:: MODELC_2 semantic presentation begin definition let x be set ; func CastNat x -> Nat equals :Def1: :: MODELC_2:def 1 x if x is Nat otherwise 0 ; correctness coherence ( ( x is Nat implies x is Nat ) & ( x is not Nat implies 0 is Nat ) ); consistency for b1 being Nat holds verum; ; end; :: deftheorem Def1 defines CastNat MODELC_2:def_1_:_ for x being set holds ( ( x is Nat implies CastNat x = x ) & ( x is not Nat implies CastNat x = 0 ) ); Lm1: for m, n, k being Nat st m < n & n <= k + 1 holds m <= k proof let m, n, k be Nat; ::_thesis: ( m < n & n <= k + 1 implies m <= k ) assume that A1: m < n and A2: n <= k + 1 ; ::_thesis: m <= k m + 1 <= n by A1, NAT_1:13; then m + 1 <= k + 1 by A2, XXREAL_0:2; hence m <= k by XREAL_1:6; ::_thesis: verum end; definition let n be Nat; func atom. n -> FinSequence of NAT equals :: MODELC_2:def 2 <*(6 + n)*>; coherence <*(6 + n)*> is FinSequence of NAT ; end; :: deftheorem defines atom. MODELC_2:def_2_:_ for n being Nat holds atom. n = <*(6 + n)*>; definition let p be FinSequence of NAT ; func 'not' p -> FinSequence of NAT equals :: MODELC_2:def 3 <*0*> ^ p; coherence <*0*> ^ p is FinSequence of NAT ; let q be FinSequence of NAT ; funcp '&' q -> FinSequence of NAT equals :: MODELC_2:def 4 (<*1*> ^ p) ^ q; coherence (<*1*> ^ p) ^ q is FinSequence of NAT ; funcp 'or' q -> FinSequence of NAT equals :: MODELC_2:def 5 (<*2*> ^ p) ^ q; coherence (<*2*> ^ p) ^ q is FinSequence of NAT ; end; :: deftheorem defines 'not' MODELC_2:def_3_:_ for p being FinSequence of NAT holds 'not' p = <*0*> ^ p; :: deftheorem defines '&' MODELC_2:def_4_:_ for p, q being FinSequence of NAT holds p '&' q = (<*1*> ^ p) ^ q; :: deftheorem defines 'or' MODELC_2:def_5_:_ for p, q being FinSequence of NAT holds p 'or' q = (<*2*> ^ p) ^ q; definition let p be FinSequence of NAT ; func 'X' p -> FinSequence of NAT equals :: MODELC_2:def 6 <*3*> ^ p; coherence <*3*> ^ p is FinSequence of NAT ; let q be FinSequence of NAT ; funcp 'U' q -> FinSequence of NAT equals :: MODELC_2:def 7 (<*4*> ^ p) ^ q; coherence (<*4*> ^ p) ^ q is FinSequence of NAT ; funcp 'R' q -> FinSequence of NAT equals :: MODELC_2:def 8 (<*5*> ^ p) ^ q; coherence (<*5*> ^ p) ^ q is FinSequence of NAT ; end; :: deftheorem defines 'X' MODELC_2:def_6_:_ for p being FinSequence of NAT holds 'X' p = <*3*> ^ p; :: deftheorem defines 'U' MODELC_2:def_7_:_ for p, q being FinSequence of NAT holds p 'U' q = (<*4*> ^ p) ^ q; :: deftheorem defines 'R' MODELC_2:def_8_:_ for p, q being FinSequence of NAT holds p 'R' q = (<*5*> ^ p) ^ q; Lm2: for n being Nat for p, q being FinSequence of NAT holds len ((<*n*> ^ p) ^ q) = (1 + (len p)) + (len q) proof let n be Nat; ::_thesis: for p, q being FinSequence of NAT holds len ((<*n*> ^ p) ^ q) = (1 + (len p)) + (len q) let p, q be FinSequence of NAT ; ::_thesis: len ((<*n*> ^ p) ^ q) = (1 + (len p)) + (len q) len (p ^ q) = (len p) + (len q) by FINSEQ_1:22; then A1: (len <*n*>) + (len (p ^ q)) = ((len <*n*>) + (len p)) + (len q) ; len ((<*n*> ^ p) ^ q) = len (<*n*> ^ (p ^ q)) by FINSEQ_1:32 .= (len <*n*>) + (len (p ^ q)) by FINSEQ_1:22 ; hence len ((<*n*> ^ p) ^ q) = (1 + (len p)) + (len q) by A1, FINSEQ_1:40; ::_thesis: verum end; definition func LTL_WFF -> non empty set means :Def9: :: MODELC_2:def 9 ( ( for a being set st a in it holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in it ) & ( for p being FinSequence of NAT st p in it holds 'not' p in it ) & ( for p, q being FinSequence of NAT st p in it & q in it holds p '&' q in it ) & ( for p, q being FinSequence of NAT st p in it & q in it holds p 'or' q in it ) & ( for p being FinSequence of NAT st p in it holds 'X' p in it ) & ( for p, q being FinSequence of NAT st p in it & q in it holds p 'U' q in it ) & ( for p, q being FinSequence of NAT st p in it & q in it holds p 'R' q in it ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds it c= D ) ); existence ex b1 being non empty set st ( ( for a being set st a in b1 holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in b1 ) & ( for p being FinSequence of NAT st p in b1 holds 'not' p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p '&' q in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p 'or' q in b1 ) & ( for p being FinSequence of NAT st p in b1 holds 'X' p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p 'U' q in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p 'R' q in b1 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds b1 c= D ) ) proof defpred S1[ set ] means ( ( for a being set st a in $1 holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in $1 ) & ( for p being FinSequence of NAT st p in $1 holds 'not' p in $1 ) & ( for p, q being FinSequence of NAT st p in $1 & q in $1 holds p '&' q in $1 ) & ( for p, q being FinSequence of NAT st p in $1 & q in $1 holds p 'or' q in $1 ) & ( for p being FinSequence of NAT st p in $1 holds 'X' p in $1 ) & ( for p, q being FinSequence of NAT st p in $1 & q in $1 holds p 'U' q in $1 ) & ( for p, q being FinSequence of NAT st p in $1 & q in $1 holds p 'R' q in $1 ) ); defpred S2[ set ] means for D being non empty set st S1[D] holds $1 in D; consider Y being set such that A1: for a being set holds ( a in Y iff ( a in NAT * & S2[a] ) ) from XBOOLE_0:sch_1(); now__::_thesis:_ex_b_being_FinSequence_of_NAT_st_b_in_Y set a = atom. 0; take b = atom. 0; ::_thesis: b in Y ( atom. 0 in NAT * & ( for D being non empty set st S1[D] holds atom. 0 in D ) ) by FINSEQ_1:def_11; hence b in Y by A1; ::_thesis: verum end; then reconsider Y = Y as non empty set ; take Y ; ::_thesis: ( ( for a being set st a in Y holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in Y ) & ( for p being FinSequence of NAT st p in Y holds 'not' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p '&' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'or' q in Y ) & ( for p being FinSequence of NAT st p in Y holds 'X' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'U' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'R' q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds Y c= D ) ) thus for a being set st a in Y holds a is FinSequence of NAT ::_thesis: ( ( for n being Nat holds atom. n in Y ) & ( for p being FinSequence of NAT st p in Y holds 'not' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p '&' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'or' q in Y ) & ( for p being FinSequence of NAT st p in Y holds 'X' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'U' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'R' q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds Y c= D ) ) proof let a be set ; ::_thesis: ( a in Y implies a is FinSequence of NAT ) assume a in Y ; ::_thesis: a is FinSequence of NAT then a in NAT * by A1; hence a is FinSequence of NAT by FINSEQ_1:def_11; ::_thesis: verum end; thus for n being Nat holds atom. n in Y ::_thesis: ( ( for p being FinSequence of NAT st p in Y holds 'not' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p '&' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'or' q in Y ) & ( for p being FinSequence of NAT st p in Y holds 'X' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'U' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'R' q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds Y c= D ) ) proof let n be Nat; ::_thesis: atom. n in Y ( atom. n in NAT * & ( for D being non empty set st S1[D] holds atom. n in D ) ) by FINSEQ_1:def_11; hence atom. n in Y by A1; ::_thesis: verum end; thus for p being FinSequence of NAT st p in Y holds 'not' p in Y ::_thesis: ( ( for p, q being FinSequence of NAT st p in Y & q in Y holds p '&' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'or' q in Y ) & ( for p being FinSequence of NAT st p in Y holds 'X' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'U' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'R' q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds Y c= D ) ) proof let p be FinSequence of NAT ; ::_thesis: ( p in Y implies 'not' p in Y ) assume A2: p in Y ; ::_thesis: 'not' p in Y A3: for D being non empty set st S1[D] holds 'not' p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies 'not' p in D ) assume A4: S1[D] ; ::_thesis: 'not' p in D then p in D by A1, A2; hence 'not' p in D by A4; ::_thesis: verum end; 'not' p in NAT * by FINSEQ_1:def_11; hence 'not' p in Y by A1, A3; ::_thesis: verum end; thus for q, p being FinSequence of NAT st q in Y & p in Y holds q '&' p in Y ::_thesis: ( ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'or' q in Y ) & ( for p being FinSequence of NAT st p in Y holds 'X' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'U' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'R' q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds Y c= D ) ) proof let q, p be FinSequence of NAT ; ::_thesis: ( q in Y & p in Y implies q '&' p in Y ) assume A5: ( q in Y & p in Y ) ; ::_thesis: q '&' p in Y A6: for D being non empty set st S1[D] holds q '&' p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies q '&' p in D ) assume A7: S1[D] ; ::_thesis: q '&' p in D then ( p in D & q in D ) by A1, A5; hence q '&' p in D by A7; ::_thesis: verum end; q '&' p in NAT * by FINSEQ_1:def_11; hence q '&' p in Y by A1, A6; ::_thesis: verum end; thus for q, p being FinSequence of NAT st q in Y & p in Y holds q 'or' p in Y ::_thesis: ( ( for p being FinSequence of NAT st p in Y holds 'X' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'U' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'R' q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds Y c= D ) ) proof let q, p be FinSequence of NAT ; ::_thesis: ( q in Y & p in Y implies q 'or' p in Y ) assume A8: ( q in Y & p in Y ) ; ::_thesis: q 'or' p in Y A9: for D being non empty set st S1[D] holds q 'or' p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies q 'or' p in D ) assume A10: S1[D] ; ::_thesis: q 'or' p in D then ( p in D & q in D ) by A1, A8; hence q 'or' p in D by A10; ::_thesis: verum end; q 'or' p in NAT * by FINSEQ_1:def_11; hence q 'or' p in Y by A1, A9; ::_thesis: verum end; thus for p being FinSequence of NAT st p in Y holds 'X' p in Y ::_thesis: ( ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'U' q in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'R' q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds Y c= D ) ) proof let p be FinSequence of NAT ; ::_thesis: ( p in Y implies 'X' p in Y ) assume A11: p in Y ; ::_thesis: 'X' p in Y A12: for D being non empty set st S1[D] holds 'X' p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies 'X' p in D ) assume A13: S1[D] ; ::_thesis: 'X' p in D then p in D by A1, A11; hence 'X' p in D by A13; ::_thesis: verum end; 'X' p in NAT * by FINSEQ_1:def_11; hence 'X' p in Y by A1, A12; ::_thesis: verum end; thus for q, p being FinSequence of NAT st q in Y & p in Y holds q 'U' p in Y ::_thesis: ( ( for p, q being FinSequence of NAT st p in Y & q in Y holds p 'R' q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds Y c= D ) ) proof let q, p be FinSequence of NAT ; ::_thesis: ( q in Y & p in Y implies q 'U' p in Y ) assume A14: ( q in Y & p in Y ) ; ::_thesis: q 'U' p in Y A15: for D being non empty set st S1[D] holds q 'U' p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies q 'U' p in D ) assume A16: S1[D] ; ::_thesis: q 'U' p in D then ( p in D & q in D ) by A1, A14; hence q 'U' p in D by A16; ::_thesis: verum end; q 'U' p in NAT * by FINSEQ_1:def_11; hence q 'U' p in Y by A1, A15; ::_thesis: verum end; thus for q, p being FinSequence of NAT st q in Y & p in Y holds q 'R' p in Y ::_thesis: for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds Y c= D proof let q, p be FinSequence of NAT ; ::_thesis: ( q in Y & p in Y implies q 'R' p in Y ) assume A17: ( q in Y & p in Y ) ; ::_thesis: q 'R' p in Y A18: for D being non empty set st S1[D] holds q 'R' p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies q 'R' p in D ) assume A19: S1[D] ; ::_thesis: q 'R' p in D then ( p in D & q in D ) by A1, A17; hence q 'R' p in D by A19; ::_thesis: verum end; q 'R' p in NAT * by FINSEQ_1:def_11; hence q 'R' p in Y by A1, A18; ::_thesis: verum end; let D be non empty set ; ::_thesis: ( ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) implies Y c= D ) assume A20: S1[D] ; ::_thesis: Y c= D let a be set ; :: according to TARSKI:def_3 ::_thesis: ( not a in Y or a in D ) assume a in Y ; ::_thesis: a in D hence a in D by A1, A20; ::_thesis: verum end; uniqueness for b1, b2 being non empty set st ( for a being set st a in b1 holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in b1 ) & ( for p being FinSequence of NAT st p in b1 holds 'not' p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p '&' q in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p 'or' q in b1 ) & ( for p being FinSequence of NAT st p in b1 holds 'X' p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p 'U' q in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p 'R' q in b1 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds b1 c= D ) & ( for a being set st a in b2 holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in b2 ) & ( for p being FinSequence of NAT st p in b2 holds 'not' p in b2 ) & ( for p, q being FinSequence of NAT st p in b2 & q in b2 holds p '&' q in b2 ) & ( for p, q being FinSequence of NAT st p in b2 & q in b2 holds p 'or' q in b2 ) & ( for p being FinSequence of NAT st p in b2 holds 'X' p in b2 ) & ( for p, q being FinSequence of NAT st p in b2 & q in b2 holds p 'U' q in b2 ) & ( for p, q being FinSequence of NAT st p in b2 & q in b2 holds p 'R' q in b2 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds b2 c= D ) holds b1 = b2 proof let D1, D2 be non empty set ; ::_thesis: ( ( for a being set st a in D1 holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D1 ) & ( for p being FinSequence of NAT st p in D1 holds 'not' p in D1 ) & ( for p, q being FinSequence of NAT st p in D1 & q in D1 holds p '&' q in D1 ) & ( for p, q being FinSequence of NAT st p in D1 & q in D1 holds p 'or' q in D1 ) & ( for p being FinSequence of NAT st p in D1 holds 'X' p in D1 ) & ( for p, q being FinSequence of NAT st p in D1 & q in D1 holds p 'U' q in D1 ) & ( for p, q being FinSequence of NAT st p in D1 & q in D1 holds p 'R' q in D1 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds D1 c= D ) & ( for a being set st a in D2 holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D2 ) & ( for p being FinSequence of NAT st p in D2 holds 'not' p in D2 ) & ( for p, q being FinSequence of NAT st p in D2 & q in D2 holds p '&' q in D2 ) & ( for p, q being FinSequence of NAT st p in D2 & q in D2 holds p 'or' q in D2 ) & ( for p being FinSequence of NAT st p in D2 holds 'X' p in D2 ) & ( for p, q being FinSequence of NAT st p in D2 & q in D2 holds p 'U' q in D2 ) & ( for p, q being FinSequence of NAT st p in D2 & q in D2 holds p 'R' q in D2 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds D2 c= D ) implies D1 = D2 ) assume ( ( for a being set st a in D1 holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D1 ) & ( for p being FinSequence of NAT st p in D1 holds 'not' p in D1 ) & ( for p, q being FinSequence of NAT st p in D1 & q in D1 holds p '&' q in D1 ) & ( for p, q being FinSequence of NAT st p in D1 & q in D1 holds p 'or' q in D1 ) & ( for p being FinSequence of NAT st p in D1 holds 'X' p in D1 ) & ( for p, q being FinSequence of NAT st p in D1 & q in D1 holds p 'U' q in D1 ) & ( for p, q being FinSequence of NAT st p in D1 & q in D1 holds p 'R' q in D1 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds D1 c= D ) & ( for a being set st a in D2 holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D2 ) & ( for p being FinSequence of NAT st p in D2 holds 'not' p in D2 ) & ( for p, q being FinSequence of NAT st p in D2 & q in D2 holds p '&' q in D2 ) & ( for p, q being FinSequence of NAT st p in D2 & q in D2 holds p 'or' q in D2 ) & ( for p being FinSequence of NAT st p in D2 holds 'X' p in D2 ) & ( for p, q being FinSequence of NAT st p in D2 & q in D2 holds p 'U' q in D2 ) & ( for p, q being FinSequence of NAT st p in D2 & q in D2 holds p 'R' q in D2 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds D2 c= D ) ) ; ::_thesis: D1 = D2 then ( D1 c= D2 & D2 c= D1 ) ; hence D1 = D2 by XBOOLE_0:def_10; ::_thesis: verum end; end; :: deftheorem Def9 defines LTL_WFF MODELC_2:def_9_:_ for b1 being non empty set holds ( b1 = LTL_WFF iff ( ( for a being set st a in b1 holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in b1 ) & ( for p being FinSequence of NAT st p in b1 holds 'not' p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p '&' q in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p 'or' q in b1 ) & ( for p being FinSequence of NAT st p in b1 holds 'X' p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p 'U' q in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p 'R' q in b1 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Nat holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'or' q in D ) & ( for p being FinSequence of NAT st p in D holds 'X' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'U' q in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p 'R' q in D ) holds b1 c= D ) ) ); definition let IT be FinSequence of NAT ; attrIT is LTL-formula-like means :Def10: :: MODELC_2:def 10 IT is Element of LTL_WFF ; end; :: deftheorem Def10 defines LTL-formula-like MODELC_2:def_10_:_ for IT being FinSequence of NAT holds ( IT is LTL-formula-like iff IT is Element of LTL_WFF ); registration cluster Relation-like NAT -defined NAT -valued Function-like V55() FinSequence-like FinSubsequence-like LTL-formula-like for FinSequence of NAT ; existence ex b1 being FinSequence of NAT st b1 is LTL-formula-like proof set x = the Element of LTL_WFF ; reconsider x = the Element of LTL_WFF as FinSequence of NAT by Def9; take x ; ::_thesis: x is LTL-formula-like thus x is Element of LTL_WFF ; :: according to MODELC_2:def_10 ::_thesis: verum end; end; definition mode LTL-formula is LTL-formula-like FinSequence of NAT ; end; theorem Th1: :: MODELC_2:1 for a being set holds ( a is LTL-formula iff a in LTL_WFF ) proof let a be set ; ::_thesis: ( a is LTL-formula iff a in LTL_WFF ) thus ( a is LTL-formula implies a in LTL_WFF ) ::_thesis: ( a in LTL_WFF implies a is LTL-formula ) proof assume a is LTL-formula ; ::_thesis: a in LTL_WFF then a is Element of LTL_WFF by Def10; hence a in LTL_WFF ; ::_thesis: verum end; assume a in LTL_WFF ; ::_thesis: a is LTL-formula hence a is LTL-formula by Def9, Def10; ::_thesis: verum end; registration let n be Nat; cluster atom. n -> LTL-formula-like ; coherence atom. n is LTL-formula-like proof atom. n is Element of LTL_WFF by Def9; hence atom. n is LTL-formula-like by Def10; ::_thesis: verum end; end; registration let H be LTL-formula; cluster 'not' H -> LTL-formula-like ; coherence 'not' H is LTL-formula-like proof H is Element of LTL_WFF by Def10; then 'not' H is Element of LTL_WFF by Def9; hence 'not' H is LTL-formula-like by Def10; ::_thesis: verum end; cluster 'X' H -> LTL-formula-like ; coherence 'X' H is LTL-formula-like proof H is Element of LTL_WFF by Def10; then 'X' H is Element of LTL_WFF by Def9; hence 'X' H is LTL-formula-like by Def10; ::_thesis: verum end; let G be LTL-formula; clusterH '&' G -> LTL-formula-like ; coherence H '&' G is LTL-formula-like proof ( H is Element of LTL_WFF & G is Element of LTL_WFF ) by Def10; then H '&' G is Element of LTL_WFF by Def9; hence H '&' G is LTL-formula-like by Def10; ::_thesis: verum end; clusterH 'or' G -> LTL-formula-like ; coherence H 'or' G is LTL-formula-like proof ( H is Element of LTL_WFF & G is Element of LTL_WFF ) by Def10; then H 'or' G is Element of LTL_WFF by Def9; hence H 'or' G is LTL-formula-like by Def10; ::_thesis: verum end; clusterH 'U' G -> LTL-formula-like ; coherence H 'U' G is LTL-formula-like proof ( H is Element of LTL_WFF & G is Element of LTL_WFF ) by Def10; then H 'U' G is Element of LTL_WFF by Def9; hence H 'U' G is LTL-formula-like by Def10; ::_thesis: verum end; clusterH 'R' G -> LTL-formula-like ; coherence H 'R' G is LTL-formula-like proof ( H is Element of LTL_WFF & G is Element of LTL_WFF ) by Def10; then H 'R' G is Element of LTL_WFF by Def9; hence H 'R' G is LTL-formula-like by Def10; ::_thesis: verum end; end; definition let H be LTL-formula; attrH is atomic means :Def11: :: MODELC_2:def 11 ex n being Nat st H = atom. n; attrH is negative means :Def12: :: MODELC_2:def 12 ex H1 being LTL-formula st H = 'not' H1; attrH is conjunctive means :Def13: :: MODELC_2:def 13 ex F, G being LTL-formula st H = F '&' G; attrH is disjunctive means :Def14: :: MODELC_2:def 14 ex F, G being LTL-formula st H = F 'or' G; attrH is next means :Def15: :: MODELC_2:def 15 ex H1 being LTL-formula st H = 'X' H1; attrH is Until means :Def16: :: MODELC_2:def 16 ex F, G being LTL-formula st H = F 'U' G; attrH is Release means :Def17: :: MODELC_2:def 17 ex F, G being LTL-formula st H = F 'R' G; end; :: deftheorem Def11 defines atomic MODELC_2:def_11_:_ for H being LTL-formula holds ( H is atomic iff ex n being Nat st H = atom. n ); :: deftheorem Def12 defines negative MODELC_2:def_12_:_ for H being LTL-formula holds ( H is negative iff ex H1 being LTL-formula st H = 'not' H1 ); :: deftheorem Def13 defines conjunctive MODELC_2:def_13_:_ for H being LTL-formula holds ( H is conjunctive iff ex F, G being LTL-formula st H = F '&' G ); :: deftheorem Def14 defines disjunctive MODELC_2:def_14_:_ for H being LTL-formula holds ( H is disjunctive iff ex F, G being LTL-formula st H = F 'or' G ); :: deftheorem Def15 defines next MODELC_2:def_15_:_ for H being LTL-formula holds ( H is next iff ex H1 being LTL-formula st H = 'X' H1 ); :: deftheorem Def16 defines Until MODELC_2:def_16_:_ for H being LTL-formula holds ( H is Until iff ex F, G being LTL-formula st H = F 'U' G ); :: deftheorem Def17 defines Release MODELC_2:def_17_:_ for H being LTL-formula holds ( H is Release iff ex F, G being LTL-formula st H = F 'R' G ); theorem Th2: :: MODELC_2:2 for H being LTL-formula holds ( H is atomic or H is negative or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) proof let H be LTL-formula; ::_thesis: ( H is atomic or H is negative or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) A1: H is Element of LTL_WFF by Def10; assume A2: ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) ; ::_thesis: contradiction then atom. 0 <> H by Def11; then A3: not atom. 0 in {H} by TARSKI:def_1; A4: now__::_thesis:_for_p,_q_being_FinSequence_of_NAT_st_p_in_LTL_WFF_\_{H}_&_q_in_LTL_WFF_\_{H}_holds_ p_'R'_q_in_LTL_WFF_\_{H} let p, q be FinSequence of NAT ; ::_thesis: ( p in LTL_WFF \ {H} & q in LTL_WFF \ {H} implies p 'R' q in LTL_WFF \ {H} ) assume A5: ( p in LTL_WFF \ {H} & q in LTL_WFF \ {H} ) ; ::_thesis: p 'R' q in LTL_WFF \ {H} then reconsider F = p, G = q as LTL-formula by Def10; F 'R' G <> H by A2, Def17; then A6: not p 'R' q in {H} by TARSKI:def_1; p 'R' q in LTL_WFF by A5, Def9; hence p 'R' q in LTL_WFF \ {H} by A6, XBOOLE_0:def_5; ::_thesis: verum end; A7: now__::_thesis:_for_p,_q_being_FinSequence_of_NAT_st_p_in_LTL_WFF_\_{H}_&_q_in_LTL_WFF_\_{H}_holds_ p_'U'_q_in_LTL_WFF_\_{H} let p, q be FinSequence of NAT ; ::_thesis: ( p in LTL_WFF \ {H} & q in LTL_WFF \ {H} implies p 'U' q in LTL_WFF \ {H} ) assume A8: ( p in LTL_WFF \ {H} & q in LTL_WFF \ {H} ) ; ::_thesis: p 'U' q in LTL_WFF \ {H} then reconsider F = p, G = q as LTL-formula by Def10; F 'U' G <> H by A2, Def16; then A9: not p 'U' q in {H} by TARSKI:def_1; p 'U' q in LTL_WFF by A8, Def9; hence p 'U' q in LTL_WFF \ {H} by A9, XBOOLE_0:def_5; ::_thesis: verum end; A10: now__::_thesis:_for_p_being_FinSequence_of_NAT_st_p_in_LTL_WFF_\_{H}_holds_ 'X'_p_in_LTL_WFF_\_{H} let p be FinSequence of NAT ; ::_thesis: ( p in LTL_WFF \ {H} implies 'X' p in LTL_WFF \ {H} ) assume A11: p in LTL_WFF \ {H} ; ::_thesis: 'X' p in LTL_WFF \ {H} then reconsider H1 = p as LTL-formula by Def10; 'X' H1 <> H by A2, Def15; then A12: not 'X' p in {H} by TARSKI:def_1; 'X' p in LTL_WFF by A11, Def9; hence 'X' p in LTL_WFF \ {H} by A12, XBOOLE_0:def_5; ::_thesis: verum end; A13: now__::_thesis:_for_p,_q_being_FinSequence_of_NAT_st_p_in_LTL_WFF_\_{H}_&_q_in_LTL_WFF_\_{H}_holds_ p_'or'_q_in_LTL_WFF_\_{H} let p, q be FinSequence of NAT ; ::_thesis: ( p in LTL_WFF \ {H} & q in LTL_WFF \ {H} implies p 'or' q in LTL_WFF \ {H} ) assume A14: ( p in LTL_WFF \ {H} & q in LTL_WFF \ {H} ) ; ::_thesis: p 'or' q in LTL_WFF \ {H} then reconsider F = p, G = q as LTL-formula by Def10; F 'or' G <> H by A2, Def14; then A15: not p 'or' q in {H} by TARSKI:def_1; p 'or' q in LTL_WFF by A14, Def9; hence p 'or' q in LTL_WFF \ {H} by A15, XBOOLE_0:def_5; ::_thesis: verum end; A16: now__::_thesis:_for_p,_q_being_FinSequence_of_NAT_st_p_in_LTL_WFF_\_{H}_&_q_in_LTL_WFF_\_{H}_holds_ p_'&'_q_in_LTL_WFF_\_{H} let p, q be FinSequence of NAT ; ::_thesis: ( p in LTL_WFF \ {H} & q in LTL_WFF \ {H} implies p '&' q in LTL_WFF \ {H} ) assume A17: ( p in LTL_WFF \ {H} & q in LTL_WFF \ {H} ) ; ::_thesis: p '&' q in LTL_WFF \ {H} then reconsider F = p, G = q as LTL-formula by Def10; F '&' G <> H by A2, Def13; then A18: not p '&' q in {H} by TARSKI:def_1; p '&' q in LTL_WFF by A17, Def9; hence p '&' q in LTL_WFF \ {H} by A18, XBOOLE_0:def_5; ::_thesis: verum end; A19: now__::_thesis:_for_p_being_FinSequence_of_NAT_st_p_in_LTL_WFF_\_{H}_holds_ 'not'_p_in_LTL_WFF_\_{H} let p be FinSequence of NAT ; ::_thesis: ( p in LTL_WFF \ {H} implies 'not' p in LTL_WFF \ {H} ) assume A20: p in LTL_WFF \ {H} ; ::_thesis: 'not' p in LTL_WFF \ {H} then reconsider H1 = p as LTL-formula by Def10; 'not' H1 <> H by A2, Def12; then A21: not 'not' p in {H} by TARSKI:def_1; 'not' p in LTL_WFF by A20, Def9; hence 'not' p in LTL_WFF \ {H} by A21, XBOOLE_0:def_5; ::_thesis: verum end; A22: now__::_thesis:_for_n_being_Nat_holds_atom._n_in_LTL_WFF_\_{H} let n be Nat; ::_thesis: atom. n in LTL_WFF \ {H} atom. n <> H by A2, Def11; then A23: not atom. n in {H} by TARSKI:def_1; atom. n in LTL_WFF by Def9; hence atom. n in LTL_WFF \ {H} by A23, XBOOLE_0:def_5; ::_thesis: verum end; atom. 0 in LTL_WFF by Def9; then A24: not LTL_WFF \ {H} is empty by A3, XBOOLE_0:def_5; for a being set st a in LTL_WFF \ {H} holds a is FinSequence of NAT by Def9; then LTL_WFF c= LTL_WFF \ {H} by A24, A22, A19, A16, A13, A10, A7, A4, Def9; then H in LTL_WFF \ {H} by A1, TARSKI:def_3; then not H in {H} by XBOOLE_0:def_5; hence contradiction by TARSKI:def_1; ::_thesis: verum end; Lm3: for H being LTL-formula st H is negative holds H . 1 = 0 proof let H be LTL-formula; ::_thesis: ( H is negative implies H . 1 = 0 ) assume H is negative ; ::_thesis: H . 1 = 0 then ex H1 being LTL-formula st H = 'not' H1 by Def12; hence H . 1 = 0 by FINSEQ_1:41; ::_thesis: verum end; Lm4: for H being LTL-formula st H is conjunctive holds H . 1 = 1 proof let H be LTL-formula; ::_thesis: ( H is conjunctive implies H . 1 = 1 ) assume H is conjunctive ; ::_thesis: H . 1 = 1 then consider F, G being LTL-formula such that A1: H = F '&' G by Def13; (<*1*> ^ F) ^ G = <*1*> ^ (F ^ G) by FINSEQ_1:32; hence H . 1 = 1 by A1, FINSEQ_1:41; ::_thesis: verum end; Lm5: for H being LTL-formula st H is disjunctive holds H . 1 = 2 proof let H be LTL-formula; ::_thesis: ( H is disjunctive implies H . 1 = 2 ) assume H is disjunctive ; ::_thesis: H . 1 = 2 then consider F, G being LTL-formula such that A1: H = F 'or' G by Def14; (<*2*> ^ F) ^ G = <*2*> ^ (F ^ G) by FINSEQ_1:32; hence H . 1 = 2 by A1, FINSEQ_1:41; ::_thesis: verum end; Lm6: for H being LTL-formula st H is next holds H . 1 = 3 proof let H be LTL-formula; ::_thesis: ( H is next implies H . 1 = 3 ) assume H is next ; ::_thesis: H . 1 = 3 then ex H1 being LTL-formula st H = 'X' H1 by Def15; hence H . 1 = 3 by FINSEQ_1:41; ::_thesis: verum end; Lm7: for H being LTL-formula st H is Until holds H . 1 = 4 proof let H be LTL-formula; ::_thesis: ( H is Until implies H . 1 = 4 ) assume H is Until ; ::_thesis: H . 1 = 4 then consider F, G being LTL-formula such that A1: H = F 'U' G by Def16; (<*4*> ^ F) ^ G = <*4*> ^ (F ^ G) by FINSEQ_1:32; hence H . 1 = 4 by A1, FINSEQ_1:41; ::_thesis: verum end; Lm8: for H being LTL-formula st H is Release holds H . 1 = 5 proof let H be LTL-formula; ::_thesis: ( H is Release implies H . 1 = 5 ) assume H is Release ; ::_thesis: H . 1 = 5 then consider F, G being LTL-formula such that A1: H = F 'R' G by Def17; (<*5*> ^ F) ^ G = <*5*> ^ (F ^ G) by FINSEQ_1:32; hence H . 1 = 5 by A1, FINSEQ_1:41; ::_thesis: verum end; Lm9: for H being LTL-formula st H is atomic holds ( not H . 1 = 0 & not H . 1 = 1 & not H . 1 = 2 & not H . 1 = 3 & not H . 1 = 4 & not H . 1 = 5 ) proof let H be LTL-formula; ::_thesis: ( H is atomic implies ( not H . 1 = 0 & not H . 1 = 1 & not H . 1 = 2 & not H . 1 = 3 & not H . 1 = 4 & not H . 1 = 5 ) ) assume H is atomic ; ::_thesis: ( not H . 1 = 0 & not H . 1 = 1 & not H . 1 = 2 & not H . 1 = 3 & not H . 1 = 4 & not H . 1 = 5 ) then consider n being Nat such that A1: H = atom. n by Def11; A2: ( 3 + 0 < 3 + (3 + n) & 4 + 0 < 4 + (2 + n) ) by XREAL_1:8; A3: 5 + 0 < 5 + (1 + n) by XREAL_1:8; ( 1 + 0 < 1 + (5 + n) & 2 + 0 < 2 + (4 + n) ) by XREAL_1:8; hence ( not H . 1 = 0 & not H . 1 = 1 & not H . 1 = 2 & not H . 1 = 3 & not H . 1 = 4 & not H . 1 = 5 ) by A1, A2, A3, FINSEQ_1:40; ::_thesis: verum end; Lm10: for H being LTL-formula holds ( ( H is atomic & H . 1 <> 0 & H . 1 <> 1 & H . 1 <> 2 & H . 1 <> 3 & H . 1 <> 4 & H . 1 <> 5 ) or ( H is negative & H . 1 = 0 ) or ( H is conjunctive & H . 1 = 1 ) or ( H is disjunctive & H . 1 = 2 ) or ( H is next & H . 1 = 3 ) or ( H is Until & H . 1 = 4 ) or ( H is Release & H . 1 = 5 ) ) proof let H be LTL-formula; ::_thesis: ( ( H is atomic & H . 1 <> 0 & H . 1 <> 1 & H . 1 <> 2 & H . 1 <> 3 & H . 1 <> 4 & H . 1 <> 5 ) or ( H is negative & H . 1 = 0 ) or ( H is conjunctive & H . 1 = 1 ) or ( H is disjunctive & H . 1 = 2 ) or ( H is next & H . 1 = 3 ) or ( H is Until & H . 1 = 4 ) or ( H is Release & H . 1 = 5 ) ) percases ( H is atomic or H is negative or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) by Th2; case H is atomic ; ::_thesis: ( H . 1 <> 0 & H . 1 <> 1 & H . 1 <> 2 & H . 1 <> 3 & H . 1 <> 4 & H . 1 <> 5 ) hence ( H . 1 <> 0 & H . 1 <> 1 & H . 1 <> 2 & H . 1 <> 3 & H . 1 <> 4 & H . 1 <> 5 ) by Lm9; ::_thesis: verum end; case H is negative ; ::_thesis: H . 1 = 0 hence H . 1 = 0 by Lm3; ::_thesis: verum end; case H is conjunctive ; ::_thesis: H . 1 = 1 hence H . 1 = 1 by Lm4; ::_thesis: verum end; case H is disjunctive ; ::_thesis: H . 1 = 2 hence H . 1 = 2 by Lm5; ::_thesis: verum end; case H is next ; ::_thesis: H . 1 = 3 hence H . 1 = 3 by Lm6; ::_thesis: verum end; case H is Until ; ::_thesis: H . 1 = 4 hence H . 1 = 4 by Lm7; ::_thesis: verum end; case H is Release ; ::_thesis: H . 1 = 5 hence H . 1 = 5 by Lm8; ::_thesis: verum end; end; end; theorem Th3: :: MODELC_2:3 for H being LTL-formula holds 1 <= len H proof let H be LTL-formula; ::_thesis: 1 <= len H percases ( H is atomic or H is negative or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) by Th2; suppose H is atomic ; ::_thesis: 1 <= len H then ex n being Nat st H = atom. n by Def11; hence 1 <= len H by FINSEQ_1:40; ::_thesis: verum end; suppose H is negative ; ::_thesis: 1 <= len H then consider H1 being LTL-formula such that A1: H = 'not' H1 by Def12; len H = 1 + (len H1) by A1, FINSEQ_5:8; hence 1 <= len H by NAT_1:11; ::_thesis: verum end; suppose H is conjunctive ; ::_thesis: 1 <= len H then consider F, G being LTL-formula such that A2: H = F '&' G by Def13; A3: ( 1 <= 1 + (len F) & 1 + (len F) <= (1 + (len F)) + (len G) ) by NAT_1:11; len H = (1 + (len F)) + (len G) by A2, Lm2; hence 1 <= len H by A3, XXREAL_0:2; ::_thesis: verum end; suppose H is disjunctive ; ::_thesis: 1 <= len H then consider F, G being LTL-formula such that A4: H = F 'or' G by Def14; A5: ( 1 <= 1 + (len F) & 1 + (len F) <= (1 + (len F)) + (len G) ) by NAT_1:11; len H = (1 + (len F)) + (len G) by A4, Lm2; hence 1 <= len H by A5, XXREAL_0:2; ::_thesis: verum end; suppose H is next ; ::_thesis: 1 <= len H then consider H1 being LTL-formula such that A6: H = 'X' H1 by Def15; len H = 1 + (len H1) by A6, FINSEQ_5:8; hence 1 <= len H by NAT_1:11; ::_thesis: verum end; suppose H is Until ; ::_thesis: 1 <= len H then consider F, G being LTL-formula such that A7: H = F 'U' G by Def16; A8: ( 1 <= 1 + (len F) & 1 + (len F) <= (1 + (len F)) + (len G) ) by NAT_1:11; len H = (1 + (len F)) + (len G) by A7, Lm2; hence 1 <= len H by A8, XXREAL_0:2; ::_thesis: verum end; suppose H is Release ; ::_thesis: 1 <= len H then consider F, G being LTL-formula such that A9: H = F 'R' G by Def17; A10: ( 1 <= 1 + (len F) & 1 + (len F) <= (1 + (len F)) + (len G) ) by NAT_1:11; len H = (1 + (len F)) + (len G) by A9, Lm2; hence 1 <= len H by A10, XXREAL_0:2; ::_thesis: verum end; end; end; Lm11: for H, F being LTL-formula for sq being FinSequence st H = F ^ sq holds H = F proof let H, F be LTL-formula; ::_thesis: for sq being FinSequence st H = F ^ sq holds H = F let sq be FinSequence; ::_thesis: ( H = F ^ sq implies H = F ) defpred S1[ Nat] means for H, F being LTL-formula for sq being FinSequence st len H = $1 & H = F ^ sq holds H = F; for n being Nat st ( for k being Nat st k < n holds for H, F being LTL-formula for sq being FinSequence st len H = k & H = F ^ sq holds H = F ) holds for H, F being LTL-formula for sq being FinSequence st len H = n & H = F ^ sq holds H = F proof let n be Nat; ::_thesis: ( ( for k being Nat st k < n holds for H, F being LTL-formula for sq being FinSequence st len H = k & H = F ^ sq holds H = F ) implies for H, F being LTL-formula for sq being FinSequence st len H = n & H = F ^ sq holds H = F ) assume A1: for k being Nat st k < n holds for H, F being LTL-formula for sq being FinSequence st len H = k & H = F ^ sq holds H = F ; ::_thesis: for H, F being LTL-formula for sq being FinSequence st len H = n & H = F ^ sq holds H = F let H, F be LTL-formula; ::_thesis: for sq being FinSequence st len H = n & H = F ^ sq holds H = F let sq be FinSequence; ::_thesis: ( len H = n & H = F ^ sq implies H = F ) assume that A2: len H = n and A3: H = F ^ sq ; ::_thesis: H = F ( dom F = Seg (len F) & 1 <= len F ) by Th3, FINSEQ_1:def_3; then A4: 1 in dom F by FINSEQ_1:1; A5: now__::_thesis:_(_H_is_negative_implies_H_=_F_) A6: len <*0*> = 1 by FINSEQ_1:40; assume A7: H is negative ; ::_thesis: H = F then consider H1 being LTL-formula such that A8: H = 'not' H1 by Def12; (F ^ sq) . 1 = 0 by A3, A7, Lm3; then F . 1 = 0 by A4, FINSEQ_1:def_7; then F is negative by Lm10; then consider F1 being LTL-formula such that A9: F = 'not' F1 by Def12; (len <*0*>) + (len H1) = len H by A8, FINSEQ_1:22; then A10: len H1 < len H by A6, NAT_1:13; (<*0*> ^ F1) ^ sq = <*0*> ^ (F1 ^ sq) by FINSEQ_1:32; then H1 = F1 ^ sq by A3, A8, A9, FINSEQ_1:33; hence H = F by A1, A2, A8, A9, A10; ::_thesis: verum end; A11: now__::_thesis:_(_H_is_Release_implies_H_=_F_) assume A12: H is Release ; ::_thesis: H = F then consider G1, G being LTL-formula such that A13: H = G1 'R' G by Def17; A14: (len G) + (1 + (len G1)) = ((len G) + 1) + (len G1) ; A15: ( len (<*5*> ^ G1) = (len <*5*>) + (len G1) & len <*5*> = 1 ) by FINSEQ_1:22, FINSEQ_1:40; (len (<*5*> ^ G1)) + (len G) = len H by A13, FINSEQ_1:22; then (len G) + 1 <= len H by A15, A14, NAT_1:11; then A16: len G < len H by NAT_1:13; (F ^ sq) . 1 = 5 by A3, A12, Lm8; then F . 1 = 5 by A4, FINSEQ_1:def_7; then F is Release by Lm10; then consider F1, H1 being LTL-formula such that A17: F = F1 'R' H1 by Def17; A18: now__::_thesis:_(_ex_sq9_being_FinSequence_st_F1_=_G1_^_sq9_implies_F1_=_G1_) A19: (((len F1) + 1) + (len H1)) + (len sq) = ((len F1) + 1) + ((len H1) + (len sq)) ; given sq9 being FinSequence such that A20: F1 = G1 ^ sq9 ; ::_thesis: F1 = G1 A21: ( len (F ^ sq) = (len F) + (len sq) & len <*5*> = 1 ) by FINSEQ_1:22, FINSEQ_1:40; ( len (<*5*> ^ F1) = (len <*5*>) + (len F1) & len F = (len (<*5*> ^ F1)) + (len H1) ) by A17, FINSEQ_1:22; then (len F1) + 1 <= len H by A3, A21, A19, NAT_1:11; then len F1 < len H by NAT_1:13; hence F1 = G1 by A1, A2, A20; ::_thesis: verum end; A22: ( (<*5*> ^ F1) ^ H1 = <*5*> ^ (F1 ^ H1) & (<*5*> ^ (F1 ^ H1)) ^ sq = <*5*> ^ ((F1 ^ H1) ^ sq) ) by FINSEQ_1:32; A23: now__::_thesis:_(_ex_sq9_being_FinSequence_st_G1_=_F1_^_sq9_implies_G1_=_F1_) given sq9 being FinSequence such that A24: G1 = F1 ^ sq9 ; ::_thesis: G1 = F1 A25: len <*5*> = 1 by FINSEQ_1:40; ( (len (<*5*> ^ G1)) + (len G) = len H & len (<*5*> ^ G1) = (len <*5*>) + (len G1) ) by A13, FINSEQ_1:22; then (len G1) + 1 <= len H by A25, NAT_1:11; then len G1 < len H by NAT_1:13; hence G1 = F1 by A1, A2, A24; ::_thesis: verum end; A26: (F1 ^ H1) ^ sq = F1 ^ (H1 ^ sq) by FINSEQ_1:32; (<*5*> ^ G1) ^ G = <*5*> ^ (G1 ^ G) by FINSEQ_1:32; then A27: G1 ^ G = F1 ^ (H1 ^ sq) by A3, A13, A17, A22, A26, FINSEQ_1:33; then ( len F1 <= len G1 implies ex sq9 being FinSequence st G1 = F1 ^ sq9 ) by FINSEQ_1:47; then G = H1 ^ sq by A27, A23, A18, FINSEQ_1:33, FINSEQ_1:47; hence H = F by A1, A2, A3, A17, A22, A26, A16; ::_thesis: verum end; A28: now__::_thesis:_(_H_is_Until_implies_H_=_F_) assume A29: H is Until ; ::_thesis: H = F then consider G1, G being LTL-formula such that A30: H = G1 'U' G by Def16; A31: (len G) + (1 + (len G1)) = ((len G) + 1) + (len G1) ; A32: ( len (<*4*> ^ G1) = (len <*4*>) + (len G1) & len <*4*> = 1 ) by FINSEQ_1:22, FINSEQ_1:40; (len (<*4*> ^ G1)) + (len G) = len H by A30, FINSEQ_1:22; then (len G) + 1 <= len H by A32, A31, NAT_1:11; then A33: len G < len H by NAT_1:13; (F ^ sq) . 1 = 4 by A3, A29, Lm7; then F . 1 = 4 by A4, FINSEQ_1:def_7; then F is Until by Lm10; then consider F1, H1 being LTL-formula such that A34: F = F1 'U' H1 by Def16; A35: now__::_thesis:_(_ex_sq9_being_FinSequence_st_F1_=_G1_^_sq9_implies_F1_=_G1_) A36: (((len F1) + 1) + (len H1)) + (len sq) = ((len F1) + 1) + ((len H1) + (len sq)) ; given sq9 being FinSequence such that A37: F1 = G1 ^ sq9 ; ::_thesis: F1 = G1 A38: ( len (F ^ sq) = (len F) + (len sq) & len <*4*> = 1 ) by FINSEQ_1:22, FINSEQ_1:40; ( len (<*4*> ^ F1) = (len <*4*>) + (len F1) & len F = (len (<*4*> ^ F1)) + (len H1) ) by A34, FINSEQ_1:22; then (len F1) + 1 <= len H by A3, A38, A36, NAT_1:11; then len F1 < len H by NAT_1:13; hence F1 = G1 by A1, A2, A37; ::_thesis: verum end; A39: ( (<*4*> ^ F1) ^ H1 = <*4*> ^ (F1 ^ H1) & (<*4*> ^ (F1 ^ H1)) ^ sq = <*4*> ^ ((F1 ^ H1) ^ sq) ) by FINSEQ_1:32; A40: now__::_thesis:_(_ex_sq9_being_FinSequence_st_G1_=_F1_^_sq9_implies_G1_=_F1_) given sq9 being FinSequence such that A41: G1 = F1 ^ sq9 ; ::_thesis: G1 = F1 A42: len <*4*> = 1 by FINSEQ_1:40; ( (len (<*4*> ^ G1)) + (len G) = len H & len (<*4*> ^ G1) = (len <*4*>) + (len G1) ) by A30, FINSEQ_1:22; then (len G1) + 1 <= len H by A42, NAT_1:11; then len G1 < len H by NAT_1:13; hence G1 = F1 by A1, A2, A41; ::_thesis: verum end; A43: (F1 ^ H1) ^ sq = F1 ^ (H1 ^ sq) by FINSEQ_1:32; (<*4*> ^ G1) ^ G = <*4*> ^ (G1 ^ G) by FINSEQ_1:32; then A44: G1 ^ G = F1 ^ (H1 ^ sq) by A3, A30, A34, A39, A43, FINSEQ_1:33; then ( len F1 <= len G1 implies ex sq9 being FinSequence st G1 = F1 ^ sq9 ) by FINSEQ_1:47; then G = H1 ^ sq by A44, A40, A35, FINSEQ_1:33, FINSEQ_1:47; hence H = F by A1, A2, A3, A34, A39, A43, A33; ::_thesis: verum end; A45: now__::_thesis:_(_H_is_disjunctive_implies_H_=_F_) assume A46: H is disjunctive ; ::_thesis: H = F then consider G1, G being LTL-formula such that A47: H = G1 'or' G by Def14; A48: (len G) + (1 + (len G1)) = ((len G) + 1) + (len G1) ; A49: ( len (<*2*> ^ G1) = (len <*2*>) + (len G1) & len <*2*> = 1 ) by FINSEQ_1:22, FINSEQ_1:40; (len (<*2*> ^ G1)) + (len G) = len H by A47, FINSEQ_1:22; then (len G) + 1 <= len H by A49, A48, NAT_1:11; then A50: len G < len H by NAT_1:13; (F ^ sq) . 1 = 2 by A3, A46, Lm5; then F . 1 = 2 by A4, FINSEQ_1:def_7; then F is disjunctive by Lm10; then consider F1, H1 being LTL-formula such that A51: F = F1 'or' H1 by Def14; A52: now__::_thesis:_(_ex_sq9_being_FinSequence_st_F1_=_G1_^_sq9_implies_F1_=_G1_) A53: (((len F1) + 1) + (len H1)) + (len sq) = ((len F1) + 1) + ((len H1) + (len sq)) ; given sq9 being FinSequence such that A54: F1 = G1 ^ sq9 ; ::_thesis: F1 = G1 A55: ( len (F ^ sq) = (len F) + (len sq) & len <*2*> = 1 ) by FINSEQ_1:22, FINSEQ_1:40; ( len (<*2*> ^ F1) = (len <*2*>) + (len F1) & len F = (len (<*2*> ^ F1)) + (len H1) ) by A51, FINSEQ_1:22; then (len F1) + 1 <= len H by A3, A55, A53, NAT_1:11; then len F1 < len H by NAT_1:13; hence F1 = G1 by A1, A2, A54; ::_thesis: verum end; A56: ( (<*2*> ^ F1) ^ H1 = <*2*> ^ (F1 ^ H1) & (<*2*> ^ (F1 ^ H1)) ^ sq = <*2*> ^ ((F1 ^ H1) ^ sq) ) by FINSEQ_1:32; A57: now__::_thesis:_(_ex_sq9_being_FinSequence_st_G1_=_F1_^_sq9_implies_G1_=_F1_) given sq9 being FinSequence such that A58: G1 = F1 ^ sq9 ; ::_thesis: G1 = F1 A59: len <*2*> = 1 by FINSEQ_1:40; ( (len (<*2*> ^ G1)) + (len G) = len H & len (<*2*> ^ G1) = (len <*2*>) + (len G1) ) by A47, FINSEQ_1:22; then (len G1) + 1 <= len H by A59, NAT_1:11; then len G1 < len H by NAT_1:13; hence G1 = F1 by A1, A2, A58; ::_thesis: verum end; A60: (F1 ^ H1) ^ sq = F1 ^ (H1 ^ sq) by FINSEQ_1:32; (<*2*> ^ G1) ^ G = <*2*> ^ (G1 ^ G) by FINSEQ_1:32; then A61: G1 ^ G = F1 ^ (H1 ^ sq) by A3, A47, A51, A56, A60, FINSEQ_1:33; then ( len F1 <= len G1 implies ex sq9 being FinSequence st G1 = F1 ^ sq9 ) by FINSEQ_1:47; then G = H1 ^ sq by A61, A57, A52, FINSEQ_1:33, FINSEQ_1:47; hence H = F by A1, A2, A3, A51, A56, A60, A50; ::_thesis: verum end; A62: now__::_thesis:_(_H_is_conjunctive_implies_H_=_F_) assume A63: H is conjunctive ; ::_thesis: H = F then consider G1, G being LTL-formula such that A64: H = G1 '&' G by Def13; A65: (len G) + (1 + (len G1)) = ((len G) + 1) + (len G1) ; A66: ( len (<*1*> ^ G1) = (len <*1*>) + (len G1) & len <*1*> = 1 ) by FINSEQ_1:22, FINSEQ_1:40; (len (<*1*> ^ G1)) + (len G) = len H by A64, FINSEQ_1:22; then (len G) + 1 <= len H by A66, A65, NAT_1:11; then A67: len G < len H by NAT_1:13; (F ^ sq) . 1 = 1 by A3, A63, Lm4; then F . 1 = 1 by A4, FINSEQ_1:def_7; then F is conjunctive by Lm10; then consider F1, H1 being LTL-formula such that A68: F = F1 '&' H1 by Def13; A69: now__::_thesis:_(_ex_sq9_being_FinSequence_st_F1_=_G1_^_sq9_implies_F1_=_G1_) A70: (((len F1) + 1) + (len H1)) + (len sq) = ((len F1) + 1) + ((len H1) + (len sq)) ; given sq9 being FinSequence such that A71: F1 = G1 ^ sq9 ; ::_thesis: F1 = G1 A72: ( len (F ^ sq) = (len F) + (len sq) & len <*1*> = 1 ) by FINSEQ_1:22, FINSEQ_1:40; ( len (<*1*> ^ F1) = (len <*1*>) + (len F1) & len F = (len (<*1*> ^ F1)) + (len H1) ) by A68, FINSEQ_1:22; then (len F1) + 1 <= len H by A3, A72, A70, NAT_1:11; then len F1 < len H by NAT_1:13; hence F1 = G1 by A1, A2, A71; ::_thesis: verum end; A73: ( (<*1*> ^ F1) ^ H1 = <*1*> ^ (F1 ^ H1) & (<*1*> ^ (F1 ^ H1)) ^ sq = <*1*> ^ ((F1 ^ H1) ^ sq) ) by FINSEQ_1:32; A74: now__::_thesis:_(_ex_sq9_being_FinSequence_st_G1_=_F1_^_sq9_implies_G1_=_F1_) given sq9 being FinSequence such that A75: G1 = F1 ^ sq9 ; ::_thesis: G1 = F1 A76: len <*1*> = 1 by FINSEQ_1:40; ( (len (<*1*> ^ G1)) + (len G) = len H & len (<*1*> ^ G1) = (len <*1*>) + (len G1) ) by A64, FINSEQ_1:22; then (len G1) + 1 <= len H by A76, NAT_1:11; then len G1 < len H by NAT_1:13; hence G1 = F1 by A1, A2, A75; ::_thesis: verum end; A77: (F1 ^ H1) ^ sq = F1 ^ (H1 ^ sq) by FINSEQ_1:32; (<*1*> ^ G1) ^ G = <*1*> ^ (G1 ^ G) by FINSEQ_1:32; then A78: G1 ^ G = F1 ^ (H1 ^ sq) by A3, A64, A68, A73, A77, FINSEQ_1:33; then ( len F1 <= len G1 implies ex sq9 being FinSequence st G1 = F1 ^ sq9 ) by FINSEQ_1:47; then G = H1 ^ sq by A78, A74, A69, FINSEQ_1:33, FINSEQ_1:47; hence H = F by A1, A2, A3, A68, A73, A77, A67; ::_thesis: verum end; A79: now__::_thesis:_(_H_is_next_implies_H_=_F_) A80: len <*3*> = 1 by FINSEQ_1:40; assume A81: H is next ; ::_thesis: H = F then consider H1 being LTL-formula such that A82: H = 'X' H1 by Def15; (F ^ sq) . 1 = 3 by A3, A81, Lm6; then F . 1 = 3 by A4, FINSEQ_1:def_7; then F is next by Lm10; then consider F1 being LTL-formula such that A83: F = 'X' F1 by Def15; (len <*3*>) + (len H1) = len H by A82, FINSEQ_1:22; then A84: len H1 < len H by A80, NAT_1:13; (<*3*> ^ F1) ^ sq = <*3*> ^ (F1 ^ sq) by FINSEQ_1:32; then H1 = F1 ^ sq by A3, A82, A83, FINSEQ_1:33; hence H = F by A1, A2, A82, A83, A84; ::_thesis: verum end; A85: (len F) + (len sq) = len (F ^ sq) by FINSEQ_1:22; now__::_thesis:_(_H_is_atomic_implies_H_=_F_) A86: 1 <= len F by Th3; assume H is atomic ; ::_thesis: H = F then ex k being Nat st H = atom. k by Def11; then A87: len H = 1 by FINSEQ_1:40; then len F <= 1 by A3, A85, NAT_1:11; then 1 + (len sq) = 1 + 0 by A3, A85, A87, A86, XXREAL_0:1; then sq = {} ; hence H = F by A3, FINSEQ_1:34; ::_thesis: verum end; hence H = F by A5, A62, A45, A79, A28, A11, Th2; ::_thesis: verum end; then A88: for k being Nat st ( for n being Nat st n < k holds S1[n] ) holds S1[k] ; A89: for n being Nat holds S1[n] from NAT_1:sch_4(A88); len H = len H ; hence ( H = F ^ sq implies H = F ) by A89; ::_thesis: verum end; Lm12: for H, G, H1, G1 being LTL-formula st H '&' G = H1 '&' G1 holds ( H = H1 & G = G1 ) proof let H, G, H1, G1 be LTL-formula; ::_thesis: ( H '&' G = H1 '&' G1 implies ( H = H1 & G = G1 ) ) assume A1: H '&' G = H1 '&' G1 ; ::_thesis: ( H = H1 & G = G1 ) ( (<*1*> ^ H) ^ G = <*1*> ^ (H ^ G) & (<*1*> ^ H1) ^ G1 = <*1*> ^ (H1 ^ G1) ) by FINSEQ_1:32; then A2: H ^ G = H1 ^ G1 by A1, FINSEQ_1:33; then A3: ( len H1 <= len H implies ex sq being FinSequence st H = H1 ^ sq ) by FINSEQ_1:47; A4: ( len H <= len H1 implies ex sq being FinSequence st H1 = H ^ sq ) by A2, FINSEQ_1:47; hence H = H1 by A3, Lm11; ::_thesis: G = G1 ( ex sq being FinSequence st H1 = H ^ sq implies H1 = H ) by Lm11; hence G = G1 by A1, A3, A4, Lm11, FINSEQ_1:33; ::_thesis: verum end; Lm13: for H, G, H1, G1 being LTL-formula st H 'or' G = H1 'or' G1 holds ( H = H1 & G = G1 ) proof let H, G, H1, G1 be LTL-formula; ::_thesis: ( H 'or' G = H1 'or' G1 implies ( H = H1 & G = G1 ) ) assume A1: H 'or' G = H1 'or' G1 ; ::_thesis: ( H = H1 & G = G1 ) ( (<*2*> ^ H) ^ G = <*2*> ^ (H ^ G) & (<*2*> ^ H1) ^ G1 = <*2*> ^ (H1 ^ G1) ) by FINSEQ_1:32; then A2: H ^ G = H1 ^ G1 by A1, FINSEQ_1:33; then A3: ( len H1 <= len H implies ex sq being FinSequence st H = H1 ^ sq ) by FINSEQ_1:47; A4: ( len H <= len H1 implies ex sq being FinSequence st H1 = H ^ sq ) by A2, FINSEQ_1:47; hence H = H1 by A3, Lm11; ::_thesis: G = G1 ( ex sq being FinSequence st H1 = H ^ sq implies H1 = H ) by Lm11; hence G = G1 by A1, A3, A4, Lm11, FINSEQ_1:33; ::_thesis: verum end; Lm14: for H, G, H1, G1 being LTL-formula st H 'U' G = H1 'U' G1 holds ( H = H1 & G = G1 ) proof let H, G, H1, G1 be LTL-formula; ::_thesis: ( H 'U' G = H1 'U' G1 implies ( H = H1 & G = G1 ) ) assume A1: H 'U' G = H1 'U' G1 ; ::_thesis: ( H = H1 & G = G1 ) ( (<*4*> ^ H) ^ G = <*4*> ^ (H ^ G) & (<*4*> ^ H1) ^ G1 = <*4*> ^ (H1 ^ G1) ) by FINSEQ_1:32; then A2: H ^ G = H1 ^ G1 by A1, FINSEQ_1:33; then A3: ( len H1 <= len H implies ex sq being FinSequence st H = H1 ^ sq ) by FINSEQ_1:47; A4: ( len H <= len H1 implies ex sq being FinSequence st H1 = H ^ sq ) by A2, FINSEQ_1:47; hence H = H1 by A3, Lm11; ::_thesis: G = G1 ( ex sq being FinSequence st H1 = H ^ sq implies H1 = H ) by Lm11; hence G = G1 by A1, A3, A4, Lm11, FINSEQ_1:33; ::_thesis: verum end; Lm15: for H, G, H1, G1 being LTL-formula st H 'R' G = H1 'R' G1 holds ( H = H1 & G = G1 ) proof let H, G, H1, G1 be LTL-formula; ::_thesis: ( H 'R' G = H1 'R' G1 implies ( H = H1 & G = G1 ) ) assume A1: H 'R' G = H1 'R' G1 ; ::_thesis: ( H = H1 & G = G1 ) ( (<*5*> ^ H) ^ G = <*5*> ^ (H ^ G) & (<*5*> ^ H1) ^ G1 = <*5*> ^ (H1 ^ G1) ) by FINSEQ_1:32; then A2: H ^ G = H1 ^ G1 by A1, FINSEQ_1:33; then A3: ( len H1 <= len H implies ex sq being FinSequence st H = H1 ^ sq ) by FINSEQ_1:47; A4: ( len H <= len H1 implies ex sq being FinSequence st H1 = H ^ sq ) by A2, FINSEQ_1:47; hence H = H1 by A3, Lm11; ::_thesis: G = G1 ( ex sq being FinSequence st H1 = H ^ sq implies H1 = H ) by Lm11; hence G = G1 by A1, A3, A4, Lm11, FINSEQ_1:33; ::_thesis: verum end; Lm16: for H being LTL-formula st H is negative holds ( not H is atomic & not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) proof let H be LTL-formula; ::_thesis: ( H is negative implies ( not H is atomic & not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) ) assume H is negative ; ::_thesis: ( not H is atomic & not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) then H . 1 = 0 by Lm3; hence ( not H is atomic & not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) by Lm4, Lm5, Lm6, Lm7, Lm8, Lm9; ::_thesis: verum end; Lm17: for H being LTL-formula st H is conjunctive holds ( not H is atomic & not H is negative & not H is disjunctive & not H is next & not H is Until & not H is Release ) proof let H be LTL-formula; ::_thesis: ( H is conjunctive implies ( not H is atomic & not H is negative & not H is disjunctive & not H is next & not H is Until & not H is Release ) ) assume H is conjunctive ; ::_thesis: ( not H is atomic & not H is negative & not H is disjunctive & not H is next & not H is Until & not H is Release ) then H . 1 = 1 by Lm4; hence ( not H is atomic & not H is negative & not H is disjunctive & not H is next & not H is Until & not H is Release ) by Lm3, Lm5, Lm6, Lm7, Lm8, Lm9; ::_thesis: verum end; Lm18: for H being LTL-formula st H is disjunctive holds ( not H is atomic & not H is negative & not H is conjunctive & not H is next & not H is Until & not H is Release ) proof let H be LTL-formula; ::_thesis: ( H is disjunctive implies ( not H is atomic & not H is negative & not H is conjunctive & not H is next & not H is Until & not H is Release ) ) assume H is disjunctive ; ::_thesis: ( not H is atomic & not H is negative & not H is conjunctive & not H is next & not H is Until & not H is Release ) then H . 1 = 2 by Lm5; hence ( not H is atomic & not H is negative & not H is conjunctive & not H is next & not H is Until & not H is Release ) by Lm3, Lm4, Lm6, Lm7, Lm8, Lm9; ::_thesis: verum end; Lm19: for H being LTL-formula st H is next holds ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is Until & not H is Release ) proof let H be LTL-formula; ::_thesis: ( H is next implies ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is Until & not H is Release ) ) assume H is next ; ::_thesis: ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is Until & not H is Release ) then H . 1 = 3 by Lm6; hence ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is Until & not H is Release ) by Lm3, Lm4, Lm5, Lm7, Lm8, Lm9; ::_thesis: verum end; Lm20: for H being LTL-formula st H is Until holds ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Release ) proof let H be LTL-formula; ::_thesis: ( H is Until implies ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Release ) ) assume H is Until ; ::_thesis: ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Release ) then H . 1 = 4 by Lm7; hence ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Release ) by Lm3, Lm4, Lm5, Lm6, Lm8, Lm9; ::_thesis: verum end; Lm21: for H being LTL-formula st H is Release holds ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Until ) proof let H be LTL-formula; ::_thesis: ( H is Release implies ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Until ) ) assume H is Release ; ::_thesis: ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Until ) then H . 1 = 5 by Lm8; hence ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Until ) by Lm3, Lm4, Lm5, Lm6, Lm7, Lm9; ::_thesis: verum end; definition let H be LTL-formula; assume A1: ( H is negative or H is next ) ; func the_argument_of H -> LTL-formula means :Def18: :: MODELC_2:def 18 'not' it = H if H is negative otherwise 'X' it = H; existence ( ( H is negative implies ex b1 being LTL-formula st 'not' b1 = H ) & ( not H is negative implies ex b1 being LTL-formula st 'X' b1 = H ) ) by A1, Def12, Def15; uniqueness for b1, b2 being LTL-formula holds ( ( H is negative & 'not' b1 = H & 'not' b2 = H implies b1 = b2 ) & ( not H is negative & 'X' b1 = H & 'X' b2 = H implies b1 = b2 ) ) by FINSEQ_1:33; consistency for b1 being LTL-formula holds verum ; end; :: deftheorem Def18 defines the_argument_of MODELC_2:def_18_:_ for H being LTL-formula st ( H is negative or H is next ) holds for b2 being LTL-formula holds ( ( H is negative implies ( b2 = the_argument_of H iff 'not' b2 = H ) ) & ( not H is negative implies ( b2 = the_argument_of H iff 'X' b2 = H ) ) ); definition let H be LTL-formula; assume A1: ( H is conjunctive or H is disjunctive or H is Until or H is Release ) ; func the_left_argument_of H -> LTL-formula means :Def19: :: MODELC_2:def 19 ex H1 being LTL-formula st it '&' H1 = H if H is conjunctive ex H1 being LTL-formula st it 'or' H1 = H if H is disjunctive ex H1 being LTL-formula st it 'U' H1 = H if H is Until otherwise ex H1 being LTL-formula st it 'R' H1 = H; existence ( ( H is conjunctive implies ex b1, H1 being LTL-formula st b1 '&' H1 = H ) & ( H is disjunctive implies ex b1, H1 being LTL-formula st b1 'or' H1 = H ) & ( H is Until implies ex b1, H1 being LTL-formula st b1 'U' H1 = H ) & ( not H is conjunctive & not H is disjunctive & not H is Until implies ex b1, H1 being LTL-formula st b1 'R' H1 = H ) ) by A1, Def13, Def14, Def16, Def17; uniqueness for b1, b2 being LTL-formula holds ( ( H is conjunctive & ex H1 being LTL-formula st b1 '&' H1 = H & ex H1 being LTL-formula st b2 '&' H1 = H implies b1 = b2 ) & ( H is disjunctive & ex H1 being LTL-formula st b1 'or' H1 = H & ex H1 being LTL-formula st b2 'or' H1 = H implies b1 = b2 ) & ( H is Until & ex H1 being LTL-formula st b1 'U' H1 = H & ex H1 being LTL-formula st b2 'U' H1 = H implies b1 = b2 ) & ( not H is conjunctive & not H is disjunctive & not H is Until & ex H1 being LTL-formula st b1 'R' H1 = H & ex H1 being LTL-formula st b2 'R' H1 = H implies b1 = b2 ) ) by Lm12, Lm13, Lm14, Lm15; consistency for b1 being LTL-formula holds ( ( H is conjunctive & H is disjunctive implies ( ex H1 being LTL-formula st b1 '&' H1 = H iff ex H1 being LTL-formula st b1 'or' H1 = H ) ) & ( H is conjunctive & H is Until implies ( ex H1 being LTL-formula st b1 '&' H1 = H iff ex H1 being LTL-formula st b1 'U' H1 = H ) ) & ( H is disjunctive & H is Until implies ( ex H1 being LTL-formula st b1 'or' H1 = H iff ex H1 being LTL-formula st b1 'U' H1 = H ) ) ) by Lm17, Lm18; func the_right_argument_of H -> LTL-formula means :Def20: :: MODELC_2:def 20 ex H1 being LTL-formula st H1 '&' it = H if H is conjunctive ex H1 being LTL-formula st H1 'or' it = H if H is disjunctive ex H1 being LTL-formula st H1 'U' it = H if H is Until otherwise ex H1 being LTL-formula st H1 'R' it = H; existence ( ( H is conjunctive implies ex b1, H1 being LTL-formula st H1 '&' b1 = H ) & ( H is disjunctive implies ex b1, H1 being LTL-formula st H1 'or' b1 = H ) & ( H is Until implies ex b1, H1 being LTL-formula st H1 'U' b1 = H ) & ( not H is conjunctive & not H is disjunctive & not H is Until implies ex b1, H1 being LTL-formula st H1 'R' b1 = H ) ) proof A2: ( H is Until implies ex G, H1 being LTL-formula st H1 'U' G = H ) proof assume H is Until ; ::_thesis: ex G, H1 being LTL-formula st H1 'U' G = H then consider G, F being LTL-formula such that A3: G 'U' F = H by Def16; take F ; ::_thesis: ex H1 being LTL-formula st H1 'U' F = H thus ex H1 being LTL-formula st H1 'U' F = H by A3; ::_thesis: verum end; A4: ( H is disjunctive implies ex G, H1 being LTL-formula st H1 'or' G = H ) proof assume H is disjunctive ; ::_thesis: ex G, H1 being LTL-formula st H1 'or' G = H then consider G, F being LTL-formula such that A5: G 'or' F = H by Def14; take F ; ::_thesis: ex H1 being LTL-formula st H1 'or' F = H thus ex H1 being LTL-formula st H1 'or' F = H by A5; ::_thesis: verum end; A6: ( H is conjunctive implies ex G, H1 being LTL-formula st H1 '&' G = H ) proof assume H is conjunctive ; ::_thesis: ex G, H1 being LTL-formula st H1 '&' G = H then consider G, F being LTL-formula such that A7: G '&' F = H by Def13; take F ; ::_thesis: ex H1 being LTL-formula st H1 '&' F = H thus ex H1 being LTL-formula st H1 '&' F = H by A7; ::_thesis: verum end; ( not H is conjunctive & not H is disjunctive & not H is Until implies ex G, H1 being LTL-formula st H1 'R' G = H ) proof assume ( not H is conjunctive & not H is disjunctive & not H is Until ) ; ::_thesis: ex G, H1 being LTL-formula st H1 'R' G = H then consider G, F being LTL-formula such that A8: G 'R' F = H by A1, Def17; take F ; ::_thesis: ex H1 being LTL-formula st H1 'R' F = H thus ex H1 being LTL-formula st H1 'R' F = H by A8; ::_thesis: verum end; hence ( ( H is conjunctive implies ex b1, H1 being LTL-formula st H1 '&' b1 = H ) & ( H is disjunctive implies ex b1, H1 being LTL-formula st H1 'or' b1 = H ) & ( H is Until implies ex b1, H1 being LTL-formula st H1 'U' b1 = H ) & ( not H is conjunctive & not H is disjunctive & not H is Until implies ex b1, H1 being LTL-formula st H1 'R' b1 = H ) ) by A6, A4, A2; ::_thesis: verum end; uniqueness for b1, b2 being LTL-formula holds ( ( H is conjunctive & ex H1 being LTL-formula st H1 '&' b1 = H & ex H1 being LTL-formula st H1 '&' b2 = H implies b1 = b2 ) & ( H is disjunctive & ex H1 being LTL-formula st H1 'or' b1 = H & ex H1 being LTL-formula st H1 'or' b2 = H implies b1 = b2 ) & ( H is Until & ex H1 being LTL-formula st H1 'U' b1 = H & ex H1 being LTL-formula st H1 'U' b2 = H implies b1 = b2 ) & ( not H is conjunctive & not H is disjunctive & not H is Until & ex H1 being LTL-formula st H1 'R' b1 = H & ex H1 being LTL-formula st H1 'R' b2 = H implies b1 = b2 ) ) by Lm12, Lm13, Lm14, Lm15; consistency for b1 being LTL-formula holds ( ( H is conjunctive & H is disjunctive implies ( ex H1 being LTL-formula st H1 '&' b1 = H iff ex H1 being LTL-formula st H1 'or' b1 = H ) ) & ( H is conjunctive & H is Until implies ( ex H1 being LTL-formula st H1 '&' b1 = H iff ex H1 being LTL-formula st H1 'U' b1 = H ) ) & ( H is disjunctive & H is Until implies ( ex H1 being LTL-formula st H1 'or' b1 = H iff ex H1 being LTL-formula st H1 'U' b1 = H ) ) ) by Lm18, Lm20; end; :: deftheorem Def19 defines the_left_argument_of MODELC_2:def_19_:_ for H being LTL-formula st ( H is conjunctive or H is disjunctive or H is Until or H is Release ) holds for b2 being LTL-formula holds ( ( H is conjunctive implies ( b2 = the_left_argument_of H iff ex H1 being LTL-formula st b2 '&' H1 = H ) ) & ( H is disjunctive implies ( b2 = the_left_argument_of H iff ex H1 being LTL-formula st b2 'or' H1 = H ) ) & ( H is Until implies ( b2 = the_left_argument_of H iff ex H1 being LTL-formula st b2 'U' H1 = H ) ) & ( not H is conjunctive & not H is disjunctive & not H is Until implies ( b2 = the_left_argument_of H iff ex H1 being LTL-formula st b2 'R' H1 = H ) ) ); :: deftheorem Def20 defines the_right_argument_of MODELC_2:def_20_:_ for H being LTL-formula st ( H is conjunctive or H is disjunctive or H is Until or H is Release ) holds for b2 being LTL-formula holds ( ( H is conjunctive implies ( b2 = the_right_argument_of H iff ex H1 being LTL-formula st H1 '&' b2 = H ) ) & ( H is disjunctive implies ( b2 = the_right_argument_of H iff ex H1 being LTL-formula st H1 'or' b2 = H ) ) & ( H is Until implies ( b2 = the_right_argument_of H iff ex H1 being LTL-formula st H1 'U' b2 = H ) ) & ( not H is conjunctive & not H is disjunctive & not H is Until implies ( b2 = the_right_argument_of H iff ex H1 being LTL-formula st H1 'R' b2 = H ) ) ); theorem :: MODELC_2:4 for H being LTL-formula st H is negative holds H = 'not' (the_argument_of H) by Def18; theorem Th5: :: MODELC_2:5 for H being LTL-formula st H is next holds H = 'X' (the_argument_of H) proof let H be LTL-formula; ::_thesis: ( H is next implies H = 'X' (the_argument_of H) ) assume A1: H is next ; ::_thesis: H = 'X' (the_argument_of H) then not H is negative by Lm19; hence H = 'X' (the_argument_of H) by A1, Def18; ::_thesis: verum end; theorem Th6: :: MODELC_2:6 for H being LTL-formula st H is conjunctive holds H = (the_left_argument_of H) '&' (the_right_argument_of H) proof let H be LTL-formula; ::_thesis: ( H is conjunctive implies H = (the_left_argument_of H) '&' (the_right_argument_of H) ) assume A1: H is conjunctive ; ::_thesis: H = (the_left_argument_of H) '&' (the_right_argument_of H) then ex H1 being LTL-formula st H = H1 '&' (the_right_argument_of H) by Def20; hence H = (the_left_argument_of H) '&' (the_right_argument_of H) by A1, Def19; ::_thesis: verum end; theorem Th7: :: MODELC_2:7 for H being LTL-formula st H is disjunctive holds H = (the_left_argument_of H) 'or' (the_right_argument_of H) proof let H be LTL-formula; ::_thesis: ( H is disjunctive implies H = (the_left_argument_of H) 'or' (the_right_argument_of H) ) assume A1: H is disjunctive ; ::_thesis: H = (the_left_argument_of H) 'or' (the_right_argument_of H) then ex H1 being LTL-formula st H = H1 'or' (the_right_argument_of H) by Def20; hence H = (the_left_argument_of H) 'or' (the_right_argument_of H) by A1, Def19; ::_thesis: verum end; theorem Th8: :: MODELC_2:8 for H being LTL-formula st H is Until holds H = (the_left_argument_of H) 'U' (the_right_argument_of H) proof let H be LTL-formula; ::_thesis: ( H is Until implies H = (the_left_argument_of H) 'U' (the_right_argument_of H) ) assume A1: H is Until ; ::_thesis: H = (the_left_argument_of H) 'U' (the_right_argument_of H) then ex H1 being LTL-formula st H = H1 'U' (the_right_argument_of H) by Def20; hence H = (the_left_argument_of H) 'U' (the_right_argument_of H) by A1, Def19; ::_thesis: verum end; theorem Th9: :: MODELC_2:9 for H being LTL-formula st H is Release holds H = (the_left_argument_of H) 'R' (the_right_argument_of H) proof let H be LTL-formula; ::_thesis: ( H is Release implies H = (the_left_argument_of H) 'R' (the_right_argument_of H) ) assume A1: H is Release ; ::_thesis: H = (the_left_argument_of H) 'R' (the_right_argument_of H) then A2: not H is Until by Lm21; A3: ( not H is conjunctive & not H is disjunctive ) by A1, Lm21; then ex H1 being LTL-formula st H = H1 'R' (the_right_argument_of H) by A1, A2, Def20; hence H = (the_left_argument_of H) 'R' (the_right_argument_of H) by A1, A3, A2, Def19; ::_thesis: verum end; theorem Th10: :: MODELC_2:10 for H being LTL-formula st ( H is negative or H is next ) holds ( len H = 1 + (len (the_argument_of H)) & len (the_argument_of H) < len H ) proof let H be LTL-formula; ::_thesis: ( ( H is negative or H is next ) implies ( len H = 1 + (len (the_argument_of H)) & len (the_argument_of H) < len H ) ) assume A1: ( H is negative or H is next ) ; ::_thesis: ( len H = 1 + (len (the_argument_of H)) & len (the_argument_of H) < len H ) percases ( H is negative or H is next ) by A1; suppose H is negative ; ::_thesis: ( len H = 1 + (len (the_argument_of H)) & len (the_argument_of H) < len H ) then H = 'not' (the_argument_of H) by Def18; then len H = 1 + (len (the_argument_of H)) by FINSEQ_5:8; hence ( len H = 1 + (len (the_argument_of H)) & len (the_argument_of H) < len H ) by NAT_1:19; ::_thesis: verum end; suppose H is next ; ::_thesis: ( len H = 1 + (len (the_argument_of H)) & len (the_argument_of H) < len H ) then H = 'X' (the_argument_of H) by Th5; then len H = 1 + (len (the_argument_of H)) by FINSEQ_5:8; hence ( len H = 1 + (len (the_argument_of H)) & len (the_argument_of H) < len H ) by NAT_1:19; ::_thesis: verum end; end; end; theorem Th11: :: MODELC_2:11 for H being LTL-formula st ( H is conjunctive or H is disjunctive or H is Until or H is Release ) holds ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) proof let H be LTL-formula; ::_thesis: ( ( H is conjunctive or H is disjunctive or H is Until or H is Release ) implies ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) ) set iL = len (the_left_argument_of H); set iR = len (the_right_argument_of H); set iR1 = (len (the_right_argument_of H)) + 1; assume A1: ( H is conjunctive or H is disjunctive or H is Until or H is Release ) ; ::_thesis: ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) percases ( H is conjunctive or H is disjunctive or H is Until or H is Release ) by A1; suppose H is conjunctive ; ::_thesis: ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) then H = (the_left_argument_of H) '&' (the_right_argument_of H) by Th6; then A2: len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by Lm2; 1 <= (len (the_right_argument_of H)) + 1 by NAT_1:11; then A3: len (the_left_argument_of H) < (len (the_left_argument_of H)) + ((len (the_right_argument_of H)) + 1) by NAT_1:19; 1 <= 1 + (len (the_left_argument_of H)) by NAT_1:11; hence ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) by A2, A3, NAT_1:19; ::_thesis: verum end; suppose H is disjunctive ; ::_thesis: ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) then H = (the_left_argument_of H) 'or' (the_right_argument_of H) by Th7; then A4: len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by Lm2; 1 <= (len (the_right_argument_of H)) + 1 by NAT_1:11; then A5: len (the_left_argument_of H) < (len (the_left_argument_of H)) + ((len (the_right_argument_of H)) + 1) by NAT_1:19; 1 <= 1 + (len (the_left_argument_of H)) by NAT_1:11; hence ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) by A4, A5, NAT_1:19; ::_thesis: verum end; suppose H is Until ; ::_thesis: ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) then H = (the_left_argument_of H) 'U' (the_right_argument_of H) by Th8; then A6: len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by Lm2; 1 <= (len (the_right_argument_of H)) + 1 by NAT_1:11; then A7: len (the_left_argument_of H) < (len (the_left_argument_of H)) + ((len (the_right_argument_of H)) + 1) by NAT_1:19; 1 <= 1 + (len (the_left_argument_of H)) by NAT_1:11; hence ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) by A6, A7, NAT_1:19; ::_thesis: verum end; suppose H is Release ; ::_thesis: ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) then H = (the_left_argument_of H) 'R' (the_right_argument_of H) by Th9; then A8: len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by Lm2; 1 <= (len (the_right_argument_of H)) + 1 by NAT_1:11; then A9: len (the_left_argument_of H) < (len (the_left_argument_of H)) + ((len (the_right_argument_of H)) + 1) by NAT_1:19; 1 <= 1 + (len (the_left_argument_of H)) by NAT_1:11; hence ( len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) & len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) by A8, A9, NAT_1:19; ::_thesis: verum end; end; end; definition let H, F be LTL-formula; predH is_immediate_constituent_of F means :Def21: :: MODELC_2:def 21 ( F = 'not' H or F = 'X' H or ex H1 being LTL-formula st ( F = H '&' H1 or F = H1 '&' H or F = H 'or' H1 or F = H1 'or' H or F = H 'U' H1 or F = H1 'U' H or F = H 'R' H1 or F = H1 'R' H ) ); end; :: deftheorem Def21 defines is_immediate_constituent_of MODELC_2:def_21_:_ for H, F being LTL-formula holds ( H is_immediate_constituent_of F iff ( F = 'not' H or F = 'X' H or ex H1 being LTL-formula st ( F = H '&' H1 or F = H1 '&' H or F = H 'or' H1 or F = H1 'or' H or F = H 'U' H1 or F = H1 'U' H or F = H 'R' H1 or F = H1 'R' H ) ) ); theorem Th12: :: MODELC_2:12 for F, G being LTL-formula holds ( ('not' F) . 1 = 0 & (F '&' G) . 1 = 1 & (F 'or' G) . 1 = 2 & ('X' F) . 1 = 3 & (F 'U' G) . 1 = 4 & (F 'R' G) . 1 = 5 ) proof let F, G be LTL-formula; ::_thesis: ( ('not' F) . 1 = 0 & (F '&' G) . 1 = 1 & (F 'or' G) . 1 = 2 & ('X' F) . 1 = 3 & (F 'U' G) . 1 = 4 & (F 'R' G) . 1 = 5 ) thus ('not' F) . 1 = 0 by FINSEQ_1:41; ::_thesis: ( (F '&' G) . 1 = 1 & (F 'or' G) . 1 = 2 & ('X' F) . 1 = 3 & (F 'U' G) . 1 = 4 & (F 'R' G) . 1 = 5 ) thus (F '&' G) . 1 = (<*1*> ^ (F ^ G)) . 1 by FINSEQ_1:32 .= 1 by FINSEQ_1:41 ; ::_thesis: ( (F 'or' G) . 1 = 2 & ('X' F) . 1 = 3 & (F 'U' G) . 1 = 4 & (F 'R' G) . 1 = 5 ) thus (F 'or' G) . 1 = (<*2*> ^ (F ^ G)) . 1 by FINSEQ_1:32 .= 2 by FINSEQ_1:41 ; ::_thesis: ( ('X' F) . 1 = 3 & (F 'U' G) . 1 = 4 & (F 'R' G) . 1 = 5 ) thus ('X' F) . 1 = 3 by FINSEQ_1:41; ::_thesis: ( (F 'U' G) . 1 = 4 & (F 'R' G) . 1 = 5 ) thus (F 'U' G) . 1 = (<*4*> ^ (F ^ G)) . 1 by FINSEQ_1:32 .= 4 by FINSEQ_1:41 ; ::_thesis: (F 'R' G) . 1 = 5 thus (F 'R' G) . 1 = (<*5*> ^ (F ^ G)) . 1 by FINSEQ_1:32 .= 5 by FINSEQ_1:41 ; ::_thesis: verum end; theorem Th13: :: MODELC_2:13 for H, F being LTL-formula holds ( H is_immediate_constituent_of 'not' F iff H = F ) proof let H, F be LTL-formula; ::_thesis: ( H is_immediate_constituent_of 'not' F iff H = F ) thus ( H is_immediate_constituent_of 'not' F implies H = F ) ::_thesis: ( H = F implies H is_immediate_constituent_of 'not' F ) proof A1: now__::_thesis:_for_H1_being_LTL-formula_holds_ (_not_'not'_F_=_H_'&'_H1_&_not_'not'_F_=_H1_'&'_H_&_not_'not'_F_=_H_'or'_H1_&_not_'not'_F_=_H1_'or'_H_&_not_'not'_F_=_H_'U'_H1_&_not_'not'_F_=_H1_'U'_H_&_not_'not'_F_=_H_'R'_H1_&_not_'not'_F_=_H1_'R'_H_) given H1 being LTL-formula such that A2: ( 'not' F = H '&' H1 or 'not' F = H1 '&' H or 'not' F = H 'or' H1 or 'not' F = H1 'or' H or 'not' F = H 'U' H1 or 'not' F = H1 'U' H or 'not' F = H 'R' H1 or 'not' F = H1 'R' H ) ; ::_thesis: contradiction ('not' F) . 1 = 0 by Th12; hence contradiction by A2, Th12; ::_thesis: verum end; A3: now__::_thesis:_not_'not'_F_=_'X'_H assume A4: 'not' F = 'X' H ; ::_thesis: contradiction ('not' F) . 1 = 0 by Th12; hence contradiction by A4, Th12; ::_thesis: verum end; assume H is_immediate_constituent_of 'not' F ; ::_thesis: H = F then ( 'not' F = 'not' H or 'not' F = 'X' H or ex H1 being LTL-formula st ( 'not' F = H '&' H1 or 'not' F = H1 '&' H or 'not' F = H 'or' H1 or 'not' F = H1 'or' H or 'not' F = H 'U' H1 or 'not' F = H1 'U' H or 'not' F = H 'R' H1 or 'not' F = H1 'R' H ) ) by Def21; hence H = F by A3, A1, FINSEQ_1:33; ::_thesis: verum end; thus ( H = F implies H is_immediate_constituent_of 'not' F ) by Def21; ::_thesis: verum end; theorem Th14: :: MODELC_2:14 for H, F being LTL-formula holds ( H is_immediate_constituent_of 'X' F iff H = F ) proof let H, F be LTL-formula; ::_thesis: ( H is_immediate_constituent_of 'X' F iff H = F ) thus ( H is_immediate_constituent_of 'X' F implies H = F ) ::_thesis: ( H = F implies H is_immediate_constituent_of 'X' F ) proof A1: now__::_thesis:_for_H1_being_LTL-formula_holds_ (_not_'X'_F_=_H_'&'_H1_&_not_'X'_F_=_H1_'&'_H_&_not_'X'_F_=_H_'or'_H1_&_not_'X'_F_=_H1_'or'_H_&_not_'X'_F_=_H_'U'_H1_&_not_'X'_F_=_H1_'U'_H_&_not_'X'_F_=_H_'R'_H1_&_not_'X'_F_=_H1_'R'_H_) given H1 being LTL-formula such that A2: ( 'X' F = H '&' H1 or 'X' F = H1 '&' H or 'X' F = H 'or' H1 or 'X' F = H1 'or' H or 'X' F = H 'U' H1 or 'X' F = H1 'U' H or 'X' F = H 'R' H1 or 'X' F = H1 'R' H ) ; ::_thesis: contradiction ('X' F) . 1 = 3 by Th12; hence contradiction by A2, Th12; ::_thesis: verum end; A3: now__::_thesis:_not_'X'_F_=_'not'_H assume A4: 'X' F = 'not' H ; ::_thesis: contradiction ('X' F) . 1 = 3 by Th12; hence contradiction by A4, Th12; ::_thesis: verum end; assume H is_immediate_constituent_of 'X' F ; ::_thesis: H = F then ( 'X' F = 'not' H or 'X' F = 'X' H or ex H1 being LTL-formula st ( 'X' F = H '&' H1 or 'X' F = H1 '&' H or 'X' F = H 'or' H1 or 'X' F = H1 'or' H or 'X' F = H 'U' H1 or 'X' F = H1 'U' H or 'X' F = H 'R' H1 or 'X' F = H1 'R' H ) ) by Def21; hence H = F by A3, A1, FINSEQ_1:33; ::_thesis: verum end; thus ( H = F implies H is_immediate_constituent_of 'X' F ) by Def21; ::_thesis: verum end; theorem Th15: :: MODELC_2:15 for H, F, G being LTL-formula holds ( H is_immediate_constituent_of F '&' G iff ( H = F or H = G ) ) proof let H, F, G be LTL-formula; ::_thesis: ( H is_immediate_constituent_of F '&' G iff ( H = F or H = G ) ) thus ( not H is_immediate_constituent_of F '&' G or H = F or H = G ) ::_thesis: ( ( H = F or H = G ) implies H is_immediate_constituent_of F '&' G ) proof set Z = F '&' G; A1: now__::_thesis:_(_not_F_'&'_G_=_'not'_H_&_not_F_'&'_G_=_'X'_H_) assume A2: ( F '&' G = 'not' H or F '&' G = 'X' H ) ; ::_thesis: contradiction (F '&' G) . 1 = 1 by Th12; hence contradiction by A2, Th12; ::_thesis: verum end; A3: now__::_thesis:_for_H1_being_LTL-formula_holds_ (_not_F_'&'_G_=_H_'or'_H1_&_not_F_'&'_G_=_H1_'or'_H_&_not_F_'&'_G_=_H_'U'_H1_&_not_F_'&'_G_=_H1_'U'_H_&_not_F_'&'_G_=_H_'R'_H1_&_not_F_'&'_G_=_H1_'R'_H_) given H1 being LTL-formula such that A4: ( F '&' G = H 'or' H1 or F '&' G = H1 'or' H or F '&' G = H 'U' H1 or F '&' G = H1 'U' H or F '&' G = H 'R' H1 or F '&' G = H1 'R' H ) ; ::_thesis: contradiction (F '&' G) . 1 = 1 by Th12; hence contradiction by A4, Th12; ::_thesis: verum end; assume H is_immediate_constituent_of F '&' G ; ::_thesis: ( H = F or H = G ) then ( F '&' G = 'not' H or F '&' G = 'X' H or ex H1 being LTL-formula st ( F '&' G = H '&' H1 or F '&' G = H1 '&' H or F '&' G = H 'or' H1 or F '&' G = H1 'or' H or F '&' G = H 'U' H1 or F '&' G = H1 'U' H or F '&' G = H 'R' H1 or F '&' G = H1 'R' H ) ) by Def21; hence ( H = F or H = G ) by A1, A3, Lm12; ::_thesis: verum end; thus ( ( H = F or H = G ) implies H is_immediate_constituent_of F '&' G ) by Def21; ::_thesis: verum end; theorem Th16: :: MODELC_2:16 for H, F, G being LTL-formula holds ( H is_immediate_constituent_of F 'or' G iff ( H = F or H = G ) ) proof let H, F, G be LTL-formula; ::_thesis: ( H is_immediate_constituent_of F 'or' G iff ( H = F or H = G ) ) thus ( not H is_immediate_constituent_of F 'or' G or H = F or H = G ) ::_thesis: ( ( H = F or H = G ) implies H is_immediate_constituent_of F 'or' G ) proof set Z = F 'or' G; A1: now__::_thesis:_(_not_F_'or'_G_=_'not'_H_&_not_F_'or'_G_=_'X'_H_) assume A2: ( F 'or' G = 'not' H or F 'or' G = 'X' H ) ; ::_thesis: contradiction (F 'or' G) . 1 = 2 by Th12; hence contradiction by A2, Th12; ::_thesis: verum end; A3: now__::_thesis:_for_H1_being_LTL-formula_holds_ (_not_F_'or'_G_=_H_'&'_H1_&_not_F_'or'_G_=_H1_'&'_H_&_not_F_'or'_G_=_H_'U'_H1_&_not_F_'or'_G_=_H1_'U'_H_&_not_F_'or'_G_=_H_'R'_H1_&_not_F_'or'_G_=_H1_'R'_H_) given H1 being LTL-formula such that A4: ( F 'or' G = H '&' H1 or F 'or' G = H1 '&' H or F 'or' G = H 'U' H1 or F 'or' G = H1 'U' H or F 'or' G = H 'R' H1 or F 'or' G = H1 'R' H ) ; ::_thesis: contradiction (F 'or' G) . 1 = 2 by Th12; hence contradiction by A4, Th12; ::_thesis: verum end; assume H is_immediate_constituent_of F 'or' G ; ::_thesis: ( H = F or H = G ) then ( F 'or' G = 'not' H or F 'or' G = 'X' H or ex H1 being LTL-formula st ( F 'or' G = H '&' H1 or F 'or' G = H1 '&' H or F 'or' G = H 'or' H1 or F 'or' G = H1 'or' H or F 'or' G = H 'U' H1 or F 'or' G = H1 'U' H or F 'or' G = H 'R' H1 or F 'or' G = H1 'R' H ) ) by Def21; hence ( H = F or H = G ) by A1, A3, Lm13; ::_thesis: verum end; thus ( ( H = F or H = G ) implies H is_immediate_constituent_of F 'or' G ) by Def21; ::_thesis: verum end; theorem Th17: :: MODELC_2:17 for H, F, G being LTL-formula holds ( H is_immediate_constituent_of F 'U' G iff ( H = F or H = G ) ) proof let H, F, G be LTL-formula; ::_thesis: ( H is_immediate_constituent_of F 'U' G iff ( H = F or H = G ) ) thus ( not H is_immediate_constituent_of F 'U' G or H = F or H = G ) ::_thesis: ( ( H = F or H = G ) implies H is_immediate_constituent_of F 'U' G ) proof set Z = F 'U' G; A1: now__::_thesis:_(_not_F_'U'_G_=_'not'_H_&_not_F_'U'_G_=_'X'_H_) assume A2: ( F 'U' G = 'not' H or F 'U' G = 'X' H ) ; ::_thesis: contradiction (F 'U' G) . 1 = 4 by Th12; hence contradiction by A2, Th12; ::_thesis: verum end; A3: now__::_thesis:_for_H1_being_LTL-formula_holds_ (_not_F_'U'_G_=_H_'&'_H1_&_not_F_'U'_G_=_H1_'&'_H_&_not_F_'U'_G_=_H_'or'_H1_&_not_F_'U'_G_=_H1_'or'_H_&_not_F_'U'_G_=_H_'R'_H1_&_not_F_'U'_G_=_H1_'R'_H_) given H1 being LTL-formula such that A4: ( F 'U' G = H '&' H1 or F 'U' G = H1 '&' H or F 'U' G = H 'or' H1 or F 'U' G = H1 'or' H or F 'U' G = H 'R' H1 or F 'U' G = H1 'R' H ) ; ::_thesis: contradiction (F 'U' G) . 1 = 4 by Th12; hence contradiction by A4, Th12; ::_thesis: verum end; assume H is_immediate_constituent_of F 'U' G ; ::_thesis: ( H = F or H = G ) then ( F 'U' G = 'not' H or F 'U' G = 'X' H or ex H1 being LTL-formula st ( F 'U' G = H '&' H1 or F 'U' G = H1 '&' H or F 'U' G = H 'or' H1 or F 'U' G = H1 'or' H or F 'U' G = H 'U' H1 or F 'U' G = H1 'U' H or F 'U' G = H 'R' H1 or F 'U' G = H1 'R' H ) ) by Def21; hence ( H = F or H = G ) by A1, A3, Lm14; ::_thesis: verum end; thus ( ( H = F or H = G ) implies H is_immediate_constituent_of F 'U' G ) by Def21; ::_thesis: verum end; theorem Th18: :: MODELC_2:18 for H, F, G being LTL-formula holds ( H is_immediate_constituent_of F 'R' G iff ( H = F or H = G ) ) proof let H, F, G be LTL-formula; ::_thesis: ( H is_immediate_constituent_of F 'R' G iff ( H = F or H = G ) ) thus ( not H is_immediate_constituent_of F 'R' G or H = F or H = G ) ::_thesis: ( ( H = F or H = G ) implies H is_immediate_constituent_of F 'R' G ) proof set Z = F 'R' G; A1: now__::_thesis:_(_not_F_'R'_G_=_'not'_H_&_not_F_'R'_G_=_'X'_H_) assume A2: ( F 'R' G = 'not' H or F 'R' G = 'X' H ) ; ::_thesis: contradiction (F 'R' G) . 1 = 5 by Th12; hence contradiction by A2, Th12; ::_thesis: verum end; A3: now__::_thesis:_for_H1_being_LTL-formula_holds_ (_not_F_'R'_G_=_H_'&'_H1_&_not_F_'R'_G_=_H1_'&'_H_&_not_F_'R'_G_=_H_'or'_H1_&_not_F_'R'_G_=_H1_'or'_H_&_not_F_'R'_G_=_H_'U'_H1_&_not_F_'R'_G_=_H1_'U'_H_) given H1 being LTL-formula such that A4: ( F 'R' G = H '&' H1 or F 'R' G = H1 '&' H or F 'R' G = H 'or' H1 or F 'R' G = H1 'or' H or F 'R' G = H 'U' H1 or F 'R' G = H1 'U' H ) ; ::_thesis: contradiction (F 'R' G) . 1 = 5 by Th12; hence contradiction by A4, Th12; ::_thesis: verum end; assume H is_immediate_constituent_of F 'R' G ; ::_thesis: ( H = F or H = G ) then ( F 'R' G = 'not' H or F 'R' G = 'X' H or ex H1 being LTL-formula st ( F 'R' G = H '&' H1 or F 'R' G = H1 '&' H or F 'R' G = H 'or' H1 or F 'R' G = H1 'or' H or F 'R' G = H 'U' H1 or F 'R' G = H1 'U' H or F 'R' G = H 'R' H1 or F 'R' G = H1 'R' H ) ) by Def21; hence ( H = F or H = G ) by A1, A3, Lm15; ::_thesis: verum end; thus ( ( H = F or H = G ) implies H is_immediate_constituent_of F 'R' G ) by Def21; ::_thesis: verum end; theorem Th19: :: MODELC_2:19 for F, H being LTL-formula st F is atomic holds not H is_immediate_constituent_of F proof let F, H be LTL-formula; ::_thesis: ( F is atomic implies not H is_immediate_constituent_of F ) assume A1: F is atomic ; ::_thesis: not H is_immediate_constituent_of F then A2: ( not F . 1 = 2 & not F . 1 = 3 ) by Lm9; A3: ( not F . 1 = 4 & not F . 1 = 5 ) by A1, Lm9; A4: ( not F . 1 = 0 & not F . 1 = 1 ) by A1, Lm9; now__::_thesis:_not_H_is_immediate_constituent_of_F assume H is_immediate_constituent_of F ; ::_thesis: contradiction then ( F = 'not' H or F = 'X' H or ex H1 being LTL-formula st ( F = H '&' H1 or F = H1 '&' H or F = H 'or' H1 or F = H1 'or' H or F = H 'U' H1 or F = H1 'U' H or F = H 'R' H1 or F = H1 'R' H ) ) by Def21; hence contradiction by A4, A2, A3, Th12; ::_thesis: verum end; hence not H is_immediate_constituent_of F ; ::_thesis: verum end; theorem Th20: :: MODELC_2:20 for F, H being LTL-formula st F is negative holds ( H is_immediate_constituent_of F iff H = the_argument_of F ) proof let F, H be LTL-formula; ::_thesis: ( F is negative implies ( H is_immediate_constituent_of F iff H = the_argument_of F ) ) assume F is negative ; ::_thesis: ( H is_immediate_constituent_of F iff H = the_argument_of F ) then F = 'not' (the_argument_of F) by Def18; hence ( H is_immediate_constituent_of F iff H = the_argument_of F ) by Th13; ::_thesis: verum end; theorem Th21: :: MODELC_2:21 for F, H being LTL-formula st F is next holds ( H is_immediate_constituent_of F iff H = the_argument_of F ) proof let F, H be LTL-formula; ::_thesis: ( F is next implies ( H is_immediate_constituent_of F iff H = the_argument_of F ) ) assume F is next ; ::_thesis: ( H is_immediate_constituent_of F iff H = the_argument_of F ) then F = 'X' (the_argument_of F) by Th5; hence ( H is_immediate_constituent_of F iff H = the_argument_of F ) by Th14; ::_thesis: verum end; theorem Th22: :: MODELC_2:22 for F, H being LTL-formula st F is conjunctive holds ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) proof let F, H be LTL-formula; ::_thesis: ( F is conjunctive implies ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) ) assume F is conjunctive ; ::_thesis: ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) then F = (the_left_argument_of F) '&' (the_right_argument_of F) by Th6; hence ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) by Th15; ::_thesis: verum end; theorem Th23: :: MODELC_2:23 for F, H being LTL-formula st F is disjunctive holds ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) proof let F, H be LTL-formula; ::_thesis: ( F is disjunctive implies ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) ) assume F is disjunctive ; ::_thesis: ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) then F = (the_left_argument_of F) 'or' (the_right_argument_of F) by Th7; hence ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) by Th16; ::_thesis: verum end; theorem Th24: :: MODELC_2:24 for F, H being LTL-formula st F is Until holds ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) proof let F, H be LTL-formula; ::_thesis: ( F is Until implies ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) ) assume F is Until ; ::_thesis: ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) then F = (the_left_argument_of F) 'U' (the_right_argument_of F) by Th8; hence ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) by Th17; ::_thesis: verum end; theorem Th25: :: MODELC_2:25 for F, H being LTL-formula st F is Release holds ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) proof let F, H be LTL-formula; ::_thesis: ( F is Release implies ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) ) assume F is Release ; ::_thesis: ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) then F = (the_left_argument_of F) 'R' (the_right_argument_of F) by Th9; hence ( H is_immediate_constituent_of F iff ( H = the_left_argument_of F or H = the_right_argument_of F ) ) by Th18; ::_thesis: verum end; theorem :: MODELC_2:26 for H, F being LTL-formula holds ( not H is_immediate_constituent_of F or F is negative or F is next or F is conjunctive or F is disjunctive or F is Until or F is Release ) by Th2, Th19; definition let H, F be LTL-formula; predH is_subformula_of F means :Def22: :: MODELC_2:def 22 ex n being Nat ex L being FinSequence st ( 1 <= n & len L = n & L . 1 = H & L . n = F & ( for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ); reflexivity for H being LTL-formula ex n being Nat ex L being FinSequence st ( 1 <= n & len L = n & L . 1 = H & L . n = H & ( for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) proof let H be LTL-formula; ::_thesis: ex n being Nat ex L being FinSequence st ( 1 <= n & len L = n & L . 1 = H & L . n = H & ( for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) take 1 ; ::_thesis: ex L being FinSequence st ( 1 <= 1 & len L = 1 & L . 1 = H & L . 1 = H & ( for k being Nat st 1 <= k & k < 1 holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) take <*H*> ; ::_thesis: ( 1 <= 1 & len <*H*> = 1 & <*H*> . 1 = H & <*H*> . 1 = H & ( for k being Nat st 1 <= k & k < 1 holds ex H1, F1 being LTL-formula st ( <*H*> . k = H1 & <*H*> . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) thus 1 <= 1 ; ::_thesis: ( len <*H*> = 1 & <*H*> . 1 = H & <*H*> . 1 = H & ( for k being Nat st 1 <= k & k < 1 holds ex H1, F1 being LTL-formula st ( <*H*> . k = H1 & <*H*> . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) thus len <*H*> = 1 by FINSEQ_1:40; ::_thesis: ( <*H*> . 1 = H & <*H*> . 1 = H & ( for k being Nat st 1 <= k & k < 1 holds ex H1, F1 being LTL-formula st ( <*H*> . k = H1 & <*H*> . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) thus ( <*H*> . 1 = H & <*H*> . 1 = H ) by FINSEQ_1:def_8; ::_thesis: for k being Nat st 1 <= k & k < 1 holds ex H1, F1 being LTL-formula st ( <*H*> . k = H1 & <*H*> . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) thus for k being Nat st 1 <= k & k < 1 holds ex H1, F1 being LTL-formula st ( <*H*> . k = H1 & <*H*> . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ; ::_thesis: verum end; end; :: deftheorem Def22 defines is_subformula_of MODELC_2:def_22_:_ for H, F being LTL-formula holds ( H is_subformula_of F iff ex n being Nat ex L being FinSequence st ( 1 <= n & len L = n & L . 1 = H & L . n = F & ( for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) ); theorem :: MODELC_2:27 for H being LTL-formula holds H is_subformula_of H ; definition let H, F be LTL-formula; predH is_proper_subformula_of F means :Def23: :: MODELC_2:def 23 ( H is_subformula_of F & H <> F ); irreflexivity for H being LTL-formula holds ( not H is_subformula_of H or not H <> H ) ; end; :: deftheorem Def23 defines is_proper_subformula_of MODELC_2:def_23_:_ for H, F being LTL-formula holds ( H is_proper_subformula_of F iff ( H is_subformula_of F & H <> F ) ); theorem Th28: :: MODELC_2:28 for H, F being LTL-formula st H is_immediate_constituent_of F holds len H < len F proof let H, F be LTL-formula; ::_thesis: ( H is_immediate_constituent_of F implies len H < len F ) assume A1: H is_immediate_constituent_of F ; ::_thesis: len H < len F percases ( F is negative or F is next or F is conjunctive or F is disjunctive or F is Until or F is Release ) by A1, Th2, Th19; supposeA2: ( F is negative or F is next ) ; ::_thesis: len H < len F then H = the_argument_of F by A1, Th20, Th21; hence len H < len F by A2, Th10; ::_thesis: verum end; supposeA3: ( F is conjunctive or F is disjunctive or F is Until or F is Release ) ; ::_thesis: len H < len F then ( H = the_left_argument_of F or H = the_right_argument_of F ) by A1, Th22, Th23, Th24, Th25; hence len H < len F by A3, Th11; ::_thesis: verum end; end; end; theorem Th29: :: MODELC_2:29 for H, F being LTL-formula st H is_immediate_constituent_of F holds H is_proper_subformula_of F proof let H, F be LTL-formula; ::_thesis: ( H is_immediate_constituent_of F implies H is_proper_subformula_of F ) assume A1: H is_immediate_constituent_of F ; ::_thesis: H is_proper_subformula_of F thus H is_subformula_of F :: according to MODELC_2:def_23 ::_thesis: H <> F proof take n = 2; :: according to MODELC_2:def_22 ::_thesis: ex L being FinSequence st ( 1 <= n & len L = n & L . 1 = H & L . n = F & ( for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) take L = <*H,F*>; ::_thesis: ( 1 <= n & len L = n & L . 1 = H & L . n = F & ( for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) thus 1 <= n ; ::_thesis: ( len L = n & L . 1 = H & L . n = F & ( for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) thus len L = n by FINSEQ_1:44; ::_thesis: ( L . 1 = H & L . n = F & ( for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) thus ( L . 1 = H & L . n = F ) by FINSEQ_1:44; ::_thesis: for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) let k be Nat; ::_thesis: ( 1 <= k & k < n implies ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) assume that A2: 1 <= k and A3: k < n ; ::_thesis: ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) take H ; ::_thesis: ex F1 being LTL-formula st ( L . k = H & L . (k + 1) = F1 & H is_immediate_constituent_of F1 ) take F ; ::_thesis: ( L . k = H & L . (k + 1) = F & H is_immediate_constituent_of F ) k < 1 + 1 by A3; then k <= 1 by NAT_1:13; then k = 1 by A2, XXREAL_0:1; hence ( L . k = H & L . (k + 1) = F ) by FINSEQ_1:44; ::_thesis: H is_immediate_constituent_of F thus H is_immediate_constituent_of F by A1; ::_thesis: verum end; assume H = F ; ::_thesis: contradiction then len H = len F ; hence contradiction by A1, Th28; ::_thesis: verum end; theorem :: MODELC_2:30 for G being LTL-formula st ( G is negative or G is next ) holds the_argument_of G is_subformula_of G proof let G be LTL-formula; ::_thesis: ( ( G is negative or G is next ) implies the_argument_of G is_subformula_of G ) assume ( G is negative or G is next ) ; ::_thesis: the_argument_of G is_subformula_of G then the_argument_of G is_immediate_constituent_of G by Th20, Th21; then the_argument_of G is_proper_subformula_of G by Th29; hence the_argument_of G is_subformula_of G by Def23; ::_thesis: verum end; theorem :: MODELC_2:31 for G being LTL-formula st ( G is conjunctive or G is disjunctive or G is Until or G is Release ) holds ( the_left_argument_of G is_subformula_of G & the_right_argument_of G is_subformula_of G ) proof let G be LTL-formula; ::_thesis: ( ( G is conjunctive or G is disjunctive or G is Until or G is Release ) implies ( the_left_argument_of G is_subformula_of G & the_right_argument_of G is_subformula_of G ) ) assume A1: ( G is conjunctive or G is disjunctive or G is Until or G is Release ) ; ::_thesis: ( the_left_argument_of G is_subformula_of G & the_right_argument_of G is_subformula_of G ) then the_right_argument_of G is_immediate_constituent_of G by Th22, Th23, Th24, Th25; then A2: the_right_argument_of G is_proper_subformula_of G by Th29; the_left_argument_of G is_immediate_constituent_of G by A1, Th22, Th23, Th24, Th25; then the_left_argument_of G is_proper_subformula_of G by Th29; hence ( the_left_argument_of G is_subformula_of G & the_right_argument_of G is_subformula_of G ) by A2, Def23; ::_thesis: verum end; theorem Th32: :: MODELC_2:32 for H, F being LTL-formula st H is_proper_subformula_of F holds len H < len F proof let H, F be LTL-formula; ::_thesis: ( H is_proper_subformula_of F implies len H < len F ) assume H is_subformula_of F ; :: according to MODELC_2:def_23 ::_thesis: ( not H <> F or len H < len F ) then consider n being Nat, L being FinSequence such that A1: 1 <= n and len L = n and A2: L . 1 = H and A3: L . n = F and A4: for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) by Def22; defpred S1[ Nat] means ( 1 <= $1 & $1 < n implies for H1 being LTL-formula st L . ($1 + 1) = H1 holds len H < len H1 ); A5: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume that A6: ( 1 <= k & k < n implies for H1 being LTL-formula st L . (k + 1) = H1 holds len H < len H1 ) and A7: 1 <= k + 1 and A8: k + 1 < n ; ::_thesis: for H1 being LTL-formula st L . ((k + 1) + 1) = H1 holds len H < len H1 consider F1, G being LTL-formula such that A9: L . (k + 1) = F1 and A10: ( L . ((k + 1) + 1) = G & F1 is_immediate_constituent_of G ) by A4, A7, A8; let H1 be LTL-formula; ::_thesis: ( L . ((k + 1) + 1) = H1 implies len H < len H1 ) assume A11: L . ((k + 1) + 1) = H1 ; ::_thesis: len H < len H1 A12: now__::_thesis:_(_ex_m_being_Nat_st_k_=_m_+_1_implies_len_H_<_len_H1_) given m being Nat such that A13: k = m + 1 ; ::_thesis: len H < len H1 len H < len F1 by A6, A8, A9, A13, NAT_1:11, NAT_1:13; hence len H < len H1 by A11, A10, Th28, XXREAL_0:2; ::_thesis: verum end; ( k = 0 implies len H < len H1 ) by A2, A11, A9, A10, Th28; hence len H < len H1 by A12, NAT_1:6; ::_thesis: verum end; assume H <> F ; ::_thesis: len H < len F then 1 < n by A1, A2, A3, XXREAL_0:1; then 1 + 1 <= n by NAT_1:13; then consider k being Nat such that A14: n = 2 + k by NAT_1:10; A15: S1[ 0 ] ; A16: for k being Nat holds S1[k] from NAT_1:sch_2(A15, A5); A17: (1 + 1) + k = (1 + k) + 1 ; then 1 + k < n by A14, NAT_1:13; hence len H < len F by A3, A16, A14, A17, NAT_1:11; ::_thesis: verum end; theorem :: MODELC_2:33 for H, F being LTL-formula st H is_proper_subformula_of F holds ex G being LTL-formula st G is_immediate_constituent_of F proof let H, F be LTL-formula; ::_thesis: ( H is_proper_subformula_of F implies ex G being LTL-formula st G is_immediate_constituent_of F ) assume H is_subformula_of F ; :: according to MODELC_2:def_23 ::_thesis: ( not H <> F or ex G being LTL-formula st G is_immediate_constituent_of F ) then consider n being Nat, L being FinSequence such that A1: 1 <= n and len L = n and A2: L . 1 = H and A3: L . n = F and A4: for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) by Def22; assume H <> F ; ::_thesis: ex G being LTL-formula st G is_immediate_constituent_of F then 1 < n by A1, A2, A3, XXREAL_0:1; then 1 + 1 <= n by NAT_1:13; then consider k being Nat such that A5: n = 2 + k by NAT_1:10; (1 + 1) + k = (1 + k) + 1 ; then 1 + k < n by A5, NAT_1:13; then consider H1, F1 being LTL-formula such that L . (1 + k) = H1 and A6: ( L . ((1 + k) + 1) = F1 & H1 is_immediate_constituent_of F1 ) by A4, NAT_1:11; take H1 ; ::_thesis: H1 is_immediate_constituent_of F thus H1 is_immediate_constituent_of F by A3, A5, A6; ::_thesis: verum end; theorem Th34: :: MODELC_2:34 for F, G, H being LTL-formula st F is_proper_subformula_of G & G is_proper_subformula_of H holds F is_proper_subformula_of H proof let F, G, H be LTL-formula; ::_thesis: ( F is_proper_subformula_of G & G is_proper_subformula_of H implies F is_proper_subformula_of H ) assume that A1: F is_subformula_of G and A2: F <> G and A3: G is_subformula_of H and A4: G <> H ; :: according to MODELC_2:def_23 ::_thesis: F is_proper_subformula_of H consider m being Nat, L9 being FinSequence such that A5: 1 <= m and A6: len L9 = m and A7: L9 . 1 = G and A8: L9 . m = H and A9: for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L9 . k = H1 & L9 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) by A3, Def22; consider n being Nat, L being FinSequence such that A10: 1 <= n and A11: len L = n and A12: L . 1 = F and A13: L . n = G and A14: for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) by A1, Def22; 1 < n by A2, A10, A12, A13, XXREAL_0:1; then 1 + 1 <= n by NAT_1:13; then consider k being Nat such that A15: n = 2 + k by NAT_1:10; reconsider L1 = L | (Seg (1 + k)) as FinSequence by FINSEQ_1:15; thus F is_subformula_of H :: according to MODELC_2:def_23 ::_thesis: F <> H proof take l = (1 + k) + m; :: according to MODELC_2:def_22 ::_thesis: ex L being FinSequence st ( 1 <= l & len L = l & L . 1 = F & L . l = H & ( for k being Nat st 1 <= k & k < l holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) take K = L1 ^ L9; ::_thesis: ( 1 <= l & len K = l & K . 1 = F & K . l = H & ( for k being Nat st 1 <= k & k < l holds ex H1, F1 being LTL-formula st ( K . k = H1 & K . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) A16: ((1 + k) + m) - (1 + k) = m ; m <= m + (1 + k) by NAT_1:11; hence 1 <= l by A5, XXREAL_0:2; ::_thesis: ( len K = l & K . 1 = F & K . l = H & ( for k being Nat st 1 <= k & k < l holds ex H1, F1 being LTL-formula st ( K . k = H1 & K . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) (1 + 1) + k = (1 + k) + 1 ; then A17: 1 + k <= n by A15, NAT_1:11; then A18: len L1 = 1 + k by A11, FINSEQ_1:17; hence A19: len K = l by A6, FINSEQ_1:22; ::_thesis: ( K . 1 = F & K . l = H & ( for k being Nat st 1 <= k & k < l holds ex H1, F1 being LTL-formula st ( K . k = H1 & K . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) A20: now__::_thesis:_for_j_being_Nat_st_1_<=_j_&_j_<=_1_+_k_holds_ K_._j_=_L_._j let j be Nat; ::_thesis: ( 1 <= j & j <= 1 + k implies K . j = L . j ) assume ( 1 <= j & j <= 1 + k ) ; ::_thesis: K . j = L . j then A21: j in Seg (1 + k) by FINSEQ_1:1; then j in dom L1 by A11, A17, FINSEQ_1:17; then K . j = L1 . j by FINSEQ_1:def_7; hence K . j = L . j by A21, FUNCT_1:49; ::_thesis: verum end; 1 <= 1 + k by NAT_1:11; hence K . 1 = F by A12, A20; ::_thesis: ( K . l = H & ( for k being Nat st 1 <= k & k < l holds ex H1, F1 being LTL-formula st ( K . k = H1 & K . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) (len L1) + 1 <= (len L1) + m by A5, XREAL_1:7; then len L1 < l by A18, NAT_1:13; then K . l = L9 . (l - (len L1)) by A19, FINSEQ_1:24; hence K . l = H by A11, A8, A17, A16, FINSEQ_1:17; ::_thesis: for k being Nat st 1 <= k & k < l holds ex H1, F1 being LTL-formula st ( K . k = H1 & K . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) let j be Nat; ::_thesis: ( 1 <= j & j < l implies ex H1, F1 being LTL-formula st ( K . j = H1 & K . (j + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) assume that A22: 1 <= j and A23: j < l ; ::_thesis: ex H1, F1 being LTL-formula st ( K . j = H1 & K . (j + 1) = F1 & H1 is_immediate_constituent_of F1 ) j + 0 <= j + 1 by XREAL_1:7; then A24: 1 <= j + 1 by A22, XXREAL_0:2; A25: now__::_thesis:_(_j_<_1_+_k_implies_ex_F1,_G1_being_LTL-formula_st_ (_K_._j_=_F1_&_K_._(j_+_1)_=_G1_&_F1_is_immediate_constituent_of_G1_)_) assume A26: j < 1 + k ; ::_thesis: ex F1, G1 being LTL-formula st ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) then A27: j + 1 <= 1 + k by NAT_1:13; then j + 1 <= n by A17, XXREAL_0:2; then j < n by NAT_1:13; then consider F1, G1 being LTL-formula such that A28: ( L . j = F1 & L . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A14, A22; take F1 = F1; ::_thesis: ex G1 being LTL-formula st ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) take G1 = G1; ::_thesis: ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) thus ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A20, A22, A24, A26, A27, A28; ::_thesis: verum end; A29: now__::_thesis:_(_1_+_k_<_j_implies_ex_F1,_G1_being_LTL-formula_st_ (_K_._j_=_F1_&_K_._(j_+_1)_=_G1_&_F1_is_immediate_constituent_of_G1_)_) A30: j + 1 <= l by A23, NAT_1:13; assume A31: 1 + k < j ; ::_thesis: ex F1, G1 being LTL-formula st ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) then A32: 1 + k < j + 1 by NAT_1:13; (1 + k) + 1 <= j by A31, NAT_1:13; then consider j1 being Nat such that A33: j = ((1 + k) + 1) + j1 by NAT_1:10; j - (1 + k) < l - (1 + k) by A23, XREAL_1:9; then consider F1, G1 being LTL-formula such that A34: ( L9 . (1 + j1) = F1 & L9 . ((1 + j1) + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A9, A33, NAT_1:11; take F1 = F1; ::_thesis: ex G1 being LTL-formula st ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) take G1 = G1; ::_thesis: ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) A35: ((1 + j1) + (1 + k)) - (1 + k) = ((1 + j1) + (1 + k)) + (- (1 + k)) ; (j + 1) - (len L1) = 1 + (j + (- (len L1))) .= (1 + j1) + 1 by A11, A17, A33, A35, FINSEQ_1:17 ; hence ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A18, A19, A23, A31, A32, A30, A35, A34, FINSEQ_1:24; ::_thesis: verum end; now__::_thesis:_(_j_=_1_+_k_implies_ex_F1,_G1_being_LTL-formula_st_ (_K_._j_=_F1_&_K_._(j_+_1)_=_G1_&_F1_is_immediate_constituent_of_G1_)_) A36: ( j + 1 <= l & (j + 1) - j = (j + 1) + (- j) ) by A23, NAT_1:13; assume A37: j = 1 + k ; ::_thesis: ex F1, G1 being LTL-formula st ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) then j < (1 + k) + 1 by NAT_1:13; then consider F1, G1 being LTL-formula such that A38: ( L . j = F1 & L . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A14, A15, A22; take F1 = F1; ::_thesis: ex G1 being LTL-formula st ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) take G1 = G1; ::_thesis: ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) 1 + k < j + 1 by A37, NAT_1:13; hence ( K . j = F1 & K . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A13, A7, A15, A18, A19, A20, A22, A37, A36, A38, FINSEQ_1:24; ::_thesis: verum end; hence ex H1, F1 being LTL-formula st ( K . j = H1 & K . (j + 1) = F1 & H1 is_immediate_constituent_of F1 ) by A25, A29, XXREAL_0:1; ::_thesis: verum end; assume A39: F = H ; ::_thesis: contradiction F is_proper_subformula_of G by A1, A2, Def23; then A40: len F < len G by Th32; G is_proper_subformula_of H by A3, A4, Def23; hence contradiction by A39, A40, Th32; ::_thesis: verum end; theorem Th35: :: MODELC_2:35 for F, G, H being LTL-formula st F is_subformula_of G & G is_subformula_of H holds F is_subformula_of H proof let F, G, H be LTL-formula; ::_thesis: ( F is_subformula_of G & G is_subformula_of H implies F is_subformula_of H ) assume that A1: F is_subformula_of G and A2: G is_subformula_of H ; ::_thesis: F is_subformula_of H now__::_thesis:_(_F_<>_G_implies_F_is_subformula_of_H_) assume F <> G ; ::_thesis: F is_subformula_of H then A3: F is_proper_subformula_of G by A1, Def23; now__::_thesis:_(_G_<>_H_implies_F_is_subformula_of_H_) assume G <> H ; ::_thesis: F is_subformula_of H then G is_proper_subformula_of H by A2, Def23; then F is_proper_subformula_of H by A3, Th34; hence F is_subformula_of H by Def23; ::_thesis: verum end; hence F is_subformula_of H by A1; ::_thesis: verum end; hence F is_subformula_of H by A2; ::_thesis: verum end; theorem :: MODELC_2:36 for G, H being LTL-formula st G is_subformula_of H & H is_subformula_of G holds G = H proof let G, H be LTL-formula; ::_thesis: ( G is_subformula_of H & H is_subformula_of G implies G = H ) assume that A1: G is_subformula_of H and A2: H is_subformula_of G ; ::_thesis: G = H assume A3: G <> H ; ::_thesis: contradiction then G is_proper_subformula_of H by A1, Def23; then A4: len G < len H by Th32; H is_proper_subformula_of G by A2, A3, Def23; hence contradiction by A4, Th32; ::_thesis: verum end; theorem Th37: :: MODELC_2:37 for G, F being LTL-formula st ( G is negative or G is next ) & F is_proper_subformula_of G holds F is_subformula_of the_argument_of G proof let G, F be LTL-formula; ::_thesis: ( ( G is negative or G is next ) & F is_proper_subformula_of G implies F is_subformula_of the_argument_of G ) assume that A1: ( G is negative or G is next ) and A2: F is_subformula_of G and A3: F <> G ; :: according to MODELC_2:def_23 ::_thesis: F is_subformula_of the_argument_of G consider n being Nat, L being FinSequence such that A4: 1 <= n and A5: len L = n and A6: L . 1 = F and A7: L . n = G and A8: for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) by A2, Def22; 1 < n by A3, A4, A6, A7, XXREAL_0:1; then 1 + 1 <= n by NAT_1:13; then consider k being Nat such that A9: n = 2 + k by NAT_1:10; reconsider L1 = L | (Seg (1 + k)) as FinSequence by FINSEQ_1:15; take m = 1 + k; :: according to MODELC_2:def_22 ::_thesis: ex L being FinSequence st ( 1 <= m & len L = m & L . 1 = F & L . m = the_argument_of G & ( for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) take L1 ; ::_thesis: ( 1 <= m & len L1 = m & L1 . 1 = F & L1 . m = the_argument_of G & ( for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L1 . k = H1 & L1 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) thus A10: 1 <= m by NAT_1:11; ::_thesis: ( len L1 = m & L1 . 1 = F & L1 . m = the_argument_of G & ( for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L1 . k = H1 & L1 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) 1 + k <= (1 + k) + 1 by NAT_1:11; hence len L1 = m by A5, A9, FINSEQ_1:17; ::_thesis: ( L1 . 1 = F & L1 . m = the_argument_of G & ( for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L1 . k = H1 & L1 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) A11: now__::_thesis:_for_j_being_Nat_st_1_<=_j_&_j_<=_m_holds_ L1_._j_=_L_._j let j be Nat; ::_thesis: ( 1 <= j & j <= m implies L1 . j = L . j ) A12: j is Element of NAT by ORDINAL1:def_12; assume ( 1 <= j & j <= m ) ; ::_thesis: L1 . j = L . j then j in { j1 where j1 is Element of NAT : ( 1 <= j1 & j1 <= 1 + k ) } by A12; then j in Seg (1 + k) by FINSEQ_1:def_1; hence L1 . j = L . j by FUNCT_1:49; ::_thesis: verum end; hence L1 . 1 = F by A6, A10; ::_thesis: ( L1 . m = the_argument_of G & ( for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L1 . k = H1 & L1 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) m < m + 1 by NAT_1:13; then consider F1, G1 being LTL-formula such that A13: L . m = F1 and A14: ( L . (m + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A8, A9, NAT_1:11; F1 = the_argument_of G by A1, A7, A9, A14, Th20, Th21; hence L1 . m = the_argument_of G by A10, A11, A13; ::_thesis: for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L1 . k = H1 & L1 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) let j be Nat; ::_thesis: ( 1 <= j & j < m implies ex H1, F1 being LTL-formula st ( L1 . j = H1 & L1 . (j + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) assume that A15: 1 <= j and A16: j < m ; ::_thesis: ex H1, F1 being LTL-formula st ( L1 . j = H1 & L1 . (j + 1) = F1 & H1 is_immediate_constituent_of F1 ) m <= m + 1 by NAT_1:11; then j < n by A9, A16, XXREAL_0:2; then consider F1, G1 being LTL-formula such that A17: ( L . j = F1 & L . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A8, A15; take F1 ; ::_thesis: ex F1 being LTL-formula st ( L1 . j = F1 & L1 . (j + 1) = F1 & F1 is_immediate_constituent_of F1 ) take G1 ; ::_thesis: ( L1 . j = F1 & L1 . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) ( 1 <= 1 + j & j + 1 <= m ) by A15, A16, NAT_1:13; hence ( L1 . j = F1 & L1 . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A11, A15, A16, A17; ::_thesis: verum end; theorem Th38: :: MODELC_2:38 for G, F being LTL-formula st ( G is conjunctive or G is disjunctive or G is Until or G is Release ) & F is_proper_subformula_of G & not F is_subformula_of the_left_argument_of G holds F is_subformula_of the_right_argument_of G proof let G, F be LTL-formula; ::_thesis: ( ( G is conjunctive or G is disjunctive or G is Until or G is Release ) & F is_proper_subformula_of G & not F is_subformula_of the_left_argument_of G implies F is_subformula_of the_right_argument_of G ) assume that A1: ( G is conjunctive or G is disjunctive or G is Until or G is Release ) and A2: F is_subformula_of G and A3: F <> G ; :: according to MODELC_2:def_23 ::_thesis: ( F is_subformula_of the_left_argument_of G or F is_subformula_of the_right_argument_of G ) consider n being Nat, L being FinSequence such that A4: 1 <= n and A5: len L = n and A6: L . 1 = F and A7: L . n = G and A8: for k being Nat st 1 <= k & k < n holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) by A2, Def22; 1 < n by A3, A4, A6, A7, XXREAL_0:1; then 1 + 1 <= n by NAT_1:13; then consider k being Nat such that A9: n = 2 + k by NAT_1:10; reconsider L1 = L | (Seg (1 + k)) as FinSequence by FINSEQ_1:15; (1 + 1) + k = (1 + k) + 1 ; then 1 + k < n by A9, NAT_1:13; then consider H1, G1 being LTL-formula such that A10: L . (1 + k) = H1 and A11: ( L . ((1 + k) + 1) = G1 & H1 is_immediate_constituent_of G1 ) by A8, NAT_1:11; F is_subformula_of H1 proof take m = 1 + k; :: according to MODELC_2:def_22 ::_thesis: ex L being FinSequence st ( 1 <= m & len L = m & L . 1 = F & L . m = H1 & ( for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L . k = H1 & L . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) take L1 ; ::_thesis: ( 1 <= m & len L1 = m & L1 . 1 = F & L1 . m = H1 & ( for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L1 . k = H1 & L1 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) thus A12: 1 <= m by NAT_1:11; ::_thesis: ( len L1 = m & L1 . 1 = F & L1 . m = H1 & ( for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L1 . k = H1 & L1 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) 1 + k <= (1 + k) + 1 by NAT_1:11; hence len L1 = m by A5, A9, FINSEQ_1:17; ::_thesis: ( L1 . 1 = F & L1 . m = H1 & ( for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L1 . k = H1 & L1 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) A13: now__::_thesis:_for_j_being_Nat_st_1_<=_j_&_j_<=_m_holds_ L1_._j_=_L_._j let j be Nat; ::_thesis: ( 1 <= j & j <= m implies L1 . j = L . j ) A14: j is Element of NAT by ORDINAL1:def_12; assume ( 1 <= j & j <= m ) ; ::_thesis: L1 . j = L . j then j in { j1 where j1 is Element of NAT : ( 1 <= j1 & j1 <= 1 + k ) } by A14; then j in Seg (1 + k) by FINSEQ_1:def_1; hence L1 . j = L . j by FUNCT_1:49; ::_thesis: verum end; hence L1 . 1 = F by A6, A12; ::_thesis: ( L1 . m = H1 & ( for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L1 . k = H1 & L1 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) ) thus L1 . m = H1 by A10, A12, A13; ::_thesis: for k being Nat st 1 <= k & k < m holds ex H1, F1 being LTL-formula st ( L1 . k = H1 & L1 . (k + 1) = F1 & H1 is_immediate_constituent_of F1 ) let j be Nat; ::_thesis: ( 1 <= j & j < m implies ex H1, F1 being LTL-formula st ( L1 . j = H1 & L1 . (j + 1) = F1 & H1 is_immediate_constituent_of F1 ) ) assume that A15: 1 <= j and A16: j < m ; ::_thesis: ex H1, F1 being LTL-formula st ( L1 . j = H1 & L1 . (j + 1) = F1 & H1 is_immediate_constituent_of F1 ) m <= m + 1 by NAT_1:11; then j < n by A9, A16, XXREAL_0:2; then consider F1, G1 being LTL-formula such that A17: ( L . j = F1 & L . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A8, A15; take F1 ; ::_thesis: ex F1 being LTL-formula st ( L1 . j = F1 & L1 . (j + 1) = F1 & F1 is_immediate_constituent_of F1 ) take G1 ; ::_thesis: ( L1 . j = F1 & L1 . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) ( 1 <= 1 + j & j + 1 <= m ) by A15, A16, NAT_1:13; hence ( L1 . j = F1 & L1 . (j + 1) = G1 & F1 is_immediate_constituent_of G1 ) by A13, A15, A16, A17; ::_thesis: verum end; hence ( F is_subformula_of the_left_argument_of G or F is_subformula_of the_right_argument_of G ) by A1, A7, A9, A11, Th22, Th23, Th24, Th25; ::_thesis: verum end; theorem :: MODELC_2:39 for F, H being LTL-formula st F is_proper_subformula_of 'not' H holds F is_subformula_of H proof let F, H be LTL-formula; ::_thesis: ( F is_proper_subformula_of 'not' H implies F is_subformula_of H ) assume A1: F is_proper_subformula_of 'not' H ; ::_thesis: F is_subformula_of H A2: 'not' H is negative by Def12; then the_argument_of ('not' H) = H by Def18; hence F is_subformula_of H by A1, A2, Th37; ::_thesis: verum end; theorem :: MODELC_2:40 for F, H being LTL-formula st F is_proper_subformula_of 'X' H holds F is_subformula_of H proof let F, H be LTL-formula; ::_thesis: ( F is_proper_subformula_of 'X' H implies F is_subformula_of H ) assume A1: F is_proper_subformula_of 'X' H ; ::_thesis: F is_subformula_of H A2: 'X' H is next by Def15; then not 'X' H is negative by Lm19; then the_argument_of ('X' H) = H by A2, Def18; hence F is_subformula_of H by A1, A2, Th37; ::_thesis: verum end; theorem :: MODELC_2:41 for F, G, H being LTL-formula holds ( not F is_proper_subformula_of G '&' H or F is_subformula_of G or F is_subformula_of H ) proof let F, G, H be LTL-formula; ::_thesis: ( not F is_proper_subformula_of G '&' H or F is_subformula_of G or F is_subformula_of H ) assume A1: F is_proper_subformula_of G '&' H ; ::_thesis: ( F is_subformula_of G or F is_subformula_of H ) A2: G '&' H is conjunctive by Def13; then ( the_left_argument_of (G '&' H) = G & the_right_argument_of (G '&' H) = H ) by Def19, Def20; hence ( F is_subformula_of G or F is_subformula_of H ) by A1, A2, Th38; ::_thesis: verum end; theorem :: MODELC_2:42 for F, G, H being LTL-formula holds ( not F is_proper_subformula_of G 'or' H or F is_subformula_of G or F is_subformula_of H ) proof let F, G, H be LTL-formula; ::_thesis: ( not F is_proper_subformula_of G 'or' H or F is_subformula_of G or F is_subformula_of H ) assume A1: F is_proper_subformula_of G 'or' H ; ::_thesis: ( F is_subformula_of G or F is_subformula_of H ) A2: G 'or' H is disjunctive by Def14; then ( the_left_argument_of (G 'or' H) = G & the_right_argument_of (G 'or' H) = H ) by Def19, Def20; hence ( F is_subformula_of G or F is_subformula_of H ) by A1, A2, Th38; ::_thesis: verum end; theorem :: MODELC_2:43 for F, G, H being LTL-formula holds ( not F is_proper_subformula_of G 'U' H or F is_subformula_of G or F is_subformula_of H ) proof let F, G, H be LTL-formula; ::_thesis: ( not F is_proper_subformula_of G 'U' H or F is_subformula_of G or F is_subformula_of H ) assume A1: F is_proper_subformula_of G 'U' H ; ::_thesis: ( F is_subformula_of G or F is_subformula_of H ) A2: G 'U' H is Until by Def16; then ( the_left_argument_of (G 'U' H) = G & the_right_argument_of (G 'U' H) = H ) by Def19, Def20; hence ( F is_subformula_of G or F is_subformula_of H ) by A1, A2, Th38; ::_thesis: verum end; theorem :: MODELC_2:44 for F, G, H being LTL-formula holds ( not F is_proper_subformula_of G 'R' H or F is_subformula_of G or F is_subformula_of H ) proof let F, G, H be LTL-formula; ::_thesis: ( not F is_proper_subformula_of G 'R' H or F is_subformula_of G or F is_subformula_of H ) assume A1: F is_proper_subformula_of G 'R' H ; ::_thesis: ( F is_subformula_of G or F is_subformula_of H ) set G1 = G 'R' H; A2: G 'R' H is Release by Def17; then A3: not G 'R' H is Until by Lm21; ( not G 'R' H is conjunctive & not G 'R' H is disjunctive ) by A2, Lm21; then ( the_left_argument_of (G 'R' H) = G & the_right_argument_of (G 'R' H) = H ) by A2, A3, Def19, Def20; hence ( F is_subformula_of G or F is_subformula_of H ) by A1, A2, Th38; ::_thesis: verum end; definition let H be LTL-formula; func Subformulae H -> set means :Def24: :: MODELC_2:def 24 for a being set holds ( a in it iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ); existence ex b1 being set st for a being set holds ( a in b1 iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) proof defpred S1[ set ] means ex F being LTL-formula st ( F = $1 & F is_subformula_of H ); consider X being set such that A1: for a being set holds ( a in X iff ( a in NAT * & S1[a] ) ) from XBOOLE_0:sch_1(); take X ; ::_thesis: for a being set holds ( a in X iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) let a be set ; ::_thesis: ( a in X iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) thus ( a in X implies ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) by A1; ::_thesis: ( ex F being LTL-formula st ( F = a & F is_subformula_of H ) implies a in X ) given F being LTL-formula such that A2: ( F = a & F is_subformula_of H ) ; ::_thesis: a in X F in NAT * by FINSEQ_1:def_11; hence a in X by A1, A2; ::_thesis: verum end; uniqueness for b1, b2 being set st ( for a being set holds ( a in b1 iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) ) & ( for a being set holds ( a in b2 iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) ) holds b1 = b2 proof let X, Y be set ; ::_thesis: ( ( for a being set holds ( a in X iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) ) & ( for a being set holds ( a in Y iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) ) implies X = Y ) assume that A3: for a being set holds ( a in X iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) and A4: for a being set holds ( a in Y iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) ; ::_thesis: X = Y now__::_thesis:_for_a_being_set_holds_ (_(_a_in_X_implies_a_in_Y_)_&_(_a_in_Y_implies_a_in_X_)_) let a be set ; ::_thesis: ( ( a in X implies a in Y ) & ( a in Y implies a in X ) ) thus ( a in X implies a in Y ) ::_thesis: ( a in Y implies a in X ) proof assume a in X ; ::_thesis: a in Y then ex F being LTL-formula st ( F = a & F is_subformula_of H ) by A3; hence a in Y by A4; ::_thesis: verum end; assume a in Y ; ::_thesis: a in X then ex F being LTL-formula st ( F = a & F is_subformula_of H ) by A4; hence a in X by A3; ::_thesis: verum end; hence X = Y by TARSKI:1; ::_thesis: verum end; end; :: deftheorem Def24 defines Subformulae MODELC_2:def_24_:_ for H being LTL-formula for b2 being set holds ( b2 = Subformulae H iff for a being set holds ( a in b2 iff ex F being LTL-formula st ( F = a & F is_subformula_of H ) ) ); theorem Th45: :: MODELC_2:45 for G, H being LTL-formula holds ( G in Subformulae H iff G is_subformula_of H ) proof let G, H be LTL-formula; ::_thesis: ( G in Subformulae H iff G is_subformula_of H ) ( G in Subformulae H implies G is_subformula_of H ) proof assume G in Subformulae H ; ::_thesis: G is_subformula_of H then ex F being LTL-formula st ( F = G & F is_subformula_of H ) by Def24; hence G is_subformula_of H ; ::_thesis: verum end; hence ( G in Subformulae H iff G is_subformula_of H ) by Def24; ::_thesis: verum end; registration let H be LTL-formula; cluster Subformulae H -> non empty ; coherence not Subformulae H is empty by Th45; end; theorem :: MODELC_2:46 for F, H being LTL-formula st F is_subformula_of H holds Subformulae F c= Subformulae H proof let F, H be LTL-formula; ::_thesis: ( F is_subformula_of H implies Subformulae F c= Subformulae H ) assume A1: F is_subformula_of H ; ::_thesis: Subformulae F c= Subformulae H let a be set ; :: according to TARSKI:def_3 ::_thesis: ( not a in Subformulae F or a in Subformulae H ) assume a in Subformulae F ; ::_thesis: a in Subformulae H then consider F1 being LTL-formula such that A2: F1 = a and A3: F1 is_subformula_of F by Def24; F1 is_subformula_of H by A1, A3, Th35; hence a in Subformulae H by A2, Def24; ::_thesis: verum end; theorem :: MODELC_2:47 for a being set for H being LTL-formula st a is Subset of (Subformulae H) holds a is Subset of LTL_WFF proof let a be set ; ::_thesis: for H being LTL-formula st a is Subset of (Subformulae H) holds a is Subset of LTL_WFF let H be LTL-formula; ::_thesis: ( a is Subset of (Subformulae H) implies a is Subset of LTL_WFF ) assume A1: a is Subset of (Subformulae H) ; ::_thesis: a is Subset of LTL_WFF for x being set st x in a holds x in LTL_WFF proof let x be set ; ::_thesis: ( x in a implies x in LTL_WFF ) assume x in a ; ::_thesis: x in LTL_WFF then ex F being LTL-formula st ( F = x & F is_subformula_of H ) by A1, Def24; hence x in LTL_WFF by Th1; ::_thesis: verum end; hence a is Subset of LTL_WFF by TARSKI:def_3; ::_thesis: verum end; scheme :: MODELC_2:sch 1 LTLInd{ P1[ LTL-formula] } : for H being LTL-formula holds P1[H] provided A1: for H being LTL-formula st H is atomic holds P1[H] and A2: for H being LTL-formula st ( H is negative or H is next ) & P1[ the_argument_of H] holds P1[H] and A3: for H being LTL-formula st ( H is conjunctive or H is disjunctive or H is Until or H is Release ) & P1[ the_left_argument_of H] & P1[ the_right_argument_of H] holds P1[H] proof defpred S1[ Nat] means for H being LTL-formula st len H = $1 holds P1[H]; A4: for n being Nat st ( for k being Nat st k < n holds S1[k] ) holds S1[n] proof let n be Nat; ::_thesis: ( ( for k being Nat st k < n holds S1[k] ) implies S1[n] ) assume A5: for k being Nat st k < n holds for H being LTL-formula st len H = k holds P1[H] ; ::_thesis: S1[n] let H be LTL-formula; ::_thesis: ( len H = n implies P1[H] ) assume A6: len H = n ; ::_thesis: P1[H] A7: now__::_thesis:_(_(_H_is_conjunctive_or_H_is_disjunctive_or_H_is_Until_or_H_is_Release_)_implies_P1[H]_) assume A8: ( H is conjunctive or H is disjunctive or H is Until or H is Release ) ; ::_thesis: P1[H] then len (the_right_argument_of H) < len H by Th11; then A9: P1[ the_right_argument_of H] by A5, A6; len (the_left_argument_of H) < len H by A8, Th11; then P1[ the_left_argument_of H] by A5, A6; hence P1[H] by A3, A8, A9; ::_thesis: verum end; now__::_thesis:_(_(_H_is_negative_or_H_is_next_)_implies_P1[H]_) assume A10: ( H is negative or H is next ) ; ::_thesis: P1[H] then len (the_argument_of H) < len H by Th10; then P1[ the_argument_of H] by A5, A6; hence P1[H] by A2, A10; ::_thesis: verum end; hence P1[H] by A1, A7, Th2; ::_thesis: verum end; A11: for n being Nat holds S1[n] from NAT_1:sch_4(A4); let H be LTL-formula; ::_thesis: P1[H] len H = len H ; hence P1[H] by A11; ::_thesis: verum end; scheme :: MODELC_2:sch 2 LTLCompInd{ P1[ LTL-formula] } : for H being LTL-formula holds P1[H] provided A1: for H being LTL-formula st ( for F being LTL-formula st F is_proper_subformula_of H holds P1[F] ) holds P1[H] proof defpred S1[ Nat] means for H being LTL-formula st len H = $1 holds P1[H]; A2: for n being Nat st ( for k being Nat st k < n holds S1[k] ) holds S1[n] proof let n be Nat; ::_thesis: ( ( for k being Nat st k < n holds S1[k] ) implies S1[n] ) assume A3: for k being Nat st k < n holds for H being LTL-formula st len H = k holds P1[H] ; ::_thesis: S1[n] let H be LTL-formula; ::_thesis: ( len H = n implies P1[H] ) assume A4: len H = n ; ::_thesis: P1[H] now__::_thesis:_for_F_being_LTL-formula_st_F_is_proper_subformula_of_H_holds_ P1[F] let F be LTL-formula; ::_thesis: ( F is_proper_subformula_of H implies P1[F] ) assume F is_proper_subformula_of H ; ::_thesis: P1[F] then len F < len H by Th32; hence P1[F] by A3, A4; ::_thesis: verum end; hence P1[H] by A1; ::_thesis: verum end; A5: for n being Nat holds S1[n] from NAT_1:sch_4(A2); let H be LTL-formula; ::_thesis: P1[H] len H = len H ; hence P1[H] by A5; ::_thesis: verum end; definition let x be set ; func CastLTL x -> LTL-formula equals :Def25: :: MODELC_2:def 25 x if x in LTL_WFF otherwise atom. 0; correctness coherence ( ( x in LTL_WFF implies x is LTL-formula ) & ( not x in LTL_WFF implies atom. 0 is LTL-formula ) ); consistency for b1 being LTL-formula holds verum; by Th1; end; :: deftheorem Def25 defines CastLTL MODELC_2:def_25_:_ for x being set holds ( ( x in LTL_WFF implies CastLTL x = x ) & ( not x in LTL_WFF implies CastLTL x = atom. 0 ) ); definition attrc1 is strict ; struct LTLModelStr -> OrthoLattStr ; aggrLTLModelStr(# carrier, BasicAssign, L_meet, L_join, Compl, NEXT, UNTIL, RELEASE #) -> LTLModelStr ; sel BasicAssign c1 -> Subset of the carrier of c1; sel NEXT c1 -> UnOp of the carrier of c1; sel UNTIL c1 -> BinOp of the carrier of c1; sel RELEASE c1 -> BinOp of the carrier of c1; end; definition let V be LTLModelStr ; mode Assign of V is Element of the carrier of V; end; definition func atomic_LTL -> Subset of LTL_WFF equals :: MODELC_2:def 26 { x where x is LTL-formula : x is atomic } ; correctness coherence { x where x is LTL-formula : x is atomic } is Subset of LTL_WFF; proof set X = { x where x is LTL-formula : x is atomic } ; { x where x is LTL-formula : x is atomic } c= LTL_WFF proof let y be set ; :: according to TARSKI:def_3 ::_thesis: ( not y in { x where x is LTL-formula : x is atomic } or y in LTL_WFF ) assume y in { x where x is LTL-formula : x is atomic } ; ::_thesis: y in LTL_WFF then ex x being LTL-formula st ( y = x & x is atomic ) ; hence y in LTL_WFF by Th1; ::_thesis: verum end; hence { x where x is LTL-formula : x is atomic } is Subset of LTL_WFF ; ::_thesis: verum end; end; :: deftheorem defines atomic_LTL MODELC_2:def_26_:_ atomic_LTL = { x where x is LTL-formula : x is atomic } ; definition let V be LTLModelStr ; let Kai be Function of atomic_LTL, the BasicAssign of V; let f be Function of LTL_WFF, the carrier of V; predf is-Evaluation-for Kai means :Def27: :: MODELC_2:def 27 for H being LTL-formula holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ); end; :: deftheorem Def27 defines is-Evaluation-for MODELC_2:def_27_:_ for V being LTLModelStr for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V holds ( f is-Evaluation-for Kai iff for H being LTL-formula holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ); definition let V be LTLModelStr ; let Kai be Function of atomic_LTL, the BasicAssign of V; let f be Function of LTL_WFF, the carrier of V; let n be Nat; predf is-PreEvaluation-for n,Kai means :Def28: :: MODELC_2:def 28 for H being LTL-formula st len H <= n holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ); end; :: deftheorem Def28 defines is-PreEvaluation-for MODELC_2:def_28_:_ for V being LTLModelStr for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V for n being Nat holds ( f is-PreEvaluation-for n,Kai iff for H being LTL-formula st len H <= n holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ); definition let V be LTLModelStr ; let Kai be Function of atomic_LTL, the BasicAssign of V; let f, h be Function of LTL_WFF, the carrier of V; let n be Nat; let H be LTL-formula; func GraftEval (V,Kai,f,h,n,H) -> set equals :Def29: :: MODELC_2:def 29 f . H if len H > n + 1 Kai . H if ( len H = n + 1 & H is atomic ) the Compl of V . (h . (the_argument_of H)) if ( len H = n + 1 & H is negative ) the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) if ( len H = n + 1 & H is conjunctive ) the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) if ( len H = n + 1 & H is disjunctive ) the NEXT of V . (h . (the_argument_of H)) if ( len H = n + 1 & H is next ) the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) if ( len H = n + 1 & H is Until ) the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) if ( len H = n + 1 & H is Release ) h . H if len H < n + 1 otherwise {} ; coherence ( ( len H > n + 1 implies f . H is set ) & ( len H = n + 1 & H is atomic implies Kai . H is set ) & ( len H = n + 1 & H is negative implies the Compl of V . (h . (the_argument_of H)) is set ) & ( len H = n + 1 & H is conjunctive implies the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) is set ) & ( len H = n + 1 & H is disjunctive implies the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) is set ) & ( len H = n + 1 & H is next implies the NEXT of V . (h . (the_argument_of H)) is set ) & ( len H = n + 1 & H is Until implies the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) is set ) & ( len H = n + 1 & H is Release implies the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) is set ) & ( len H < n + 1 implies h . H is set ) & ( not len H > n + 1 & ( not len H = n + 1 or not H is atomic ) & ( not len H = n + 1 or not H is negative ) & ( not len H = n + 1 or not H is conjunctive ) & ( not len H = n + 1 or not H is disjunctive ) & ( not len H = n + 1 or not H is next ) & ( not len H = n + 1 or not H is Until ) & ( not len H = n + 1 or not H is Release ) & not len H < n + 1 implies {} is set ) ) ; consistency for b1 being set holds ( ( len H > n + 1 & len H = n + 1 & H is atomic implies ( b1 = f . H iff b1 = Kai . H ) ) & ( len H > n + 1 & len H = n + 1 & H is negative implies ( b1 = f . H iff b1 = the Compl of V . (h . (the_argument_of H)) ) ) & ( len H > n + 1 & len H = n + 1 & H is conjunctive implies ( b1 = f . H iff b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H > n + 1 & len H = n + 1 & H is disjunctive implies ( b1 = f . H iff b1 = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H > n + 1 & len H = n + 1 & H is next implies ( b1 = f . H iff b1 = the NEXT of V . (h . (the_argument_of H)) ) ) & ( len H > n + 1 & len H = n + 1 & H is Until implies ( b1 = f . H iff b1 = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H > n + 1 & len H = n + 1 & H is Release implies ( b1 = f . H iff b1 = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H > n + 1 & len H < n + 1 implies ( b1 = f . H iff b1 = h . H ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is negative implies ( b1 = Kai . H iff b1 = the Compl of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is conjunctive implies ( b1 = Kai . H iff b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is disjunctive implies ( b1 = Kai . H iff b1 = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is next implies ( b1 = Kai . H iff b1 = the NEXT of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is Until implies ( b1 = Kai . H iff b1 = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is Release implies ( b1 = Kai . H iff b1 = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is atomic & len H < n + 1 implies ( b1 = Kai . H iff b1 = h . H ) ) & ( len H = n + 1 & H is negative & len H = n + 1 & H is conjunctive implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is negative & len H = n + 1 & H is disjunctive implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is negative & len H = n + 1 & H is next implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = the NEXT of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is negative & len H = n + 1 & H is Until implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is negative & len H = n + 1 & H is Release implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is negative & len H < n + 1 implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = h . H ) ) & ( len H = n + 1 & H is conjunctive & len H = n + 1 & H is disjunctive implies ( b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is conjunctive & len H = n + 1 & H is next implies ( b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the NEXT of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is conjunctive & len H = n + 1 & H is Until implies ( b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is conjunctive & len H = n + 1 & H is Release implies ( b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is conjunctive & len H < n + 1 implies ( b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = h . H ) ) & ( len H = n + 1 & H is disjunctive & len H = n + 1 & H is next implies ( b1 = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the NEXT of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is disjunctive & len H = n + 1 & H is Until implies ( b1 = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is disjunctive & len H = n + 1 & H is Release implies ( b1 = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is disjunctive & len H < n + 1 implies ( b1 = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = h . H ) ) & ( len H = n + 1 & H is next & len H = n + 1 & H is Until implies ( b1 = the NEXT of V . (h . (the_argument_of H)) iff b1 = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is next & len H = n + 1 & H is Release implies ( b1 = the NEXT of V . (h . (the_argument_of H)) iff b1 = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is next & len H < n + 1 implies ( b1 = the NEXT of V . (h . (the_argument_of H)) iff b1 = h . H ) ) & ( len H = n + 1 & H is Until & len H = n + 1 & H is Release implies ( b1 = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is Until & len H < n + 1 implies ( b1 = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = h . H ) ) & ( len H = n + 1 & H is Release & len H < n + 1 implies ( b1 = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = h . H ) ) ) by Lm16, Lm17, Lm18, Lm19, Lm20, Lm21; end; :: deftheorem Def29 defines GraftEval MODELC_2:def_29_:_ for V being LTLModelStr for Kai being Function of atomic_LTL, the BasicAssign of V for f, h being Function of LTL_WFF, the carrier of V for n being Nat for H being LTL-formula holds ( ( len H > n + 1 implies GraftEval (V,Kai,f,h,n,H) = f . H ) & ( len H = n + 1 & H is atomic implies GraftEval (V,Kai,f,h,n,H) = Kai . H ) & ( len H = n + 1 & H is negative implies GraftEval (V,Kai,f,h,n,H) = the Compl of V . (h . (the_argument_of H)) ) & ( len H = n + 1 & H is conjunctive implies GraftEval (V,Kai,f,h,n,H) = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) & ( len H = n + 1 & H is disjunctive implies GraftEval (V,Kai,f,h,n,H) = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) & ( len H = n + 1 & H is next implies GraftEval (V,Kai,f,h,n,H) = the NEXT of V . (h . (the_argument_of H)) ) & ( len H = n + 1 & H is Until implies GraftEval (V,Kai,f,h,n,H) = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) & ( len H = n + 1 & H is Release implies GraftEval (V,Kai,f,h,n,H) = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) & ( len H < n + 1 implies GraftEval (V,Kai,f,h,n,H) = h . H ) & ( not len H > n + 1 & ( not len H = n + 1 or not H is atomic ) & ( not len H = n + 1 or not H is negative ) & ( not len H = n + 1 or not H is conjunctive ) & ( not len H = n + 1 or not H is disjunctive ) & ( not len H = n + 1 or not H is next ) & ( not len H = n + 1 or not H is Until ) & ( not len H = n + 1 or not H is Release ) & not len H < n + 1 implies GraftEval (V,Kai,f,h,n,H) = {} ) ); definition let C be LTLModelStr ; attrC is with_basic means :Def30: :: MODELC_2:def 30 not the BasicAssign of C is empty ; end; :: deftheorem Def30 defines with_basic MODELC_2:def_30_:_ for C being LTLModelStr holds ( C is with_basic iff not the BasicAssign of C is empty ); definition func TrivialLTLModel -> LTLModelStr equals :: MODELC_2:def 31 LTLModelStr(# 1,([#] 1),op2,op2,op1,op1,op2,op2 #); coherence LTLModelStr(# 1,([#] 1),op2,op2,op1,op1,op2,op2 #) is LTLModelStr ; end; :: deftheorem defines TrivialLTLModel MODELC_2:def_31_:_ TrivialLTLModel = LTLModelStr(# 1,([#] 1),op2,op2,op1,op1,op2,op2 #); registration cluster TrivialLTLModel -> non empty strict with_basic ; coherence ( TrivialLTLModel is with_basic & TrivialLTLModel is strict & not TrivialLTLModel is empty ) proof thus not the BasicAssign of TrivialLTLModel is empty ; :: according to MODELC_2:def_30 ::_thesis: ( TrivialLTLModel is strict & not TrivialLTLModel is empty ) thus ( TrivialLTLModel is strict & not TrivialLTLModel is empty ) ; ::_thesis: verum end; end; registration cluster non empty for LTLModelStr ; existence not for b1 being LTLModelStr holds b1 is empty proof take TrivialLTLModel ; ::_thesis: not TrivialLTLModel is empty thus not TrivialLTLModel is empty ; ::_thesis: verum end; end; registration cluster non empty with_basic for LTLModelStr ; existence ex b1 being non empty LTLModelStr st b1 is with_basic proof take TrivialLTLModel ; ::_thesis: TrivialLTLModel is with_basic thus TrivialLTLModel is with_basic ; ::_thesis: verum end; end; definition mode LTLModel is non empty with_basic LTLModelStr ; end; registration let C be LTLModel; cluster the BasicAssign of C -> non empty ; coherence not the BasicAssign of C is empty by Def30; end; Lm22: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V holds f is-PreEvaluation-for 0 ,Kai proof let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V holds f is-PreEvaluation-for 0 ,Kai let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: for f being Function of LTL_WFF, the carrier of V holds f is-PreEvaluation-for 0 ,Kai let f be Function of LTL_WFF, the carrier of V; ::_thesis: f is-PreEvaluation-for 0 ,Kai for H being LTL-formula st len H <= 0 holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by Th3; hence f is-PreEvaluation-for 0 ,Kai by Def28; ::_thesis: verum end; Lm23: for n being Nat for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V st f is-PreEvaluation-for n + 1,Kai holds f is-PreEvaluation-for n,Kai proof let n be Nat; ::_thesis: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V st f is-PreEvaluation-for n + 1,Kai holds f is-PreEvaluation-for n,Kai let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V st f is-PreEvaluation-for n + 1,Kai holds f is-PreEvaluation-for n,Kai let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: for f being Function of LTL_WFF, the carrier of V st f is-PreEvaluation-for n + 1,Kai holds f is-PreEvaluation-for n,Kai let f be Function of LTL_WFF, the carrier of V; ::_thesis: ( f is-PreEvaluation-for n + 1,Kai implies f is-PreEvaluation-for n,Kai ) assume A1: f is-PreEvaluation-for n + 1,Kai ; ::_thesis: f is-PreEvaluation-for n,Kai for H being LTL-formula st len H <= n holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) proof let H be LTL-formula; ::_thesis: ( len H <= n implies ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ) assume len H <= n ; ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) then len H < n + 1 by NAT_1:13; hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by A1, Def28; ::_thesis: verum end; hence f is-PreEvaluation-for n,Kai by Def28; ::_thesis: verum end; Lm24: for n being Nat for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V st f is-Evaluation-for Kai holds f is-PreEvaluation-for n,Kai proof let n be Nat; ::_thesis: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V st f is-Evaluation-for Kai holds f is-PreEvaluation-for n,Kai let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V st f is-Evaluation-for Kai holds f is-PreEvaluation-for n,Kai let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: for f being Function of LTL_WFF, the carrier of V st f is-Evaluation-for Kai holds f is-PreEvaluation-for n,Kai let f be Function of LTL_WFF, the carrier of V; ::_thesis: ( f is-Evaluation-for Kai implies f is-PreEvaluation-for n,Kai ) assume f is-Evaluation-for Kai ; ::_thesis: f is-PreEvaluation-for n,Kai then for H being LTL-formula st len H <= n holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by Def27; hence f is-PreEvaluation-for n,Kai by Def28; ::_thesis: verum end; Lm25: for n being Nat for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for f1, f2 being Function of LTL_WFF, the carrier of V st f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai holds for H being LTL-formula st len H <= n holds f1 . H = f2 . H proof let n be Nat; ::_thesis: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for f1, f2 being Function of LTL_WFF, the carrier of V st f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai holds for H being LTL-formula st len H <= n holds f1 . H = f2 . H let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V for f1, f2 being Function of LTL_WFF, the carrier of V st f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai holds for H being LTL-formula st len H <= n holds f1 . H = f2 . H let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: for f1, f2 being Function of LTL_WFF, the carrier of V st f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai holds for H being LTL-formula st len H <= n holds f1 . H = f2 . H let f1, f2 be Function of LTL_WFF, the carrier of V; ::_thesis: ( f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai implies for H being LTL-formula st len H <= n holds f1 . H = f2 . H ) defpred S1[ Nat] means ( f1 is-PreEvaluation-for $1,Kai & f2 is-PreEvaluation-for $1,Kai implies for H being LTL-formula st len H <= $1 holds f1 . H = f2 . H ); A1: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A2: S1[k] ; ::_thesis: S1[k + 1] assume that A3: f1 is-PreEvaluation-for k + 1,Kai and A4: f2 is-PreEvaluation-for k + 1,Kai ; ::_thesis: for H being LTL-formula st len H <= k + 1 holds f1 . H = f2 . H let H be LTL-formula; ::_thesis: ( len H <= k + 1 implies f1 . H = f2 . H ) assume A5: len H <= k + 1 ; ::_thesis: f1 . H = f2 . H percases ( H is atomic or H is negative or H is next or H is conjunctive or H is disjunctive or H is Until or H is Release ) by Th2; supposeA6: H is atomic ; ::_thesis: f1 . H = f2 . H then f1 . H = Kai . H by A3, A5, Def28; hence f1 . H = f2 . H by A4, A5, A6, Def28; ::_thesis: verum end; supposeA7: H is negative ; ::_thesis: f1 . H = f2 . H then len (the_argument_of H) < len H by Th10; then A8: len (the_argument_of H) <= k by A5, Lm1; f2 . H = the Compl of V . (f2 . (the_argument_of H)) by A4, A5, A7, Def28 .= the Compl of V . (f1 . (the_argument_of H)) by A2, A3, A4, A8, Lm23 ; hence f1 . H = f2 . H by A3, A5, A7, Def28; ::_thesis: verum end; supposeA9: H is next ; ::_thesis: f1 . H = f2 . H then len (the_argument_of H) < len H by Th10; then A10: len (the_argument_of H) <= k by A5, Lm1; f2 . H = the NEXT of V . (f2 . (the_argument_of H)) by A4, A5, A9, Def28 .= the NEXT of V . (f1 . (the_argument_of H)) by A2, A3, A4, A10, Lm23 ; hence f1 . H = f2 . H by A3, A5, A9, Def28; ::_thesis: verum end; supposeA11: H is conjunctive ; ::_thesis: f1 . H = f2 . H then len (the_left_argument_of H) < len H by Th11; then len (the_left_argument_of H) <= k by A5, Lm1; then A12: f1 . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A2, A3, A4, Lm23; len (the_right_argument_of H) < len H by A11, Th11; then A13: len (the_right_argument_of H) <= k by A5, Lm1; f2 . H = the L_meet of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A4, A5, A11, Def28 .= the L_meet of V . ((f1 . (the_left_argument_of H)),(f1 . (the_right_argument_of H))) by A2, A3, A4, A12, A13, Lm23 ; hence f1 . H = f2 . H by A3, A5, A11, Def28; ::_thesis: verum end; supposeA14: H is disjunctive ; ::_thesis: f1 . H = f2 . H then len (the_left_argument_of H) < len H by Th11; then len (the_left_argument_of H) <= k by A5, Lm1; then A15: f1 . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A2, A3, A4, Lm23; len (the_right_argument_of H) < len H by A14, Th11; then A16: len (the_right_argument_of H) <= k by A5, Lm1; f2 . H = the L_join of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A4, A5, A14, Def28 .= the L_join of V . ((f1 . (the_left_argument_of H)),(f1 . (the_right_argument_of H))) by A2, A3, A4, A15, A16, Lm23 ; hence f1 . H = f2 . H by A3, A5, A14, Def28; ::_thesis: verum end; supposeA17: H is Until ; ::_thesis: f1 . H = f2 . H then len (the_left_argument_of H) < len H by Th11; then len (the_left_argument_of H) <= k by A5, Lm1; then A18: f1 . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A2, A3, A4, Lm23; len (the_right_argument_of H) < len H by A17, Th11; then A19: len (the_right_argument_of H) <= k by A5, Lm1; f2 . H = the UNTIL of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A4, A5, A17, Def28 .= the UNTIL of V . ((f1 . (the_left_argument_of H)),(f1 . (the_right_argument_of H))) by A2, A3, A4, A18, A19, Lm23 ; hence f1 . H = f2 . H by A3, A5, A17, Def28; ::_thesis: verum end; supposeA20: H is Release ; ::_thesis: f1 . H = f2 . H then len (the_left_argument_of H) < len H by Th11; then len (the_left_argument_of H) <= k by A5, Lm1; then A21: f1 . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A2, A3, A4, Lm23; len (the_right_argument_of H) < len H by A20, Th11; then A22: len (the_right_argument_of H) <= k by A5, Lm1; f2 . H = the RELEASE of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A4, A5, A20, Def28 .= the RELEASE of V . ((f1 . (the_left_argument_of H)),(f1 . (the_right_argument_of H))) by A2, A3, A4, A21, A22, Lm23 ; hence f1 . H = f2 . H by A3, A5, A20, Def28; ::_thesis: verum end; end; end; A23: S1[ 0 ] by Th3; for n being Nat holds S1[n] from NAT_1:sch_2(A23, A1); hence ( f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai implies for H being LTL-formula st len H <= n holds f1 . H = f2 . H ) ; ::_thesis: verum end; Lm26: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for n being Nat ex f being Function of LTL_WFF, the carrier of V st f is-PreEvaluation-for n,Kai proof let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V for n being Nat ex f being Function of LTL_WFF, the carrier of V st f is-PreEvaluation-for n,Kai let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: for n being Nat ex f being Function of LTL_WFF, the carrier of V st f is-PreEvaluation-for n,Kai defpred S1[ Nat] means ex f being Function of LTL_WFF, the carrier of V st f is-PreEvaluation-for $1,Kai; A1: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume S1[k] ; ::_thesis: S1[k + 1] then consider h being Function of LTL_WFF, the carrier of V such that A2: h is-PreEvaluation-for k,Kai ; S1[k + 1] proof deffunc H1( set ) -> set = GraftEval (V,Kai,h,h,k,(CastLTL $1)); A3: for H being set st H in LTL_WFF holds H1(H) in the carrier of V proof let H be set ; ::_thesis: ( H in LTL_WFF implies H1(H) in the carrier of V ) assume A4: H in LTL_WFF ; ::_thesis: H1(H) in the carrier of V reconsider H = H as LTL-formula by A4, Th1; A5: H1(H) = GraftEval (V,Kai,h,h,k,H) by A4, Def25; percases ( len H > k + 1 or ( len H = k + 1 & H is atomic ) or ( len H = k + 1 & H is negative ) or ( len H = k + 1 & H is conjunctive ) or ( len H = k + 1 & H is disjunctive ) or ( len H = k + 1 & H is next ) or ( len H = k + 1 & H is Until ) or ( len H = k + 1 & H is Release ) or len H < k + 1 ) by Th2, XXREAL_0:1; suppose len H > k + 1 ; ::_thesis: H1(H) in the carrier of V then GraftEval (V,Kai,h,h,k,H) = h . H by Def29; hence H1(H) in the carrier of V by A4, A5, FUNCT_2:5; ::_thesis: verum end; supposeA6: ( len H = k + 1 & H is atomic ) ; ::_thesis: H1(H) in the carrier of V then H in atomic_LTL ; then Kai . H in the BasicAssign of V by FUNCT_2:5; then Kai . H in the carrier of V ; hence H1(H) in the carrier of V by A5, A6, Def29; ::_thesis: verum end; supposeA7: ( len H = k + 1 & H is negative ) ; ::_thesis: H1(H) in the carrier of V the_argument_of H in LTL_WFF by Th1; then A8: h . (the_argument_of H) in the carrier of V by FUNCT_2:5; GraftEval (V,Kai,h,h,k,H) = the Compl of V . (h . (the_argument_of H)) by A7, Def29; hence H1(H) in the carrier of V by A5, A8, FUNCT_2:5; ::_thesis: verum end; suppose ( len H = k + 1 & H is conjunctive ) ; ::_thesis: H1(H) in the carrier of V then A9: GraftEval (V,Kai,h,h,k,H) = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by Def29; the_right_argument_of H in LTL_WFF by Th1; then A10: h . (the_right_argument_of H) in the carrier of V by FUNCT_2:5; the_left_argument_of H in LTL_WFF by Th1; then h . (the_left_argument_of H) in the carrier of V by FUNCT_2:5; then [(h . (the_left_argument_of H)),(h . (the_right_argument_of H))] in [: the carrier of V, the carrier of V:] by A10, ZFMISC_1:def_2; hence H1(H) in the carrier of V by A5, A9, FUNCT_2:5; ::_thesis: verum end; suppose ( len H = k + 1 & H is disjunctive ) ; ::_thesis: H1(H) in the carrier of V then A11: GraftEval (V,Kai,h,h,k,H) = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by Def29; the_right_argument_of H in LTL_WFF by Th1; then A12: h . (the_right_argument_of H) in the carrier of V by FUNCT_2:5; the_left_argument_of H in LTL_WFF by Th1; then h . (the_left_argument_of H) in the carrier of V by FUNCT_2:5; then [(h . (the_left_argument_of H)),(h . (the_right_argument_of H))] in [: the carrier of V, the carrier of V:] by A12, ZFMISC_1:def_2; hence H1(H) in the carrier of V by A5, A11, FUNCT_2:5; ::_thesis: verum end; supposeA13: ( len H = k + 1 & H is next ) ; ::_thesis: H1(H) in the carrier of V the_argument_of H in LTL_WFF by Th1; then A14: h . (the_argument_of H) in the carrier of V by FUNCT_2:5; GraftEval (V,Kai,h,h,k,H) = the NEXT of V . (h . (the_argument_of H)) by A13, Def29; hence H1(H) in the carrier of V by A5, A14, FUNCT_2:5; ::_thesis: verum end; suppose ( len H = k + 1 & H is Until ) ; ::_thesis: H1(H) in the carrier of V then A15: GraftEval (V,Kai,h,h,k,H) = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by Def29; the_right_argument_of H in LTL_WFF by Th1; then A16: h . (the_right_argument_of H) in the carrier of V by FUNCT_2:5; the_left_argument_of H in LTL_WFF by Th1; then h . (the_left_argument_of H) in the carrier of V by FUNCT_2:5; then [(h . (the_left_argument_of H)),(h . (the_right_argument_of H))] in [: the carrier of V, the carrier of V:] by A16, ZFMISC_1:def_2; hence H1(H) in the carrier of V by A5, A15, FUNCT_2:5; ::_thesis: verum end; suppose ( len H = k + 1 & H is Release ) ; ::_thesis: H1(H) in the carrier of V then A17: GraftEval (V,Kai,h,h,k,H) = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by Def29; the_right_argument_of H in LTL_WFF by Th1; then A18: h . (the_right_argument_of H) in the carrier of V by FUNCT_2:5; the_left_argument_of H in LTL_WFF by Th1; then h . (the_left_argument_of H) in the carrier of V by FUNCT_2:5; then [(h . (the_left_argument_of H)),(h . (the_right_argument_of H))] in [: the carrier of V, the carrier of V:] by A18, ZFMISC_1:def_2; hence H1(H) in the carrier of V by A5, A17, FUNCT_2:5; ::_thesis: verum end; suppose len H < k + 1 ; ::_thesis: H1(H) in the carrier of V then GraftEval (V,Kai,h,h,k,H) = h . H by Def29; hence H1(H) in the carrier of V by A4, A5, FUNCT_2:5; ::_thesis: verum end; end; end; consider f being Function of LTL_WFF, the carrier of V such that A19: for H being set st H in LTL_WFF holds f . H = H1(H) from FUNCT_2:sch_2(A3); take f ; ::_thesis: f is-PreEvaluation-for k + 1,Kai A20: for H being LTL-formula st len H < k + 1 holds f . H = h . H proof let H be LTL-formula; ::_thesis: ( len H < k + 1 implies f . H = h . H ) assume A21: len H < k + 1 ; ::_thesis: f . H = h . H A22: H in LTL_WFF by Th1; then f . H = H1(H) by A19 .= GraftEval (V,Kai,h,h,k,H) by A22, Def25 ; hence f . H = h . H by A21, Def29; ::_thesis: verum end; for H being LTL-formula st len H <= k + 1 holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) proof let H be LTL-formula; ::_thesis: ( len H <= k + 1 implies ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ) assume A23: len H <= k + 1 ; ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) A24: H in LTL_WFF by Th1; then A25: f . H = H1(H) by A19 .= GraftEval (V,Kai,h,h,k,H) by A24, Def25 ; A26: ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) proof assume A27: H is negative ; ::_thesis: f . H = the Compl of V . (f . (the_argument_of H)) then len (the_argument_of H) < len H by Th10; then len (the_argument_of H) <= k by A23, Lm1; then A28: len (the_argument_of H) < k + 1 by NAT_1:13; percases ( len H <= k or len H = k + 1 ) by A23, NAT_1:8; supposeA29: len H <= k ; ::_thesis: f . H = the Compl of V . (f . (the_argument_of H)) then len H < k + 1 by NAT_1:13; then f . H = h . H by A20 .= the Compl of V . (h . (the_argument_of H)) by A2, A27, A29, Def28 ; hence f . H = the Compl of V . (f . (the_argument_of H)) by A20, A28; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the Compl of V . (f . (the_argument_of H)) then GraftEval (V,Kai,h,h,k,H) = the Compl of V . (h . (the_argument_of H)) by A27, Def29 .= the Compl of V . (f . (the_argument_of H)) by A20, A28 ; hence f . H = the Compl of V . (f . (the_argument_of H)) by A25; ::_thesis: verum end; end; end; A30: ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A31: H is Release ; ::_thesis: f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Th11; then len (the_right_argument_of H) <= k by A23, Lm1; then A32: len (the_right_argument_of H) < k + 1 by NAT_1:13; len (the_left_argument_of H) < len H by A31, Th11; then len (the_left_argument_of H) <= k by A23, Lm1; then len (the_left_argument_of H) < k + 1 by NAT_1:13; then A33: h . (the_left_argument_of H) = f . (the_left_argument_of H) by A20; percases ( len H <= k or len H = k + 1 ) by A23, NAT_1:8; supposeA34: len H <= k ; ::_thesis: f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len H < k + 1 by NAT_1:13; then f . H = h . H by A20 .= the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A2, A31, A34, Def28 ; hence f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A20, A33, A32; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then GraftEval (V,Kai,h,h,k,H) = the RELEASE of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A31, Def29 .= the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A20, A33, A32 ; hence f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A25; ::_thesis: verum end; end; end; A35: ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A36: H is Until ; ::_thesis: f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Th11; then len (the_right_argument_of H) <= k by A23, Lm1; then A37: len (the_right_argument_of H) < k + 1 by NAT_1:13; len (the_left_argument_of H) < len H by A36, Th11; then len (the_left_argument_of H) <= k by A23, Lm1; then len (the_left_argument_of H) < k + 1 by NAT_1:13; then A38: h . (the_left_argument_of H) = f . (the_left_argument_of H) by A20; percases ( len H <= k or len H = k + 1 ) by A23, NAT_1:8; supposeA39: len H <= k ; ::_thesis: f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len H < k + 1 by NAT_1:13; then f . H = h . H by A20 .= the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A2, A36, A39, Def28 ; hence f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A20, A38, A37; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then GraftEval (V,Kai,h,h,k,H) = the UNTIL of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A36, Def29 .= the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A20, A38, A37 ; hence f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A25; ::_thesis: verum end; end; end; A40: ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A41: H is disjunctive ; ::_thesis: f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Th11; then len (the_right_argument_of H) <= k by A23, Lm1; then A42: len (the_right_argument_of H) < k + 1 by NAT_1:13; len (the_left_argument_of H) < len H by A41, Th11; then len (the_left_argument_of H) <= k by A23, Lm1; then len (the_left_argument_of H) < k + 1 by NAT_1:13; then A43: h . (the_left_argument_of H) = f . (the_left_argument_of H) by A20; percases ( len H <= k or len H = k + 1 ) by A23, NAT_1:8; supposeA44: len H <= k ; ::_thesis: f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len H < k + 1 by NAT_1:13; then f . H = h . H by A20 .= the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A2, A41, A44, Def28 ; hence f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A20, A43, A42; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then GraftEval (V,Kai,h,h,k,H) = the L_join of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A41, Def29 .= the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A20, A43, A42 ; hence f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A25; ::_thesis: verum end; end; end; A45: ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A46: H is conjunctive ; ::_thesis: f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Th11; then len (the_right_argument_of H) <= k by A23, Lm1; then A47: len (the_right_argument_of H) < k + 1 by NAT_1:13; len (the_left_argument_of H) < len H by A46, Th11; then len (the_left_argument_of H) <= k by A23, Lm1; then len (the_left_argument_of H) < k + 1 by NAT_1:13; then A48: h . (the_left_argument_of H) = f . (the_left_argument_of H) by A20; percases ( len H <= k or len H = k + 1 ) by A23, NAT_1:8; supposeA49: len H <= k ; ::_thesis: f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len H < k + 1 by NAT_1:13; then f . H = h . H by A20 .= the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A2, A46, A49, Def28 ; hence f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A20, A48, A47; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then GraftEval (V,Kai,h,h,k,H) = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A46, Def29 .= the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A20, A48, A47 ; hence f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A25; ::_thesis: verum end; end; end; A50: ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) proof assume A51: H is next ; ::_thesis: f . H = the NEXT of V . (f . (the_argument_of H)) then len (the_argument_of H) < len H by Th10; then len (the_argument_of H) <= k by A23, Lm1; then A52: len (the_argument_of H) < k + 1 by NAT_1:13; percases ( len H <= k or len H = k + 1 ) by A23, NAT_1:8; supposeA53: len H <= k ; ::_thesis: f . H = the NEXT of V . (f . (the_argument_of H)) then len H < k + 1 by NAT_1:13; then f . H = h . H by A20 .= the NEXT of V . (h . (the_argument_of H)) by A2, A51, A53, Def28 ; hence f . H = the NEXT of V . (f . (the_argument_of H)) by A20, A52; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the NEXT of V . (f . (the_argument_of H)) then GraftEval (V,Kai,h,h,k,H) = the NEXT of V . (h . (the_argument_of H)) by A51, Def29 .= the NEXT of V . (f . (the_argument_of H)) by A20, A52 ; hence f . H = the NEXT of V . (f . (the_argument_of H)) by A25; ::_thesis: verum end; end; end; ( H is atomic implies f . H = Kai . H ) proof assume A54: H is atomic ; ::_thesis: f . H = Kai . H percases ( len H <= k or len H = k + 1 ) by A23, NAT_1:8; supposeA55: len H <= k ; ::_thesis: f . H = Kai . H then len H < k + 1 by NAT_1:13; then f . H = h . H by A20 .= Kai . H by A2, A54, A55, Def28 ; hence f . H = Kai . H ; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = Kai . H hence f . H = Kai . H by A25, A54, Def29; ::_thesis: verum end; end; end; hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by A26, A45, A40, A50, A35, A30; ::_thesis: verum end; hence f is-PreEvaluation-for k + 1,Kai by Def28; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A56: S1[ 0 ] proof consider v0 being set such that A57: v0 in the carrier of V by XBOOLE_0:def_1; set f = LTL_WFF --> v0; A58: ( dom (LTL_WFF --> v0) = LTL_WFF & rng (LTL_WFF --> v0) c= {v0} ) by FUNCOP_1:13; {v0} c= the carrier of V by A57, ZFMISC_1:31; then reconsider f = LTL_WFF --> v0 as Function of LTL_WFF, the carrier of V by A58, FUNCT_2:2, XBOOLE_1:1; take f ; ::_thesis: f is-PreEvaluation-for 0 ,Kai thus f is-PreEvaluation-for 0 ,Kai by Lm22; ::_thesis: verum end; for n being Nat holds S1[n] from NAT_1:sch_2(A56, A1); hence for n being Nat ex f being Function of LTL_WFF, the carrier of V st f is-PreEvaluation-for n,Kai ; ::_thesis: verum end; Lm27: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V st ( for n being Nat holds f is-PreEvaluation-for n,Kai ) holds f is-Evaluation-for Kai proof let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V for f being Function of LTL_WFF, the carrier of V st ( for n being Nat holds f is-PreEvaluation-for n,Kai ) holds f is-Evaluation-for Kai let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: for f being Function of LTL_WFF, the carrier of V st ( for n being Nat holds f is-PreEvaluation-for n,Kai ) holds f is-Evaluation-for Kai let f be Function of LTL_WFF, the carrier of V; ::_thesis: ( ( for n being Nat holds f is-PreEvaluation-for n,Kai ) implies f is-Evaluation-for Kai ) assume A1: for n being Nat holds f is-PreEvaluation-for n,Kai ; ::_thesis: f is-Evaluation-for Kai let H be LTL-formula; :: according to MODELC_2:def_27 ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) set n = len H; f is-PreEvaluation-for len H,Kai by A1; hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by Def28; ::_thesis: verum end; definition let V be LTLModel; let Kai be Function of atomic_LTL, the BasicAssign of V; let n be Nat; func EvalSet (V,Kai,n) -> non empty set equals :: MODELC_2:def 32 { h where h is Function of LTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } ; correctness coherence { h where h is Function of LTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } is non empty set ; proof set X = { h where h is Function of LTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } ; consider h being Function of LTL_WFF, the carrier of V such that A1: h is-PreEvaluation-for n,Kai by Lm26; h in { h where h is Function of LTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } by A1; hence { h where h is Function of LTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } is non empty set ; ::_thesis: verum end; end; :: deftheorem defines EvalSet MODELC_2:def_32_:_ for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for n being Nat holds EvalSet (V,Kai,n) = { h where h is Function of LTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } ; definition let V be LTLModel; let v0 be Element of the carrier of V; let x be set ; func CastEval (V,x,v0) -> Function of LTL_WFF, the carrier of V equals :Def33: :: MODELC_2:def 33 x if x in Funcs (LTL_WFF, the carrier of V) otherwise LTL_WFF --> v0; correctness coherence ( ( x in Funcs (LTL_WFF, the carrier of V) implies x is Function of LTL_WFF, the carrier of V ) & ( not x in Funcs (LTL_WFF, the carrier of V) implies LTL_WFF --> v0 is Function of LTL_WFF, the carrier of V ) ); consistency for b1 being Function of LTL_WFF, the carrier of V holds verum; by FUNCT_2:66; end; :: deftheorem Def33 defines CastEval MODELC_2:def_33_:_ for V being LTLModel for v0 being Element of the carrier of V for x being set holds ( ( x in Funcs (LTL_WFF, the carrier of V) implies CastEval (V,x,v0) = x ) & ( not x in Funcs (LTL_WFF, the carrier of V) implies CastEval (V,x,v0) = LTL_WFF --> v0 ) ); definition let V be LTLModel; let Kai be Function of atomic_LTL, the BasicAssign of V; func EvalFamily (V,Kai) -> non empty set means :Def34: :: MODELC_2:def 34 for p being set holds ( p in it iff ( p in bool (Funcs (LTL_WFF, the carrier of V)) & ex n being Nat st p = EvalSet (V,Kai,n) ) ); existence ex b1 being non empty set st for p being set holds ( p in b1 iff ( p in bool (Funcs (LTL_WFF, the carrier of V)) & ex n being Nat st p = EvalSet (V,Kai,n) ) ) proof defpred S1[ set ] means ex n being Nat st $1 = EvalSet (V,Kai,n); set X = bool (Funcs (LTL_WFF, the carrier of V)); consider IT being set such that A1: for p being set holds ( p in IT iff ( p in bool (Funcs (LTL_WFF, the carrier of V)) & S1[p] ) ) from XBOOLE_0:sch_1(); not IT is empty proof set p = EvalSet (V,Kai,0); EvalSet (V,Kai,0) c= Funcs (LTL_WFF, the carrier of V) proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in EvalSet (V,Kai,0) or x in Funcs (LTL_WFF, the carrier of V) ) assume x in EvalSet (V,Kai,0) ; ::_thesis: x in Funcs (LTL_WFF, the carrier of V) then ex h being Function of LTL_WFF, the carrier of V st ( x = h & h is-PreEvaluation-for 0 ,Kai ) ; hence x in Funcs (LTL_WFF, the carrier of V) by FUNCT_2:8; ::_thesis: verum end; hence not IT is empty by A1; ::_thesis: verum end; then reconsider IT = IT as non empty set ; take IT ; ::_thesis: for p being set holds ( p in IT iff ( p in bool (Funcs (LTL_WFF, the carrier of V)) & ex n being Nat st p = EvalSet (V,Kai,n) ) ) thus for p being set holds ( p in IT iff ( p in bool (Funcs (LTL_WFF, the carrier of V)) & ex n being Nat st p = EvalSet (V,Kai,n) ) ) by A1; ::_thesis: verum end; uniqueness for b1, b2 being non empty set st ( for p being set holds ( p in b1 iff ( p in bool (Funcs (LTL_WFF, the carrier of V)) & ex n being Nat st p = EvalSet (V,Kai,n) ) ) ) & ( for p being set holds ( p in b2 iff ( p in bool (Funcs (LTL_WFF, the carrier of V)) & ex n being Nat st p = EvalSet (V,Kai,n) ) ) ) holds b1 = b2 proof defpred S1[ set ] means ( $1 in bool (Funcs (LTL_WFF, the carrier of V)) & ex n being Nat st $1 = EvalSet (V,Kai,n) ); for X1, X2 being set st ( for x being set holds ( x in X1 iff S1[x] ) ) & ( for x being set holds ( x in X2 iff S1[x] ) ) holds X1 = X2 from XBOOLE_0:sch_3(); hence for b1, b2 being non empty set st ( for p being set holds ( p in b1 iff ( p in bool (Funcs (LTL_WFF, the carrier of V)) & ex n being Nat st p = EvalSet (V,Kai,n) ) ) ) & ( for p being set holds ( p in b2 iff ( p in bool (Funcs (LTL_WFF, the carrier of V)) & ex n being Nat st p = EvalSet (V,Kai,n) ) ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def34 defines EvalFamily MODELC_2:def_34_:_ for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for b3 being non empty set holds ( b3 = EvalFamily (V,Kai) iff for p being set holds ( p in b3 iff ( p in bool (Funcs (LTL_WFF, the carrier of V)) & ex n being Nat st p = EvalSet (V,Kai,n) ) ) ); Lm28: for n being Nat for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds EvalSet (V,Kai,n) in EvalFamily (V,Kai) proof let n be Nat; ::_thesis: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds EvalSet (V,Kai,n) in EvalFamily (V,Kai) let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V holds EvalSet (V,Kai,n) in EvalFamily (V,Kai) let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: EvalSet (V,Kai,n) in EvalFamily (V,Kai) set p1 = EvalSet (V,Kai,n); EvalSet (V,Kai,n) c= Funcs (LTL_WFF, the carrier of V) proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in EvalSet (V,Kai,n) or x in Funcs (LTL_WFF, the carrier of V) ) assume x in EvalSet (V,Kai,n) ; ::_thesis: x in Funcs (LTL_WFF, the carrier of V) then ex h being Function of LTL_WFF, the carrier of V st ( x = h & h is-PreEvaluation-for n,Kai ) ; hence x in Funcs (LTL_WFF, the carrier of V) by FUNCT_2:8; ::_thesis: verum end; hence EvalSet (V,Kai,n) in EvalFamily (V,Kai) by Def34; ::_thesis: verum end; theorem Th48: :: MODELC_2:48 for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V ex f being Function of LTL_WFF, the carrier of V st f is-Evaluation-for Kai proof let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V ex f being Function of LTL_WFF, the carrier of V st f is-Evaluation-for Kai let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: ex f being Function of LTL_WFF, the carrier of V st f is-Evaluation-for Kai set M = EvalFamily (V,Kai); set v0 = the Element of the carrier of V; for X being set st X in EvalFamily (V,Kai) holds X <> {} proof let X be set ; ::_thesis: ( X in EvalFamily (V,Kai) implies X <> {} ) assume X in EvalFamily (V,Kai) ; ::_thesis: X <> {} then ex n being Nat st X = EvalSet (V,Kai,n) by Def34; hence X <> {} ; ::_thesis: verum end; then consider Choice being Function such that dom Choice = EvalFamily (V,Kai) and A1: for X being set st X in EvalFamily (V,Kai) holds Choice . X in X by FUNCT_1:111; deffunc H1( set ) -> set = Choice . (EvalSet (V,Kai,(CastNat $1))); A2: for n being set st n in NAT holds H1(n) is Function of LTL_WFF, the carrier of V proof let n be set ; ::_thesis: ( n in NAT implies H1(n) is Function of LTL_WFF, the carrier of V ) assume A3: n in NAT ; ::_thesis: H1(n) is Function of LTL_WFF, the carrier of V set Y = H1(n); reconsider n = n as Nat by A3; CastNat n = n by Def1; then H1(n) in EvalSet (V,Kai,n) by A1, Lm28; then ex h being Function of LTL_WFF, the carrier of V st ( H1(n) = h & h is-PreEvaluation-for n,Kai ) ; hence H1(n) is Function of LTL_WFF, the carrier of V ; ::_thesis: verum end; A4: for n being set st n in NAT holds H1(n) in Funcs (LTL_WFF, the carrier of V) proof let n be set ; ::_thesis: ( n in NAT implies H1(n) in Funcs (LTL_WFF, the carrier of V) ) assume n in NAT ; ::_thesis: H1(n) in Funcs (LTL_WFF, the carrier of V) then H1(n) is Function of LTL_WFF, the carrier of V by A2; hence H1(n) in Funcs (LTL_WFF, the carrier of V) by FUNCT_2:8; ::_thesis: verum end; consider f1 being Function of NAT,(Funcs (LTL_WFF, the carrier of V)) such that A5: for n being set st n in NAT holds f1 . n = H1(n) from FUNCT_2:sch_2(A4); deffunc H2( set ) -> set = (CastEval (V,(f1 . (len (CastLTL $1))), the Element of the carrier of V)) . $1; A6: for H being set st H in LTL_WFF holds H2(H) in the carrier of V by FUNCT_2:5; consider f being Function of LTL_WFF, the carrier of V such that A7: for H being set st H in LTL_WFF holds f . H = H2(H) from FUNCT_2:sch_2(A6); take f ; ::_thesis: f is-Evaluation-for Kai for n being Nat holds f is-PreEvaluation-for n,Kai proof defpred S1[ Nat] means f is-PreEvaluation-for $1,Kai; A8: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A9: S1[k] ; ::_thesis: S1[k + 1] for H being LTL-formula st len H <= k + 1 holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) proof let H be LTL-formula; ::_thesis: ( len H <= k + 1 implies ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ) assume A10: len H <= k + 1 ; ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) now__::_thesis:_(_(_len_H_<=_k_&_(_H_is_atomic_implies_f_._H_=_Kai_._H_)_&_(_H_is_negative_implies_f_._H_=_the_Compl_of_V_._(f_._(the_argument_of_H))_)_&_(_H_is_conjunctive_implies_f_._H_=_the_L_meet_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_&_(_H_is_disjunctive_implies_f_._H_=_the_L_join_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_&_(_H_is_next_implies_f_._H_=_the_NEXT_of_V_._(f_._(the_argument_of_H))_)_&_(_H_is_Until_implies_f_._H_=_the_UNTIL_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_&_(_H_is_Release_implies_f_._H_=_the_RELEASE_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_)_or_(_len_H_=_k_+_1_&_(_H_is_atomic_implies_f_._H_=_Kai_._H_)_&_(_H_is_negative_implies_f_._H_=_the_Compl_of_V_._(f_._(the_argument_of_H))_)_&_(_H_is_conjunctive_implies_f_._H_=_the_L_meet_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_&_(_H_is_disjunctive_implies_f_._H_=_the_L_join_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_&_(_H_is_next_implies_f_._H_=_the_NEXT_of_V_._(f_._(the_argument_of_H))_)_&_(_H_is_Until_implies_f_._H_=_the_UNTIL_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_&_(_H_is_Release_implies_f_._H_=_the_RELEASE_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_)_) percases ( len H <= k or len H = k + 1 ) by A10, NAT_1:8; case len H <= k ; ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by A9, Def28; ::_thesis: verum end; caseA11: len H = k + 1 ; ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) set f2 = H1( len H); A12: H in LTL_WFF by Th1; then f1 . (len (CastLTL H)) = f1 . (len H) by Def25 .= H1( len H) by A5 ; then A13: CastEval (V,(f1 . (len (CastLTL H))), the Element of the carrier of V) = H1( len H) by Def33; then reconsider f2 = H1( len H) as Function of LTL_WFF, the carrier of V ; ( f2 = Choice . (EvalSet (V,Kai,(len H))) & Choice . (EvalSet (V,Kai,(len H))) in EvalSet (V,Kai,(len H)) ) by A1, Def1, Lm28; then A14: ex h being Function of LTL_WFF, the carrier of V st ( f2 = h & h is-PreEvaluation-for len H,Kai ) ; then A15: f2 is-PreEvaluation-for k,Kai by A11, Lm23; A16: f . H = f2 . H by A7, A12, A13; A17: ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) proof assume A18: H is next ; ::_thesis: f . H = the NEXT of V . (f . (the_argument_of H)) then len (the_argument_of H) < len H by Th10; then A19: len (the_argument_of H) <= k by A11, NAT_1:13; f . H = the NEXT of V . (f2 . (the_argument_of H)) by A16, A14, A18, Def28 .= the NEXT of V . (f . (the_argument_of H)) by A9, A15, A19, Lm25 ; hence f . H = the NEXT of V . (f . (the_argument_of H)) ; ::_thesis: verum end; A20: ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A21: H is Release ; ::_thesis: f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Th11; then A22: len (the_right_argument_of H) <= k by A11, NAT_1:13; len (the_left_argument_of H) < len H by A21, Th11; then len (the_left_argument_of H) <= k by A11, NAT_1:13; then A23: f . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A9, A15, Lm25; f . H = the RELEASE of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A16, A14, A21, Def28 .= the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A9, A15, A23, A22, Lm25 ; hence f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ; ::_thesis: verum end; A24: ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A25: H is Until ; ::_thesis: f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Th11; then A26: len (the_right_argument_of H) <= k by A11, NAT_1:13; len (the_left_argument_of H) < len H by A25, Th11; then len (the_left_argument_of H) <= k by A11, NAT_1:13; then A27: f . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A9, A15, Lm25; f . H = the UNTIL of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A16, A14, A25, Def28 .= the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A9, A15, A27, A26, Lm25 ; hence f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ; ::_thesis: verum end; A28: ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A29: H is disjunctive ; ::_thesis: f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Th11; then A30: len (the_right_argument_of H) <= k by A11, NAT_1:13; len (the_left_argument_of H) < len H by A29, Th11; then len (the_left_argument_of H) <= k by A11, NAT_1:13; then A31: f . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A9, A15, Lm25; f . H = the L_join of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A16, A14, A29, Def28 .= the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A9, A15, A31, A30, Lm25 ; hence f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ; ::_thesis: verum end; A32: ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A33: H is conjunctive ; ::_thesis: f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Th11; then A34: len (the_right_argument_of H) <= k by A11, NAT_1:13; len (the_left_argument_of H) < len H by A33, Th11; then len (the_left_argument_of H) <= k by A11, NAT_1:13; then A35: f . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A9, A15, Lm25; f . H = the L_meet of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A16, A14, A33, Def28 .= the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A9, A15, A35, A34, Lm25 ; hence f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ; ::_thesis: verum end; ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) proof assume A36: H is negative ; ::_thesis: f . H = the Compl of V . (f . (the_argument_of H)) then len (the_argument_of H) < len H by Th10; then A37: len (the_argument_of H) <= k by A11, NAT_1:13; f . H = the Compl of V . (f2 . (the_argument_of H)) by A16, A14, A36, Def28 .= the Compl of V . (f . (the_argument_of H)) by A9, A15, A37, Lm25 ; hence f . H = the Compl of V . (f . (the_argument_of H)) ; ::_thesis: verum end; hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by A16, A14, A17, A32, A28, A24, A20, Def28; ::_thesis: verum end; end; end; hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ; ::_thesis: verum end; hence S1[k + 1] by Def28; ::_thesis: verum end; for H being LTL-formula st len H <= 0 holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is disjunctive implies f . H = the L_join of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is next implies f . H = the NEXT of V . (f . (the_argument_of H)) ) & ( H is Until implies f . H = the UNTIL of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is Release implies f . H = the RELEASE of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by Th3; then A38: S1[ 0 ] by Def28; for n being Nat holds S1[n] from NAT_1:sch_2(A38, A8); hence for n being Nat holds f is-PreEvaluation-for n,Kai ; ::_thesis: verum end; hence f is-Evaluation-for Kai by Lm27; ::_thesis: verum end; theorem Th49: :: MODELC_2:49 for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for f1, f2 being Function of LTL_WFF, the carrier of V st f1 is-Evaluation-for Kai & f2 is-Evaluation-for Kai holds f1 = f2 proof let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V for f1, f2 being Function of LTL_WFF, the carrier of V st f1 is-Evaluation-for Kai & f2 is-Evaluation-for Kai holds f1 = f2 let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: for f1, f2 being Function of LTL_WFF, the carrier of V st f1 is-Evaluation-for Kai & f2 is-Evaluation-for Kai holds f1 = f2 let f1, f2 be Function of LTL_WFF, the carrier of V; ::_thesis: ( f1 is-Evaluation-for Kai & f2 is-Evaluation-for Kai implies f1 = f2 ) assume A1: ( f1 is-Evaluation-for Kai & f2 is-Evaluation-for Kai ) ; ::_thesis: f1 = f2 for H being set st H in LTL_WFF holds f1 . H = f2 . H proof let H be set ; ::_thesis: ( H in LTL_WFF implies f1 . H = f2 . H ) assume H in LTL_WFF ; ::_thesis: f1 . H = f2 . H then reconsider H = H as LTL-formula by Th1; set n = len H; ( f1 is-PreEvaluation-for len H,Kai & f2 is-PreEvaluation-for len H,Kai ) by A1, Lm24; hence f1 . H = f2 . H by Lm25; ::_thesis: verum end; hence f1 = f2 by FUNCT_2:12; ::_thesis: verum end; definition let V be LTLModel; let Kai be Function of atomic_LTL, the BasicAssign of V; let H be LTL-formula; func Evaluate (H,Kai) -> Assign of V means :Def35: :: MODELC_2:def 35 ex f being Function of LTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & it = f . H ); existence ex b1 being Assign of V ex f being Function of LTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & b1 = f . H ) proof consider f being Function of LTL_WFF, the carrier of V such that A1: f is-Evaluation-for Kai by Th48; set IT = f . H; H in LTL_WFF by Th1; then reconsider IT = f . H as Assign of V by FUNCT_2:5; take IT ; ::_thesis: ex f being Function of LTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & IT = f . H ) thus ex f being Function of LTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & IT = f . H ) by A1; ::_thesis: verum end; uniqueness for b1, b2 being Assign of V st ex f being Function of LTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & b1 = f . H ) & ex f being Function of LTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & b2 = f . H ) holds b1 = b2 by Th49; end; :: deftheorem Def35 defines Evaluate MODELC_2:def_35_:_ for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V for H being LTL-formula for b4 being Assign of V holds ( b4 = Evaluate (H,Kai) iff ex f being Function of LTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & b4 = f . H ) ); notation let V be LTLModel; let f be Assign of V; synonym 'not' f for f ` ; let g be Assign of V; synonym f '&' g for f "/\" g; synonym f 'or' g for f "\/" g; end; definition let V be LTLModel; let f be Assign of V; func 'X' f -> Assign of V equals :: MODELC_2:def 36 the NEXT of V . f; correctness coherence the NEXT of V . f is Assign of V; ; end; :: deftheorem defines 'X' MODELC_2:def_36_:_ for V being LTLModel for f being Assign of V holds 'X' f = the NEXT of V . f; definition let V be LTLModel; let f, g be Assign of V; funcf 'U' g -> Assign of V equals :: MODELC_2:def 37 the UNTIL of V . (f,g); correctness coherence the UNTIL of V . (f,g) is Assign of V; ; funcf 'R' g -> Assign of V equals :: MODELC_2:def 38 the RELEASE of V . (f,g); correctness coherence the RELEASE of V . (f,g) is Assign of V; ; end; :: deftheorem defines 'U' MODELC_2:def_37_:_ for V being LTLModel for f, g being Assign of V holds f 'U' g = the UNTIL of V . (f,g); :: deftheorem defines 'R' MODELC_2:def_38_:_ for V being LTLModel for f, g being Assign of V holds f 'R' g = the RELEASE of V . (f,g); theorem Th50: :: MODELC_2:50 for H being LTL-formula for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate (('not' H),Kai) = 'not' (Evaluate (H,Kai)) proof let H be LTL-formula; ::_thesis: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate (('not' H),Kai) = 'not' (Evaluate (H,Kai)) let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate (('not' H),Kai) = 'not' (Evaluate (H,Kai)) let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: Evaluate (('not' H),Kai) = 'not' (Evaluate (H,Kai)) consider f1 being Function of LTL_WFF, the carrier of V such that A1: f1 is-Evaluation-for Kai and A2: Evaluate (('not' H),Kai) = f1 . ('not' H) by Def35; A3: ex f2 being Function of LTL_WFF, the carrier of V st ( f2 is-Evaluation-for Kai & Evaluate (H,Kai) = f2 . H ) by Def35; A4: 'not' H is negative by Def12; then Evaluate (('not' H),Kai) = the Compl of V . (f1 . (the_argument_of ('not' H))) by A1, A2, Def27 .= the Compl of V . (f1 . H) by A4, Def18 .= 'not' (Evaluate (H,Kai)) by A1, A3, Th49 ; hence Evaluate (('not' H),Kai) = 'not' (Evaluate (H,Kai)) ; ::_thesis: verum end; theorem Th51: :: MODELC_2:51 for H1, H2 being LTL-formula for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 '&' H2),Kai) = (Evaluate (H1,Kai)) '&' (Evaluate (H2,Kai)) proof let H1, H2 be LTL-formula; ::_thesis: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 '&' H2),Kai) = (Evaluate (H1,Kai)) '&' (Evaluate (H2,Kai)) let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 '&' H2),Kai) = (Evaluate (H1,Kai)) '&' (Evaluate (H2,Kai)) let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: Evaluate ((H1 '&' H2),Kai) = (Evaluate (H1,Kai)) '&' (Evaluate (H2,Kai)) consider f0 being Function of LTL_WFF, the carrier of V such that A1: f0 is-Evaluation-for Kai and A2: Evaluate ((H1 '&' H2),Kai) = f0 . (H1 '&' H2) by Def35; consider f1 being Function of LTL_WFF, the carrier of V such that A3: f1 is-Evaluation-for Kai and A4: Evaluate (H1,Kai) = f1 . H1 by Def35; consider f2 being Function of LTL_WFF, the carrier of V such that A5: f2 is-Evaluation-for Kai and A6: Evaluate (H2,Kai) = f2 . H2 by Def35; A7: f0 = f2 by A1, A5, Th49; A8: H1 '&' H2 is conjunctive by Def13; then A9: ( the_left_argument_of (H1 '&' H2) = H1 & the_right_argument_of (H1 '&' H2) = H2 ) by Def19, Def20; f0 = f1 by A1, A3, Th49; hence Evaluate ((H1 '&' H2),Kai) = (Evaluate (H1,Kai)) '&' (Evaluate (H2,Kai)) by A1, A2, A4, A6, A7, A8, A9, Def27; ::_thesis: verum end; theorem Th52: :: MODELC_2:52 for H1, H2 being LTL-formula for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 'or' H2),Kai) = (Evaluate (H1,Kai)) 'or' (Evaluate (H2,Kai)) proof let H1, H2 be LTL-formula; ::_thesis: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 'or' H2),Kai) = (Evaluate (H1,Kai)) 'or' (Evaluate (H2,Kai)) let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 'or' H2),Kai) = (Evaluate (H1,Kai)) 'or' (Evaluate (H2,Kai)) let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: Evaluate ((H1 'or' H2),Kai) = (Evaluate (H1,Kai)) 'or' (Evaluate (H2,Kai)) consider f0 being Function of LTL_WFF, the carrier of V such that A1: f0 is-Evaluation-for Kai and A2: Evaluate ((H1 'or' H2),Kai) = f0 . (H1 'or' H2) by Def35; consider f1 being Function of LTL_WFF, the carrier of V such that A3: f1 is-Evaluation-for Kai and A4: Evaluate (H1,Kai) = f1 . H1 by Def35; consider f2 being Function of LTL_WFF, the carrier of V such that A5: f2 is-Evaluation-for Kai and A6: Evaluate (H2,Kai) = f2 . H2 by Def35; A7: f0 = f2 by A1, A5, Th49; A8: H1 'or' H2 is disjunctive by Def14; then A9: ( the_left_argument_of (H1 'or' H2) = H1 & the_right_argument_of (H1 'or' H2) = H2 ) by Def19, Def20; f0 = f1 by A1, A3, Th49; hence Evaluate ((H1 'or' H2),Kai) = (Evaluate (H1,Kai)) 'or' (Evaluate (H2,Kai)) by A1, A2, A4, A6, A7, A8, A9, Def27; ::_thesis: verum end; theorem Th53: :: MODELC_2:53 for H being LTL-formula for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate (('X' H),Kai) = 'X' (Evaluate (H,Kai)) proof let H be LTL-formula; ::_thesis: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate (('X' H),Kai) = 'X' (Evaluate (H,Kai)) let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate (('X' H),Kai) = 'X' (Evaluate (H,Kai)) let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: Evaluate (('X' H),Kai) = 'X' (Evaluate (H,Kai)) consider f1 being Function of LTL_WFF, the carrier of V such that A1: f1 is-Evaluation-for Kai and A2: Evaluate (('X' H),Kai) = f1 . ('X' H) by Def35; A3: ex f2 being Function of LTL_WFF, the carrier of V st ( f2 is-Evaluation-for Kai & Evaluate (H,Kai) = f2 . H ) by Def35; A4: 'X' H is next by Def15; then A5: not 'X' H is negative by Lm19; Evaluate (('X' H),Kai) = the NEXT of V . (f1 . (the_argument_of ('X' H))) by A1, A2, A4, Def27 .= the NEXT of V . (f1 . H) by A4, A5, Def18 .= 'X' (Evaluate (H,Kai)) by A1, A3, Th49 ; hence Evaluate (('X' H),Kai) = 'X' (Evaluate (H,Kai)) ; ::_thesis: verum end; theorem Th54: :: MODELC_2:54 for H1, H2 being LTL-formula for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 'U' H2),Kai) = (Evaluate (H1,Kai)) 'U' (Evaluate (H2,Kai)) proof let H1, H2 be LTL-formula; ::_thesis: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 'U' H2),Kai) = (Evaluate (H1,Kai)) 'U' (Evaluate (H2,Kai)) let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 'U' H2),Kai) = (Evaluate (H1,Kai)) 'U' (Evaluate (H2,Kai)) let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: Evaluate ((H1 'U' H2),Kai) = (Evaluate (H1,Kai)) 'U' (Evaluate (H2,Kai)) consider f0 being Function of LTL_WFF, the carrier of V such that A1: f0 is-Evaluation-for Kai and A2: Evaluate ((H1 'U' H2),Kai) = f0 . (H1 'U' H2) by Def35; consider f1 being Function of LTL_WFF, the carrier of V such that A3: f1 is-Evaluation-for Kai and A4: Evaluate (H1,Kai) = f1 . H1 by Def35; consider f2 being Function of LTL_WFF, the carrier of V such that A5: f2 is-Evaluation-for Kai and A6: Evaluate (H2,Kai) = f2 . H2 by Def35; A7: f0 = f2 by A1, A5, Th49; A8: H1 'U' H2 is Until by Def16; then A9: ( the_left_argument_of (H1 'U' H2) = H1 & the_right_argument_of (H1 'U' H2) = H2 ) by Def19, Def20; f0 = f1 by A1, A3, Th49; hence Evaluate ((H1 'U' H2),Kai) = (Evaluate (H1,Kai)) 'U' (Evaluate (H2,Kai)) by A1, A2, A4, A6, A7, A8, A9, Def27; ::_thesis: verum end; theorem Th55: :: MODELC_2:55 for H1, H2 being LTL-formula for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 'R' H2),Kai) = (Evaluate (H1,Kai)) 'R' (Evaluate (H2,Kai)) proof let H1, H2 be LTL-formula; ::_thesis: for V being LTLModel for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 'R' H2),Kai) = (Evaluate (H1,Kai)) 'R' (Evaluate (H2,Kai)) let V be LTLModel; ::_thesis: for Kai being Function of atomic_LTL, the BasicAssign of V holds Evaluate ((H1 'R' H2),Kai) = (Evaluate (H1,Kai)) 'R' (Evaluate (H2,Kai)) let Kai be Function of atomic_LTL, the BasicAssign of V; ::_thesis: Evaluate ((H1 'R' H2),Kai) = (Evaluate (H1,Kai)) 'R' (Evaluate (H2,Kai)) consider f0 being Function of LTL_WFF, the carrier of V such that A1: f0 is-Evaluation-for Kai and A2: Evaluate ((H1 'R' H2),Kai) = f0 . (H1 'R' H2) by Def35; consider f1 being Function of LTL_WFF, the carrier of V such that A3: f1 is-Evaluation-for Kai and A4: Evaluate (H1,Kai) = f1 . H1 by Def35; consider f2 being Function of LTL_WFF, the carrier of V such that A5: f2 is-Evaluation-for Kai and A6: Evaluate (H2,Kai) = f2 . H2 by Def35; A7: f0 = f2 by A1, A5, Th49; A8: H1 'R' H2 is Release by Def17; then A9: not H1 'R' H2 is Until by Lm21; ( not H1 'R' H2 is conjunctive & not H1 'R' H2 is disjunctive ) by A8, Lm21; then A10: ( the_left_argument_of (H1 'R' H2) = H1 & the_right_argument_of (H1 'R' H2) = H2 ) by A8, A9, Def19, Def20; f0 = f1 by A1, A3, Th49; hence Evaluate ((H1 'R' H2),Kai) = (Evaluate (H1,Kai)) 'R' (Evaluate (H2,Kai)) by A1, A2, A4, A6, A7, A8, A10, Def27; ::_thesis: verum end; definition let S be non empty set ; func Inf_seq S -> non empty set equals :: MODELC_2:def 39 Funcs (NAT,S); correctness coherence Funcs (NAT,S) is non empty set ; ; end; :: deftheorem defines Inf_seq MODELC_2:def_39_:_ for S being non empty set holds Inf_seq S = Funcs (NAT,S); definition let S be non empty set ; let t be sequence of S; func CastSeq t -> Element of Inf_seq S equals :: MODELC_2:def 40 t; correctness coherence t is Element of Inf_seq S; by FUNCT_2:8; end; :: deftheorem defines CastSeq MODELC_2:def_40_:_ for S being non empty set for t being sequence of S holds CastSeq t = t; definition let S be non empty set ; let t be set ; assume A1: t is Element of Inf_seq S ; func CastSeq (t,S) -> sequence of S equals :Def41: :: MODELC_2:def 41 t; correctness coherence t is sequence of S; by A1, FUNCT_2:66; end; :: deftheorem Def41 defines CastSeq MODELC_2:def_41_:_ for S being non empty set for t being set st t is Element of Inf_seq S holds CastSeq (t,S) = t; definition let S be non empty set ; let t be set ; let k be Nat; func Shift (t,k,S) -> Element of Inf_seq S equals :: MODELC_2:def 42 CastSeq ((CastSeq (t,S)) ^\ k); correctness coherence CastSeq ((CastSeq (t,S)) ^\ k) is Element of Inf_seq S; ; end; :: deftheorem defines Shift MODELC_2:def_42_:_ for S being non empty set for t being set for k being Nat holds Shift (t,k,S) = CastSeq ((CastSeq (t,S)) ^\ k); definition let S be non empty set ; let t be Element of Inf_seq S; let k be Nat; func Shift (t,k) -> Element of Inf_seq S equals :: MODELC_2:def 43 Shift (t,k,S); correctness coherence Shift (t,k,S) is Element of Inf_seq S; ; end; :: deftheorem defines Shift MODELC_2:def_43_:_ for S being non empty set for t being Element of Inf_seq S for k being Nat holds Shift (t,k) = Shift (t,k,S); Lm29: for S being non empty set for seq being Element of Inf_seq S holds Shift (seq,0) = seq proof let S be non empty set ; ::_thesis: for seq being Element of Inf_seq S holds Shift (seq,0) = seq let seq be Element of Inf_seq S; ::_thesis: Shift (seq,0) = seq set cseq = CastSeq (seq,S); for x being set st x in NAT holds ((CastSeq (seq,S)) ^\ 0) . x = (CastSeq (seq,S)) . x proof let x be set ; ::_thesis: ( x in NAT implies ((CastSeq (seq,S)) ^\ 0) . x = (CastSeq (seq,S)) . x ) assume x in NAT ; ::_thesis: ((CastSeq (seq,S)) ^\ 0) . x = (CastSeq (seq,S)) . x then reconsider x = x as Element of NAT ; ((CastSeq (seq,S)) ^\ 0) . x = (CastSeq (seq,S)) . (x + 0) by NAT_1:def_3; hence ((CastSeq (seq,S)) ^\ 0) . x = (CastSeq (seq,S)) . x ; ::_thesis: verum end; then Shift (seq,0) = CastSeq (CastSeq (seq,S)) by FUNCT_2:12; hence Shift (seq,0) = seq by Def41; ::_thesis: verum end; Lm30: for k, n being Nat for S being non empty set for seq being Element of Inf_seq S holds Shift ((Shift (seq,k)),n) = Shift (seq,(n + k)) proof let k, n be Nat; ::_thesis: for S being non empty set for seq being Element of Inf_seq S holds Shift ((Shift (seq,k)),n) = Shift (seq,(n + k)) let S be non empty set ; ::_thesis: for seq being Element of Inf_seq S holds Shift ((Shift (seq,k)),n) = Shift (seq,(n + k)) let seq be Element of Inf_seq S; ::_thesis: Shift ((Shift (seq,k)),n) = Shift (seq,(n + k)) set nk = n + k; set t1 = Shift (seq,k); set cseq = CastSeq (seq,S); set ct1 = CastSeq ((Shift (seq,k)),S); A1: for m being Nat holds (CastSeq ((Shift (seq,k)),S)) . m = (CastSeq (seq,S)) . (m + k) proof let m be Nat; ::_thesis: (CastSeq ((Shift (seq,k)),S)) . m = (CastSeq (seq,S)) . (m + k) (CastSeq ((Shift (seq,k)),S)) . m = ((CastSeq (seq,S)) ^\ k) . m by Def41; hence (CastSeq ((Shift (seq,k)),S)) . m = (CastSeq (seq,S)) . (m + k) by NAT_1:def_3; ::_thesis: verum end; for m being Nat holds ((CastSeq ((Shift (seq,k)),S)) ^\ n) . m = ((CastSeq (seq,S)) ^\ (n + k)) . m proof let m be Nat; ::_thesis: ((CastSeq ((Shift (seq,k)),S)) ^\ n) . m = ((CastSeq (seq,S)) ^\ (n + k)) . m ((CastSeq ((Shift (seq,k)),S)) ^\ n) . m = (CastSeq ((Shift (seq,k)),S)) . (m + n) by NAT_1:def_3 .= (CastSeq (seq,S)) . ((m + n) + k) by A1 .= (CastSeq (seq,S)) . (m + (n + k)) ; hence ((CastSeq ((Shift (seq,k)),S)) ^\ n) . m = ((CastSeq (seq,S)) ^\ (n + k)) . m by NAT_1:def_3; ::_thesis: verum end; then for x being set st x in NAT holds ((CastSeq ((Shift (seq,k)),S)) ^\ n) . x = ((CastSeq (seq,S)) ^\ (n + k)) . x ; hence Shift ((Shift (seq,k)),n) = Shift (seq,(n + k)) by FUNCT_2:12; ::_thesis: verum end; definition let S be non empty set ; let f be set ; func Not_0 (f,S) -> Element of ModelSP (Inf_seq S) means :Def44: :: MODELC_2:def 44 for t being set st t in Inf_seq S holds ( 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE iff (Fid (it,(Inf_seq S))) . t = TRUE ); existence ex b1 being Element of ModelSP (Inf_seq S) st for t being set st t in Inf_seq S holds ( 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) proof set SEQ = Inf_seq S; deffunc H1( set , Function of (Inf_seq S),BOOLEAN) -> set = 'not' (Castboolean ($2 . $1)); consider IT being set such that A1: ( IT in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S))) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) from MODELC_1:sch_2(); take IT ; ::_thesis: ( IT is Element of ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) thus ( IT is Element of ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) by A1; ::_thesis: verum end; uniqueness for b1, b2 being Element of ModelSP (Inf_seq S) st ( for t being set st t in Inf_seq S holds ( 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) ) & ( for t being set st t in Inf_seq S holds ( 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE iff (Fid (b2,(Inf_seq S))) . t = TRUE ) ) holds b1 = b2 proof set SEQ = Inf_seq S; deffunc H1( set , Function of (Inf_seq S),BOOLEAN) -> set = 'not' (Castboolean ($2 . $1)); for g1, g2 being set st g1 in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S))) = TRUE iff (Fid (g1,(Inf_seq S))) . t = TRUE ) ) & g2 in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S))) = TRUE iff (Fid (g2,(Inf_seq S))) . t = TRUE ) ) holds g1 = g2 from MODELC_1:sch_3(); hence for b1, b2 being Element of ModelSP (Inf_seq S) st ( for t being set st t in Inf_seq S holds ( 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) ) & ( for t being set st t in Inf_seq S holds ( 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE iff (Fid (b2,(Inf_seq S))) . t = TRUE ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def44 defines Not_0 MODELC_2:def_44_:_ for S being non empty set for f being set for b3 being Element of ModelSP (Inf_seq S) holds ( b3 = Not_0 (f,S) iff for t being set st t in Inf_seq S holds ( 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE iff (Fid (b3,(Inf_seq S))) . t = TRUE ) ); Lm31: for S being non empty set for o1, o2 being UnOp of (ModelSP (Inf_seq S)) st ( for f being set st f in ModelSP (Inf_seq S) holds o1 . f = Not_0 (f,S) ) & ( for f being set st f in ModelSP (Inf_seq S) holds o2 . f = Not_0 (f,S) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for o1, o2 being UnOp of (ModelSP (Inf_seq S)) st ( for f being set st f in ModelSP (Inf_seq S) holds o1 . f = Not_0 (f,S) ) & ( for f being set st f in ModelSP (Inf_seq S) holds o2 . f = Not_0 (f,S) ) holds o1 = o2 set M = ModelSP (Inf_seq S); deffunc H1( set ) -> Element of ModelSP (Inf_seq S) = Not_0 ($1,S); for o1, o2 being UnOp of (ModelSP (Inf_seq S)) st ( for f being set st f in ModelSP (Inf_seq S) holds o1 . f = H1(f) ) & ( for f being set st f in ModelSP (Inf_seq S) holds o2 . f = H1(f) ) holds o1 = o2 from MODELC_1:sch_5(); hence for o1, o2 being UnOp of (ModelSP (Inf_seq S)) st ( for f being set st f in ModelSP (Inf_seq S) holds o1 . f = Not_0 (f,S) ) & ( for f being set st f in ModelSP (Inf_seq S) holds o2 . f = Not_0 (f,S) ) holds o1 = o2 ; ::_thesis: verum end; definition let S be non empty set ; func Not_ S -> UnOp of (ModelSP (Inf_seq S)) means :Def45: :: MODELC_2:def 45 for f being set st f in ModelSP (Inf_seq S) holds it . f = Not_0 (f,S); existence ex b1 being UnOp of (ModelSP (Inf_seq S)) st for f being set st f in ModelSP (Inf_seq S) holds b1 . f = Not_0 (f,S) proof set M = ModelSP (Inf_seq S); deffunc H1( set ) -> Element of ModelSP (Inf_seq S) = Not_0 ($1,S); ex o being UnOp of (ModelSP (Inf_seq S)) st for f being set st f in ModelSP (Inf_seq S) holds o . f = H1(f) from MODELC_1:sch_4(); hence ex b1 being UnOp of (ModelSP (Inf_seq S)) st for f being set st f in ModelSP (Inf_seq S) holds b1 . f = Not_0 (f,S) ; ::_thesis: verum end; uniqueness for b1, b2 being UnOp of (ModelSP (Inf_seq S)) st ( for f being set st f in ModelSP (Inf_seq S) holds b1 . f = Not_0 (f,S) ) & ( for f being set st f in ModelSP (Inf_seq S) holds b2 . f = Not_0 (f,S) ) holds b1 = b2 by Lm31; end; :: deftheorem Def45 defines Not_ MODELC_2:def_45_:_ for S being non empty set for b2 being UnOp of (ModelSP (Inf_seq S)) holds ( b2 = Not_ S iff for f being set st f in ModelSP (Inf_seq S) holds b2 . f = Not_0 (f,S) ); definition let S be non empty set ; let f be Function of (Inf_seq S),BOOLEAN; let t be set ; func Next_univ (t,f) -> Element of BOOLEAN equals :Def46: :: MODELC_2:def 46 TRUE if ( t is Element of Inf_seq S & f . (Shift (t,1,S)) = TRUE ) otherwise FALSE ; correctness coherence ( ( t is Element of Inf_seq S & f . (Shift (t,1,S)) = TRUE implies TRUE is Element of BOOLEAN ) & ( ( not t is Element of Inf_seq S or not f . (Shift (t,1,S)) = TRUE ) implies FALSE is Element of BOOLEAN ) ); consistency for b1 being Element of BOOLEAN holds verum; ; end; :: deftheorem Def46 defines Next_univ MODELC_2:def_46_:_ for S being non empty set for f being Function of (Inf_seq S),BOOLEAN for t being set holds ( ( t is Element of Inf_seq S & f . (Shift (t,1,S)) = TRUE implies Next_univ (t,f) = TRUE ) & ( ( not t is Element of Inf_seq S or not f . (Shift (t,1,S)) = TRUE ) implies Next_univ (t,f) = FALSE ) ); definition let S be non empty set ; let f be set ; func Next_0 (f,S) -> Element of ModelSP (Inf_seq S) means :Def47: :: MODELC_2:def 47 for t being set st t in Inf_seq S holds ( Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE iff (Fid (it,(Inf_seq S))) . t = TRUE ); existence ex b1 being Element of ModelSP (Inf_seq S) st for t being set st t in Inf_seq S holds ( Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) proof deffunc H1( set , Function of (Inf_seq S),BOOLEAN) -> Element of BOOLEAN = Next_univ ($1,$2); consider IT being set such that A1: ( IT in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S))) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) from MODELC_1:sch_2(); take IT ; ::_thesis: ( IT is Element of ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) thus ( IT is Element of ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) by A1; ::_thesis: verum end; uniqueness for b1, b2 being Element of ModelSP (Inf_seq S) st ( for t being set st t in Inf_seq S holds ( Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) ) & ( for t being set st t in Inf_seq S holds ( Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE iff (Fid (b2,(Inf_seq S))) . t = TRUE ) ) holds b1 = b2 proof deffunc H1( set , Function of (Inf_seq S),BOOLEAN) -> Element of BOOLEAN = Next_univ ($1,$2); for g1, g2 being set st g1 in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S))) = TRUE iff (Fid (g1,(Inf_seq S))) . t = TRUE ) ) & g2 in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S))) = TRUE iff (Fid (g2,(Inf_seq S))) . t = TRUE ) ) holds g1 = g2 from MODELC_1:sch_3(); hence for b1, b2 being Element of ModelSP (Inf_seq S) st ( for t being set st t in Inf_seq S holds ( Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) ) & ( for t being set st t in Inf_seq S holds ( Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE iff (Fid (b2,(Inf_seq S))) . t = TRUE ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def47 defines Next_0 MODELC_2:def_47_:_ for S being non empty set for f being set for b3 being Element of ModelSP (Inf_seq S) holds ( b3 = Next_0 (f,S) iff for t being set st t in Inf_seq S holds ( Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE iff (Fid (b3,(Inf_seq S))) . t = TRUE ) ); Lm32: for S being non empty set for o1, o2 being UnOp of (ModelSP (Inf_seq S)) st ( for f being set st f in ModelSP (Inf_seq S) holds o1 . f = Next_0 (f,S) ) & ( for f being set st f in ModelSP (Inf_seq S) holds o2 . f = Next_0 (f,S) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for o1, o2 being UnOp of (ModelSP (Inf_seq S)) st ( for f being set st f in ModelSP (Inf_seq S) holds o1 . f = Next_0 (f,S) ) & ( for f being set st f in ModelSP (Inf_seq S) holds o2 . f = Next_0 (f,S) ) holds o1 = o2 set M = ModelSP (Inf_seq S); deffunc H1( set ) -> Element of ModelSP (Inf_seq S) = Next_0 ($1,S); for o1, o2 being UnOp of (ModelSP (Inf_seq S)) st ( for f being set st f in ModelSP (Inf_seq S) holds o1 . f = H1(f) ) & ( for f being set st f in ModelSP (Inf_seq S) holds o2 . f = H1(f) ) holds o1 = o2 from MODELC_1:sch_5(); hence for o1, o2 being UnOp of (ModelSP (Inf_seq S)) st ( for f being set st f in ModelSP (Inf_seq S) holds o1 . f = Next_0 (f,S) ) & ( for f being set st f in ModelSP (Inf_seq S) holds o2 . f = Next_0 (f,S) ) holds o1 = o2 ; ::_thesis: verum end; definition let S be non empty set ; func Next_ S -> UnOp of (ModelSP (Inf_seq S)) means :Def48: :: MODELC_2:def 48 for f being set st f in ModelSP (Inf_seq S) holds it . f = Next_0 (f,S); existence ex b1 being UnOp of (ModelSP (Inf_seq S)) st for f being set st f in ModelSP (Inf_seq S) holds b1 . f = Next_0 (f,S) proof set M = ModelSP (Inf_seq S); deffunc H1( set ) -> Element of ModelSP (Inf_seq S) = Next_0 ($1,S); ex o being UnOp of (ModelSP (Inf_seq S)) st for f being set st f in ModelSP (Inf_seq S) holds o . f = H1(f) from MODELC_1:sch_4(); hence ex b1 being UnOp of (ModelSP (Inf_seq S)) st for f being set st f in ModelSP (Inf_seq S) holds b1 . f = Next_0 (f,S) ; ::_thesis: verum end; uniqueness for b1, b2 being UnOp of (ModelSP (Inf_seq S)) st ( for f being set st f in ModelSP (Inf_seq S) holds b1 . f = Next_0 (f,S) ) & ( for f being set st f in ModelSP (Inf_seq S) holds b2 . f = Next_0 (f,S) ) holds b1 = b2 by Lm32; end; :: deftheorem Def48 defines Next_ MODELC_2:def_48_:_ for S being non empty set for b2 being UnOp of (ModelSP (Inf_seq S)) holds ( b2 = Next_ S iff for f being set st f in ModelSP (Inf_seq S) holds b2 . f = Next_0 (f,S) ); definition let S be non empty set ; let f, g be set ; func And_0 (f,g,S) -> Element of ModelSP (Inf_seq S) means :Def49: :: MODELC_2:def 49 for t being set st t in Inf_seq S holds ( (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE iff (Fid (it,(Inf_seq S))) . t = TRUE ); existence ex b1 being Element of ModelSP (Inf_seq S) st for t being set st t in Inf_seq S holds ( (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) proof deffunc H1( set , Function of (Inf_seq S),BOOLEAN, Function of (Inf_seq S),BOOLEAN) -> set = (Castboolean ($2 . $1)) '&' (Castboolean ($3 . $1)); consider IT being set such that A1: ( IT in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S)), Fid (g,(Inf_seq S))) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) from MODELC_1:sch_6(); take IT ; ::_thesis: ( IT is Element of ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) thus ( IT is Element of ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) by A1; ::_thesis: verum end; uniqueness for b1, b2 being Element of ModelSP (Inf_seq S) st ( for t being set st t in Inf_seq S holds ( (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) ) & ( for t being set st t in Inf_seq S holds ( (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE iff (Fid (b2,(Inf_seq S))) . t = TRUE ) ) holds b1 = b2 proof deffunc H1( set , Function of (Inf_seq S),BOOLEAN, Function of (Inf_seq S),BOOLEAN) -> set = (Castboolean ($2 . $1)) '&' (Castboolean ($3 . $1)); for h1, h2 being set st h1 in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S)), Fid (g,(Inf_seq S))) = TRUE iff (Fid (h1,(Inf_seq S))) . t = TRUE ) ) & h2 in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S)), Fid (g,(Inf_seq S))) = TRUE iff (Fid (h2,(Inf_seq S))) . t = TRUE ) ) holds h1 = h2 from MODELC_1:sch_7(); hence for b1, b2 being Element of ModelSP (Inf_seq S) st ( for t being set st t in Inf_seq S holds ( (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) ) & ( for t being set st t in Inf_seq S holds ( (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE iff (Fid (b2,(Inf_seq S))) . t = TRUE ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def49 defines And_0 MODELC_2:def_49_:_ for S being non empty set for f, g being set for b4 being Element of ModelSP (Inf_seq S) holds ( b4 = And_0 (f,g,S) iff for t being set st t in Inf_seq S holds ( (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE iff (Fid (b4,(Inf_seq S))) . t = TRUE ) ); Lm33: for S being non empty set for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = And_0 (f,g,S) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = And_0 (f,g,S) ) holds o1 = o2 set M = ModelSP (Inf_seq S); deffunc H1( Element of ModelSP (Inf_seq S), Element of ModelSP (Inf_seq S)) -> Element of ModelSP (Inf_seq S) = And_0 ($1,$2,S); A1: for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being Element of ModelSP (Inf_seq S) holds o1 . (f,g) = H1(f,g) ) & ( for f, g being Element of ModelSP (Inf_seq S) holds o2 . (f,g) = H1(f,g) ) holds o1 = o2 from BINOP_2:sch_2(); for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = And_0 (f,g,S) ) holds o1 = o2 proof let o1, o2 be BinOp of (ModelSP (Inf_seq S)); ::_thesis: ( ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = And_0 (f,g,S) ) implies o1 = o2 ) assume ( ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = And_0 (f,g,S) ) ) ; ::_thesis: o1 = o2 then ( ( for f, g being Element of ModelSP (Inf_seq S) holds o1 . (f,g) = H1(f,g) ) & ( for f, g being Element of ModelSP (Inf_seq S) holds o2 . (f,g) = H1(f,g) ) ) ; hence o1 = o2 by A1; ::_thesis: verum end; hence for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = And_0 (f,g,S) ) holds o1 = o2 ; ::_thesis: verum end; definition let S be non empty set ; func And_ S -> BinOp of (ModelSP (Inf_seq S)) means :Def50: :: MODELC_2:def 50 for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds it . (f,g) = And_0 (f,g,S); existence ex b1 being BinOp of (ModelSP (Inf_seq S)) st for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = And_0 (f,g,S) proof set M = ModelSP (Inf_seq S); deffunc H1( Element of ModelSP (Inf_seq S), Element of ModelSP (Inf_seq S)) -> Element of ModelSP (Inf_seq S) = And_0 ($1,$2,S); consider o being BinOp of (ModelSP (Inf_seq S)) such that A1: for f, g being Element of ModelSP (Inf_seq S) holds o . (f,g) = H1(f,g) from BINOP_1:sch_4(); for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o . (f,g) = And_0 (f,g,S) by A1; hence ex b1 being BinOp of (ModelSP (Inf_seq S)) st for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = And_0 (f,g,S) ; ::_thesis: verum end; uniqueness for b1, b2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b2 . (f,g) = And_0 (f,g,S) ) holds b1 = b2 by Lm33; end; :: deftheorem Def50 defines And_ MODELC_2:def_50_:_ for S being non empty set for b2 being BinOp of (ModelSP (Inf_seq S)) holds ( b2 = And_ S iff for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b2 . (f,g) = And_0 (f,g,S) ); definition let S be non empty set ; let f, g be Function of (Inf_seq S),BOOLEAN; let t be set ; func Until_univ (t,f,g,S) -> Element of BOOLEAN equals :Def51: :: MODELC_2:def 51 TRUE if ( t is Element of Inf_seq S & ex m being Nat st ( ( for j being Nat st j < m holds f . (Shift (t,j,S)) = TRUE ) & g . (Shift (t,m,S)) = TRUE ) ) otherwise FALSE ; correctness coherence ( ( t is Element of Inf_seq S & ex m being Nat st ( ( for j being Nat st j < m holds f . (Shift (t,j,S)) = TRUE ) & g . (Shift (t,m,S)) = TRUE ) implies TRUE is Element of BOOLEAN ) & ( ( not t is Element of Inf_seq S or for m being Nat holds ( ex j being Nat st ( j < m & not f . (Shift (t,j,S)) = TRUE ) or not g . (Shift (t,m,S)) = TRUE ) ) implies FALSE is Element of BOOLEAN ) ); consistency for b1 being Element of BOOLEAN holds verum; ; end; :: deftheorem Def51 defines Until_univ MODELC_2:def_51_:_ for S being non empty set for f, g being Function of (Inf_seq S),BOOLEAN for t being set holds ( ( t is Element of Inf_seq S & ex m being Nat st ( ( for j being Nat st j < m holds f . (Shift (t,j,S)) = TRUE ) & g . (Shift (t,m,S)) = TRUE ) implies Until_univ (t,f,g,S) = TRUE ) & ( ( not t is Element of Inf_seq S or for m being Nat holds ( ex j being Nat st ( j < m & not f . (Shift (t,j,S)) = TRUE ) or not g . (Shift (t,m,S)) = TRUE ) ) implies Until_univ (t,f,g,S) = FALSE ) ); definition let S be non empty set ; let f, g be set ; func Until_0 (f,g,S) -> Element of ModelSP (Inf_seq S) means :Def52: :: MODELC_2:def 52 for t being set st t in Inf_seq S holds ( Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE iff (Fid (it,(Inf_seq S))) . t = TRUE ); existence ex b1 being Element of ModelSP (Inf_seq S) st for t being set st t in Inf_seq S holds ( Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) proof deffunc H1( set , Function of (Inf_seq S),BOOLEAN, Function of (Inf_seq S),BOOLEAN) -> Element of BOOLEAN = Until_univ ($1,$2,$3,S); consider IT being set such that A1: ( IT in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S)), Fid (g,(Inf_seq S))) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) from MODELC_1:sch_6(); take IT ; ::_thesis: ( IT is Element of ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) thus ( IT is Element of ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE iff (Fid (IT,(Inf_seq S))) . t = TRUE ) ) ) by A1; ::_thesis: verum end; uniqueness for b1, b2 being Element of ModelSP (Inf_seq S) st ( for t being set st t in Inf_seq S holds ( Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) ) & ( for t being set st t in Inf_seq S holds ( Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE iff (Fid (b2,(Inf_seq S))) . t = TRUE ) ) holds b1 = b2 proof deffunc H1( set , Function of (Inf_seq S),BOOLEAN, Function of (Inf_seq S),BOOLEAN) -> Element of BOOLEAN = Until_univ ($1,$2,$3,S); for h1, h2 being set st h1 in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S)), Fid (g,(Inf_seq S))) = TRUE iff (Fid (h1,(Inf_seq S))) . t = TRUE ) ) & h2 in ModelSP (Inf_seq S) & ( for t being set st t in Inf_seq S holds ( H1(t, Fid (f,(Inf_seq S)), Fid (g,(Inf_seq S))) = TRUE iff (Fid (h2,(Inf_seq S))) . t = TRUE ) ) holds h1 = h2 from MODELC_1:sch_7(); hence for b1, b2 being Element of ModelSP (Inf_seq S) st ( for t being set st t in Inf_seq S holds ( Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE iff (Fid (b1,(Inf_seq S))) . t = TRUE ) ) & ( for t being set st t in Inf_seq S holds ( Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE iff (Fid (b2,(Inf_seq S))) . t = TRUE ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def52 defines Until_0 MODELC_2:def_52_:_ for S being non empty set for f, g being set for b4 being Element of ModelSP (Inf_seq S) holds ( b4 = Until_0 (f,g,S) iff for t being set st t in Inf_seq S holds ( Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE iff (Fid (b4,(Inf_seq S))) . t = TRUE ) ); Lm34: for S being non empty set for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = Until_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = Until_0 (f,g,S) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = Until_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = Until_0 (f,g,S) ) holds o1 = o2 set M = ModelSP (Inf_seq S); deffunc H1( Element of ModelSP (Inf_seq S), Element of ModelSP (Inf_seq S)) -> Element of ModelSP (Inf_seq S) = Until_0 ($1,$2,S); A1: for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being Element of ModelSP (Inf_seq S) holds o1 . (f,g) = H1(f,g) ) & ( for f, g being Element of ModelSP (Inf_seq S) holds o2 . (f,g) = H1(f,g) ) holds o1 = o2 from BINOP_2:sch_2(); for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = Until_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = Until_0 (f,g,S) ) holds o1 = o2 proof let o1, o2 be BinOp of (ModelSP (Inf_seq S)); ::_thesis: ( ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = Until_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = Until_0 (f,g,S) ) implies o1 = o2 ) assume ( ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = Until_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = Until_0 (f,g,S) ) ) ; ::_thesis: o1 = o2 then ( ( for f, g being Element of ModelSP (Inf_seq S) holds o1 . (f,g) = H1(f,g) ) & ( for f, g being Element of ModelSP (Inf_seq S) holds o2 . (f,g) = H1(f,g) ) ) ; hence o1 = o2 by A1; ::_thesis: verum end; hence for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = Until_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = Until_0 (f,g,S) ) holds o1 = o2 ; ::_thesis: verum end; definition let S be non empty set ; func Until_ S -> BinOp of (ModelSP (Inf_seq S)) means :Def53: :: MODELC_2:def 53 for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds it . (f,g) = Until_0 (f,g,S); existence ex b1 being BinOp of (ModelSP (Inf_seq S)) st for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = Until_0 (f,g,S) proof set M = ModelSP (Inf_seq S); deffunc H1( Element of ModelSP (Inf_seq S), Element of ModelSP (Inf_seq S)) -> Element of ModelSP (Inf_seq S) = Until_0 ($1,$2,S); consider o being BinOp of (ModelSP (Inf_seq S)) such that A1: for f, g being Element of ModelSP (Inf_seq S) holds o . (f,g) = H1(f,g) from BINOP_1:sch_4(); for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o . (f,g) = Until_0 (f,g,S) by A1; hence ex b1 being BinOp of (ModelSP (Inf_seq S)) st for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = Until_0 (f,g,S) ; ::_thesis: verum end; uniqueness for b1, b2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = Until_0 (f,g,S) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b2 . (f,g) = Until_0 (f,g,S) ) holds b1 = b2 by Lm34; end; :: deftheorem Def53 defines Until_ MODELC_2:def_53_:_ for S being non empty set for b2 being BinOp of (ModelSP (Inf_seq S)) holds ( b2 = Until_ S iff for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b2 . (f,g) = Until_0 (f,g,S) ); Lm35: for S being non empty set for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) holds o1 = o2 set M = ModelSP (Inf_seq S); deffunc H1( Element of ModelSP (Inf_seq S), Element of ModelSP (Inf_seq S)) -> Element of ModelSP (Inf_seq S) = (Not_ S) . ((And_ S) . (((Not_ S) . $1),((Not_ S) . $2))); A1: for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being Element of ModelSP (Inf_seq S) holds o1 . (f,g) = H1(f,g) ) & ( for f, g being Element of ModelSP (Inf_seq S) holds o2 . (f,g) = H1(f,g) ) holds o1 = o2 from BINOP_2:sch_2(); for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) holds o1 = o2 proof let o1, o2 be BinOp of (ModelSP (Inf_seq S)); ::_thesis: ( ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) implies o1 = o2 ) assume ( ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) ) ; ::_thesis: o1 = o2 then ( ( for f, g being Element of ModelSP (Inf_seq S) holds o1 . (f,g) = H1(f,g) ) & ( for f, g being Element of ModelSP (Inf_seq S) holds o2 . (f,g) = H1(f,g) ) ) ; hence o1 = o2 by A1; ::_thesis: verum end; hence for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) holds o1 = o2 ; ::_thesis: verum end; Lm36: for S being non empty set for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) holds o1 = o2 set M = ModelSP (Inf_seq S); deffunc H1( Element of ModelSP (Inf_seq S), Element of ModelSP (Inf_seq S)) -> Element of ModelSP (Inf_seq S) = (Not_ S) . ((Until_ S) . (((Not_ S) . $1),((Not_ S) . $2))); A1: for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being Element of ModelSP (Inf_seq S) holds o1 . (f,g) = H1(f,g) ) & ( for f, g being Element of ModelSP (Inf_seq S) holds o2 . (f,g) = H1(f,g) ) holds o1 = o2 from BINOP_2:sch_2(); for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) holds o1 = o2 proof let o1, o2 be BinOp of (ModelSP (Inf_seq S)); ::_thesis: ( ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) implies o1 = o2 ) assume ( ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) ) ; ::_thesis: o1 = o2 then ( ( for f, g being Element of ModelSP (Inf_seq S) holds o1 . (f,g) = H1(f,g) ) & ( for f, g being Element of ModelSP (Inf_seq S) holds o2 . (f,g) = H1(f,g) ) ) ; hence o1 = o2 by A1; ::_thesis: verum end; hence for o1, o2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o1 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o2 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) holds o1 = o2 ; ::_thesis: verum end; definition let S be non empty set ; func Or_ S -> BinOp of (ModelSP (Inf_seq S)) means :Def54: :: MODELC_2:def 54 for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds it . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))); existence ex b1 being BinOp of (ModelSP (Inf_seq S)) st for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) proof set M = ModelSP (Inf_seq S); deffunc H1( Element of ModelSP (Inf_seq S), Element of ModelSP (Inf_seq S)) -> Element of ModelSP (Inf_seq S) = (Not_ S) . ((And_ S) . (((Not_ S) . $1),((Not_ S) . $2))); consider o being BinOp of (ModelSP (Inf_seq S)) such that A1: for f, g being Element of ModelSP (Inf_seq S) holds o . (f,g) = H1(f,g) from BINOP_1:sch_4(); for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) by A1; hence ex b1 being BinOp of (ModelSP (Inf_seq S)) st for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ; ::_thesis: verum end; uniqueness for b1, b2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b2 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ) holds b1 = b2 by Lm35; func Release_ S -> BinOp of (ModelSP (Inf_seq S)) means :Def55: :: MODELC_2:def 55 for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds it . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))); existence ex b1 being BinOp of (ModelSP (Inf_seq S)) st for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) proof set M = ModelSP (Inf_seq S); deffunc H1( Element of ModelSP (Inf_seq S), Element of ModelSP (Inf_seq S)) -> Element of ModelSP (Inf_seq S) = (Not_ S) . ((Until_ S) . (((Not_ S) . $1),((Not_ S) . $2))); consider o being BinOp of (ModelSP (Inf_seq S)) such that A2: for f, g being Element of ModelSP (Inf_seq S) holds o . (f,g) = H1(f,g) from BINOP_1:sch_4(); for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds o . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) by A2; hence ex b1 being BinOp of (ModelSP (Inf_seq S)) st for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ; ::_thesis: verum end; uniqueness for b1, b2 being BinOp of (ModelSP (Inf_seq S)) st ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b1 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) & ( for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b2 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ) holds b1 = b2 by Lm36; end; :: deftheorem Def54 defines Or_ MODELC_2:def_54_:_ for S being non empty set for b2 being BinOp of (ModelSP (Inf_seq S)) holds ( b2 = Or_ S iff for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b2 . (f,g) = (Not_ S) . ((And_ S) . (((Not_ S) . f),((Not_ S) . g))) ); :: deftheorem Def55 defines Release_ MODELC_2:def_55_:_ for S being non empty set for b2 being BinOp of (ModelSP (Inf_seq S)) holds ( b2 = Release_ S iff for f, g being set st f in ModelSP (Inf_seq S) & g in ModelSP (Inf_seq S) holds b2 . (f,g) = (Not_ S) . ((Until_ S) . (((Not_ S) . f),((Not_ S) . g))) ); definition let S be non empty set ; let BASSIGN be non empty Subset of (ModelSP (Inf_seq S)); func Inf_seqModel (S,BASSIGN) -> LTLModelStr equals :: MODELC_2:def 56 LTLModelStr(# (ModelSP (Inf_seq S)),BASSIGN,(And_ S),(Or_ S),(Not_ S),(Next_ S),(Until_ S),(Release_ S) #); coherence LTLModelStr(# (ModelSP (Inf_seq S)),BASSIGN,(And_ S),(Or_ S),(Not_ S),(Next_ S),(Until_ S),(Release_ S) #) is LTLModelStr ; end; :: deftheorem defines Inf_seqModel MODELC_2:def_56_:_ for S being non empty set for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) holds Inf_seqModel (S,BASSIGN) = LTLModelStr(# (ModelSP (Inf_seq S)),BASSIGN,(And_ S),(Or_ S),(Not_ S),(Next_ S),(Until_ S),(Release_ S) #); registration let S be non empty set ; let BASSIGN be non empty Subset of (ModelSP (Inf_seq S)); cluster Inf_seqModel (S,BASSIGN) -> non empty strict with_basic ; coherence ( Inf_seqModel (S,BASSIGN) is with_basic & Inf_seqModel (S,BASSIGN) is strict & not Inf_seqModel (S,BASSIGN) is empty ) proof thus not the BasicAssign of (Inf_seqModel (S,BASSIGN)) is empty ; :: according to MODELC_2:def_30 ::_thesis: ( Inf_seqModel (S,BASSIGN) is strict & not Inf_seqModel (S,BASSIGN) is empty ) thus ( Inf_seqModel (S,BASSIGN) is strict & not Inf_seqModel (S,BASSIGN) is empty ) ; ::_thesis: verum end; end; definition let S be non empty set ; let BASSIGN be non empty Subset of (ModelSP (Inf_seq S)); let t be Element of Inf_seq S; let f be Assign of (Inf_seqModel (S,BASSIGN)); predt |= f means :Def57: :: MODELC_2:def 57 (Fid (f,(Inf_seq S))) . t = TRUE ; end; :: deftheorem Def57 defines |= MODELC_2:def_57_:_ for S being non empty set for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f iff (Fid (f,(Inf_seq S))) . t = TRUE ); notation let S be non empty set ; let BASSIGN be non empty Subset of (ModelSP (Inf_seq S)); let t be Element of Inf_seq S; let f be Assign of (Inf_seqModel (S,BASSIGN)); antonym t |/= f for t |= f; end; theorem :: MODELC_2:56 for S being non empty set for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( f 'or' g = 'not' (('not' f) '&' ('not' g)) & f 'R' g = 'not' (('not' f) 'U' ('not' g)) ) by Def54, Def55; theorem Th57: :: MODELC_2:57 for S being non empty set for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= 'not' f iff t |/= f ) proof let S be non empty set ; ::_thesis: for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= 'not' f iff t |/= f ) let BASSIGN be non empty Subset of (ModelSP (Inf_seq S)); ::_thesis: for t being Element of Inf_seq S for f being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= 'not' f iff t |/= f ) let t be Element of Inf_seq S; ::_thesis: for f being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= 'not' f iff t |/= f ) let f be Assign of (Inf_seqModel (S,BASSIGN)); ::_thesis: ( t |= 'not' f iff t |/= f ) set S1 = Inf_seq S; A1: 'not' f = Not_0 (f,S) by Def45; thus ( t |= 'not' f implies t |/= f ) ::_thesis: ( t |/= f implies t |= 'not' f ) proof assume t |= 'not' f ; ::_thesis: t |/= f then (Fid (('not' f),(Inf_seq S))) . t = TRUE by Def57; then 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE by A1, Def44; then (Fid (f,(Inf_seq S))) . t = FALSE by MODELC_1:def_4; hence t |/= f by Def57; ::_thesis: verum end; assume t |/= f ; ::_thesis: t |= 'not' f then not (Fid (f,(Inf_seq S))) . t = TRUE by Def57; then not Castboolean ((Fid (f,(Inf_seq S))) . t) = TRUE by MODELC_1:def_4; then Castboolean ((Fid (f,(Inf_seq S))) . t) = FALSE by XBOOLEAN:def_3; then 'not' (Castboolean ((Fid (f,(Inf_seq S))) . t)) = TRUE ; then (Fid (('not' f),(Inf_seq S))) . t = TRUE by A1, Def44; hence t |= 'not' f by Def57; ::_thesis: verum end; theorem Th58: :: MODELC_2:58 for S being non empty set for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f '&' g iff ( t |= f & t |= g ) ) proof let S be non empty set ; ::_thesis: for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f '&' g iff ( t |= f & t |= g ) ) let BASSIGN be non empty Subset of (ModelSP (Inf_seq S)); ::_thesis: for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f '&' g iff ( t |= f & t |= g ) ) let t be Element of Inf_seq S; ::_thesis: for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f '&' g iff ( t |= f & t |= g ) ) let f, g be Assign of (Inf_seqModel (S,BASSIGN)); ::_thesis: ( t |= f '&' g iff ( t |= f & t |= g ) ) set S1 = Inf_seq S; A1: f '&' g = And_0 (f,g,S) by Def50; thus ( t |= f '&' g implies ( t |= f & t |= g ) ) ::_thesis: ( t |= f & t |= g implies t |= f '&' g ) proof assume t |= f '&' g ; ::_thesis: ( t |= f & t |= g ) then (Fid ((And_0 (f,g,S)),(Inf_seq S))) . t = TRUE by A1, Def57; then A2: (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE by Def49; then Castboolean ((Fid (g,(Inf_seq S))) . t) = TRUE by XBOOLEAN:101; then A3: (Fid (g,(Inf_seq S))) . t = TRUE by MODELC_1:def_4; Castboolean ((Fid (f,(Inf_seq S))) . t) = TRUE by A2, XBOOLEAN:101; then (Fid (f,(Inf_seq S))) . t = TRUE by MODELC_1:def_4; hence ( t |= f & t |= g ) by A3, Def57; ::_thesis: verum end; assume ( t |= f & t |= g ) ; ::_thesis: t |= f '&' g then ( (Fid (f,(Inf_seq S))) . t = TRUE & (Fid (g,(Inf_seq S))) . t = TRUE ) by Def57; then (Castboolean ((Fid (f,(Inf_seq S))) . t)) '&' (Castboolean ((Fid (g,(Inf_seq S))) . t)) = TRUE by MODELC_1:def_4; then (Fid ((f '&' g),(Inf_seq S))) . t = TRUE by A1, Def49; hence t |= f '&' g by Def57; ::_thesis: verum end; theorem Th59: :: MODELC_2:59 for S being non empty set for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= 'X' f iff Shift (t,1) |= f ) proof let S be non empty set ; ::_thesis: for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= 'X' f iff Shift (t,1) |= f ) let BASSIGN be non empty Subset of (ModelSP (Inf_seq S)); ::_thesis: for t being Element of Inf_seq S for f being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= 'X' f iff Shift (t,1) |= f ) let t be Element of Inf_seq S; ::_thesis: for f being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= 'X' f iff Shift (t,1) |= f ) let f be Assign of (Inf_seqModel (S,BASSIGN)); ::_thesis: ( t |= 'X' f iff Shift (t,1) |= f ) set S1 = Inf_seq S; set t1 = Shift (t,1); set t1p = Shift (t,1,S); A1: 'X' f = Next_0 (f,S) by Def48; thus ( t |= 'X' f implies Shift (t,1) |= f ) ::_thesis: ( Shift (t,1) |= f implies t |= 'X' f ) proof assume t |= 'X' f ; ::_thesis: Shift (t,1) |= f then (Fid ((Next_0 (f,S)),(Inf_seq S))) . t = TRUE by A1, Def57; then Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE by Def47; then (Fid (f,(Inf_seq S))) . (Shift (t,1,S)) = TRUE by Def46; hence Shift (t,1) |= f by Def57; ::_thesis: verum end; assume Shift (t,1) |= f ; ::_thesis: t |= 'X' f then (Fid (f,(Inf_seq S))) . (Shift (t,1)) = TRUE by Def57; then Next_univ (t,(Fid (f,(Inf_seq S)))) = TRUE by Def46; then (Fid (('X' f),(Inf_seq S))) . t = TRUE by A1, Def47; hence t |= 'X' f by Def57; ::_thesis: verum end; theorem Th60: :: MODELC_2:60 for S being non empty set for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'U' g iff ex m being Nat st ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) ) proof let S be non empty set ; ::_thesis: for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'U' g iff ex m being Nat st ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) ) let BASSIGN be non empty Subset of (ModelSP (Inf_seq S)); ::_thesis: for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'U' g iff ex m being Nat st ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) ) let t be Element of Inf_seq S; ::_thesis: for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'U' g iff ex m being Nat st ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) ) let f, g be Assign of (Inf_seqModel (S,BASSIGN)); ::_thesis: ( t |= f 'U' g iff ex m being Nat st ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) ) set S1 = Inf_seq S; A1: f 'U' g = Until_0 (f,g,S) by Def53; A2: ( ex m being Nat st ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) implies t |= f 'U' g ) proof assume A3: ex m being Nat st ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) ; ::_thesis: t |= f 'U' g ex m being Nat st ( ( for j being Nat st j < m holds (Fid (f,(Inf_seq S))) . (Shift (t,j,S)) = TRUE ) & (Fid (g,(Inf_seq S))) . (Shift (t,m,S)) = TRUE ) proof consider m being Nat such that A4: for j being Nat st j < m holds Shift (t,j) |= f and A5: Shift (t,m) |= g by A3; take m ; ::_thesis: ( ( for j being Nat st j < m holds (Fid (f,(Inf_seq S))) . (Shift (t,j,S)) = TRUE ) & (Fid (g,(Inf_seq S))) . (Shift (t,m,S)) = TRUE ) for j being Nat st j < m holds (Fid (f,(Inf_seq S))) . (Shift (t,j,S)) = TRUE proof let j be Nat; ::_thesis: ( j < m implies (Fid (f,(Inf_seq S))) . (Shift (t,j,S)) = TRUE ) assume j < m ; ::_thesis: (Fid (f,(Inf_seq S))) . (Shift (t,j,S)) = TRUE then Shift (t,j) |= f by A4; hence (Fid (f,(Inf_seq S))) . (Shift (t,j,S)) = TRUE by Def57; ::_thesis: verum end; hence ( ( for j being Nat st j < m holds (Fid (f,(Inf_seq S))) . (Shift (t,j,S)) = TRUE ) & (Fid (g,(Inf_seq S))) . (Shift (t,m,S)) = TRUE ) by A5, Def57; ::_thesis: verum end; then Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE by Def51; then (Fid ((f 'U' g),(Inf_seq S))) . t = TRUE by A1, Def52; hence t |= f 'U' g by Def57; ::_thesis: verum end; ( t |= f 'U' g implies ex m being Nat st ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) ) proof assume t |= f 'U' g ; ::_thesis: ex m being Nat st ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) then (Fid ((Until_0 (f,g,S)),(Inf_seq S))) . t = TRUE by A1, Def57; then Until_univ (t,(Fid (f,(Inf_seq S))),(Fid (g,(Inf_seq S))),S) = TRUE by Def52; then consider m being Nat such that A6: for j being Nat st j < m holds (Fid (f,(Inf_seq S))) . (Shift (t,j,S)) = TRUE and A7: (Fid (g,(Inf_seq S))) . (Shift (t,m,S)) = TRUE by Def51; take m ; ::_thesis: ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) for j being Nat st j < m holds Shift (t,j) |= f proof let j be Nat; ::_thesis: ( j < m implies Shift (t,j) |= f ) assume A8: j < m ; ::_thesis: Shift (t,j) |= f set t1 = Shift (t,j); (Fid (f,(Inf_seq S))) . (Shift (t,j)) = TRUE by A6, A8; hence Shift (t,j) |= f by Def57; ::_thesis: verum end; hence ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) by A7, Def57; ::_thesis: verum end; hence ( t |= f 'U' g iff ex m being Nat st ( ( for j being Nat st j < m holds Shift (t,j) |= f ) & Shift (t,m) |= g ) ) by A2; ::_thesis: verum end; theorem Th61: :: MODELC_2:61 for S being non empty set for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'or' g iff ( t |= f or t |= g ) ) proof let S be non empty set ; ::_thesis: for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'or' g iff ( t |= f or t |= g ) ) let BASSIGN be non empty Subset of (ModelSP (Inf_seq S)); ::_thesis: for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'or' g iff ( t |= f or t |= g ) ) let t be Element of Inf_seq S; ::_thesis: for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'or' g iff ( t |= f or t |= g ) ) let f, g be Assign of (Inf_seqModel (S,BASSIGN)); ::_thesis: ( t |= f 'or' g iff ( t |= f or t |= g ) ) ( t |= f 'or' g iff t |= 'not' (('not' f) '&' ('not' g)) ) by Def54; then ( t |= f 'or' g iff not t |= ('not' f) '&' ('not' g) ) by Th57; then ( t |= f 'or' g iff ( not t |= 'not' f or not t |= 'not' g ) ) by Th58; hence ( t |= f 'or' g iff ( t |= f or t |= g ) ) by Th57; ::_thesis: verum end; theorem Th62: :: MODELC_2:62 for S being non empty set for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'R' g iff for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g ) proof let S be non empty set ; ::_thesis: for BASSIGN being non empty Subset of (ModelSP (Inf_seq S)) for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'R' g iff for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g ) let BASSIGN be non empty Subset of (ModelSP (Inf_seq S)); ::_thesis: for t being Element of Inf_seq S for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'R' g iff for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g ) let t be Element of Inf_seq S; ::_thesis: for f, g being Assign of (Inf_seqModel (S,BASSIGN)) holds ( t |= f 'R' g iff for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g ) let f, g be Assign of (Inf_seqModel (S,BASSIGN)); ::_thesis: ( t |= f 'R' g iff for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g ) A1: ( ( for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |/= 'not' g ) implies for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g ) proof assume A2: for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |/= 'not' g ; ::_thesis: for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g proof let m be Nat; ::_thesis: ( ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) implies Shift (t,m) |= g ) ( ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) implies Shift (t,m) |/= 'not' g ) by A2; hence ( ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) implies Shift (t,m) |= g ) by Th57; ::_thesis: verum end; hence for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g ; ::_thesis: verum end; A3: ( ( for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g ) implies for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |/= 'not' g ) proof assume A4: for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g ; ::_thesis: for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |/= 'not' g for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |/= 'not' g proof let m be Nat; ::_thesis: ( ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) implies Shift (t,m) |/= 'not' g ) ( ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) implies Shift (t,m) |= g ) by A4; hence ( ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) implies Shift (t,m) |/= 'not' g ) by Th57; ::_thesis: verum end; hence for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |/= 'not' g ; ::_thesis: verum end; ( t |= f 'R' g iff t |= 'not' (('not' f) 'U' ('not' g)) ) by Def55; then ( t |= f 'R' g iff not t |= ('not' f) 'U' ('not' g) ) by Th57; hence ( t |= f 'R' g iff for m being Nat st ( for j being Nat st j < m holds Shift (t,j) |= 'not' f ) holds Shift (t,m) |= g ) by A1, A3, Th60; ::_thesis: verum end; definition func AtomicFamily -> non empty set equals :: MODELC_2:def 58 bool atomic_LTL; correctness coherence bool atomic_LTL is non empty set ; ; end; :: deftheorem defines AtomicFamily MODELC_2:def_58_:_ AtomicFamily = bool atomic_LTL; definition let a, t be set ; func AtomicFunc (a,t) -> Element of BOOLEAN equals :Def59: :: MODELC_2:def 59 TRUE if ( t in Inf_seq AtomicFamily & a in (CastSeq (t,AtomicFamily)) . 0 ) otherwise FALSE ; correctness coherence ( ( t in Inf_seq AtomicFamily & a in (CastSeq (t,AtomicFamily)) . 0 implies TRUE is Element of BOOLEAN ) & ( ( not t in Inf_seq AtomicFamily or not a in (CastSeq (t,AtomicFamily)) . 0 ) implies FALSE is Element of BOOLEAN ) ); consistency for b1 being Element of BOOLEAN holds verum; ; end; :: deftheorem Def59 defines AtomicFunc MODELC_2:def_59_:_ for a, t being set holds ( ( t in Inf_seq AtomicFamily & a in (CastSeq (t,AtomicFamily)) . 0 implies AtomicFunc (a,t) = TRUE ) & ( ( not t in Inf_seq AtomicFamily or not a in (CastSeq (t,AtomicFamily)) . 0 ) implies AtomicFunc (a,t) = FALSE ) ); Lm37: for S being non empty set for f1, f2 being set st f1 in ModelSP S & f2 in ModelSP S & Fid (f1,S) = Fid (f2,S) holds f1 = f2 proof let S be non empty set ; ::_thesis: for f1, f2 being set st f1 in ModelSP S & f2 in ModelSP S & Fid (f1,S) = Fid (f2,S) holds f1 = f2 let f1, f2 be set ; ::_thesis: ( f1 in ModelSP S & f2 in ModelSP S & Fid (f1,S) = Fid (f2,S) implies f1 = f2 ) assume that A1: f1 in ModelSP S and A2: f2 in ModelSP S ; ::_thesis: ( not Fid (f1,S) = Fid (f2,S) or f1 = f2 ) assume A3: Fid (f1,S) = Fid (f2,S) ; ::_thesis: f1 = f2 Fid (f1,S) = f1 by A1, MODELC_1:def_41; hence f1 = f2 by A2, A3, MODELC_1:def_41; ::_thesis: verum end; definition let a be set ; func AtomicAsgn a -> Element of ModelSP (Inf_seq AtomicFamily) means :Def60: :: MODELC_2:def 60 for t being set st t in Inf_seq AtomicFamily holds (Fid (it,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t); existence ex b1 being Element of ModelSP (Inf_seq AtomicFamily) st for t being set st t in Inf_seq AtomicFamily holds (Fid (b1,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) proof deffunc H1( set ) -> Element of BOOLEAN = AtomicFunc (a,$1); A1: for x being set st x in Inf_seq AtomicFamily holds H1(x) in BOOLEAN ; consider IT being Function of (Inf_seq AtomicFamily),BOOLEAN such that A2: for x being set st x in Inf_seq AtomicFamily holds IT . x = H1(x) from FUNCT_2:sch_2(A1); reconsider IT = IT as Element of Funcs ((Inf_seq AtomicFamily),BOOLEAN) by FUNCT_2:8; reconsider IT = IT as Element of ModelSP (Inf_seq AtomicFamily) by MODELC_1:def_40; take IT ; ::_thesis: for t being set st t in Inf_seq AtomicFamily holds (Fid (IT,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) for t being set st t in Inf_seq AtomicFamily holds (Fid (IT,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) proof reconsider IT = IT as Function of (Inf_seq AtomicFamily),BOOLEAN ; let t be set ; ::_thesis: ( t in Inf_seq AtomicFamily implies (Fid (IT,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ) assume A3: t in Inf_seq AtomicFamily ; ::_thesis: (Fid (IT,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) (Fid (IT,(Inf_seq AtomicFamily))) . t = IT . t by MODELC_1:def_41 .= AtomicFunc (a,t) by A2, A3 ; hence (Fid (IT,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ; ::_thesis: verum end; hence for t being set st t in Inf_seq AtomicFamily holds (Fid (IT,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ; ::_thesis: verum end; uniqueness for b1, b2 being Element of ModelSP (Inf_seq AtomicFamily) st ( for t being set st t in Inf_seq AtomicFamily holds (Fid (b1,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ) & ( for t being set st t in Inf_seq AtomicFamily holds (Fid (b2,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ) holds b1 = b2 proof for f1, f2 being Element of ModelSP (Inf_seq AtomicFamily) st ( for t being set st t in Inf_seq AtomicFamily holds (Fid (f1,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ) & ( for t being set st t in Inf_seq AtomicFamily holds (Fid (f2,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ) holds f1 = f2 proof let f1, f2 be Element of ModelSP (Inf_seq AtomicFamily); ::_thesis: ( ( for t being set st t in Inf_seq AtomicFamily holds (Fid (f1,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ) & ( for t being set st t in Inf_seq AtomicFamily holds (Fid (f2,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ) implies f1 = f2 ) assume that A4: for t being set st t in Inf_seq AtomicFamily holds (Fid (f1,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) and A5: for t being set st t in Inf_seq AtomicFamily holds (Fid (f2,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ; ::_thesis: f1 = f2 for t being set st t in Inf_seq AtomicFamily holds (Fid (f1,(Inf_seq AtomicFamily))) . t = (Fid (f2,(Inf_seq AtomicFamily))) . t proof let t be set ; ::_thesis: ( t in Inf_seq AtomicFamily implies (Fid (f1,(Inf_seq AtomicFamily))) . t = (Fid (f2,(Inf_seq AtomicFamily))) . t ) assume A6: t in Inf_seq AtomicFamily ; ::_thesis: (Fid (f1,(Inf_seq AtomicFamily))) . t = (Fid (f2,(Inf_seq AtomicFamily))) . t (Fid (f1,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) by A4, A6; hence (Fid (f1,(Inf_seq AtomicFamily))) . t = (Fid (f2,(Inf_seq AtomicFamily))) . t by A5, A6; ::_thesis: verum end; hence f1 = f2 by Lm37, FUNCT_2:12; ::_thesis: verum end; hence for b1, b2 being Element of ModelSP (Inf_seq AtomicFamily) st ( for t being set st t in Inf_seq AtomicFamily holds (Fid (b1,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ) & ( for t being set st t in Inf_seq AtomicFamily holds (Fid (b2,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def60 defines AtomicAsgn MODELC_2:def_60_:_ for a being set for b2 being Element of ModelSP (Inf_seq AtomicFamily) holds ( b2 = AtomicAsgn a iff for t being set st t in Inf_seq AtomicFamily holds (Fid (b2,(Inf_seq AtomicFamily))) . t = AtomicFunc (a,t) ); definition func AtomicBasicAsgn -> non empty Subset of (ModelSP (Inf_seq AtomicFamily)) equals :: MODELC_2:def 61 { x where x is Element of ModelSP (Inf_seq AtomicFamily) : ex a being set st x = AtomicAsgn a } ; correctness coherence { x where x is Element of ModelSP (Inf_seq AtomicFamily) : ex a being set st x = AtomicAsgn a } is non empty Subset of (ModelSP (Inf_seq AtomicFamily)); proof set Y = ModelSP (Inf_seq AtomicFamily); set z = AtomicAsgn {}; set M = { x where x is Element of ModelSP (Inf_seq AtomicFamily) : ex a being set st x = AtomicAsgn a } ; A1: { x where x is Element of ModelSP (Inf_seq AtomicFamily) : ex a being set st x = AtomicAsgn a } c= ModelSP (Inf_seq AtomicFamily) proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in { x where x is Element of ModelSP (Inf_seq AtomicFamily) : ex a being set st x = AtomicAsgn a } or x in ModelSP (Inf_seq AtomicFamily) ) assume x in { x where x is Element of ModelSP (Inf_seq AtomicFamily) : ex a being set st x = AtomicAsgn a } ; ::_thesis: x in ModelSP (Inf_seq AtomicFamily) then ex y being Element of ModelSP (Inf_seq AtomicFamily) st ( x = y & ex a being set st y = AtomicAsgn a ) ; hence x in ModelSP (Inf_seq AtomicFamily) ; ::_thesis: verum end; AtomicAsgn {} in { x where x is Element of ModelSP (Inf_seq AtomicFamily) : ex a being set st x = AtomicAsgn a } ; hence { x where x is Element of ModelSP (Inf_seq AtomicFamily) : ex a being set st x = AtomicAsgn a } is non empty Subset of (ModelSP (Inf_seq AtomicFamily)) by A1; ::_thesis: verum end; end; :: deftheorem defines AtomicBasicAsgn MODELC_2:def_61_:_ AtomicBasicAsgn = { x where x is Element of ModelSP (Inf_seq AtomicFamily) : ex a being set st x = AtomicAsgn a } ; definition func AtomicKai -> Function of atomic_LTL, the BasicAssign of (Inf_seqModel (AtomicFamily,AtomicBasicAsgn)) means :Def62: :: MODELC_2:def 62 for a being set st a in atomic_LTL holds it . a = AtomicAsgn a; existence ex b1 being Function of atomic_LTL, the BasicAssign of (Inf_seqModel (AtomicFamily,AtomicBasicAsgn)) st for a being set st a in atomic_LTL holds b1 . a = AtomicAsgn a proof deffunc H1( set ) -> Element of ModelSP (Inf_seq AtomicFamily) = AtomicAsgn $1; A1: for a being set st a in atomic_LTL holds H1(a) in the BasicAssign of (Inf_seqModel (AtomicFamily,AtomicBasicAsgn)) ; consider IT being Function of atomic_LTL, the BasicAssign of (Inf_seqModel (AtomicFamily,AtomicBasicAsgn)) such that A2: for a being set st a in atomic_LTL holds IT . a = H1(a) from FUNCT_2:sch_2(A1); take IT ; ::_thesis: for a being set st a in atomic_LTL holds IT . a = AtomicAsgn a thus for a being set st a in atomic_LTL holds IT . a = AtomicAsgn a by A2; ::_thesis: verum end; uniqueness for b1, b2 being Function of atomic_LTL, the BasicAssign of (Inf_seqModel (AtomicFamily,AtomicBasicAsgn)) st ( for a being set st a in atomic_LTL holds b1 . a = AtomicAsgn a ) & ( for a being set st a in atomic_LTL holds b2 . a = AtomicAsgn a ) holds b1 = b2 proof for f1, f2 being Function of atomic_LTL, the BasicAssign of (Inf_seqModel (AtomicFamily,AtomicBasicAsgn)) st ( for a being set st a in atomic_LTL holds f1 . a = AtomicAsgn a ) & ( for a being set st a in atomic_LTL holds f2 . a = AtomicAsgn a ) holds f1 = f2 proof let f1, f2 be Function of atomic_LTL, the BasicAssign of (Inf_seqModel (AtomicFamily,AtomicBasicAsgn)); ::_thesis: ( ( for a being set st a in atomic_LTL holds f1 . a = AtomicAsgn a ) & ( for a being set st a in atomic_LTL holds f2 . a = AtomicAsgn a ) implies f1 = f2 ) assume that A3: for a being set st a in atomic_LTL holds f1 . a = AtomicAsgn a and A4: for a being set st a in atomic_LTL holds f2 . a = AtomicAsgn a ; ::_thesis: f1 = f2 for a being set st a in atomic_LTL holds f1 . a = f2 . a proof let a be set ; ::_thesis: ( a in atomic_LTL implies f1 . a = f2 . a ) assume A5: a in atomic_LTL ; ::_thesis: f1 . a = f2 . a f1 . a = AtomicAsgn a by A3, A5; hence f1 . a = f2 . a by A4, A5; ::_thesis: verum end; hence f1 = f2 by FUNCT_2:12; ::_thesis: verum end; hence for b1, b2 being Function of atomic_LTL, the BasicAssign of (Inf_seqModel (AtomicFamily,AtomicBasicAsgn)) st ( for a being set st a in atomic_LTL holds b1 . a = AtomicAsgn a ) & ( for a being set st a in atomic_LTL holds b2 . a = AtomicAsgn a ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def62 defines AtomicKai MODELC_2:def_62_:_ for b1 being Function of atomic_LTL, the BasicAssign of (Inf_seqModel (AtomicFamily,AtomicBasicAsgn)) holds ( b1 = AtomicKai iff for a being set st a in atomic_LTL holds b1 . a = AtomicAsgn a ); definition let r be Element of Inf_seq AtomicFamily; let H be LTL-formula; predr |= H means :Def63: :: MODELC_2:def 63 r |= Evaluate (H,AtomicKai); end; :: deftheorem Def63 defines |= MODELC_2:def_63_:_ for r being Element of Inf_seq AtomicFamily for H being LTL-formula holds ( r |= H iff r |= Evaluate (H,AtomicKai) ); notation let r be Element of Inf_seq AtomicFamily; let H be LTL-formula; antonym r |/= H for r |= H; end; definition let r be Element of Inf_seq AtomicFamily; let W be Subset of LTL_WFF; predr |= W means :Def64: :: MODELC_2:def 64 for H being LTL-formula st H in W holds r |= H; end; :: deftheorem Def64 defines |= MODELC_2:def_64_:_ for r being Element of Inf_seq AtomicFamily for W being Subset of LTL_WFF holds ( r |= W iff for H being LTL-formula st H in W holds r |= H ); notation let r be Element of Inf_seq AtomicFamily; let W be Subset of LTL_WFF; antonym r |/= W for r |= W; end; definition let W be Subset of LTL_WFF; func 'X' W -> Subset of LTL_WFF equals :: MODELC_2:def 65 { x where x is LTL-formula : ex u being LTL-formula st ( u in W & x = 'X' u ) } ; correctness coherence { x where x is LTL-formula : ex u being LTL-formula st ( u in W & x = 'X' u ) } is Subset of LTL_WFF; proof set X = { x where x is LTL-formula : ex u being LTL-formula st ( u in W & x = 'X' u ) } ; { x where x is LTL-formula : ex u being LTL-formula st ( u in W & x = 'X' u ) } c= LTL_WFF proof let y be set ; :: according to TARSKI:def_3 ::_thesis: ( not y in { x where x is LTL-formula : ex u being LTL-formula st ( u in W & x = 'X' u ) } or y in LTL_WFF ) assume y in { x where x is LTL-formula : ex u being LTL-formula st ( u in W & x = 'X' u ) } ; ::_thesis: y in LTL_WFF then ex x being LTL-formula st ( y = x & ex u being LTL-formula st ( u in W & x = 'X' u ) ) ; hence y in LTL_WFF by Th1; ::_thesis: verum end; hence { x where x is LTL-formula : ex u being LTL-formula st ( u in W & x = 'X' u ) } is Subset of LTL_WFF ; ::_thesis: verum end; end; :: deftheorem defines 'X' MODELC_2:def_65_:_ for W being Subset of LTL_WFF holds 'X' W = { x where x is LTL-formula : ex u being LTL-formula st ( u in W & x = 'X' u ) } ; theorem :: MODELC_2:63 for H being LTL-formula for r being Element of Inf_seq AtomicFamily st H is atomic holds ( r |= H iff H in (CastSeq (r,AtomicFamily)) . 0 ) proof let H be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily st H is atomic holds ( r |= H iff H in (CastSeq (r,AtomicFamily)) . 0 ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( H is atomic implies ( r |= H iff H in (CastSeq (r,AtomicFamily)) . 0 ) ) assume A1: H is atomic ; ::_thesis: ( r |= H iff H in (CastSeq (r,AtomicFamily)) . 0 ) then A2: H in atomic_LTL ; A3: ( r |= H iff r |= Evaluate (H,AtomicKai) ) by Def63; ex f being Function of LTL_WFF, the carrier of (Inf_seqModel (AtomicFamily,AtomicBasicAsgn)) st ( f is-Evaluation-for AtomicKai & Evaluate (H,AtomicKai) = f . H ) by Def35; then Evaluate (H,AtomicKai) = AtomicKai . H by A1, Def27 .= AtomicAsgn H by A2, Def62 ; then ( r |= H iff (Fid ((AtomicAsgn H),(Inf_seq AtomicFamily))) . r = TRUE ) by A3, Def57; then ( r |= H iff AtomicFunc (H,r) = TRUE ) by Def60; hence ( r |= H iff H in (CastSeq (r,AtomicFamily)) . 0 ) by Def59; ::_thesis: verum end; theorem Th64: :: MODELC_2:64 for H being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= 'not' H iff r |/= H ) proof let H be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= 'not' H iff r |/= H ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= 'not' H iff r |/= H ) ( r |= 'not' H iff r |= Evaluate (('not' H),AtomicKai) ) by Def63; then ( r |= 'not' H iff r |= 'not' (Evaluate (H,AtomicKai)) ) by Th50; then ( r |= 'not' H iff r |/= Evaluate (H,AtomicKai) ) by Th57; hence ( r |= 'not' H iff r |/= H ) by Def63; ::_thesis: verum end; theorem Th65: :: MODELC_2:65 for H1, H2 being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= H1 '&' H2 iff ( r |= H1 & r |= H2 ) ) proof let H1, H2 be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= H1 '&' H2 iff ( r |= H1 & r |= H2 ) ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= H1 '&' H2 iff ( r |= H1 & r |= H2 ) ) ( r |= H1 '&' H2 iff r |= Evaluate ((H1 '&' H2),AtomicKai) ) by Def63; then ( r |= H1 '&' H2 iff r |= (Evaluate (H1,AtomicKai)) '&' (Evaluate (H2,AtomicKai)) ) by Th51; then ( r |= H1 '&' H2 iff ( r |= Evaluate (H1,AtomicKai) & r |= Evaluate (H2,AtomicKai) ) ) by Th58; hence ( r |= H1 '&' H2 iff ( r |= H1 & r |= H2 ) ) by Def63; ::_thesis: verum end; theorem Th66: :: MODELC_2:66 for H1, H2 being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'or' H2 iff ( r |= H1 or r |= H2 ) ) proof let H1, H2 be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'or' H2 iff ( r |= H1 or r |= H2 ) ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= H1 'or' H2 iff ( r |= H1 or r |= H2 ) ) ( r |= H1 'or' H2 iff r |= Evaluate ((H1 'or' H2),AtomicKai) ) by Def63; then ( r |= H1 'or' H2 iff r |= (Evaluate (H1,AtomicKai)) 'or' (Evaluate (H2,AtomicKai)) ) by Th52; then ( r |= H1 'or' H2 iff ( r |= Evaluate (H1,AtomicKai) or r |= Evaluate (H2,AtomicKai) ) ) by Th61; hence ( r |= H1 'or' H2 iff ( r |= H1 or r |= H2 ) ) by Def63; ::_thesis: verum end; theorem Th67: :: MODELC_2:67 for H being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= 'X' H iff Shift (r,1) |= H ) proof let H be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= 'X' H iff Shift (r,1) |= H ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= 'X' H iff Shift (r,1) |= H ) ( r |= 'X' H iff r |= Evaluate (('X' H),AtomicKai) ) by Def63; then ( r |= 'X' H iff r |= 'X' (Evaluate (H,AtomicKai)) ) by Th53; then ( r |= 'X' H iff Shift (r,1) |= Evaluate (H,AtomicKai) ) by Th59; hence ( r |= 'X' H iff Shift (r,1) |= H ) by Def63; ::_thesis: verum end; theorem Th68: :: MODELC_2:68 for H1, H2 being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'U' H2 iff ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) ) proof let H1, H2 be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'U' H2 iff ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= H1 'U' H2 iff ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) ) A1: ( ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= Evaluate (H1,AtomicKai) ) & Shift (r,m) |= Evaluate (H2,AtomicKai) ) implies ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) ) proof assume ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= Evaluate (H1,AtomicKai) ) & Shift (r,m) |= Evaluate (H2,AtomicKai) ) ; ::_thesis: ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) then consider m being Nat such that A2: for j being Nat st j < m holds Shift (r,j) |= Evaluate (H1,AtomicKai) and A3: Shift (r,m) |= Evaluate (H2,AtomicKai) ; take m ; ::_thesis: ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) for j being Nat st j < m holds Shift (r,j) |= H1 proof let j be Nat; ::_thesis: ( j < m implies Shift (r,j) |= H1 ) assume j < m ; ::_thesis: Shift (r,j) |= H1 then Shift (r,j) |= Evaluate (H1,AtomicKai) by A2; hence Shift (r,j) |= H1 by Def63; ::_thesis: verum end; hence ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) by A3, Def63; ::_thesis: verum end; A4: ( ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) implies ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= Evaluate (H1,AtomicKai) ) & Shift (r,m) |= Evaluate (H2,AtomicKai) ) ) proof assume ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) ; ::_thesis: ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= Evaluate (H1,AtomicKai) ) & Shift (r,m) |= Evaluate (H2,AtomicKai) ) then consider m being Nat such that A5: for j being Nat st j < m holds Shift (r,j) |= H1 and A6: Shift (r,m) |= H2 ; take m ; ::_thesis: ( ( for j being Nat st j < m holds Shift (r,j) |= Evaluate (H1,AtomicKai) ) & Shift (r,m) |= Evaluate (H2,AtomicKai) ) for j being Nat st j < m holds Shift (r,j) |= Evaluate (H1,AtomicKai) proof let j be Nat; ::_thesis: ( j < m implies Shift (r,j) |= Evaluate (H1,AtomicKai) ) assume j < m ; ::_thesis: Shift (r,j) |= Evaluate (H1,AtomicKai) then Shift (r,j) |= H1 by A5; hence Shift (r,j) |= Evaluate (H1,AtomicKai) by Def63; ::_thesis: verum end; hence ( ( for j being Nat st j < m holds Shift (r,j) |= Evaluate (H1,AtomicKai) ) & Shift (r,m) |= Evaluate (H2,AtomicKai) ) by A6, Def63; ::_thesis: verum end; ( r |= H1 'U' H2 iff r |= Evaluate ((H1 'U' H2),AtomicKai) ) by Def63; then ( r |= H1 'U' H2 iff r |= (Evaluate (H1,AtomicKai)) 'U' (Evaluate (H2,AtomicKai)) ) by Th54; hence ( r |= H1 'U' H2 iff ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) ) by A1, A4, Th60; ::_thesis: verum end; theorem :: MODELC_2:69 for H1, H2 being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'R' H2 iff for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) holds Shift (r,m) |= H2 ) proof let H1, H2 be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'R' H2 iff for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) holds Shift (r,m) |= H2 ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= H1 'R' H2 iff for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) holds Shift (r,m) |= H2 ) A1: ( ( for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ) holds Shift (r,m) |= Evaluate (H2,AtomicKai) ) implies for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) holds Shift (r,m) |= H2 ) proof assume A2: for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ) holds Shift (r,m) |= Evaluate (H2,AtomicKai) ; ::_thesis: for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) holds Shift (r,m) |= H2 for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) holds Shift (r,m) |= H2 proof let m be Nat; ::_thesis: ( ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) implies Shift (r,m) |= H2 ) ( ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) implies Shift (r,m) |= H2 ) proof assume A3: for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ; ::_thesis: Shift (r,m) |= H2 for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) proof let j be Nat; ::_thesis: ( j < m implies Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ) assume j < m ; ::_thesis: Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) then Shift (r,j) |= 'not' H1 by A3; then Shift (r,j) |= Evaluate (('not' H1),AtomicKai) by Def63; hence Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) by Th50; ::_thesis: verum end; then Shift (r,m) |= Evaluate (H2,AtomicKai) by A2; hence Shift (r,m) |= H2 by Def63; ::_thesis: verum end; hence ( ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) implies Shift (r,m) |= H2 ) ; ::_thesis: verum end; hence for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) holds Shift (r,m) |= H2 ; ::_thesis: verum end; A4: ( ( for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) holds Shift (r,m) |= H2 ) implies for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ) holds Shift (r,m) |= Evaluate (H2,AtomicKai) ) proof assume A5: for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) holds Shift (r,m) |= H2 ; ::_thesis: for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ) holds Shift (r,m) |= Evaluate (H2,AtomicKai) for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ) holds Shift (r,m) |= Evaluate (H2,AtomicKai) proof let m be Nat; ::_thesis: ( ( for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ) implies Shift (r,m) |= Evaluate (H2,AtomicKai) ) ( ( for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ) implies Shift (r,m) |= Evaluate (H2,AtomicKai) ) proof assume A6: for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ; ::_thesis: Shift (r,m) |= Evaluate (H2,AtomicKai) for j being Nat st j < m holds Shift (r,j) |= 'not' H1 proof let j be Nat; ::_thesis: ( j < m implies Shift (r,j) |= 'not' H1 ) assume j < m ; ::_thesis: Shift (r,j) |= 'not' H1 then Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) by A6; then Shift (r,j) |= Evaluate (('not' H1),AtomicKai) by Th50; hence Shift (r,j) |= 'not' H1 by Def63; ::_thesis: verum end; then Shift (r,m) |= H2 by A5; hence Shift (r,m) |= Evaluate (H2,AtomicKai) by Def63; ::_thesis: verum end; hence ( ( for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ) implies Shift (r,m) |= Evaluate (H2,AtomicKai) ) ; ::_thesis: verum end; hence for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' (Evaluate (H1,AtomicKai)) ) holds Shift (r,m) |= Evaluate (H2,AtomicKai) ; ::_thesis: verum end; ( r |= H1 'R' H2 iff r |= Evaluate ((H1 'R' H2),AtomicKai) ) by Def63; then ( r |= H1 'R' H2 iff r |= (Evaluate (H1,AtomicKai)) 'R' (Evaluate (H2,AtomicKai)) ) by Th55; hence ( r |= H1 'R' H2 iff for m being Nat st ( for j being Nat st j < m holds Shift (r,j) |= 'not' H1 ) holds Shift (r,m) |= H2 ) by A1, A4, Th62; ::_thesis: verum end; theorem Th70: :: MODELC_2:70 for H1, H2 being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= 'not' (H1 'or' H2) iff r |= ('not' H1) '&' ('not' H2) ) proof let H1, H2 be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= 'not' (H1 'or' H2) iff r |= ('not' H1) '&' ('not' H2) ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= 'not' (H1 'or' H2) iff r |= ('not' H1) '&' ('not' H2) ) ( r |= 'not' (H1 'or' H2) iff r |/= H1 'or' H2 ) by Th64; then ( r |= 'not' (H1 'or' H2) iff ( not r |= H1 & not r |= H2 ) ) by Th66; then ( r |= 'not' (H1 'or' H2) iff ( r |= 'not' H1 & r |= 'not' H2 ) ) by Th64; hence ( r |= 'not' (H1 'or' H2) iff r |= ('not' H1) '&' ('not' H2) ) by Th65; ::_thesis: verum end; theorem Th71: :: MODELC_2:71 for H1, H2 being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= 'not' (H1 '&' H2) iff r |= ('not' H1) 'or' ('not' H2) ) proof let H1, H2 be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= 'not' (H1 '&' H2) iff r |= ('not' H1) 'or' ('not' H2) ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= 'not' (H1 '&' H2) iff r |= ('not' H1) 'or' ('not' H2) ) ( r |= 'not' (H1 '&' H2) iff r |/= H1 '&' H2 ) by Th64; then ( r |= 'not' (H1 '&' H2) iff ( not r |= H1 or not r |= H2 ) ) by Th65; then ( r |= 'not' (H1 '&' H2) iff ( r |= 'not' H1 or r |= 'not' H2 ) ) by Th64; hence ( r |= 'not' (H1 '&' H2) iff r |= ('not' H1) 'or' ('not' H2) ) by Th66; ::_thesis: verum end; theorem Th72: :: MODELC_2:72 for H1, H2 being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'R' H2 iff r |= 'not' (('not' H1) 'U' ('not' H2)) ) proof let H1, H2 be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'R' H2 iff r |= 'not' (('not' H1) 'U' ('not' H2)) ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= H1 'R' H2 iff r |= 'not' (('not' H1) 'U' ('not' H2)) ) set H01 = Evaluate (H1,AtomicKai); set H02 = Evaluate (H2,AtomicKai); set nH1 = 'not' H1; set nH2 = 'not' H2; A1: ( r |= ('not' H1) 'U' ('not' H2) iff r |= Evaluate ((('not' H1) 'U' ('not' H2)),AtomicKai) ) by Def63; ( r |= H1 'R' H2 iff r |= Evaluate ((H1 'R' H2),AtomicKai) ) by Def63; then ( r |= H1 'R' H2 iff r |= (Evaluate (H1,AtomicKai)) 'R' (Evaluate (H2,AtomicKai)) ) by Th55; then A2: ( r |= H1 'R' H2 iff r |= 'not' (('not' (Evaluate (H1,AtomicKai))) 'U' ('not' (Evaluate (H2,AtomicKai)))) ) by Def55; ( 'not' (Evaluate (H1,AtomicKai)) = Evaluate (('not' H1),AtomicKai) & 'not' (Evaluate (H2,AtomicKai)) = Evaluate (('not' H2),AtomicKai) ) by Th50; then ( r |= ('not' H1) 'U' ('not' H2) iff r |= ('not' (Evaluate (H1,AtomicKai))) 'U' ('not' (Evaluate (H2,AtomicKai))) ) by A1, Th54; hence ( r |= H1 'R' H2 iff r |= 'not' (('not' H1) 'U' ('not' H2)) ) by A2, Th57, Th64; ::_thesis: verum end; theorem :: MODELC_2:73 for H being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |/= 'not' H iff r |= H ) by Th64; theorem Th74: :: MODELC_2:74 for H being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= 'X' ('not' H) iff r |= 'not' ('X' H) ) proof let H be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= 'X' ('not' H) iff r |= 'not' ('X' H) ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= 'X' ('not' H) iff r |= 'not' ('X' H) ) ( r |= 'X' ('not' H) iff Shift (r,1) |= 'not' H ) by Th67; then ( r |= 'X' ('not' H) iff Shift (r,1) |/= H ) by Th64; then ( r |= 'X' ('not' H) iff not r |= 'X' H ) by Th67; hence ( r |= 'X' ('not' H) iff r |= 'not' ('X' H) ) by Th64; ::_thesis: verum end; theorem Th75: :: MODELC_2:75 for H1, H2 being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'U' H2 iff r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) ) proof let H1, H2 be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'U' H2 iff r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= H1 'U' H2 iff r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) ) A1: ( r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) implies r |= H1 'U' H2 ) proof assume A2: r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) ; ::_thesis: r |= H1 'U' H2 now__::_thesis:_r_|=_H1_'U'_H2 percases ( r |= H2 or r |= H1 '&' ('X' (H1 'U' H2)) ) by A2, Th66; supposeA3: r |= H2 ; ::_thesis: r |= H1 'U' H2 ex m being Nat st ( ( for j being Nat st j < m holds Shift (r,j) |= H1 ) & Shift (r,m) |= H2 ) proof take 0 ; ::_thesis: ( ( for j being Nat st j < 0 holds Shift (r,j) |= H1 ) & Shift (r,0) |= H2 ) thus ( ( for j being Nat st j < 0 holds Shift (r,j) |= H1 ) & Shift (r,0) |= H2 ) by A3, Lm29; ::_thesis: verum end; hence r |= H1 'U' H2 by Th68; ::_thesis: verum end; supposeA4: r |= H1 '&' ('X' (H1 'U' H2)) ; ::_thesis: r |= H1 'U' H2 set r1 = Shift (r,1); r |= 'X' (H1 'U' H2) by A4, Th65; then Shift (r,1) |= H1 'U' H2 by Th67; then consider m being Nat such that A5: for j being Nat st j < m holds Shift ((Shift (r,1)),j) |= H1 and A6: Shift ((Shift (r,1)),m) |= H2 by Th68; set m1 = m + 1; A7: r |= H1 by A4, Th65; A8: for j being Nat st j < m + 1 holds Shift (r,j) |= H1 proof let j be Nat; ::_thesis: ( j < m + 1 implies Shift (r,j) |= H1 ) assume A9: j < m + 1 ; ::_thesis: Shift (r,j) |= H1 now__::_thesis:_Shift_(r,j)_|=_H1 percases ( j = 0 or j > 0 ) ; suppose j = 0 ; ::_thesis: Shift (r,j) |= H1 hence Shift (r,j) |= H1 by A7, Lm29; ::_thesis: verum end; supposeA10: j > 0 ; ::_thesis: Shift (r,j) |= H1 set j1 = j - 1; reconsider j1 = j - 1 as Nat by A10, NAT_1:20; j - 1 < (m + 1) - 1 by A9, XREAL_1:14; then Shift ((Shift (r,1)),j1) |= H1 by A5; then Shift (r,(j1 + 1)) |= H1 by Lm30; hence Shift (r,j) |= H1 ; ::_thesis: verum end; end; end; hence Shift (r,j) |= H1 ; ::_thesis: verum end; Shift (r,(m + 1)) |= H2 by A6, Lm30; hence r |= H1 'U' H2 by A8, Th68; ::_thesis: verum end; end; end; hence r |= H1 'U' H2 ; ::_thesis: verum end; ( r |= H1 'U' H2 implies r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) ) proof assume r |= H1 'U' H2 ; ::_thesis: r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) then consider m being Nat such that A11: for j being Nat st j < m holds Shift (r,j) |= H1 and A12: Shift (r,m) |= H2 by Th68; percases ( m = 0 or m > 0 ) ; suppose m = 0 ; ::_thesis: r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) then r |= H2 by A12, Lm29; hence r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) by Th66; ::_thesis: verum end; supposeA13: m > 0 ; ::_thesis: r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) set k = m - 1; reconsider k = m - 1 as Nat by A13, NAT_1:20; set r1 = Shift (r,1); A14: for j being Nat st j < k holds Shift ((Shift (r,1)),j) |= H1 proof let j be Nat; ::_thesis: ( j < k implies Shift ((Shift (r,1)),j) |= H1 ) assume j < k ; ::_thesis: Shift ((Shift (r,1)),j) |= H1 then A15: j + 1 < k + 1 by XREAL_1:8; Shift (r,(j + 1)) = Shift ((Shift (r,1)),j) by Lm30; hence Shift ((Shift (r,1)),j) |= H1 by A11, A15; ::_thesis: verum end; Shift (r,(k + 1)) = Shift ((Shift (r,1)),k) by Lm30; then Shift (r,1) |= H1 'U' H2 by A12, A14, Th68; then A16: r |= 'X' (H1 'U' H2) by Th67; Shift (r,0) = r by Lm29; then r |= H1 by A11, A13; then r |= H1 '&' ('X' (H1 'U' H2)) by A16, Th65; hence r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) by Th66; ::_thesis: verum end; end; end; hence ( r |= H1 'U' H2 iff r |= H2 'or' (H1 '&' ('X' (H1 'U' H2))) ) by A1; ::_thesis: verum end; theorem :: MODELC_2:76 for H1, H2 being LTL-formula for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'R' H2 iff r |= (H1 '&' H2) 'or' (H2 '&' ('X' (H1 'R' H2))) ) proof let H1, H2 be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily holds ( r |= H1 'R' H2 iff r |= (H1 '&' H2) 'or' (H2 '&' ('X' (H1 'R' H2))) ) let r be Element of Inf_seq AtomicFamily; ::_thesis: ( r |= H1 'R' H2 iff r |= (H1 '&' H2) 'or' (H2 '&' ('X' (H1 'R' H2))) ) set nH1 = 'not' H1; set nH2 = 'not' H2; ( r |= H1 'R' H2 iff r |= 'not' (('not' H1) 'U' ('not' H2)) ) by Th72; then ( r |= H1 'R' H2 iff r |/= ('not' H1) 'U' ('not' H2) ) by Th64; then ( r |= H1 'R' H2 iff r |/= ('not' H2) 'or' (('not' H1) '&' ('X' (('not' H1) 'U' ('not' H2)))) ) by Th75; then ( r |= H1 'R' H2 iff r |= 'not' (('not' H2) 'or' (('not' H1) '&' ('X' (('not' H1) 'U' ('not' H2))))) ) by Th64; then ( r |= H1 'R' H2 iff r |= ('not' ('not' H2)) '&' ('not' (('not' H1) '&' ('X' (('not' H1) 'U' ('not' H2))))) ) by Th70; then ( r |= H1 'R' H2 iff ( r |= 'not' ('not' H2) & r |= 'not' (('not' H1) '&' ('X' (('not' H1) 'U' ('not' H2)))) ) ) by Th65; then ( r |= H1 'R' H2 iff ( r |/= 'not' H2 & r |= ('not' ('not' H1)) 'or' ('not' ('X' (('not' H1) 'U' ('not' H2)))) ) ) by Th64, Th71; then ( r |= H1 'R' H2 iff ( r |= H2 & ( r |= 'not' ('not' H1) or r |= 'not' ('X' (('not' H1) 'U' ('not' H2))) ) ) ) by Th64, Th66; then ( r |= H1 'R' H2 iff ( r |= H2 & ( r |/= 'not' H1 or r |= 'X' ('not' (('not' H1) 'U' ('not' H2))) ) ) ) by Th64, Th74; then ( r |= H1 'R' H2 iff ( r |= H2 & ( r |/= 'not' H1 or Shift (r,1) |= 'not' (('not' H1) 'U' ('not' H2)) ) ) ) by Th67; then ( r |= H1 'R' H2 iff ( r |= H2 & ( r |= H1 or Shift (r,1) |= H1 'R' H2 ) ) ) by Th64, Th72; then ( r |= H1 'R' H2 iff ( r |= H2 & ( r |= H1 or r |= 'X' (H1 'R' H2) ) ) ) by Th67; then ( r |= H1 'R' H2 iff ( r |= H1 '&' H2 or r |= H2 '&' ('X' (H1 'R' H2)) ) ) by Th65; hence ( r |= H1 'R' H2 iff r |= (H1 '&' H2) 'or' (H2 '&' ('X' (H1 'R' H2))) ) by Th66; ::_thesis: verum end; theorem :: MODELC_2:77 for r being Element of Inf_seq AtomicFamily for W being Subset of LTL_WFF holds ( r |= 'X' W iff Shift (r,1) |= W ) proof let r be Element of Inf_seq AtomicFamily; ::_thesis: for W being Subset of LTL_WFF holds ( r |= 'X' W iff Shift (r,1) |= W ) let W be Subset of LTL_WFF; ::_thesis: ( r |= 'X' W iff Shift (r,1) |= W ) A1: ( Shift (r,1) |= W implies r |= 'X' W ) proof assume A2: Shift (r,1) |= W ; ::_thesis: r |= 'X' W A3: for u being LTL-formula st u in W holds r |= 'X' u proof let u be LTL-formula; ::_thesis: ( u in W implies r |= 'X' u ) assume u in W ; ::_thesis: r |= 'X' u then Shift (r,1) |= u by A2, Def64; hence r |= 'X' u by Th67; ::_thesis: verum end; for H being LTL-formula st H in 'X' W holds r |= H proof let H be LTL-formula; ::_thesis: ( H in 'X' W implies r |= H ) assume H in 'X' W ; ::_thesis: r |= H then ex x being LTL-formula st ( H = x & ex u being LTL-formula st ( u in W & x = 'X' u ) ) ; hence r |= H by A3; ::_thesis: verum end; hence r |= 'X' W by Def64; ::_thesis: verum end; ( r |= 'X' W implies Shift (r,1) |= W ) proof assume A4: r |= 'X' W ; ::_thesis: Shift (r,1) |= W for H being LTL-formula st H in W holds Shift (r,1) |= H proof let H be LTL-formula; ::_thesis: ( H in W implies Shift (r,1) |= H ) set u = 'X' H; assume H in W ; ::_thesis: Shift (r,1) |= H then 'X' H in 'X' W ; then r |= 'X' H by A4, Def64; hence Shift (r,1) |= H by Th67; ::_thesis: verum end; hence Shift (r,1) |= W by Def64; ::_thesis: verum end; hence ( r |= 'X' W iff Shift (r,1) |= W ) by A1; ::_thesis: verum end; theorem :: MODELC_2:78 for H being LTL-formula holds ( ( H is atomic implies ( not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) ) & ( H is negative implies ( not H is atomic & not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) ) & ( H is conjunctive implies ( not H is atomic & not H is negative & not H is disjunctive & not H is next & not H is Until & not H is Release ) ) & ( H is disjunctive implies ( not H is atomic & not H is negative & not H is conjunctive & not H is next & not H is Until & not H is Release ) ) & ( H is next implies ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is Until & not H is Release ) ) & ( H is Until implies ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Release ) ) & ( H is Release implies ( not H is atomic & not H is negative & not H is conjunctive & not H is disjunctive & not H is next & not H is Until ) ) ) by Lm16, Lm17, Lm18, Lm19, Lm20, Lm21; theorem :: MODELC_2:79 for S being non empty set for t being Element of Inf_seq S holds Shift (t,0) = t by Lm29; theorem :: MODELC_2:80 for k, n being Nat for S being non empty set for seq being Element of Inf_seq S holds Shift ((Shift (seq,k)),n) = Shift (seq,(n + k)) by Lm30; theorem :: MODELC_2:81 for S being non empty set for seq being sequence of S holds CastSeq ((CastSeq seq),S) = seq by Def41; theorem :: MODELC_2:82 for S being non empty set for seq being Element of Inf_seq S holds CastSeq (CastSeq (seq,S)) = seq by Def41; theorem :: MODELC_2:83 for H being LTL-formula for r being Element of Inf_seq AtomicFamily for W being Subset of LTL_WFF st H in W & 'not' H in W holds r |/= W proof let H be LTL-formula; ::_thesis: for r being Element of Inf_seq AtomicFamily for W being Subset of LTL_WFF st H in W & 'not' H in W holds r |/= W let r be Element of Inf_seq AtomicFamily; ::_thesis: for W being Subset of LTL_WFF st H in W & 'not' H in W holds r |/= W let W be Subset of LTL_WFF; ::_thesis: ( H in W & 'not' H in W implies r |/= W ) assume A1: ( H in W & 'not' H in W ) ; ::_thesis: r |/= W now__::_thesis:_not_r_|=_W assume r |= W ; ::_thesis: contradiction then ( r |= H & r |= 'not' H ) by A1, Def64; hence contradiction by Th64; ::_thesis: verum end; hence r |/= W ; ::_thesis: verum end;