Quelle  Tau_Sim.thy

(* 
   Title: Psi-calculi   
   Author/Maintainer: Jesper Bengtson (jebe@itu.dk), 2012
*)
theory Tau_Sim
  imports Tau Sum
begin

nominal_datatype 'a prefix =
  pInput "'a::fs_name" "name list" 'a
| pOutput 'a 'a                           
| pTau                                    

context tau
begin

nominal_primrec bindPrefix :: "'a prefix ==>
where
  "bindPrefix (pInput M xvec N) P = M(λ*xvec N).P"
| "bindPrefix (pOutput M N) P = M⟨N⟩.P"
| "bindPrefix (lemma\phi>_natural
by(rule TrueI)+

lemma bindPrefixEqvt[eqvt]:
  fixes p :: "name prm"
  and   α :: "'a prefix"
  andP:(a', c

  shows "(p ∙ (α⋅P)) = (p ∙ α)⋅(p \    shows " y' (f ⋅C h ⋅cdot_D<> y h)java.lang.NullPointerException
by(nominal_induct α x' ∧ D.in_hom (φh) y (G x)"

lemma prefixCases[consumes 1, case_names cInput cOutput cTau]:
  fixes Ψ :: 'b
  and α :: "'a prefix"
  and P :: "('a, 'b, 'c) psi"
  and β assms φ
  and P' :: "('a, 'b, 'c) psi"

  assumes "Ψ ⊳ α⋅P ⟼β ≺
  and     rInput: "∧ assms D.comp_i G.preserves_hom 🚫i:
                                       Prop (pInput M xvec N) (K(N[xvec::=Tvec])) (P[xvec::=Tvec])"
  and     rOutput: "∧M N K. Ψ ⊨ F <> \psi
  and rTau: "Ψ ⊳ P ∼ P' ==> Prop (pTau) (τ) P'"

  shows "Propusing<_in_hom ψ φ ψ\phi << 
using ‹
 (nominal_induct rule: prefix.strong_induct)
 case(pInput M xvec N)
 from ‹
 thus ?case by(auto elim: inputCases intro: rInput)
 
 case(pOutput M N)
 from ‹
 thus ?case by(auto elim: outputCases intro: rOutput)
 
 case pTau
 from ‹Ψ ⊳ (pTau)⋅open>
 thus ?case
 by(nominal_induct rule: action.strong_induct) (auto dest: tauActionE intro: rTau)
 
 
  prefixTauCases[consumes 1, case_names cTau]:
 fixes α :: "'a prefix"
 and P :: "('a, 'b, 'c) psi"
 and P' :: "('a, 'b, 'c) psi"

 assumes "Ψ ⊳ α⋅P ⟼τ ≺ P'"
 and rTau: "Ψ ⊳ P ∼ P' ==> Prop (pTau) P'"

 shows "Prop α P'"
  -
 from ‹Ψ ⊳ α⋅P ⟼τ ≺ P'› obtain β where "Ψ ⊳ α⋅P ⟼β ≺ P'" and "β = τ"
 by auto
 thus ?thesis
 by(induct rule: prefixCases) (auto intro: rTau)
 

  hennessySim1:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"

 assumes "Ψ ⊳ P ↝🚫 Q"
 and C1: "∧Ψ P Q R. [Ψ ⊳ P ∼ Q; (Ψ, Q, R) ∈ Rel] ==> (Ψ, P, R) ∈ Rel"

 shows "Ψ ⊳ τ.(P) ↝«Rel¬ Q"
 (induct rule: weakCongSimI)
 case(cTau Q')
 from ‹Ψ ⊳ P ↝🚫 Q› ‹Ψ ⊳ Q ⟼τ ≺ Q'›
 obtain P' where PChain: "Ψ ⊳ P ==>^{^}_\τ P'" and P'RelQ': "(Ψ, P', Q') ∈ Rel"
 by(blast dest: weakSimE)

 from PChain obtain P'' where "Ψ ⊳ τ.(P) ==>_\τ P''" and "Ψ ⊳ P' ∼ P''"
 by(rule tauChainStepCons)
 thus ?case using P'RelQ' by(metis bisimE C1)
 

  hennessySim2:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"

 assumes PTrans: "Ψ ⊳ P ⟼τ ≺ P'"
 and P'RelQ: "(Ψ, P', Q) ∈ Rel"
 and C1: "∧Ψ P Q R. [(Ψ, P, Q) ∈ Rel; Ψ ⊳ Q ∼ R] ==> (Ψ, P, R) ∈ Rel"

 shows "Ψ ⊳ P ↝«Rel¬ τ.(Q)"
 (induct rule: weakCongSimI)
 case(cTau Q')
 from ‹Ψ ⊳ τ.(Q) ⟼τ ≺ Q'› have "Ψ ⊳ Q ∼ Q'" by(blast dest: tauActionE)
 with PTrans P'RelQ show ?case by(metis C1 tauActTauStepChain)
 

  hennessySim3:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"

 assumes "Ψ ⊳ P ↝🚫 Q"
 and C1: "∧Q'. Ψ ⊳ Q ⟼τ ≺ Q' ==> (Ψ, P, Q') ∉ Rel"

 shows "Ψ ⊳ P ↝«Rel¬ Q"
 (induct rule: weakCongSimI)
 case(cTau Q')
 from ‹Ψ ⊳ P ↝🚫 Q› ‹Ψ ⊳ Q ⟼τ ≺ Q'›
 obtain P' where PChain: "Ψ ⊳ P ==>^{^}_\τ P'" and P'RelQ': "(Ψ, P', Q') ∈A right adjoint functor induces a meta-adjunction, modulo the c choice of a
 by(blast dest: weakSimE)
 with C1 ‹Ψ ⊳ Q ⟼τ ≺ Q'› show ?case
 by(force simp add: rtrancl_eq_or_trancl)
 

  tauLaw1SimLeft:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"

 assumes "Ψ ⊳🚫
 and "eqvt Rel"
 and C1: "∧beg

 shows "Ψ ⊳
 (induct rule: weakSimI2)
 case(cAct Ψ' definition Fo: "'d \<> 
 from ‹bn \Fo = (SOME x. ∃
 with ‹Ψ ⊳
 obtain P'' P' where PTrans: "Ψ : Q ⊳definition ηR> 'd"
 and P'RelQ': "(Ψ ⊗ Ψ', P', Q') ∈ Rel"
 by(blast dest: weakSimE)

 from PTrans ‹ ♯close> ‹α ♯> obtain P''' where "Ψ : Q ⊳(P) \Longrightarrow>α P'''" and "Ψ ⊳ P'''"
 by(rule weakTransitionTau)
 moreover from ‹Ψ ⊳ P'' ∼ P'''› have "Ψ here "🚫
 with P''Chain obtain P'''' where "Ψ ⊗ Ψ' ⊳ P''' ==>^o_initial:
 by(rule tauChainBisim)
 ultimately show ?case using ‹(Ψ assu "∃
 
 case(cTau Q')
 from ‹Ψ ⊳ P ↝🚫
 obtain P' where PChain: "Ψ ⊳ P ==> a \<>o_def
 someI_ex [of "λu. initial_arrow_to_functor C D G y x u"]

 from PChain obtain P'' where "Ψ ⊳ τ.(P) ==> [ "λ D Gy Fo y) u"]
 by(rule tauChainCon)
 thus ?case using P'RelQ' by(metis bisimE C1)
 

  tauLaw1SimRight:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"

 assumes "eqvt Rel"
  "(Ψ Rel"
 and C1: "∧Ψ P Q R. [

 shows "Ψ ⊳ P ↝‹
  ‹ g} takes each ar @{term g} of
 (induct rule: weakSimI[where C=Q])
 case(cAct Ψ' α Q')
 hence False by(cases rule: actionCases[where α=α]) auto
 thus ?case by simp
 
 case(cTau Q')
 have "\<ave τ Q" by simp
 moreover from ‹Ψ ⊳ τ.(Q) ⟼D (\<>o
java.lang.StringIndexOutOfBoundsException: Index 8 out of bounds for length 8
 ultimately show ?case by blast
 

  tauLaw3SimLeft:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"
 and α :: "'a prefix"

 assumes "eqvt Rel"
 and "(Ψ, P, Q) ∈initial_arrow_to_fu.the_ext C D G (Fo (D.domg)) (ta> (D..dom g))
 and Subst: "∧xvec Tvec. length xvec = length Tvec ==> (Ψ:=Tvec], Q[xvec::=Tvec]) ∈
 and C1: "∧Ψ P Q R S. [Ψ ⊳o (D.cod g) ⋅
 and rExt: "∧Ψ P Q Ψ'. (Ψ, P, Q) ∈

 shows "Ψ ⊳ α "D.ide y"
  ‹ "F y = Fo y"
 (induct rule: weakSimI[where C=Q])
 case(cAct Ψ' β Q')
 from ‹Ψ initial_arrow_to_functor C D G y ‹ ‹
 proof(induct rule: prefixCases)
 case(cInput M xvec N K Tvec)
 note ‹Ψ ⊨ M ↔ K› ‹o_initial by blast
 moreover have "insertAssertion (extractFrame(M(λ*xvec N).Q)) Ψ ↪ha 1: "arrow_to_functor C D G y (Fo y) (ηy" ..java.lang.StringIndexOutOfBoundsException: Index 62 out of bounds for length 62
 ultimately have "Ψ : (M\<lparrunfolding "G (Fo y)" "η
 by(rule weakInput)
 hence "Ψ : (M(λ*xvec N).Q) ⊳ (M(λ*xvec N).(τ.(P))) ==>K((N[xvec::=Tvec])) ≺ τ.(P[xvec::=Tvec])"
  \<>length ‹
 by simp
 
 moreover obtain P' where PTrans: "Ψ ⊗ Ψ' ⊳ τ.(P[xvec::=Tvec]) ⟼τ ≺ P'" and "Ψ ⊗ Ψ' ⊳ (P[xvec::=Tvec]) ∼ P'" us 1 the_ext_unique by bla
 auto 
 from PTrans have "Ψ ⊗ Ψ_arr_
 moreover from ‹length xvec = length Tvec›
 hence "(Ψ ⊗ Ψ', P[xvec::=Tvec], Q[xvec::=Tvec]) ∈inoEDiei_hom by metis
 with ‹Ψ ⊗ Ψ
 ultimately show ?case by fastforce
 next
 case(cOutput M N K)
java.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 0
 moreover have "insertAssertion (extractFrame (M⟨N⟩.Q)) Ψ ↪_F ⟨ε D C F"
 ultimately have "Ψ : M⟨N⟩.Q ⊳ M⟨N⟩.(τ.(P)) ==>K⟨ roof
 moreover obtain P' where PTrans: "Ψ ⊗ Ψ' ⊳ τfi g :: 'd
 by auto
 from PTrans have "Ψ ⊗ Ψ' ⊳ τ.(P) ==>D.arr g"
 moreover from ‹› Ψ', P, Q) ∈
 with ‹Ψ ⊗ Ψ' ⊳ P ∼ P'› have "(Ψ ⊗ Ψ', P', Q) ∈ "F g = C.null" using F_def by auto
 ultimately show ?case by fastforce
 next
 case cTau
 with ‹τ ≠ τ› show ?case
 by simp
 qed
 
 case(cTau Q')
 from ‹Ψ ⊳ α⋅: "D.ar g
 proof(induct rule: prefixTauCases)
 case ca
 obtain P' where tPTrans: "Ψ ⊳ τ.(τ.(P)) ⟼τ ≺
 by auto
 obtain P'' where PTrans: "Ψ ⊳ τ.(P) ⟼τη: initial_arrow_to_functor C D G ?y ‹ηo ?y›
 by auto
 from PTrans ‹Ψ ⊳ τ.(P) ∼ P'› obtain P''' where P'Trans: "Ψ ⊳ P' ⟼τ ≺ P'''" and "Ψ ⊳ P'' ∼ P'''"
 apply(drule_tac bisimE(4))
 apply(drule_tac bisimE(2))
 apply(drule_tac simE, auto)
 by(metis bisimE)
 from tPTrans P'Trans have "Ψ ⊳ τ.(τ.(P)) ==>^{^}_\τ P'''" by(fastforce dest: tauActTauChain)
 moreover from ‹(Ψ, P, Q) ∈ Rel› ‹Ψ ⊳ P ∼ P''› ‹Ψ ⊳ P'' ∼ P'''› ‹Ψ ⊳ Q ∼ Q'› have "(Ψ, P''', Q') ∈ Rel"
 by(metis bisimTransitive C1 bisimSymmetric)
 ultimately show ?case by fastforce
 qed
 

  tauLaw3SimRight:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"

 assumes "eqvt R"eqvt Rel"
 and Subst: "∧Ψ xvec Tvec. length xvec = length Tvec ==> (Ψ, P[xvec::=Tvec], τ.(Q[xvec::=Tvec])) ∈:initial_ar C D G ?y' \<openFo
 and C1: "∧Ψ P Q R S. [Ψ ⊳ P ∼ Q; (Ψ, Q, R) ∈ Rel; Ψ ⊳ R ∼ S] ==> (Ψ, P, S) ∈ Rel"
 and "∧Ψ. (Ψ, P, τ.(Q)) ∈ Rel"

 shows "Ψ ⊳ α⋅P ↝🚫 α⋅(τ.(Q))"
  ‹eqvt Rel›
 (induct rule: weakSimI[where C=Q])
 case(cAct Ψ' β Q')
 from ‹Ψ ⊳ α hav 1: "arrow_ C y (Fo y' (D o ?')g"
 show ?case
 proof(induct rule: prefixCases)
 case(cInput M xvec N K Tvec)
 note ‹Ψ ⊨ M ↔ K› ‹distinct xvec› ‹set xvec ⊆ supp N› ‹length xvec=length Tvec›
 moreover have "insertAssertion (extractFrame (M(λ*xvec N).(τ.(Q)))) Ψ ↪_F ⟨ε, Ψ ⊗"F g = \<eta.η
 ultimately have "Ψ : (M(λ*xvec N).(τ.(Q))) ⊳ M(λ*xvec N).P ==>K((N[xvec::=Tvec])) ≺ P[xvec::=Tvec]"
 by(rule weakInput)
 moreover have "Ψ \<otimes    
 ultimately show ?case using Subst ‹length xvec=length Tvec› ‹distinct xvec›>F g : Fo ?y →C Fo ?y'🚫
 by fastforce
 next
 case(cOutput M N K)
 note ‹Ψ ⊨ M ↔ K›
 moreover have "insertAssertion (extractFrame (M⟨N⟩.(τ.(Q)))) Ψ ↪_F ⟨ε, Ψ ⊗ 1⟩" by auto
 ultimately have "Ψ : M⟨N⟩.(τ.(Q)) ⊳ M⟨N⟩.P ==>K⟨N⟩ ≺ P" by(rule weakOutput)
 moreover have "Ψ ⊗ Ψ' ⊳ P ==>^{^}_\τ P" by auto
 ultimately show ?case using ‹(Ψ ⊗ Ψ', P, τ.(Q)) ∈ Rel› by fastforce
 next
 case cTau
 with ‹τ ≠ τ› show ?case by simp
 qed
 
 (cTau Q'
 from ‹Ψ ⊳ α⋅(τ.(Q)) ⟼τ ≺ Q'› show ?case
 proof(induct rule: prefixTauCases)
 case cTau
 obtain P' where PTrans: "Ψ ⊳ τ.arr (F g)" using Fg by auto
 by auto
 from PTrans have "Ψ ⊳ τ.(P) ==>^{^}_\τ P'" by(rule tauActTauChain)
 moreover from ‹Ψ ⊳ P ∼ P'› ‹ "C.dom ( g) = F ?" using F Fgg FF_ide by auto
 have "(Ψ, P', Q') ∈ Rel" by(metis bisimTransitive bisimSymmetric C1)
 ultimately show ?case by fastforce
 qed
 

  tauLaw3CongSimLeft:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"

 assumes "(Ψ, P, Q) ∈ Rel"
 and C1: "∧Ψ P Q R S. [Ψ ⊳= F ?'" using Fg g F_ideby auuto
 and rExt: "∧Ψ P Q Ψ'. (Ψ, P, Q) ∈ Rel ==> (Ψ ⊗ Ψ', P, Q) ∈ Rel"

 shows "Ψ ⊳ α⋅(τ
 (induct rule: weakCongSimI)
 case(cTau Q')
 from ‹\<Psi      
 proof(induct rule: prefixTauCases)
 case cTau
 obtain P' where tPTrans: "Ψ ⊳ τ.(τ.(P)) ⟼ : 'd
 by auto
 obtain P'' where PTrans: "Ψ ⊳ τ.(P) ⟼τ ≺: "D.arr (D g' g)
 by auto
 from PTrans ‹Ψ ⊳ g' by auto
 apply(drule_tac bisimE(4))
 apply(drule_tac bisimE(2))
 apply(drule_tac simE, auto)
 by(metis bisimE)
java.lang.NullPointerException
 moreover from ‹(Ψ, P, Q) ∈ Rel› ‹
 by(metis bisimTransitive C1 bisimSymmetric)
 ultimately show ?case by fastforce
 qed
 

  tauLaw3CongSimRight:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"

 assumes "(Ψ, P, Q) ∈ Rel"
 and C1: "∧Ψ P Q R S. [Ψ ⊳ P ∼ Q; (Ψ, Q, R) ∈ Rel; Ψ ⊳ R ∼ S] ==> y'η' \open>F ?'\<> 
 and "∧Ψ. (Ψ, P, τ.(Q)) ∈ Rel"

 shows "Ψ ⊳ α⋅P ↝«Rel¬ α⋅(τ.(Q))"
 (induct rule: weakCongSimI)
 case(cTau Q')
 from ‹Ψ ⊳ α⋅(τ.(Q)) ⟼τ ≺ Q'› D G ?y'' \<penFo
 proof(induct rule: prefixTauCases)
 case cTau
 obtain P' where PTrans: "Ψ ⊳ τ.(P) ⟼τ ≺ P'" and "Ψ ⊳ P ∼ P'" using tauActionI
 by auto
 from PTrans have "Ψ ⊳ τ.(P) ==>_\τ P'" by(rule tauActTauStepChain)
 moreover from ‹Ψ ⊳ P ∼ P'› ‹Ψ ⊳ τ.(Q) ∼ Q'› ‹(Ψ, P, τ.(Q)) ∈ Rel›
 have "(Ψ, P', Q') ∈ Rel" by(metis bisimTransitive bis
 ultimately show ?case by fastforce
 qed
 

 

  tauSum = tau + sum
 

  tauLaw2SimLeft:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"

 assumes Id: "∧Ψ P. (Ψ, P, P) ∈ Rel"
 and C1: "∧Ψ P Q R S. [Ψ ⊳ P ∼ Q; (Ψ, Q, R) ∈ Rel; Ψ ⊳ R ∼ S] ==> (Ψ, P, S) ∈ Rel"

 shows "Ψ ⊳ P ⊕ τ.(P) ↝🚫 τ.(P)"
 (induct rule: weakSimI2)
 case(cAct Ψ' α P')
 thus ?case by(nominal_induct α rule: action.strong_inducts) auto
 
 case(cTau P')
 from ‹Ψ ⊳ τ.(P) ⟼τ ≺ P'› have "Ψ ⊳ P ∼ P'" by(rule tauActionE)
 obtain P'' where PTrans: "Ψ ⊳ τ.(P) ⟼τ ≺ P''" and "Ψ ⊳ P ∼ P''" using tauActionI

 have "guarded(τ.(P))" by(rule guardedTau)
 with PTrans have "Ψ ⊳ P ⊕ τ.(P) ⟼τ ≺ P''" by(rule Sum2)
 hence "Ψ ⊳ P ⊕ τ.(P) ==>^{^}_\τ P''" by(rule tauActTauChain)
 moreover from ‹Ψ ⊳ P ∼ P''› \<      have
 by(metis C1 bisimE)
 ultimately show ?case by blast
 

  tauLaw2CongSimLeft:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"

 assumes Id: "∧Ψ P. (Ψ, P, P) ∈ Rel"
 and C1: "∧Ψ P Q R S. [Ψ ⊳ P ∼ Q; (Ψ, Q, R) ∈ Rel; Ψ ⊳ R ∼ S] ==> (Ψ, P, S) ∈ Rel"

 shows "Ψ ⊳ P ⊕
 (induct rule: weakCongSimI)
 case(cTau P')
 from ‹Ψ ⊳ τ.(P) ⟼ g :: F ?y \ ri>\^>C ?'¬?y) ⋅
 obtain P'' where PTrans: "Ψ ⊳ τ.(P) ⟼τ ≺ P''" and "Ψ ⊳ P ∼ P''" using tauActionI
 by auto
 have "guarded(τ.(P))" by(rule guardedTau)
 with PTrans have "Ψ ⊳ P ⊕ τ.(P) ⟼τ ≺ P''" by(rule Sum2)
 hence "Ψ ⊳ P ⊕ τ.(P) ==>_\τ P''" by(rule tauActTauStepChain)
 moreover from ‹Ψ ⊳ P ∼ P''› ‹(Ψ, P, P) ∈ Rel› ‹Ψ ⊳ P ∼ P'› have "(Ψ, P'', P') ∈ Rel"
 by(metis C1 bisimE)
 ultimately show ?case by blast
 

  tauLaw2SimRight:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"

 assumes C1: "∧Ψ P Q. Ψ ⊳ P ∼ Q ==> (Ψ, P, Q) ∈ Rel"

 shows "Ψ ⊳ τ.(P) ↝🚫
 (induct rule: weakSimI2)
 case(cAct Ψ' α P')
 from ‹o ?y' \cdot>\^>D g')"
 show ?case
 proof(induct rule: sumCases)
 case cSum1
 obtain P'' where PTrans: "Ψ ⊳ τ.(P) ⟼τ ≺ P''" and "Ψ ⊳ P ∼ P''" using tauActionI
 by auto
 from PTrans have "Ψ ⊳ τ.(P) ==>^{^}_\τ P''" by(rule tauActTauChain)
 moreover from ‹guarded P›<ta.
 by(rule insertGuardedAssertion)
 with ‹Ψ ⊳ P ∼ P''› have "insertAssertion (extractFrame P'') Ψ ≃ ave "F g' = y'ηFo ?y'') (η ⋅
 by(metis bisimE FrameStatEqTrans FrameStatEqSym)
 hence "insertAssertion (extractFrame(P ⊕ τ.(P))) Ψ ↪_Fb auto
 by(simp add: FrameStatEq_def)
 moreover from PTrans ‹bn α ♯* (τ.(P))› have "bn α ♯><> cdot>'
 with ‹Ψ ⊳ P ∼ P''› ‹Ψ ⊳ P ⟼α ≺ P'› ‹bn α ♯* Ψ›
 obtain P''' where P''Trans: "Ψ ⊳ P'' ⟼α ≺ P'''" and "Ψ ⊳ P''' ∼ P'"
 by(metis bisimE simE)
 ultimately have "Ψ : (P ⊕ τ.(P)) ⊳ τ.(P) ==>α ≺ P'''"
 by(rule_tac weakTransitionI)
 moreover have "Ψ ⊗ Ψ' ⊳ P''' ==>^{^}_\τ P'''" by auto
 moreover from ‹Ψ ⊳ P''' ∼ P'› have "Ψ ⊗ Ψ' ⊳ P''' ∼ P'" by(rule bisimE)
 hence "(Ψ ⊗ Ψ', P''', P') ∈ Rel" by(rule C1)
 ultimately show ?case by blast
 next
 case cSum2
 thus ?case using ‹α ≠ τ›
 by(nominal_induct α rule: action.strong_inducts) auto
 qed
 
 case(cTau P')
 from ‹Ψ "F (' <><
 show ?case
 proof(induct rule: sumCases)
 case cSum1
 obtain P'' where PTrans: "Ψ ⊳ τ.(P) ⟼τ ≺ P''" and "Ψ ⊳ P ∼ P''" using tauActionI
 by auto
 moreover from ‹Ψ ⊳ P ∼ P''›
 obtain P''' where P''Trans: "Ψ ⊳ P'' ⟼τ ≺ P'''" and "Ψ ⊳ P''' ∼ P'"
 (drule_tac bisimE(4))
 apply(drule_tac bisimE(2))
 by(drule_tac simE, auto)
 ultimately have "Ψ ⊳ τ.(P) ==>^{^}_\τ P'''" by(auto dest: tauActTauChain rtrancl_into_rtrancl)
 moreover from ‹Ψ ⊳ P''' ∼proof -
 ultimately show ?case by blast
 next
 case cSum2
 from ‹Ψ 3: "«sub>C F g : Fo?y \rightarrow auto
 obtain P'' where PTrans: "Ψ ⊳ τ.(P) ⟼τ ≺ P''" and "Ψ ⊳ P ∼ P''" using tauActionI
 by auto
 hence "Ψ ⊳ τ.(P) ==>^{^}_\τ P''" by(rule_tac tauActTauChain)
 moreover from ‹Ψ ⊳ P ∼ P''› ‹Ψ ⊳ P ∼ P'›η\^>D ' ⋅ g' \<>\e>o ?y"
 by(metis C1 bisimTransitive bisimE)
 ultimately show ?case by blast
 qed
 

  tauLaw2CongSimRight:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"

 assumes C1: "∧Ψ P Q. Ψ ⊳ P ∼ Q ==> (Ψ, P, Q) ∈ Rel"

 shows "Ψ ⊳ τ.(P) ↝«Rel¬ P ⊕ τ.(P)"
 (induct rule: weakCongSimI)
 case(cTau P')
 from ‹Ψ \<rhdusing
 show ?case
 proof(induct rule: sumCases)
 case cSum1
 obtain P'' where PTrans: "Ψ ⊳ τ.(P) ⟼τ ≺ P''" and "Ψ ⊳ P ∼ P''" using tauActionI
 by auto
 moreover from ‹Ψ ⊳ P ∼ P''› ‹Ψ usiusingyη
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null
 apply(drule_tac bisimE(4))
 apply(drule_tac bisimE(2))
 by(drule_tac simE) auto
 ultimately have "Ψ ⊳ τ.(P) ==>_\τ P'''" by(auto dest: tauActTauStepChain trancl_into_trancl)
 moreover from ‹
 ultimately show ?case by blast
 next
 case cSum2
 from ‹Ψ ⊳ τ.(P) ⟼τ ≺
 obtain P'' where PTrans: "Ψ ⊳ τ.(P) ⟼τ F_si:
 by auto
java.lang.NullPointerException
 moreover from ‹Ψ sshows "F g = initial_arrow_to_functorthe_ext C D G (Fo (D(.dom g)) (\<etao))
 by(metis C1 bisimTransitive bisimE)
 ultimately show ?case by blast
 qed
 

  tauLaw4SimLeft:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"
 and M :: 'a
 and N :: 'a

 assumes "∧ (\<>,
 and C1: "∧Ψ P Q. Ψ ⊳ P ∼ Q ==> (Ψ, P, Q) ∈ Rel"

 shows "Ψ ⊳ α⋅P ⊕ α⋅(τ.(P) ⊕ Q) ↝🚫 α⋅(τ.(P) ⊕ Q)"
 (induct rule: weakSimI2)
 case(cAct Ψ' β PQ)
 from ‹Ψ ⊳ α⋅(τinterpre: composite_functor DD F G ..
 show ?case
 proof(induct rule: prefixCases)
 case(cInput M xvec N K Tvec)
 have "Ψ ⊳
 moreover have "insertAssertion (extractFrame(α⋅(τ.(P) ⊕
 using insertTauAssertion Identity
 by(nominal_induct α rule: prefix.strong_inducts, auto)
 (rule FrameStatImpTrans[where G="⟨ε, Ψ⟩"], auto simp add: FrameStatEq_def AssertionStatEq_def)
 moreover from ‹
 have "Ψ ⊳ M(λ*xvec N) fix y:: 'd
 by(rule Input)
 hence "Ψ ⊳ (M(λ*xvec N).P) ⊕ M(λ*xvec N).(τ.(P) ⊕ Q) ⟼K((N[xvec::=Tvec])) ≺ (τ.(P) ⊕ Q)[xvec::=Tvec]"
 by(rule_tac Sum2) auto
 ultimately have "Ψ : (M(λ*xvec N).(τ.(P) ⊕ Q)) ⊳ (M( assume y: "D.id y"
 by(rule_tac weakTransitionI) auto
 moreover have "Ψ ⊗ Ψ' ⊳ (τ.(P) ⊕ Q)[xvec::=Tvec] ==>^{^}_\>η\<rightarrowmap
 ultimately show ?case using ‹(Ψ ⊗ Ψ', (τ.(P) ⊕ Q)[xvec::=Tvec], (τ.(P) ⊕ Q)[xvec::=Tvec]) ∈ Rel›
 
 case(cOutput M N K)
 have "Ψ ⊳ α⋅ using y Fo_\\etao_initialex_initialarrow s
 moreover have "insertAssertion (extractFrame(α⋅(τ.(P) ⊕ Q))) Ψ ↪_F insertAssertion (extractFrame(α⋅P ⊕ αby auto
 using insertTauAssertion Identity
 by(nominal_induct α rule: prefix.strong_inducts, auto)
 (rule FrameStatImpTrans[where G="⟨ε, Ψ⟩"], auto simp add: FrameStatEq_def AssertionStatEq_def)

 moreover from ‹
 by(rule Output)
 hence "Ψ ⊳ M⟨N⟩.P ⊕ M⟨N⟩.(τ.(P) ⊕ Q) ⟼K⟨N⟩ ≺ (τ.(P) ⊕ Q)" by(rule_tac Sum2) auto
 ultimately have "Ψ : (M⟨N⟩.(τ.(P) ⊕ Q)) ⊳ M⟨N⟩.P ⊕ M⟨ "\etaDcod cdot^su> g= g ⋅
 by(rule_tac weakTransitionI) auto
 moreover have "Ψ ⊗ Ψ' ⊳ τ.(P) ⊕ Q ==>^{^}_\τ τ.(P) ⊕ Q" by auto
 ultimately show ?case using ‹(Ψ ⊗ Ψ', τ.(P) ⊕ proof -
 next
 case cTau
 from ‹τ ≠"D.do g"
 by simp
 qed
 
 case(cTau Q')
 from ‹
 proof(induct rule: prefixTauCases)
 case cTau
 obtain P' where PTrans: "Ψ ⊳ τ.(τ.(P) ⊕ Q) ⟼τ ≺ P'" and "Ψ ⊳ τ.(P) ⊕ Q ∼ yηi D G openFo ?>\<tao
 by auto
 from PTrans have "Ψ ⊳ (τ.(P)) ⊕ τ.(τ.(P) ⊕ Q) ⟼τ ≺ P'" by(rule_t
 hence "Ψ ⊳ (τ.(P)) ⊕ τ y'\'η<>Fo
 moreover from ‹Ψ ⊳ τ.(P) ⊕ Q ∼ P'› ‹Ψ ⊳ (τ.(P)) ⊕ Q ∼ Q'› have "Ψ ⊳ P' ∼ Q'" by(metis bisimSymmetric bisimTransitive)
 hence "(Ψ, P', Q') ∈ Rel" by(rule C1)
  ?cas by fastforce
 qed
 

  tauLaw4CongSimLeft:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"
 and M :: 'a
 and N :: 'a

 assumes "∧Ψ P. (Ψ, P, P) ∈ Rel"
 and C1: "∧Ψ P Q. Ψ ⊳ P ∼ Q ==> (Ψ, P, Q) ∈ Rel"

 shows "Ψ ⊳ α⋅P ⊕ α⋅(τ.(P) ⊕ Q) ↝ auto
 (induct rule: weakCongSimI)
 case(cTau Q')
 from ‹Ψ ⊳ α⋅(τ.(P)) ⊕_\⊤ Q ⟼ ha"F g = y\eta.the_ext(Fo ?) (\etao y \<dot\
 proof(induct rule: prefixTauCases)
 case cTau
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null
 by auto
 from PTrans have "Ψ ⊳ (τ.(P)) ⊕ τ.(\<         
 hence "Ψ ⊳ (τ.(P)) ⊕ τ.(τ.(P) ⊕ Q) ==>_\τ P'" by(rule tauActTauStepChain) ?thes
 moreover from ‹Ψ ⊳is_extdef by simp
 hence "(Ψ, P', Q') ∈ Rel" by(rule C1)
 ultimately show ?case by fastforce
 qed
 

  tauLaw4SimRight:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"
 and α :: "'a prefix"

 assumes C1: "∧Ψ P Q. Ψ ⊳ P ∼ Q ==> (Ψ, P, Q) ∈ Rel"
 and "∧Ψ P. (Ψ, P, P) ∈ Rel"

 shows "Ψ ⊳ α⋅(τ.(P) ⊕ Q) ↝🚫 α⋅P ⊕ α⋅(τ.(P) ⊕ Q)"
 (induct rule: weakSimI2)
 case(cAct Ψ' β PQ)
 from ‹
 proof(induct rule: sumCases)
 case cSum1
 from ‹Ψ ⊳y →
 proof(induct rule: prefixCases)
 case(cInput M xvec N K Tvec)
 have "Ψ ⊳ M(λ*xvec N).(τ.(P) ⊕ Q) ==>^{^}_\τ M(λ*xvec N).(τ.(P) ⊕ Q)" by auto
 moreover have "insertAssertion (extractFrame((M(λ*xvec N).P
 by auto
 moreover from ‹Ψ ⊨ M ↔ K› ‹distinct xvec› ‹set xvec ⊆phi>def using assms 🚫
 have "Ψ ⊳ M(λ*xvec N).(τ.(P) ⊕ Q) ⟼
 ultimately have "Ψ : ((M(λ*xvec N)lemma φ
 by(rule_tac weakTransitionI) auto
 with ‹length xvec = length Tvec› ‹assumes f: "«righ>_<>\^sub>D y<guillemotright"<><
 have "Ψ : ((M(λ*xvec N).P) ⊕ M(λ*xvec N).(τ.(P) ⊕ Q)) ⊳ M(λ*xvec N).(τ.(P) ⊕ Q) ==>K((N[xvec::=Tvec])) ≺ (τ.(P[xvec::=Tvec]) ⊕ Q[xvec::=Tvec])"
 by auto
 moreover obtain P' where PTrans: "Ψ ⊗ Ψ' ⊳ τ.(P[xvec::=Tvec]) ⟼τ ≺ P'" and "Ψ ⊗ Ψ' ⊳ P[xvec::=Tvec] ∼ P'" using tauActionI
 by auto
 have "guarded(τ.(P[xvec::=Tvec]))" by(rule guardedTau)
 with PTrans have "Ψ ⊗ Ψ' ⊳ (τ.(P[xvec::=Tvec])) ⊕ (Q[xvec::=Tvec]) ⟼τ ≺ P'" by(rule Sum1)
 hence "Ψ ⊗ Ψ' ⊳ (τ.(P[xvec::=Tvec])) ⊕ (Q[xvec::=Tvec]) ==>^{^}_\τ P'" by(rule tauActTauChain)
 moreover from ‹'›otimes> Ψ, P', P[xvec::=Tvec]) ∈C1)
 ultimately show ?case by fastforce
 next
 case(cOutput M N K)
 have "Ψ ⊳ M⟨N⟩.(τ.(P) ⊕ Q) ==>^{^}_\τ M⟨N⟩.(τ.(P) ⊕ Q)" by auto
 moreover have "insertAssertion (extractFrame(M⟨N⟩.P ⊕ M⟨N⟩.(τ.(P) ⊕ Q))) Ψ ↪_F insertAssertion (extractFrame(M⟨N⟩.(τ.(P) ⊕ Q))) Ψ"
 by auto
 moreover from ‹Ψ ⊨ M ↔ K› have "Ψ ⊳ M⟨N⟩.(τ.(P) ⊕ Q) ⟼K⟨N⟩ ≺ (τ.(P) ⊕ Q)" by(rule Output)
 ultimately have "Ψ : (M⟨N⟩.P ⊕ M⟨N⟩.(τ.(P) ⊕ Q)) ⊳ M⟨N⟩.(τ.(P) ⊕ Q) ==>K⟨N⟩ ≺ (τ.(P) ⊕ Q)"
 by(rule_tac weakTransitionI) auto
 moreover obtain P' where PTrans: "Ψ ⊗ Ψ' ⊳ τ.(P) ⟼τ ≺ P'" and "Ψ ⊗ Ψ' ⊳ P ∼ P'" using tauActionI
 by auto
 have "guarded(τ.(P))" by(rule guardedTau)
 with PTrans have "Ψ ⊗ Ψ' ⊳ (τ.(P)) ⊕ Q ⟼τ ≺ P'" by(rule Sum1)
 hence "Ψ ⊗ Ψ' ⊳ (τ.(P)) ⊕ Q ==>^{^}_\τ P'" by(rule tauActTauChain)
 moreover from ‹Ψ ⊗ Ψ' ⊳ P ∼ P'› have "(Ψ ⊗ Ψ', P', P) ∈ Rel" by(metis bisimE C1)
 ultimately show ?case by fastforce
 next
 case cTau
 from ‹τ ≠ τ› show ?case by simp
 qed
 next
 case cSum2
 from ‹Ψ ⊳ α⋅(τ.(P) ⊕ Q) ⟼β ≺ PQ› ‹β ≠ τ› show ?case
 proof(induct rule: prefixCases)
 case(cInput M xvec N K Tvec)
java.lang.NullPointerException
 moreover have "insertAssertion (extractFrame((M(λ*xvec N).P) ⊕ M(λ*xvec N).(τ.(P) ⊕ Q))) Ψ ↪G f \cdot_<sub>D \eta>.map y ⋅
 by auto
 moreover from ‹Ψ ⊨ M ↔ K› ‹distinct xvec› ‹set xvec ⊆ supp N› ‹length xvec = length Tvec›
 have "Ψ ⊳ M(λusing D.comp_assoc by f
 by(rule Input)
 with ‹length xvec = length Tvec› ‹distinct xvec›
 have "Ψ ⊳ M(λ*xvec N).(τ.(P) ⊕ Q) ⟼K((N[xvec::=Tvec])) ≺ (τ.(P[xvec::=Tvec]) ⊕ Q[xvec::=Tvec])"
 by simp
 ultimately have "Ψ : ((M(λ*xvec N).P) ⊕ M(λ*xvec N).(τ.(P) ⊕ Q)) ⊳ M(λ*xvec N).(τ.(P) ⊕ Q) ==>K((N[xvec::=Tvec])) ≺ (τ.(P[xvec::=Tvec]) ⊕ Q[xvec::=Tvec])"
 by(rule_tac weakTransitionI) auto
 moreover have "Ψ ⊗ Ψ' ⊳ τusing f g h \ et>.naturality by fastforce
 ultimately show ?case using ‹(Ψ ⊗ Ψ', τ.(P[xvec::=Tvec]) ⊕ (Q[xvec::=Tvec]), τ.(P[xvec::=Tvec]) ⊕ (Q[xvec::=Tvec])) ∈G (f \<cdot\DG (F g)) \\⋅et>.ma y'"
 by fastforce
 next
 case(cOutput M N K)
 have "Ψ ⊳ M⟨N⟩.(τ.(P) ⊕ Q) ==>^{^}_\τ M⟨N⟩.(τ.(P) ⊕ Q)" by auto
 moreover have "insertAssertion (extractFrame(M⟨N⟩.P ⊕ M⟨N⟩.(τ.(P) ⊕ Q))) Ψ ↪_F insertAssertion (extractFrame(M⟨N⟩.(τ.(P) ⊕ Q))) Ψ"
 by auto
 moreover from ‹Ψ D.comp_assoc by fastforce
 by(rule Output)
 ultimately have "Ψ : (M⟨N⟩.P ⊕ M⟨N⟩.(τ.(P) ⊕ Q)) ⊳ M⟨N⟩.(τ.(P) ⊕ Q) ==>K⟨N⟩ ≺ (τ.(P) ⊕ Q)"
 by(rule_tac weakTransitionI) auto
 moreover have "Ψ ⊗ Ψ' ⊳ τ.(P) ⊕ Q ==>^{^}_\τ τ.(P) ⊕ Q" by auto
 ultimately show ?case using ‹(Ψ ⊗ Ψ', τ.(P) ⊕ Q, τ.(P) ⊕ Q) ∈ Rel› by fastforce
 next
 cTau
java.lang.NullPointerException
 qed
 qed
 
 case(cTau PQ)
 from ‹Ψ ⊳ α⋅P ⊕_by auto
 proof(induct rule: sumCases)
 case cSum1
 from ‹Ψ ⊳ α ?thesis by auto
 proof(induct rule: prefixTauCases)
 case cTau
 obtain P' where PTrans: "Ψ ⊳ τ.((τ.(P)) ⊕
 by auto
 obtain P'' where P'Trans: "Ψ ⊳ τ.(P) ⟼τ
 by aut
 from P'Trans have "Ψ ⊳ τ.(P) ⊕ Q⟼τ ≺ P''" by(rule_tac Sum1) (auto intro: guardedTau)
 with ‹) ⊕ P''' where P''Trans: "🚫
 apply(drule_tac bisimE(4))
 apply(drule_tac bisimE(2))
 apply(drule_tac simE)
 by(auto dest: bisimE)
 from PTrans P''Trans have "Ψ ⊳ τ.((τ.(P)) ⊕ Q) ==>^{^}_\τ P'''" by(fastforce dest: tauActTauChain)
 moreover from ‹Ψ ⊳ P ∼ PQ› ‹Ψ ⊳ P'' ∼ P'''› ‹Ψ ⊳ P ∼ P''› have "Ψ ⊳ P''' ∼ PQ"
 by(metis bisimSymmetric bisimTransitive)
 hence "(Ψ, P''', PQ) ∈ Rel" by(rule C1)
 ultimately show ?case by fastforce
 qed
 next
 case cSum2
 from ‹Ψ ⊳ α⋅((τ.(P)) ⊕ Q) ⟼τ ≺ PQ› show ?case
 proof(induct rule: prefixTauCases)
 case cTau
 obtain P' where PTrans: "Ψ ⊳ τ.((τ.(P)) ⊕ Q) ⟼τ ≺ P'" and "Ψ ⊳ (τ.(P)) ⊕ Q ∼ P'" using tauActionI
 by auto
 from PTrans have "Ψ ⊳ τ.((τ.(P)) ⊕ Q) ==>^{^}_\τ P'" by(rule tauActTauChain)
 moreover from ‹Ψ ⊳ (τ.(P)) ⊕ Q ∼ P'› ‹Ψ ⊳ τ.(P) ⊕ Q ∼ PQ› have "Ψ ⊳ P' ∼ PQ"
 by(metis bisimSymmetric bisimTransitive)
 hence "(Ψ, P', PQ) ∈ Rel" by(rule C1)
 ultimately show ?case by fastforce
 qed
 qed
 

  tauLaw4CongSimRight:
 fixes Ψ :: 'b
 and P :: "('a, 'b, 'c) psi"
 and Q :: "('a, 'b, 'c) psi"
 and α :: "'a prefix"

 assumes C1: "∧Ψ P Q. Ψ ⊳ P ∼ Q ==> (Ψ, P, Q) ∈ Rel"

 shows "Ψ ⊳ α⋅(τ.(P) ⊕ Q) ↝«Rel¬ α⋅proof -
 (induct rule: weakCongSimI)
 case(cTau PQ)
 from ‹eta> arroCD G y \<>F
 proof(induct rule: sumCases)
 case cSum1
 from ‹Ψ ⊳ α⋅P ⟼ τ ≺ PQ› show ?case
 proof(induct rule: prefixTauCases)
 case cTau
 obtain P' where PTrans: "Ψ ⊳ τ.((τ.(P)) ⊕ Q) ⟼τ ≺ P'" and "Ψshow "y
 by auto
 obtain P'' where P'Trans: "Ψ ⊳ τ.(P) ⟼τ ≺>.is_et_def Fid by b
 by auto
 from P'Trans have "Ψ ⊳ τ.(P) ⊕ Q⟼τ ≺ P''" by(rule_tac Sum1) (autqed
 with ‹
 apply(drule_tac bisimE(4))
 apply(drule_tac bisimE(2))
 apply(drule_tac simE)
 by\\φ
 from PTrans P''Trans have "Ψ ⊳ τ.((τ.(P)) ⊕ Q) ==>_\τ P'''" by(fastforce dest: tauActTauStepChain)
 moreover from ‹Ψ ⊳ P ∼ PQ› ‹Ψ ⊳ P'' ∼ P'''› ‹Ψ ⊳ P ∼ P''› have "Ψ ⊳ P''' ∼ PQ"
 by(metis bisimSymmetric bisimTransitive)
 hence "(Ψ, P''', PQ) ∈ Rel" by(rule C1)
 ultimately show ?case by fastforce
 qed
 next
 case cSum2
 from ‹Ψ ⊳ α⋅((τ.(P)) ⊕ Q) ⟼τ ≺ PQ› show ?case
 proof(induct rule: prefixTauCases)
 case cTau
 obtain P' where PTrans: "Ψ ⊳ τ.((τ.(P)) ⊕ Q) ⟼τ ≺ P'" and "Ψ ⊳ (τ.(P)) ⊕ Q ∼ P'" using tauActionI
 by auto
 from PTrans have "Ψ ⊳ τ.((τ.(P)) ⊕ Q) ==>_\<      have
 moreover from ‹Ψ ⊳ (τ.(P)) ⊕ Q ∼ P'› ‹Ψ ⊳ τ.(P) ⊕ Q ∼ PQ› have "Ψ ⊳ P' ∼ PQ"
 by(metis bisimSymmetric bisimTransitive)
 hence "(Ψ, P', PQ) ∈ Rel" by(rule C1)
 ultimately show ?case by fastforce
 qed using y ex_intial_a Fo_η
 qed