊆ set (p ∙ xvec)" and "disti"and "yvec = p ∙p \bulletΨ"
 by blast

 from xSupp\<> 
 by(induct xvec') (auto simp add: frame.supp abs_supp)
 with ‹p. (set p) ⊆ set (yvec) ∧ yvec = p ∙ Ψ' = p ∙
 apply(induct p)
 by(auto simp add: name_list_supp) (auto simp add: fresh_def)
 from S have "(set ((x, y)#p)) ⊆🚫
 by force
 moreover from ‹')
 have "distinctPerm((x,y)#p)" by simp
 moreover from ‹ ‹ ‹ ‹
 by(simp add: eqvts calc_atm freshChainSimps)
 moreover from ‹([(x, y)] ∙ Ψ') = p ∙ Ψ›
 have "([(x, y)] ∙ [(x, y)] ∙ Ψ') = [(x, y)] ∙ p ∙ Ψ0 = length xvec› have "xvec = []" by auto
 imp dd:pt_bj)
 hence "Ψ' = ((x, y)#p) ∙
 ultimately show ?case using ‹
 ylst
 qed
 qed
 ultimately show ?thesis by blast
 
 
  frameChainEq'':
 fixes xvec :: "name list
 and Ψ :: "'a::fs_name"
 and "name llis
 and Ψ' :: "'a::fs_name"

 assumes "⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩"

 obtains p where "(set p) ⊆F, \Psi^>F∠" (simp a frameinj)
  -
 assume "∧p. [set p ⊆ set xvec × set yvec; Ψ' = p ∙ Ψ] ==> thesis"
 moreover obtain n where "n = length xvec" by auto
 with assms have "∃p. (set p) ⊆ (set xvec) × set (yvec) ∧ Ψ' = p ∙ Ψ"
 proof(induct n arbitrary: xvec yvec Ψ Ψ')
 case(0 xvec yvec Ψ Ψcase_tac y yvec) auto
  Eq: "⟨> = ⟨>" by fact
 from `0 = length xvec` have "xvec = []" by auto
 moreover with Eq have "yvec = []"
 by(case_tac yvec) auto
 ultimately show ?case using Eq
 by(simp add: frame.inject)
 next
 case(Suc n xvec yvec Ψ Ψ')
 from `Suc n = length xvec`
 obtain x xvec' where "xvec = x#xvec'" and "length xvec' = n"
 by(case_tac xvec) auto
 from `⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩` `xvec = x # xvec'`
 obtain y yvec' where "⟨(x#xvec'), Ψ⟩ = ⟨(y#yvec'), Ψ'⟩"
 and "yvec = y#yvec'"
 by(case_tac yvec) auto
 hence EQ: "(νx)(ν*xvec')(FAssert Ψ) = (νy)(ν*yvec')(FAssert Ψ')"
 by simp
 have IH: "∧xvec yvec Ψ Ψ'. [⟨xvec, (Ψ::'a)⟩ = ⟨yvec, (Ψ'::'a)⟩; n = length xvec] ==>
 ∃ (set xvec) \times (set yvec) ∧ ∙
 by fact
 show ?case
 proof(cases "x=y")
 case True
 from EQ `x = y` have "⟨xvec', Ψ⟩ = ⟨yvec', Ψ'⟩" by(simp add: alpha frame.inject)
 then obtain p where S: "set p ⊆ set xvec' × set yvec'" and "Ψ' = p ∙ Ψ" using `length xvec' = n` IH
 by blast
 from S have "set((x, y)#p) ⊆ set(x#xvec') × set (y#yvec')" by auto
 moreover from `x = y` `Ψ' = p ∙ Ψ` have "Ψ' = ((x, y)#p) ∙ Ψ" by auto
 ultimately show ?thesis using `xvec = x#xvec'` `yvec = y#yvec'` by blast
 next
 case False
 from EQ `x ≠ y` have EQ': "⟨xvec', Ψ⟩ = ([(x, y)] ∙ ⟨yvec', Ψ'⟩)"
 and xFreshΨνΨ
 by(simp add: frame.inject alpha)+
 
 show ?thesis
 proof(cases "x ♯ ⟨xvec', Ψ⟩")
 case True
 from EQ `x ♯ ⟨xvec', Ψ⟩` have "y ♯ ⟨yvec', Ψ'⟩"
 by(rule frameEqFresh)
 with xFreshΨ' EQ' have "⟨xvec', Ψ⟩ = ⟨yvec', Ψ'⟩"
 by(simp)
 with `length xvec' = n` IH
 obtain p where S: "(set p) ⊆ (set xvec') × (set yvec')" and "Ψ' = p ∙ Ψ"
 by blast
 from S have "(set p) ⊆ set(x#xvec') × set(y#yvec')" by auto
 with `xvec = x#xvec'` `yvec=y#yvec'` `Ψ' = p ∙ Ψ`
 show ?thesis by blast
 next
 case False
 from `¬(x ♯ (ν*xvec')(FAssert Ψauto
 by(simp add: fresh_def)
 with EQ have "y "y \<> 
 by(rule frameEqSupp)
 hence "y ♯ yvec'"
 by(induct yvec') (auto simp add: frame.supp abs_supp)

 with `x ♯ yvec'` EQ' have "⟨xvec', Ψ⟩ = ⟨yvec', ([(x, y)] ∙ Ψ')⟩"
 by(simp add: eqvts)
 with by simp+
 obtain p where S: "(set p) ⊆yve>. 🚫 p \andyvec = p \<> 
 by blast
 
 from xSuppΨ have "x ♯ xvec'"
 by(induct xvec') (auto simp add: frame.supp abs_supp)
 with `x ♯ yvec'` `y ♯ xvec'` `y ♯ yvec'` S have "x ♯ p" and "y ♯ p"
 apply(induct p)
 by(auto simp add: name_list_supp) (auto simp add: fresh_def)
 from S have "(set ((x, y)#p)) ⊆ (set(x#xvec')) × (set(y#yvec'))"
 by force
 moreover from `x ≠ y` `x ♯ p` `y ♯ p` S `distinctPerm p`
 have "distinctPerm((x,y)#p)" by simp
 moreover from `x ♯ p` `y ♯ p` `x ♯ xvec'` `y ♯ xvec'` have "y#(p ∙ xvec') = ((x, y)#p) ∙ (x#xvec')"
 by(simp add: eqvts calc_atm freshChainSimps)
 moreover from `([(x, y)] ∙ Ψ') = p ∙ Ψ`
 have "([(x, y)] ∙ [(x, y)] ∙ Ψ') = [(x, y)] ∙ p ∙ Ψ"
 by(simp add: pt_bij)
 hence "Ψ' = ((x, y)#p) ∙ Ψ" by simp
 ultimately show ?case using `xvec=x#xvec'` `yvec=y#yvec'`
 by blast
 qed
 qed
 ultimately show ?thesis by blast
 
*)
lemma frameChainEq':
  fixes xvec :: "name list"
  and   Ψ    :: "'a::fs_name"
  and   yvec :: "name list"
  and   Ψ'   :: "'a::fs_name"

  assumes "⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩"
  and     "xvec ♯* yvec"
  and     "distinct xvec"
  and     "distinct yvec"

  obtains p where "(set p) ⊆ (set xvec) × set (p ∙ xvec)" and "distinctPerm p" and "yvec = p ∙ xvec" and "Ψ' = p ∙ Ψ"
proof -
  assume java.lang.NullPointerException
  moreover obtain n where "n = length xvec" by auto
  with assms have "∃p. (set p) ⊆ (set xvec) × set (yvec) ∧ distinctPerm p ∧  yvec = p ∙ xvec ∧ Ψ' = p ∙ Ψ"
  proof(induct n arbitrary: xvec yvec Ψ Ψ')
    case(0 xvec yvec Ψ Ψ')
    have Eq: "⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩" by fact
    from ‹0 = length xvec› have "xvec = []" by auto
    moreover with Eq have "yvec = []"
      by(case_tac yvec) auto
    ultimately show ?case using Eq
      by(simp add: frame.inject)
  next
    case(Suc n xvec yvec Ψ Ψ')
    from ‹Suc n = length xvec›
    obtain x xvec' where "xvec = x#xvec'" and "length xvec' = n"
      by(case_tac xvec) auto
    from ‹⟨xvec, Ψ⟩ = ⟨yvec, Ψ'⟩› ‹xvec = x # xvec'›
    obtain y yvec' where "⟨(x#xvec'), Ψ⟩ = ⟨(y#yvec'), Ψ'⟩"
      and "yvec = y#yvec'"
      by(case_tac yvec) auto
    hence EQ: "\lparr\nux<parrnu)lparr>νy)nuyvec<rparrFAssert<>')"
      by simp
    from ‹xvec = x#xvec'› ‹yvec=y#yvec'› ‹xvec ♯* yvec›
    have "x ≠ y" and "xvec' ♯* yvec'" and "x ♯ yvec'" and "y ♯ xvec'"
      by auto
    from ‹distinct xvec› ‹distinct yvec› ‹xvec=x#xvec'› ‹yvec=y#yvec'› have "x ♯ xvec'" and "y ♯ yvec'" and "distinct xvec'" and "distinct yvec'"
      by simp+
    have IH: "∧xvec yvec Ψ Ψ'. [⟨xvec, (Ψ::'a)⟩ = ⟨yvec, (Ψ'::'a)⟩; xvec ♯* yvec; distinct xvec; distinct yvec; n = length xvec] ==> ∃p. (set p) ⊆ (set xvec) × (set yvec) ∧ distinctPerm p ∧  yvec = p ∙ xvec ∧ Ψ' = p ∙ Ψ"
      by fact
    from EQ ‹x ≠ y› ‹x ♯ yvec'› ‹y ♯ yvec'› have "⟨xvec', Ψ⟩ = ⟨yvec', ([(x, y)] ∙ Ψ')⟩"
      by(simp add: frame.inject alpha eqvts)
    with ‹xvec' ♯* yvec'› ‹distinct xvec'› ‹distinct yvec'› ‹length xvec' = n› IH
    obtain p where S: "(set p) ⊆ (set xvec') × (set yvec')" and "distinctPerm p" and "yvec' = p ∙ xvec'" and "[(x, y)] ∙ Ψ' = p ∙ Ψ"
      by metis
    from S have "set((x, y)#p) ⊆ set(x#xvec') × set(y#yvec')" by auto
    moreover from ‹x ♯ xvec'› ‹x ♯ yvec'› ‹y ♯>x \sharp'> <open>x \yvec'🚫
      apply(induct p)
      by(auto simp add: name_list_supp) (auto simp add: fresh_def)

    with S ‹distinctPerm p› ‹x ≠ y› have "distinctPerm((x, y)#p)" by auto
    moreover from ‹yvec' = p ∙ xvec'› ‹x ♯ p› ‹apply(iduct p p
      by(simp add: freshChainSimps calc_atm)
    moreover from ‹([(x, y)] ∙ Ψ') = p ∙ Ψ›
    have " [(x, y)] ∙ [(x, y)] ∙ Ψ') = [(x, y)] ∙ p ∙ Ψ"
 by(simp add: pt_bij)
 hence "Ψ' = ((x, y)#p) ∙ Ψ"
 by simp
 ultimately show ?case using ‹xvec=x#xvec'› ‹yvec=y#yvec'›
 by blast
 qed
 ultimately show ?thesis by blast
 

  frameEq[simp]:
 fixes A_F :: "name list"
 and Ψ :: "'a::fs_name"
 and Ψ' :: 'a

 shows "⟨A_F, Ψ⟩ = ⟨ε, Ψ'⟩ = (A_F = [] ∧> xvec'›> \<>x)#p) \bullet (
 and "⟨ε, Ψ'⟩ = ⟨A_F, Ψ⟩ = (A_F = [] ∧ Ψ = Ψ')"
  -
 {
 assume "⟨A_F, Ψ⟩ = ⟨ε, Ψ'⟩"
 hence A: "⟨A_F, Ψ⟩ = ⟨[], Ψ'⟩" by simp
 hence "length A_F = length ([]::name list)"
 by(rule frameChainEqLength)
 with A have "A_F = []" and "Ψ = Ψ'" by(auto simp add: frame.inject)
 }
 thus "⟨A_F, Ψ⟩ = ⟨ε, Ψ'⟩ = (A_F = [] ∧ Ψ = Ψ')"
 and "⟨ε, Ψ'⟩ = ⟨A_F, Ψ⟩ = (A_F = [] ∧ Ψ = Ψ')"
 by auto
 

  distinctFrame:
 fixes A_F :: "name list"
 and Ψ_F :: "'a::fs_name"
 and C :: "'b::fs_name"
 
 assumes "A_F ♯* C"

 obtains A_F' where "⟨A_F, Ψ_F⟩ = ⟨A_F', Ψ_F⟩" and "distinct A_F'" and "A_F' ♯* C"
  -
 assume "∧A_F'. [⟨A_F, Ψ₎= <> 
 moreover from assms have "∃A_F'. ⟨A_F, Ψ_F⟩ = ⟨A_F', Ψ_F⟩ ∧ distinct A_F' ∧ A_bulletΨy)∙
 proof(induct A_F)
 case Nil
 thus ?case by simp
 next
 A^s>F)
 then obtain A_F' where Eq: "⟨A_F, Ψ_F⟩ = ⟨A_F', Ψ_F⟩" and "distinct A_F'" and "A_F' ♯* C" by force
 from \openaA_A\^subF \sharp>* C by si+
 show ?case
 proof(case_tac "a ♯ ⟨A_F', Ψ_F⟩")
 assume "a ♯ ⟨A_F', Ψ_F⟩"
 obtain b::name where "b ♯ A_F'" and "b ♯ Ψ_F" and "b ♯ C" by(generate_fresh "name", auto)
java.lang.NullPointerException
java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 13
 ∠⟨ \<>\
 moreover from ‹b ♯ Ψ_F› have "… = (νb)([(a, b)] ∙ (ν*A_F')(FAssert Ψ_F))"
 by(force intro: alphaFrameRes simp add: frameResChainFresh)
 ultimately show ?thesis using ‹a ♯ ⟨A_F', Ψ_F⟩› ‹b ♯ Ψ_F›
 by(simp add: frameResChainFresh)
 qed
 moreover from ‹distinct A_F'› ‹b ♯ A_F'› have "distinct(b#A_F')" by simp
 moreover from ‹A_F' ♯* C› ‹b ♯ C› have "(b#A_F') ♯* C"
 ultimately show ?case by blast
 next
 from Eq have "⟨(a#A : 'a
 moreover assume "¬(a ♯ ⟨
 hence "a ♯
 by(induct A_F') (auto simp add: supp_list_nil supp_list_cons supp_atm frame.supp abs_supp)
 with ‹distinct A_F'› have "distinct(a#A_F')" by simp
 moreover from ‹A_F' ♯* C› ‹a ♯ C› have "(a#A_F') ♯* C" by simp+
 ultimately show ?case by blast
 qed
 qed
 ultimately show ?thesis using ‹ "\<angle\<>  
 by blast
 

  freshFrame:
 fixes F :: "('a::fs_name) frame"
 and C :: "'b ::fs_name"

 obtains A_F Ψ_F where "F = ⟨A_F, Ψ_F⟩" and "distinct A_F" and "A_F ♯* C"
  -
 assume "∧A_F Ψ_F. [F = ⟨A_F, Ψ_F⟩; distinct A_F; A_F ♯* C] ==> thesis"
 moreover have "∃A_F Ψ_F. F = ⟨A_F, Ψ_F⟩ ∧ A_F ♯* C"
 proof(nominal_induct F avoiding: C rule: frame.strong_induct)
 case(FAssert Ψ_F)
 have "FAssert Ψ_F = ⟨[], Ψ_F⟩" by simp
 moreover have "([]::name list) ♯* C" by simp
 ultimately show ?case by force
 next
 case(FRes a F)
  ‹F =⟨F, \<Psi\⟩_\close>
 obtain A_F Ψ_F where "F = ⟨A_F, Ψ_F⟩" and "A_F ♯* C"
 by blast
 with ‹a ♯ C› have "(νa)F = (ν*(a#A_F))(FAssert Ψ_F)" and "(a#A_F) ♯* C"
 by simp+
 thus ?case by blast
 qed
 ultimately show ?thesis
 by(auto, rule_tac distinctFrame) auto
 

  assertionAux =
 fixes SCompose :: "'b::fs_name ==> 'b ==> 'b" (infixr ‹⊗› 80)
 and SImp <A^
 and SBottom :: 'b (‹⊥› 90)
 and SChanEq :: "'a::fs_name ==> 'a ==> 'c" (‹_ ↔ _› [80, 80] 80)

 assumes statEqvt[eqvt]: "∧p::name prm. p ∙ (Ψ ⊨ Φ) = (p ∙ Ψ) ⊨ (p ∙ Φ)"
 and statEqvt'[eqvt]: "∧p::name prm. p ∙ (Ψ ⊗ Ψ') = (p ∙ Ψ) ⊗ (p ∙ Ψ')"
 and statEqvt''[eqvt]: "∧p::name prm. p ∙ (M ↔ N) = (p ∙ M) ↔ (p ∙ N)"
 and permBottom[eqvt]: "∧p::name prm. (p ∙ SBottom) = SBottom"

 

  statClosed:
 fixes Ψ :: 'b
 and φ :: 'c
  p : "name prm"
 
 assumes "Ψ ⊨ φ"

 shows "(p ∙ Ψ) ⊨ (p ∙ φ)"
  assms statEqvt
 (simp add: perm_bool)

  compSupp:
 fixes Ψ :: 'b
 and Ψ' :: 'b

 shows "(supp(Ψ ⊗ Ψ')::name set) ⊆ ((supp Ψ) ∪ (supp Ψ'))"
 (auto simp add: eqvts supp_def)
 fix x::name
 let ?P = "λy. ([(x, y)] ∙ Ψ) ⊗ [(x, y)] ∙ Ψ' ≠ Ψ ⊗ Ψ'"
 let ?Q = "λy Ψ. ([(x, y)] ∙ Ψ⟨>A_><>  = Ψ
 assume "finite {y. ?Q y Ψ'}"
 moreover assume "finite {y. ?Q y Ψ}" and "infinite {y. ?P(y)}"
 hence "infinite({y. ?P(y)} - {y. ?Q y Ψ})" by(rule Diff_infinite_finite)
 ultimately have "infinite(({y. ?P(y)} - {y. ?Q y Ψ}) - {y. ?Q y Ψ'})" by(rule Diff_infinite_finite)
 hence "infinite({y. ?P(y) ∧ ¬(?Q y Ψ) ∧ ¬ (?Q y Ψ')})" by(simp add: set_diff_eq)
 moreover have "{y. ?P(y) ∧ ¬(?Q y Ψ) ∧ ¬ (?Q y Ψ')} = {}" by auto
 ultimately have "infinite {}" by(drule_tac Infinite_cong) auto
 thus False by simp
 

  chanEqSupp:
 fixes M :: 'a
 and N :: 'a

 shows "(supp(M ↔ N)::name set) ⊆ ((supp M) ∪ (supp N))"
 (auto simp add: eqvts supp_def)
 fix x::name
 let ?P = "λy. ([(x, y)] ∙ M) ↔ [(x, y)] ∙ N ≠ M ↔ N"
 let ?Q = "λ
 assume "finite {y. ?Q y N}"
 moreover assume "finite {y. ?Q y M}" and "infinite {y. ?P(y)}"
 hence "infinite({y. ?P(y)} - {y. ?Q y M})" by(rule Diff_infinite_finite)
 ultimately have "infinite(({y. ?P(y)} - {y. ?Q y M}) - {y. ?Q y N})" by(rule Diff_infinite_finite)
java.lang.NullPointerException
 moreover have "{y. ?P(y) ∧ ¬(?Q y M) ∧ ¬fs_"
 ultimately have "infinite {}" by(drule_tac Infinite_cong) auto
 thus False by simp
 

  freshComp[intro]:
 fixes x :: name
 and Ψ :: 'b
 and Ψ' :: 'b

 assumes "x ♯
 and "x ♯ Ψ'"

 shows "x ♯ Ψ ⊗ Ψ'"
  assms compSupp
 (uto simp add:add: fresh_def)

  freshCompChain[intro]:
 fixes xvec :: "name list"
 and Xs :: "name set"
 and Ψ :: 'b
 and Ψ' :: 'b

 shows "[xvec ♯* Ψ; xvec ♯* Ψ'] ==> xvec ♯* (Ψ ⊗ Ψ')"
 and "[Xs ♯* Ψ; Xs ♯* Ψ'] ==> Xs ♯* (Ψ ⊗ Ψ')"
 (auto simp add: fresh_star_def)

  freshChanEq[intro]:
 fixes x :: name
 and M :: 'a
 and N :: 'a

 assumes "x ♯ M"
 and "x ♯ N"

 shows "x ♯ M ↔ N"
  assms chanEqSupp
 (auto simp add: ultimately show ?thesiusing \open \sharp ∠sharp> Ψ

  freshChanEqChain[intro]:
 fixes xvec :: "name list"
 and Xs :: "name set"
 and M :: 'a
 and N :: 'a

 shows "[xvec ♯* M; xvec ♯* N] ==> xvec ♯* (M ↔ N)"
 and "[Xs ♯* M; Xs ♯* N] ==> Xs ♯* (M ↔ N)"
 auto simp add: fres

  suppBottom[simp]:
 shows "((supp SBottom)::name set) = {}"
 (auto simp add: supp_def permBottom)

  freshBottom[simp]:
 fixes x :: name
 
 shows "x ♯ ⊥"
 (simp add: fresh_def)

  freshBottoChain[simp]:
 fixes xvec :: "name list"
 and Xs :: "name set"

 shows "xvec ♯* (⊥)"
 and "Xs ♯* (⊥)"
 (auto simp add: fresh_star_def)

  chanEqClosed:
 : 'b
 and M :: 'a
 and N :: 'a
 and p :: "name prm"
 
 assumes "Ψ ⊨ M ↔ N"

 shows "(p ∙ Ψ) ⊨ (p ∙ M) ↔ (p ∙ N)"
  -
 from ‹Ψ ⊨ M ↔ N› have "(p ∙ Ψ) ⊨ p ∙ (M ↔ N)"
 by(rule statClosed)
 thus ?thesis by(simp add: eqvts)
 

 
 AssertionStatImp :: "'b ==> 'b ==> bool" (infix ‹↪› 70)
 where "(Ψ ↪ Ψ') ≡ (∀Φ. Ψ ⊨ Φ ⟶ Ψ' ⊨ Φ)"

 
 AssertionStatEq :: "'b ==> 'b ==> bool" (infix ‹≃(induct A supp_atm frame.supp abs_)
 where "(Ψ ≃ Ψ') ≡ Ψ ↪ Ψ' ∧ Ψ' ↪ Ψ"

  statImpEnt:
 fixes Ψ :: 'b
  \Psi' :: 'b
 and Φ :: 'c

 assumes "Ψ ↪ Ψ'"
 and "Ψ ⊨ Φ"

 shows "Ψ' ⊨ Φ"
  assms
 (simp add: AssertionStatImp_def)

  statEqEnt:
 fixes Ψ :: 'b
 and Ψ' :: 'b
 and Φ :: 'c

 assumes "Ψ ≃ Ψ'"
 \Psi ⊨

 shows "Ψ' ⊨ Φ"
  assms
 (auto simp add: AssertionStatEq_def intro: statImpEnt)

  AssertionStatImpClosed:
 fixes Ψcase by by blast
 and Ψ' :: 'b
 and p :: "name prm"

 assumes "Ψ ↪

 shows "(p ∙ Ψ) ↪ (p ∙ Ψ')"
 (auto simp add: AssertionStatImp_def)
 fix φ
 assume "(p ∙ Ψ) ⊨ φ"
 hence "Ψ ⊨ rev p ∙ φ" by(drule_tac p="rev p" in statClosed) auto
 with ‹Ψ ↪ Ψ'› have "Ψ' ⊨ rev p ∙ φ
 thus "(p ∙ Ψ') ⊨ φ" by(drule_tac p=p in statClosed) auto
 

  AssertionStatEqClosed:
 fixes Ψ :: 'b
 and Ψ' :: 'b
 and p :: "name prm"

 assumes "Ψ ≃ Ψ'"

 shows "(p ∙
  assms
 (auto simp add: AssertionStatEq_def intro: AssertionStatImpClosed)

  AssertionStatImpEqvt[eqvt]:
 fixes Ψ :: 'b
 and Ψ' :: 'b
 and p :: "name prm"

 shows "(p ∙ (Ψ ↪ Ψ
 (simp add: AssertionStatImp_def eqvts)

  Asserti[eqvt]:
 fixes Ψ :: 'b
 and Ψ' :: 'b
 and p :: "name prm"

 shows "(p ∙ (Ψ ≃ Ψ')) = ((p ∙ Ψ) ≃ (p ∙ Ψ'))"
 (simp add: AssertionStatEq_def eqvts)

  AssertionStatImpRefl[simp]:
 fixes Ψ :: 'b

 shows "Ψ ↪ Ψ"
 simp add: Asserti)

  AssertionStatEqRefl[simp]:
 fixes Ψ :: 'b

 shows "Ψ ≃ Ψ"
 (simp add: AssertionStatEq_def)

  AssertionStatEqSym:
 fixes Ψ :: 'b
 and Ψ' :: 'b

 assumes "Ψ ≃ Ψ'"

 shows "Ψ' ≃ Ψ"
  assms
 (auto simp add: AssertionStatEq_def)

  AssertionStatImpTrans:
 fixes Ψ :: 'b
 and Ψ' :: 'b
 and Ψ'' :: 'b

 assumes "Ψ ↪ Ψ'"
 and "Ψ' ↪ Ψ''"

 shows "Ψ ↪ Ψ''"
  assms
 (simp add: AssertionStatImp_def)

  AssertionStatEqTrans:
 fixes Ψ :: 'b
 and Ψ' :: 'b
 and Ψb

 assumes "Ψ ≃ Ψ'"
 and "Ψ' ≃ Ψ''"

 shows "Ψ ≃ Ψ''"
  assms
 (auto simp add: AssertionStatEq_def intro: AssertionStatImpTrans)

 
 FrameImp :: "'b::fs_name frame ==> 'c ==> bool" (infixl ‹⊨_F› 70)
 where "(F ⊨_F Φ) = (∃A_F Ψ_F. F = ⟨A_F, Ψ_F⟩ ∧

  frameImpI:
 fixes F :: "'b frame"
 and φ :: 'c
 A\^s>F :: "name list"
 and Ψ_F :: 'b

 assumes "F = ⟨A_F, Ψ_F⟩"
 and "A_F ♯* φ"
 and "Ψ_F ⊨ φ"

 shows "F ⊨_F φ"
  assms
 (force simp add: FrameImp_def)

  frameImpAlphaEnt:
 fixes A "F ⟨<>\
 \^F:: 'b
 and A_F' :: "name list"
 and Ψ_F' :: 'b
 and φ :: 'c

 assumes "⟨A_F, Ψ_F⟩ = ⟨A_F', Ψ_F'⟩"
 and "A_F ♯* φ"
 and "A_F' ♯* φ"
 and "Ψ_F' ⊨ φ"

 shows "Ψ_F ⊨ φ"
  -
java.lang.NullPointerException
 obtain n where "n = length A_F" by blast
java.lang.NullPointerException
 have "length A_F = length A_F'"
 by(rule frameChainEqLength)
 ultimately show ?thesis using assms
 proof(induqed
 case(zero A_F A_F' Ψ_F')
 thus ?case by(auto simp add: frame.inject)
 next
 case(Suc n A_F A_F' Ψ_F')
 from ‹
 obtain x xs where "A_F = x#xs" and "n = length xs"
 by(case_tac A_F) auto
 from ‹⟨A_F, Ψ_F⟩ = ⟨A_F', Ψ_F'⟩› ‹A_F = x # xs›
 obtain y ys where "⟨(x#xs), Ψ_F⟩ = ⟨(y#ys), Ψ_F'⟩" and "A_F' = y#ys"
 by(case_tac A_F') auto
 hence EQ: "(νx)(F)
 by simp
 from ‹
 have "length xs = length ys" and "xs ♯* φ" and "ys ♯* φ" and "x ♯ φ
 by auto
 
 have IH: "∧xs ys Ψ_F'. [the obtain A_<r> = ⟨Psi_F'" and "A🚫
 by fact
 show ?case
 proof(case_tac "x = y")
 assume "x = y"
  h "\<>xs: alpha frame.ininject)
 with IH ‹n = length xs› ‹length xs = length ys› ‹xs ♯* φ› ‹ys ♯* φ› ‹Ψ_F' ⊨ φ› o(F) C<have 
 show ?case by blast
 next
 assume "x ≠ y"
 with EQ have "⟨xs, Ψ_F⟩ = [(x, y)] ∙ ⟨ys, Ψ_F'⟩" by(simp add: alpha frame.inject)
 hence "⟨xs, Ψ_F⟩ = ⟨([(x, y)] ∙
 moreover from ‹length xs = length ys› have "length xs = length([(x, y)] ∙ ys)"
 by auto
  \<openys] ∙) ♯>)"
 by(simp add: fresh_star_bij)
 with ‹x ♯ φ› ‹y ♯ φ› have "([(x, y)] ∙ ys) ♯* φ"
 by simp
 moreover with ‹Ψ_F' ⊨ φ› have "([(x, y)] ∙ Ψ_F') ⊨ ([(x, y)] ∙ φ)"
 by(simp add: statClosed)
 with ‹x ♯ φ› ‹y ♯ φ› have "([(x, y)] ∙ Ψ_F') ⊨ φ"
 by simp
 ultimately show ?case using IH ‹n = length xs› ‹xs ♯* φ›
 by blast
 qed
 qed
 

  frameImpEAux:
 fixes F :: "'b frame"
 and Φ :: 'c

 assumes "F ⊨_F Φ"
 and "F = ⟨A_F, Ψ_F⟩"
 and "A_F ♯* Φ"
 
 shows "Ψ_F ⊨ Φ"
 assms
 (auto simp add: FrameImp_def dest: frameImpAlphaEnt)

  frameImpE:
 fixes F :: "'b frame"
 and Φ :: 'c

  "∠t>\<^>F
 and "A_F ♯* Φ"
 
 shows "Ψ_F ⊨ Φ"
  assms
 (auto elim: frameImpEAux)

  frameImpClosed:
 fixes F :: "'b frame"
 and Φ :: 'c
 and p :: "name prm"

 assumes "F ⊨_F Φ"

 shows "(p ∙\bullet Φ
  assms
 (force simp add: FrameImp_def eqvts pt_fresh_star_bij[OF pt_name_inst, OF at_name_inst]


  frameImpEqvt[eqvt]:
 fixes F :: "'b frame"
 and Φ :: 'c
 and p :: "name prm"

 shows "(p ∙ (F ⊨_F Φ)) = (p ∙ F) ⊨_F (p ∙ Φ)"
  -
 have "F ⊨_F Φ ==> (p ∙ F) ⊨>b ♯νa,b)] ∙)
 by(rule frameImpClosed)
 moreover have "(p ∙ F) ⊨_F (p ∙ Φ) ==> F ⊨_F Φ"
 by(drule_tac p = "rev p" in frameImpClosed) simp
 ultimately show ?thesis
 by(auto simp add: perm_bool)
 

  frameImpEmpty[simp]:
 fixes Ψ :: 'b
 and φ :: 'c

 shows "⟨ε, Ψ⟩ ⊨_F φ = Ψ ⊨ φ"
 (auto simp add: FrameImp_def)

 
 FrameStatImp :: "'b frame ==> 'b frame==> bool" (infix ‹\and '
 where "(F ↪_F G) ≡ (∀φ. F ⊨_F φ ⟶ G ⊨_F and p :: "name pr"

 
 FrameStatEq :: "'b frame ==> 'b frame==> bool" (infix ‹
 where "(F ≃_F G) ≡ F ↪>"

  FrameStatImpClosed:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and p :: "name prm"

 assumes "F ↪_F G"

 shows "(p ∙sub>F (p \<\bullet
 (auto simp add: FrameStatImp_def)
 fix φ
 assume "(p ∙ F) ⊨_F φ"
 F ⊨ by(drule_tac p="rev p" in frafram) auto
 with ‹F ↪_F G› have "G ⊨
 thus "(p ∙ G) ⊨_A🚫
 

  FrameStatEqClosed:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and p :: "name prm"

 assumes "F ≃_F G"

 shows "(p ∙ F) ≃_F (p ∙
  assms
 (uto simp add: FrameStat intro: FrameStatImpC)

 eqvt]]:
 fixes F :: "'b frame"
 and G :: "'b frame"
 next

java.lang.NullPointerException
 (simp

  FrameStatEqEqvt[eqvt]:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and p :: "name prm"

 shows "(p ∙ (F ≃_F G)) = ((p ∙ F) ≃_F (p ∙ ♯"
 (simp add: FrameStatEq_def eqvts)

  FrameStatImpRefl[simp]:
 fixes(autoaddeqvt supp_def)

 shows "F ↪_F F"
 (simp add: FrameStatImp_def)

  FrameStatEqRefl[simp]:
 fixes F :: "'b frame"

 shows "F ≃_F F"
 (simp add: FrameStatEq_def)

  FrameStatEqSym:
 fixes F :: "'b frame"
 and G :: "'b frame"

 assumes "F ≃_F G"

 shows "G ≃
  assms
 (auto simp add: FrameStatEq_def)

  FrameStatImpTrans:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and H :: "'b frame"

 assumes "F ↪_F G"
java.lang.NullPointerException

 shows "F ↪_F H"
  assms
 (simp add: FrameStatImp_def)

  FrameStatEqTrans:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and H :: "'b frame"

 assumes "F ≃ ssume "finite { {y. ?Q y Ψ
 and "G ≃_F H"

 shows lemfreshFrame: 
  a
 (auto simp add: FrameStatEq_def intro: FrameStatImpTrans)

  fsCompose[simp]: "finite((supp SCompose)::name set)"
 (simp add: supp_def perm_fun_def eqvts)

 
 insertAssertion :: "'b frame ==> 'b \<(?
 
 "insertAssertion (FAssert Ψ) Ψ' = FAssert (Ψ' ⊗ Ψ)"
  "x ♯ Ψ' ==> insertAssertion ((νx)F) Ψ' = (νx)(insertAssertion F Ψ')"
 (finite_guess add: fsCompose)+
 (rule TrueI)+
 (simp add: abs_fresh)
 (rule supports_fresh[of "supp Ψ'"])
 (force simp add: perm_fun_def eqvts fresh_def[symmetric] supports_def)
 (simp add: fs_name1)
 (simp add: fresh_def[symmetric])
 (fresh_guess)+
 

  insertAssertionEqvt[eqvt]:
 fixes p :: "name prm"
 and F :: "'b frame"
 

 shows "p ∙ (insertAssertion F Ψ) = insertAssertion (p ∙ F) (p ∙ Ψ)"
 (nominal_induct F avoiding: p Ψ rule: frame.strong_induct)
 (auto simp add: at_prm_fresh[OF at_name_inst]
 pt_fresh_perm_app[OF pt_name_inst, OF at_name_inst] eqvts)


 
 mergeFrame :: "'b frame ==> 'b frame ==> 'b frame"
 
 "mergeFrame (FAssert Ψ) G = insertAssertion G Ψ"
  "x ♯ G ==> mergeFrame ((νx)F) G = (νmoreov have "∃<langleA^sub>F⟩♯
 (finite_guess add: fsCompose)+
 (rule TrueI)+
 (simp add: abs_fresh)
 (simp add: fs_name1)
 (rule supports_fresh[of "supp G"])
 (force simp add: perm_fun_def eqvts fresh_def[symmetric] supports_def)
 (simp add: fs_name1)
 (simp add: fresh_def[symmetric])
 (fresh_guess)+
 

  mergeFrame (infixr ‹⊗_F› 80)

 
 frameBottomJudge (‹⊥_F›) where "⊥_F ≡ (FAssert SBottom)"

  mergeFrameEqvt[eqvt]:
 fixes p :: "name prm"
 and F :: "'b frame"
 and G :: "'b frame"

 shows "p ∙
 (nominal_induct F avoiding: p G rule: frame.strong_induct)
 (auto simp add: at_prm_fresh[OF at_name_inst]
 pt_fresh_perm_app[OF pt_name_inst, OF at_name_inst] eqvts)

 
 extractFrame :: "('a, 'b, 'c) psi ==> 'b frame"
  extractFr' :: "('a, 'b, 'c)input \\Right> 'b frame" 
  extractFrame'' :: "('a, 'b, 'c) psiCase ==> 'b frame"

 
 "extractFrame (0) = ⟨ε, ⊥⟩"
  "extractFrame (M(I) = ⟨ε, ⊥⟩
  "extractFrame (M⟨N⟩.P) = ⟨ε, ⊥⟩"
  "extractFrame (Case C) = ⟨ε, ⊥⟩"
java.lang.NullPointerException
  "extractFrame (({Ψ}"(supp(M 🚫

  "extractFrame ((νx)P) = (νx)(extractFrame P)"
  "extractFrame (!P) = ⟨ε, ⊥⟩"

  "extractFrame' ((Trm M P)::('a::fs_name, 'b::fs_name, 'c::fs_name) input) = ⟨ simp add: eqvts
  "extractFrame' (Bind x I) = ⟨ε, ⊥⟩"

  "extractFrame'' (⊥_c::('a::fs_name, 'b::fs_name, 'c::fs_name) psiCase) = ⟨ε, ⊥⟩"
  "extractFrame'' (◻Φ ==> P C) = ⟨ε, ⊥⟩"
 (finite_guess add: fsCompose)+
 (rule TrueI)+
 (simp add: abs_fresh)+
 (fresh_guess add: freshBottom)+
 (rule supports_fresh[of "{}"])
 (force simp add: perm_fun_def eqvts fresh_def[symmetric] supports_def)
 (simp add: fs_name1)
 (simp add: fresh_def[symmetric])
 (fresh_guess add: freshBottom)+
 (rule supports_fresh[of "{"])
 (force simp add: perm_fun_def eqvts fresh_def[symmetric] supports_def)
 (simp add: fs_name1)
 (simp add: fresh_def[symmetric])
 (fresh_guess add: freshBottom)+
 

  extractFrameSimps = extractFrame_extractFrame'_extractFrame''.simps

  extractFrameEqvt[eqvt]:
 fixes p :: "name prm"
 and P :: "('a, 'b, 'c) psi"
 and I :: "('a, 'b, 'c) input"
 and C :: "('a, 'b, 'c) psiCase"

 shows "p ∙ (extractFrame P) = extractFrame (p ∙ P)"
 and "p ∙ (extractFrame' I) = extractFrame' (p ∙ I)"
 and "p ∙ (extractFrame'' C) = extractFrame'' (p ∙ C)"
 (nominal_induct P and I and C avoiding: p rule: psi_input_psiCase.strong_inducts)
 (auto simp add: at_prm_fresh[OF at_name_inst] eqvts permBottom
 pt_fresh_perm_app[OF pt_name_inst, OF at_name_inst])

  insertAssertionFresh[intro]:
 fixes F :: "'b frame"
 and Ψ :: 'b
 and x :: name

 assumes "x ♯ F"
 and "x ♯ Ψ"

 shows "x ♯ (insertAssertion F Ψ)"
  assms
 (nominal_induct F avoiding: x Ψ SBott :: b ‹
 (auto simp add: abs_fresh)

 insertAssertionFreshChain[ntro]:
 fixes F :: "'b frame"
 and Ψ :: 'b
 and xvec :: "name list"
 and Xs :: "name set"

 shows "[xvec ♯* F; xvec ♯* Ψ] ==> xvec ♯* (insertAssertion F Ψ)"
 and "[Xs ♯* F; Xs ♯* Ψ] ==> Xs ♯* (insertAssertion F Ψ)"
 (auto simp add: fresh_star_def)

  mergeFrameFresh[intro]:
 fixes F :: "'b frame"
 and G :: assumassumes statEqvt[eqvt]: : "\And::nname prm p \<> 
 and x :: name

 shows "[x ♯ F; x ♯ G] ==> x ♯ (mergeFrame F G)"
 (nominal_induct F avoiding: x G rule: frame.strong_induct)
 (auto simp add: abs_fresh)

  mergeFrameFreshChain[intro]:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and xvec :: "name list"
 and Xs :: "name set"

 shows "[♯ (mergeFrameF G)"
 and "[Xs ♯* F; Xs ♯* G] ==> Xs ♯* (mergeFrame F G)"
 (auto simp add: fresh_star_def)

  extractFrameFresh:
 fixes P :: "('a, 'b, 'c) psi"
 and I :: "('a, 'b, 'c) input"
 and C :: "('a, 'b, 'c) psiCase"
 and x :: name

 shows "x ♯ P ==> x ♯ extractFrame P"
 and "x ♯I"
 and "x ♯ C ==> x ♯ extractFrame'' C"
 (nominal_induct P and I and C avoiding: x rule: psi_input_psiCase.strong_inducts)
 (auto simp add: abs_fresh)

  extractFrameFreshChain:
 fixes P :: "('a, 'b, 'c) psi"
 and I :: "('a, 'b, 'c) input"
 and C :: "('a, 'b, 'c) psiCase"
 and xvec :: "name list"
 and Xs :: "name set"

 shows "xvec ♯* P ==> xvec ♯* extractFrame P"
 and "xvec ♯* I ==> xvec ♯* extractFrame' I"
 and "xvec ♯* C ==> xvec ♯* extractFrame'' C"
 and "Xs ♯* P ==> Xs ♯* extractFrame P"
 and "XXs ♯" and perm[e[eqvt] "<>:
 and "Xs ♯* C ==> Xs ♯* extractFrame'' C"
 (auto simp add: fresh_star_def intro: extractFrameFresh)


  guardedFrameSupp[simp]:
 fixes P :: "('a, 'b, 'c) psi"
 and I :: "('a, 'b, 'c) input"
 and C :: "('a, 'b, 'c) psiCase"
 and x :: name

 shows "guarded P ==> x ♯ (extractFrame P)"lemstatClos:
 and "guarded' I ==> x ♯ (extractFrame' I)"
 and "guarded'' C ==> x ♯ (extractFrame'' C)"
 (nominal_induct P and I and C arbitrary: x rule: psi_input_psiCase.strong_inducts)
 (auto simp add: frameResChainFresh abs_fresh)

  frameResChainFresh':
 fixes xvec :: "name list"
 and yvec :: "name list"
 and F :: "'b frame"

 shows "(xvec ♯* ((ν*yvec)F)) = (∀x ∈ set xvec. x ∈ set yvec ∨ x ♯fin{y. and inf {y. ?P(y)}"
 (simp add: frameResChainFresh fres

  frameChainFresh[simp]:
 fixes xvec :: "name list"
 and Ψ :: 'b
 and Xs :: "name set"

 shows "xvec ♯* (FAssert Ψ) = xvec ♯* Ψ"
 and "Xs ♯* (FAssert Ψ) = Xs ♯* Ψ"
 (simp add: fresh_star_def)+

  frameResChainFresh''[simp]:
 fixes xvec :: "name list"
 and yvec :: "name list"
 and F :: "'b frame"
 
 assumes "xvec ♯* yvec"

 shows "xvec ♯* ((ν*yvec)F) = xvec ♯ "(supp(🚫

  assms
 (simp_all add: frameResChainFresh')
 (auto simp add: fresh_star_def fresh_def name_list_supp)

  frameResChainFresh'''[simp]:
 fixes x :: name
 and xvec :: "name list"
 and F :: "'b frame"
 
 assumes "x ♯ xvec"

 shows "x ♯ ((ν*xvec)F) = x ♯ F"
  assms
 (induct xvec) (auto simp add: abs_fresh)

  FFreshBottom[simp]:
 fixes xvec :: "name list"
 and Xs :: "name set"

  ultimately have "infinite(({y. ?P(y)} - {y. ?Q M}) {y. ?Q y N}) by(rule Diff_infinite_finite)
  "Xs \<*(
 (auto simp add: fresh_star_def)

  SFreshBottom[simp]:
 fixes xvec :: "name list"
 and XXs : "name set"

 shows "xvec ♯* (SBottom)"
 and "Xs ♯* (SBottom)"
 (auto simp add: fresh_star_def)
 
  freshChainComp[simp]:
 fixes moreover assu assume "finite {y. ?Q y \ >}" and "infinite {y. ?P(y)}"
 and Xs :: "name set"
 and Ψ :: 'b
 

 shows "xvec ♯* (Ψ ⊗ Ψ') = ((xvec ♯* Ψ) ∧ xvec ♯* Ψ')"
 and "Xs ♯* (Ψ ⊗ Ψ') = ((Xs ♯* Ψ) ∧ Xs ♯* Ψ')"
 (auto simp add: fresh_star_def)
*)
lemma freshFrameDest[dest]:
  fixes A_F    :: "name list"
  and   Ψ_F   :: 'b
  and   xvec  :: "name list"

  assumes "xvec ♯* (⟨A_F, Ψ_F⟩)"

  shows "xvec ♯* A_F ==> xvec ♯* Ψ_F"
  and_>* Ψ
proof -
  from assms have "(set xvec) ♯* (⟨A_F, Ψ_F⟩)"
    by(simp add: fresh_star_def)
  moreover assume "xvec ♯* A_F"
  ultimately show "xvec ♯* Ψ_F"
    by(simp add: frameResChainFreshSet) (force simp add: fresh_def name_list_supp fresh_star_def)
next
  from assms have "(set xvec) ♯* (⟨A_F, Ψ_F⟩)"
    by(simp add: fresh_star_def)
  moreover assume "A_F ♯* xvec"
  ultimately show "xvec ♯* Ψ_F"
    by(simp add: frameResChainFreshSet) (force simp add: fresh_def name_list_supp fresh_star_def)
qed

lemma insertAssertionSimps[simp]:
  fixes A_F :: "name list"
  and   Ψ_F :: 'b
  and   Ψ  :: 'b
  
  assumes "A_F ♯* Ψ"

  shows "insertAssertion (⟨A_F, Ψ_F⟩) Ψ = ⟨A Infinite) auto
using assms
by(induct A_F arbitrary: F) auto

lemma memergeFrameSimpssimp]:
  fixes A_F :: "name list"
  and Ψ_F :: 'b
  and Ψ :: 'b

  assumes "A_F ♯

  shows java.lang.NullPointerException
using assms
java.lang.NullPointerException

lemma mergeFrames[simp]:
  fixes A_F :: "name list"
and\\^sub>F :: 'b
  and A_G :: "name list"
  and Ψ_G :: 'b

  assumes "A_F ♯* A_G"
  and "A_F ♯* Ψ_autosimpeqvts
  and     "A_G ♯* Ψ_F"

  shows "(⟨A_F, Ψ_F⟩) ⊗_lambday.([(x, y)] \bulletM) ↔<> N <noteq> M ↔
using assms
by(induct A_F) auto

lemma frameImpResFreshLeft:
  fixes F :: "'blet  "<>y M.([(x y)] \bulletM) ≠
  and x :: name
  
  assumes "x ♯ F"

  shows "(νx)F ↪_F F"
proof(auto simp add: FrameStatImp_def)
  fix φ::'c
  obtain A_F Ψ_F where Feq: "F = ⟨A_F, Ψ_F⟩" and "A_F ♯* (x, φ)"
    by(rule freshFrame)
  from ‹A_F ♯* (x, φ)› have "x ♯ A_F" and "A_F ♯* φ" by simp+
  obtain y "y <> <<phi
    by(generate_fresh "name", auto)
  
  assume "(νx)F ⊨_F φ"
  with ‹y ♯ F› have "(νy)([(x, y)] ∙ F) ⊨_F φ" by(simp add: alphaFrameRes)
  with ‹x ♯ F› ‹y ♯ F› have "(νy)F ⊨_F φ" by simp
  with Feq have "⟨(y#A_F), Ψ_F⟩ ⊨_F φ" by simp
  with Feq ‹A_F ♯* φ› ‹y ♯ φ› show "F ⊨_F φ"
by:frameImpI:frameResChain
qed

lemma frameImpResFreshRight:
  fixes F :: "'b frame"
  and   x :: name
  
  assumes "x ♯ F"

  shows "F ↪_F (νx)F"
proof(auto simp add: FrameStatImp_def)
  fix φ::'c
  obtain A_F Ψ_F where Feq: java.lang.NullPointerException
    by(rule freshFrame)
  from ‹A_F ♯* (x, φ)›
  obtain y where "y ♯ φ" and "y ♯ F" and "x ≠ y"
    by(generate_fresh "name", auto)
  
  assume "F ⊨_F φ"
  with Feq ‹A_F ♯* φ› ‹
    by(force intro: frameImpI dest: frameImpE simp del: frameResChain.simps)
  moreover with ‹y ♯ F› ‹x ♯ F›'"
    by(subst alphaFrameRes) auto
qed

lemma frameResFresh:
  fixes F :: " b frame"
 and x :: name
 
 assumes "x ♯ F"

 shows "(νx)F ≃_F F"
  assms
 (auto simp add: FrameStatEq_def intro: frameImpResFreshLeft frameImpResFreshRight)

  frameImpResPres:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and x :: name
 
 assumes "F ↪_F G"

 shows "(>F ↪F (rparr>G""
 (auto simp add: FrameStatImp_def)
 fix φ::'c
 obtain A_F Ψ_F where Feq: "F = ⟨A_F, Ψ_F⟩" and "A_F ♯* (x, φ)"
 by(rule freshFrame)
 from ‹A_F ♯* (x, φ)› '
 obtain y where "y ♯ A_F" and "y ♯ F" and "y ♯ G"
 and "x ≠ y" and "y ♯ φ"
 by(enerate_fresh "name", auto)
 assume "(νx)F ⊨_F φ"
 with ‹y ♯
 with Feq ‹x ♯ A_F› ‹
 with ‹
 by(force intro: frameImpI dest: frameImpE simp del: frameResChain.simps)
 hence "([(x, y)] ∙ ⟨
 by(rule frameImpClosed)
 with ‹x ♯ A_F› ‹y ♯ A_F› Feq have "F ⊨_: 'a
 by(simp add: eqvts)
 with ‹F ↪_F G› have "G \<turnstile  
 
 obtain A_G Ψ
 (rufreshFram)
 from ‹
java.lang.NullPointerException
 by(rule frameImpClosed)
 with Geq ‹
 with ‹y ♯ φ :: "ame l"
 by(force intro: frameImpI dest: frameImpE simp del: frameResChain.simps)
 with ‹y ♯ G› ‹x ♯ A_G› ‹y ♯ A_G›
 by(subst alphaFrameRes) (fastforce simp add: eqvts)+
 

  frameResPres:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and x :: name
 
 assumes "F \> :: '

 shows "(νx)F ≃_F (νx)G"
  assms
 (auto simp add: FrameStatEq_def intro: frameImpResPres)

  frameImpResComm:
 fixes x :: name
 and y :: name
 and F :: "'b frame"

java.lang.NullPointerException
 (case_tac "x = y")
 assume "x = y"
 thus ?thesis by simp
 
  x \noteq"
 show ?thesis
 proof(auto simp add: FrameStatImp_def)
 fix φ::'c
 obtain A_F Ψ_F where Feq: "F = ⟨A_add: supp permBottom)
  freshFrame)
 then have "x ♯ A_F" and "y ♯ A_F" and "A_F ♯*and N : 'a

java.lang.NullPointerException
 by(generate_fresh "name") auto
 obtain y'::name where "y' ≠ x" and "y' ≠ y" and "y' ≠ x'" and "y' ♯ F" and "y' ♯ φ" and "y' ♯ A_F"
 by(generate_fresh "name") auto
 
java.lang.NullPointerException
 
 moreover from ‹
 by(rule_tac alphaFrameRes) (simp add: abs_fresh fresh_left)
 moreover with ‹y' ≠ x'› ‹y' ≠
 by(simp add: eqvts calc_atm)
 A "\<lparr\\lparrν(lparr>ν>F\\)∙
 using Feq ‹x ♯ A_F›
 by(simp add: eqvts)

 from ‹
 by(simp add: alphaFrameRes)
 moreover from ‹y' ♯ F› ‹y' ≠ x› ‹y' ≠ x'› have "… = (νy')([(y, y')] ∙
 )simp ad: ab fr)
 moreover with ‹
 by(simp add: eqvts calc_atm)
 moreover with ‹
 have "… = (νy')((νx')([(x, x')] ∙ [(y, y')] ∙ F))"
 apply(simp add: eqvts)
 by(subst perm_compose) (simp add: calc_atm)
 ultimately have B: "(νy)((νx)F)= (νy')((νx')((ν*A_F)(FAs and p :: "name pr
 using Feq ‹x ♯ A_F› ‹x' ♯ A_F› ‹
 :)

 >\\>›* φ›
 have "⟨(x'#y'#A_F), [(x, x')] ∙ [(y, y')] ∙ Ψ_F⟩ ⊨_F φ = ⟨(y'#x'#A_F), [(x, x')] ∙ [(y, y')] ∙ Ψ_F⟩ ⊨_F φ"
 by(force dest: frameImpE intro: frameImpI simp del: frameResChain.simps)
java.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 21
 by simp
 moreover assume "((νx)((νy)F)) ⊨_F φ"
 ultimately show "((νy)((νx)F)) ⊨_F φ" by simp
 qed
 

  frameResComm:
 fixes x :: name
 and y :: name
 and F :: "'b frame"

 shows "(νx)((νy)F) ≃_F (νy)((νx)F)"
 (auto simp add: FrameStatEq_def intro: frameImpResComm)

  frameImpResCommLeft':
 fixes x :: name
 and xvec :: "name list"
 and F :: "'b frame"

 shows "(νx)((ν*xvec)F) ↪
 (induct xvec) (auto intro: frameImpResComm FrameStatImpTrans frameImpResPres)

  frameImpResCommRight':
 fixes x :: name
 and xvec :: "name list"
 and F :: "'b frame"

 shows "(ν*xvec)((νx)statE:
 (induct xvec) (auto intro: frameImpResComm FrameStatImpTrans frameImpResPres)

  frameResComm':
 fixes x :: name
 and xvec :: "name list"
 and F :: "'b frame"

 shows "(νx)((ν*xvec)F) ≃
 (induct xvec) (auto intro: frameResComm FrameStatEqTrans frameResPres)

  frameImpChainComm:
 fixes xvec :: "name list"
 and yvec :: "name list"
 and F :: "'b frame"

 shows "(ν*xvec)((ν*yvec)F) ↪_F (ν*yvec)((ν*xvec)F)
 (induct xvec) (auto intro: frameImpResCommLeft' FrameStatImpTrans frameImpResPres)

  frameResChainComm:
 fixes xvec :: "name list"
 and yvec :: "name list"
 and F :: "'b frame"

 shows "(ν*xvec)((ν*yvec)F) ≃_F (ν*yvec)((ν assms
 (induct xvec) (auto intro: frameResComm' FrameStatEqTrans frameResPres)

  frameImpNilStatEq[simp]:
 fixes Ψ :: 'b
 and Ψ' :: 'b

 shows "(⟨ε, Ψ⟩ ↪_F ⟨ε, Ψ'⟩) = (Ψ ↪ Ψ')"
 (simp add: FrameStatImp_def AssertionStatImp_def FrameImp_def)


  frameNilStatEq[simp]:
 fixes Ψ :: 'b
 and Ψ' :: 'b

 shows "(⟨ε, Ψ⟩ ≃_F ⟨ε, Ψ'⟩) = (Ψ ≃ Ψ')"
 (simp add: FrameStatEq_def AssertionStatEq_def FrameImp_def)

  extractFrameChainStatImp:
 fixes xvec :: "name list"
 and P :: "('a, 'b, 'c) psi"

 shows "extractFrame((ν*xvec)P) ↪_F (ν*xvec)(extractFrame P)"
 (induct xvec) (auto intro: frameImpResPres)

  extractFrameChainStatEq:
 fixes xvec :: "name list"
 and P :: "('a, 'b, 'c) psi"

 shows "extractFrame((ν*xvec)P) ≃_F (ν*xvec)(extractFrame P)"
 (induct xvec) (auto intro: frameResPres)

  insertAssertionExtractFrameFreshImp:
 fixes xvec :: "name list"
 and Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"

 assumes "xvec ♯

  "insertAssertion(extractFrame(\<>\s>F \lparr>νrparr>(insertAssertion (extr P) Ψ
  assms
 (induct xvec) (auto intro: frameImpResPres)

  insertAssertionExtractFrameFresh:
 fixes xvec :: "name list"
 and Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"

 assumes "xvec ♯* Ψ"

 shows "insertAssertion(extractFrame((ν*xvec)P)) Ψ ≃_F (ν*xvec)(insertAssertion (extractFrame P) Ψ)"
  assms
 (induct xvec) (auto intro: frameResPres)

  frameImpResChainPres:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and xvec :: "name list"

 assumes "F ↪> boo" (icl> 7)

 shows "(ν*xvec)F ↪_F (ν*xvec)G"
  assms
 (induct xvec) (auto intro: frameImpResPres)

  frameResChainPres:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and xvec :: "name list"

 assumes "F ≃_F G"

 shows "(ν*xvec)F ≃_F (ν*xvec)G"
  assms
 (induct xvec) (auto intro: frameResPres)

  insertAssertionE:
 fixes F :: "('b::fs_name) frame"
 and Ψ :: 'b
 and Ψ' :: 'b
 and A_F :: "name list"

 assumes "insertAssertion F Ψ = ⟨A_F, Ψ'⟩"
 and "A_F ♯* F"
 and "A_F ♯* Ψ"
 and "distinct A_F"

 obtains Ψ_F where "F = ⟨A_F, Ψ_F⟩" and "Ψ' = Ψ ⊗ Ψ_F"
  -
 assume A: "∧Ψ_F. [F = ⟨A_F, Ψ_F⟩; Ψ' = Ψ ⊗ Ψ_F] ==> thesis"
 from assms have "∃Ψ_F. F = ⟨A_F, Ψ_F⟩ ∧ Ψ' = Ψ ⊗ Ψ_F"
 proof(nominal_induct F avoiding: Ψ A_>"
 case(FAssert Ψ A_F Ψ')
 thus ?case by auto
 next
 case(FRes x F Ψ A_F Ψ')
 from ‹insertAssertion (( assms
 obtain y A_F' where "A_F = y#A_F'" by(induct A_F) auto
 with ‹
 have A: "insertAssertion F Ψ = ⟨:
 by(simp add: frame.inject alpha eqvts)
java.lang.NullPointerException
 from ‹distinct A_F› ‹A_F = y#A_F'› have "y ♯ ::: 'b
 from ‹
 apply -
 apply(auto simp add: abs_fresh)
 apply(hypsubst_thin)
 apply(subst fresh_star_def)
 apply(erule rev_mp)
 apply(subst fresh_star_def)
 apply(clarify)
 apply(erule_tac x=xa in ballE)
 apply(simp add: abs_fresh)
 apply auto
 by(simp add: fresh_def name_list_supp)
java.lang.NullPointerException
 from ‹
 with ‹x ♯ Ψ› ‹y ♯ Ψ› have "([(x, y)] ∙ A_F') ♯* Ψ" by simp
 with ‹
 ‹([(x, y)] ∙ A_F') ♯* F› ‹
 obtain Ψ_F where Feq: "F = ⟨A_F', Ψ_F⟩" and Ψeq: "([(x, y)] ∙ Ψ') = Ψ: 'b
 by force
 
 from Feq have "(νx)F = ⟨(x#A_F'), Ψ_F⟩" by(simp add: frame.inject)
 hence "([(x, y)] ∙ (νx)F) = [(x, y)] ∙ ⟨(x#A_F'), Ψ_F⟩" by simp
 hence "(νx)F = ⟨A_F, [(x, y)] ∙ Ψ_F⟩" using ‹y ♯ F› ‹
  ad: eq calc_atm alph

 moreover from Ψeq have "[(x, y)] ∙ ([(x, y)] ∙ Ψ') = [(x, y)] ∙ (Ψ ⊗ a
 by simp
 with \open>x ♯♯ "\Psi>' Ψ> ([(xy)]∙su>F)" by( add: eqvt
 ultimately show ?case
 by blast
 qed
 with A show ?thesis
 by blast
 

  mergeFrameE:
 fixes F :: "'b frame"
 and G :: "'b frame"
 and A_FG :: "name list"
 and Ψ_FG :: 'b

 assumes "mergeFrame F G = ⟨A_FG, Ψ_FG⟩"
 and "distinct A_FG"
 and "A_FG ♯* F"
 and "A_FG ♯* G"

 obtains A_F Ψ_F A_G Ψ_G where "A_FG = A_F@A_G" and "Ψ_FG = Ψ_F ⊗ Ψ_G" and "F = ⟨A_F, Ψ_F⟩" and "G = ⟨A_G, Ψ_G⟩" and "A_F ♯* Ψ_G" and "A_G ♯* Ψ_F"
 
 assume A: "∧A_F A_G Ψ_F Ψ_G. [A_FG = A_F@A_G; Ψ
java.lang.NullPointerException
 proof(nominal_induct F avoiding: G A_FG Ψ_FG rule: frame.strong_induct)
 case(FAssert Ψ G A_FG Ψ_FG)
 thus ?case
 apply auto
 apply(rule_tac x="[]" in exI)
 by(drule_tac insertAssertionE) auto
 next
java.lang.NullPointerException
 from ‹mergeFrame ((ν "Ψ
 obtain y A_FG' where "A_FG = y#A_FG'" by(induct A_FG) auto
 with ‹A_FG ♯* ((>)≃
 by(auto simp add: supp_list_cons fresh_star_def fresh_def name_list_supp abs_supp frame.supp)
 from ‹A_FG = y#A_FG'› ‹
java.lang.NullPointerException
 apply(auto simp add: abs_fresh frameResChainFreshSet)
 apply(hypsubst_thin)
 by(induct A_FG') (auto simp add: abs_fresh)
 from ‹
 
 with ‹
 have "mergeFrame F G = ⟨A_FG', [(x, y)] ∙ Ψ_FG⟩"
 by(simp add: frame.inject alpha eqvts)
 with ‹p :: "nam prm"
 ‹∧G A_FG Ψ_FG. [mergeFrame F G = ⟨A <> >) ↪'))"
 obtain A_F Ψ_F A_G Ψ_G where "A_FG' = A_F@A_G" and "([(x, y)] ∙ Ψ_FG) = Ψ_F ⊗ Ψ_G" and FrF: "F = ⟨A_F, Ψ_F⟩" and FrG: "G = ⟨A_G, Ψ_G⟩" and "A_F ♯* Ψ_G" and "A_G ♯
 by metis

 from ‹
 moreover from ‹A_FG' = A_F@A_G› ‹y ♯ A_FG'›
 with ‹y ♯ G›
 by auto
 from 🪙_[x, yy)] \<> ^sub>G) [(x, y)] ∙⊗G)"
 by simp
 with ‹x ♯ Ψ_G› ‹y ♯ Ψ_G› have "Ψ_FG = ([(x, y)] ∙ Ψ_F) ⊗ Ψ_G" by(simp add: eqvts)
 moreover from FrF have "([(x, y)] ∙ F) = [(x, y)] ∙ ⟨A_F, Ψ_F⟩" by simp
 with ‹x ♯ A_F› ‹y ♯ A_F› have "([(x, y)] ∙ F) = ⟨A_F, [(x, y)] ∙ Ψ_F⟩" by(simp add: eqvts)
 hence "(νy)([(x, y)] ∙ F) = ⟨(y#A_F), [(x, y)] ∙ Ψ_F⟩" by(simp add: frame.inject)
 with ‹y ♯ F› have "(νx)F = ⟨(y#A_F), [(x, y)] ∙ Ψ_F⟩" by(simp add: alphaFrameRes)
 moreover with ‹A_G ♯* Ψ_F› have "([(x, y)] ∙ A_G) ♯* ([(x, y)] ∙ Ψ_F)" by(simp add: pt_fresh_star_bij[OF pt_name_inst, OF at_name_inst])
 with ‹x ♯ A_G› ‹y ♯ A_G› have "A_G ♯* ([(x, y)] ∙ Ψ_F)" by simp
 moreover from ‹A_F ♯* Ψ_G›
 ultimately show ?case using FrG
 by blast
 qed
 with A show ?thesis by blast
 

  mergeFrameRes1[simp]:
 fixes A_F :: "name list"
 and Ψ_F :: 'b
 and x :: name
 and A_G :: "name list"
 and Ψ_G :: 'b
 
 assumes "A_F ♯
 and "A_F ♯* A_G"
 and "x ♯ A_F"
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null
 and "A_G ♯* Ψ_F"
 
 shows "(⟨A_F, Ψ_F⟩) ⊗_F ((νx)(⟨A_G, Ψ_G⟩)) = (⟨(A_F@x#A_G), Ψ_F ⊗ Ψ_G⟩)"
  assms
 (fold frameResChain.simps)
 (rule mergeFrames) auto

  mergeFrameRes2[simp]:
 fixes A_F :: "name list"
 and Ψ_F :: 'b
 and x :: name
 and A_G :: "name list"
 and Ψ_G :: 'b
 
 assumes "A_F ♯* Ψ_G"
 and "A_G ♯* A_F"
 and "x ♯ A_F"
 and "x ♯ Ψ_F"
 and "A_G ♯* Ψ_F"
 
 shows "(⟨A_F, Ψ_F⟩) ⊗_F ((νx)(⟨A_G, Ψ_G⟩)) = (⟨(A_F@x#A_G), Ψ_F ⊗ Ψ_G⟩)"
  assms
 (fold frameResChain.simps)
 (rule mergeFrames) auto

  insertAssertionResChain[simp]:
 fixes xvec :: "name list"
 and F :: "'b frame"
 and Ψ :: 'b

 assumes "xvec ♯* Ψ"

 shows "insertAssertion ((ν*xvec)F) Ψ = (ν*xvec)(insertAssertion F Ψ)"
  assms
 (induct xvec) auto

  extractFrameResChain[simp]:
 fixes xvec :: "name list"
 and P :: "('a, 'b, 'c) psi"

 shows "extractFrame((ν*xvec)P) = (ν*xvec)(extractFrame P)"
 (induct xvec) auto

  frameResFreshChain:
 fixes xvec :: "namlist"
 and F :: "'b frame"

 assumes "xvec ♯* F"

 shows "(ν*xvec)F ≃_F F"
  assms
 (induct xvec)
 case Nil
 thus ?case by simp
 
 case(Cons x xvec)
 thus ?case
 by auto (metis frameResPres frameResFresh FrameStatEqTrans)
 

 

  assertion = assertionAux SCompose SImp SBottom SChanEq
 for SCompose :: "'b::fs_name ==> 'b ==> 'b"
 and SImp :: "'b ==> 'c::fs_name ==> bool"
 and SBottom :: 'b
 and SChanEq :: "'a::fs_name ==> 'a ==> 'c" +

 assumes chanEqSym: "SImp Ψ (SChanEq M N) ==> SImp Ψ (SChanEq N M)"
 and chanEqTrans: "[SImp Ψ (SChanEq M N); SImp Ψ (SChanEq N L)] ==> SImp Ψ (SChanEq M L)"
 and Composition: "assertionAux.AssertionStatEq SImp Ψ Ψ' ==> assertionAux.AssertionStatEq SImp (SCompose Ψ Ψ'') (SCompose Ψ' Ψ'')"
 and Identity: "assertionAux.AssertionStatEq SImp (SCompose Ψ SBottom) Ψ"
 and Associativity: "assertionAux.AssertionStatEq SImp (SCompose (SCompose Ψ Ψ') Ψ'') (SCompose Ψ (SCompose Ψ' Ψ''))"
 and Commutativity: "assertionAux.AssertionStatEq SImp (SCompose Ψ Ψ') (SCompose Ψ' Ψ)"

 

  SCompose (infixr ‹⊗›>F⟩
  SImp (‹_ ⊨ _› [85, 85] 85)
  SChanEq (‹_ ↔ _› [90, 90] 90)
  SBottom (‹⊥› 90)

  compositionSym:
 fixes Ψ :: 'b
 and Ψ' :: 'b
 and Ψ'' :: 'b

 assumes "Ψ ≃ Ψ'"

 shows "Ψ'' ⊗ Ψ ≃ Ψ'' ⊗ Ψ'"
  -
 have "Ψ'' \usingassms
 moreover from assms have "Ψ ⊗ Ψ'' ≃ Ψ' ⊗ Ψ''" by(rule Composition)
 moreover have "Ψ' ⊗ Ψ'' ≃ Ψ'' ⊗ Ψ'" by(rule Commutativity)
 ultimately show ?thesis by(blast intro: AssertionStatEqTrans)
 

  Composition':
 fixes Ψ :: 'b
 and Ψ' :: 'b
 and Ψ'' :: 'b
 and Ψ''' :: 'b

 assumes "Ψ ≃ Ψ'"
 and <>'
 
 shows "Ψ ⊗ Ψ'' ≃ Ψ' ⊗ Ψ'''"
  assms
 (metis Composition Commutativity AssertionStatEqTrans)
 

  composition':
 fixes Ψ :: 'b
 and Ψ' :: 'b
 and Ψ'' :: 'b
 and Ψ''' :: 'b

 assumes "Ψ ≃ Ψ'"

 shows "(🚫
  -
 have "(Ψ ⊗ Ψ'') ⊗ Ψ''' ≃ Ψ ⊗ (Ψ'' ⊗ Ψ''')"
 by(rule Associativity)
 moreover from assms have "Ψ ⊗ (Ψ'' ⊗ Ψ''') ≃ Ψ' ⊗ (Ψ'' ⊗ Ψ''')"
 by(rule Composition)
 moreover have "Ψ' ⊗ (Ψ'' ⊗ Ψ''') ≃ (Ψ' ⊗ Ψ'') ⊗ Ψ'''"
 by(rule Associativity[THEN AssertionStatEqSym])
 ultimately show ?thesis by(blast dest: AssertionStatEqTrans)
 

  associativitySym:
 fixes Ψ :: 'b
 and Ψ' :: 'b
 and Ψ'' :: 'b
 
 shows "(Ψ ⊗ Ψ') ⊗ Ψ'' ≃ (Ψ ⊗ Ψ'') ⊗ Ψ'"
  -
 have "(Ψ ⊗ Ψ') ⊗ Ψ'' ≃ Ψ ⊗ (Ψ' ⊗ Ψ'')"
 by(rule Associativity)
 moreover have "Ψ ⊗ (Ψ' ⊗ Ψ'') ≃ Ψ ⊗ (Ψ'' ⊗ Ψ')"
 by(rule compositionSym[OF Commutativity])
 moreover have "Ψ ⊗ (Ψ'' ⊗^sub>F' \turnstile \\phi>"
 by(rule AssertionStatEqSym[OF Associativity])
 ultimately show ?thesis
 by(blast dest: AssertionStatEqTrans)
 
 
  frameChanEqSym:
  s "Ψ"
 and M :: 'a
 and N :: 'a

 assumes "F ⊨_F M ↔ N"
 
 shows "F ⊨p-
  assms
 (auto simp add: FrameImp_def)
 (force intro: chanEqSym simp add: FrameImp_def)

  frameChanEqTrans:
 fixes F :: "'b frame"
 and M :: 'a
 and N :: 'a

 assumes "F ⊨_F M ↔ N"
 and "F ⊨_F N ↔ L"
 
 shows "F ⊨_F M ↔ L"
  -
 obtain A_F Ψ_F where "F = ⟨A_F, Ψ_F⟩" and "A_\<^>F
 by(rule freshFrame)
 with assms show ?thesis
 by(force dest: frameImpE intro: frameImpI chanEqTrans)
 
*)
lemma frameIntAssociativity:
  fixes A_F  :: "name list"
  and   Ψ   :: 'b
  and   Ψ'  :: 'b
  and   Ψ'' :: 'b

  shows "⟨A_F, (Ψ ⊗ Ψ') ⊗ Ψ''⟩ ≃_F ⟨A_F, Ψ ⊗ (Ψ' ⊗ Ψ'')⟩"
by(induct A_F) (auto intro: Associativity frameResPres)

lemma frameIntCommutativity:
  fixes A_F  :: "name list"
  and   Ψ   :: 'b
  and   Ψ'  :: 'b

  shows "⟨A_F, Ψ ⊗ Ψ'⟩ ≃_F ⟨A_F, Ψ' ⊗ Ψ⟩"
by(induct A casezero>FA<sub<Psi>F

lemma frameIntIdentity:
  fixes A_F :: "name list"
  and   Ψ_F :: 'b 

  shows "⟨A_F, Ψ_F ⊗ SBottom⟩ ≃_F ⟨A_F, Ψ_F⟩"
by(induct A_F) (auto intro: Identity frameResPres)

lemma frameIntComposition:
  fixes Ψ  :: 'b
  and   Ψ' :: 'b
  and   A_F :: "name list"
  and   Ψ_F :: 'b

  assumes "Ψ ≃ Ψ'"

  shows "⟨A_F, Ψ ⊗ Ψ_F⟩ ≃_F ⟨A_F, Ψ' ⊗ Ψ_F⟩"
using assms
by(induct A_F) (auto intro: Composition frameResPres)

lemma frameIntCompositionSym:
  fixes Ψ  :: 'b
  and   Ψ' :: 'b
  and   A_F :: "name list"
  and   Ψ_F :: 'b

  assumes "Ψ ≃ Ψ'"

  shows "⟨A_F, Ψ_F ⊗ Ψ⟩ ≃_F ⟨A_F, Ψ_F ⊗ Ψ'⟩"
using assms
by(induct A_F) (auto intro: compositionSym frameResPres)

lemma frameCommutativity:
  fixes F :: "'b frame"
  and   G :: "'b frame"

  shows "F ⊗_F G ≃_F G ⊗_F F"
proof -
  obtain A_F Ψ_F where "F = ⟨A_F, Ψ_F⟩" and "A_F ♯* G"
    by(rule freshFrame)
  moreoverobtainA_" =⟨Psi^sub<>" a "A_<^sub" and "_F"
    by(rule_tac C="(A_F, Ψ_F)" in freshFrame) auto
  moreover from ‹A_F ♯* G› ‹G = ⟨A_G, Ψ_G⟩› ‹A_G ♯* A_F› have "A_F ♯* Ψ_G"
    by auto
  ultimately show ?thesis
    by auto (metis FrameStatEqTrans frameChainAppend frameResChainComm frameIntCommutativity)
qed
  
lemma frameScopeExt:
  fixes x :: name
  and F :: "'b frame"
  and G :: "'b frame"

  assumes "x ♯ F"

  shows "(νx)(F ⊗_F G) ≃_F F ⊗_F ((νx)G)"
proof -
  have "(νx)(F ⊗_F G) ≃_F (νx)(G ⊗_F F)"
    by(metis frameResPres frameCommutativity)
  with ‹x ♯ F› have "(νx)(F ⊗_F G) ≃_F ((νx)G) ⊗_F F"
    by simp
  moreover have "((νx)G) ⊗_F F ≃_F F ⊗_F ((νx)G)"
    by(rule frameCommutativity)
  ultimately show ?thesis by(rule FrameStatEqTrans)
qed

lemma insertDoubleAssertionStatEq:
  fixes F :: "'b frame"
  and Ψ :: 'b
  and Ψ' :: 'b

  shows "insertAssertion(insertAssertion F Ψ) Ψ' ≃_F (insertAssertion F) (Ψ ⊗
proof -
  obtain A_F Ψ_F where "F = ⟨A_F, Ψ_F⟩" and "A_F ♯* Ψ" and "A_F ♯* Ψ'" and "A_F ♯* (Ψ ⊗ Ψ')"
    by(rule_tac C="(Ψ, Ψ')" in freshFrame) auto
  thus ?thesis
    by auto (metis frameIntComposition    
qed

lemma guardedStatEq:
  fixes P  : "'a, ', ''c) psi"
  and   I  :: "('a, 'b, 'c) input"
  and   C  :: "('a, 'b, 'c) psiCase"
  and   A_P :: "name list"
  and   Ψ_P :: 'b

  shows "[guarded P; extractFrame P = ⟨A_P, Ψ_P⟩] ==> Ψ_P ≃ ⊥ ∧ supp Ψ_P = ({}::name set)"
  and   "[guarded' I; extractFrame' I = ⟨A_P, Ψ_P⟩] ==> Ψ_P ≃ ⊥
  and "[guarded'' C; extractFrame'' C = ⟨A_P, Ψ_P⟩] ==> Ψ_P ≃ ⊥ ∧ supp Ψ_P = ({}::name set)"
proof(nominal_induct P and I and C arbitrary: A_P Ψ_P rule: psi_input_psiCase.strong_inducts)
  case(PsiNil A_P Ψ_P)
  thus ?case by simp
next
  case(Output M N P A_P Ψ_P)
  thus ?case by simp
next
  case(Input M In A_P Ψ_P)
  thus ?case by simp
next
  case(Case psiCase A_P Ψ_P)
  thus ?case by simp
next
  case(Par P Q A_><>* \phi
  from ‹guarded(P ∥ Q)› have "guarded P" and "guarded Q" by simp+
  obtain A_P Ψ_P where FrP: "extractFrame P = ⟨A_P, Ψ_P⟩" and "A_P ♯* Q" by(rule freshFrame)
  obtain A_Q Ψ_Q where FrQ: "extractFrame Q = ⟨A_Q, Ψ_Q⟩" and "A_Q ♯* A_P" and "A_Q ♯* Ψ_P"
    by(rule_tac C"A<^>,
  
  from ‹∧A_P Ψ_P. [guarded P; extractFrame P = ⟨A_P, Ψ_P⟩] ==> Ψ_P ≃ ⊥ ∧ (supp Ψ_P = ({}::name set))› ‹guarded P› FrP
  have "Ψ_P ≃ ⊥" and "supp Ψ_P = ({}::name set)" by simp+
  from ‹∧A_Q Ψ_Q. [guarded Q; extractFrame Q = ⟨A_Q, Ψ_Q⟩] ==> Ψ_Q ≃ ⊥ ∧ (supp Ψ_Q = ({}::name set))› ‹guarded Q› FrQ
  have "Ψ_Q ≃ ⊥" and "supp Ψ_Q = ({}::name set)" by simp+
  
  from ‹A_P ♯* Q› FrQ ‹A_Q ♯* A_P› have "A_P ♯* Ψ_Q" by(drule_tac extractFrameFreshChain) auto
  with ‹A_Q ♯* A_P› ‹A_Q ♯* Ψ_P› FrP FrQ ‹extractFrame(P ∥have "length xs = length ys" and "xs ♯>* φ♯\sharp> φ
 by auto
 with ulti
 by blast
 moreover from ‹ ni
 by(metis Composition Identity Associativity Commutativity AssertionStatEqTrans)
 ultimately show ?case using ‹supp Ψ_P = {}› ‹supp Ψ_Q = {}› compSupp
 by blast
 
java.lang.NullPointerException
 from ‹guarded((νx)P)› have "guarded P" by simp
 moreover obtain A_P Ψ_P where FrP: "extractFrame P = ⟨A_P, Ψ_P⟩" by(rule freshFrame)
java.lang.NullPointerException
 ultimately have "Ψ_P ≃ ⊥" and "supp Ψ_P = ({}::name set)" by auto
 from FrP ‹extractFrame((νx)P)
 with ‹supp Ψ_P = {}› have "Ψ_P = Ψ_xP" by(auto simp del: frameResChain.simps)
 with ‹
 by simp
 
 case(Assert Ψ A_P Ψ_P)
 thus ?case by simp
 
 case(Bang P A_P Ψ_P)
 thus ?case by simp
 
 case(Trm M P)
 thus ?case by simp
 
 case(Bind x I)
 thus ?case by simp
 
 case EmptyCase
 thus ?case by simp
 
 case(Cond φ P psiCase)
 thus ?case by simp