:: MODELC_3 semantic presentation begin Lm1: for a, X1, X2, X3 being set holds ( a in (X1 \/ X2) \/ X3 iff ( a in X1 or a in X2 or a in X3 ) ) proof let a, X1, X2, X3 be set ; ::_thesis: ( a in (X1 \/ X2) \/ X3 iff ( a in X1 or a in X2 or a in X3 ) ) ( a in (X1 \/ X2) \/ X3 iff ( a in X1 \/ X2 or a in X3 ) ) by XBOOLE_0:def_3; hence ( a in (X1 \/ X2) \/ X3 iff ( a in X1 or a in X2 or a in X3 ) ) by XBOOLE_0:def_3; ::_thesis: verum end; Lm2: for a, X1, X2, X3, X4 being set holds ( a in (X1 \ X2) \/ (X3 \ X4) iff ( ( a in X1 & not a in X2 ) or ( a in X3 & not a in X4 ) ) ) proof let a, X1, X2, X3, X4 be set ; ::_thesis: ( a in (X1 \ X2) \/ (X3 \ X4) iff ( ( a in X1 & not a in X2 ) or ( a in X3 & not a in X4 ) ) ) ( a in (X1 \ X2) \/ (X3 \ X4) iff ( a in X1 \ X2 or a in X3 \ X4 ) ) by XBOOLE_0:def_3; hence ( a in (X1 \ X2) \/ (X3 \ X4) iff ( ( a in X1 & not a in X2 ) or ( a in X3 & not a in X4 ) ) ) by XBOOLE_0:def_5; ::_thesis: verum end; Lm3: for H being LTL-formula holds ( <*H*> . 1 = H & rng <*H*> = {H} ) proof let H be LTL-formula; ::_thesis: ( <*H*> . 1 = H & rng <*H*> = {H} ) set p = <*H*>; ( dom <*H*> = {1} & <*H*> . 1 = H ) by FINSEQ_1:2, FINSEQ_1:def_8; hence ( <*H*> . 1 = H & rng <*H*> = {H} ) by FUNCT_1:4; ::_thesis: verum end; Lm4: for r1, r2 being real number st r1 <= r2 holds [\r1/] <= [\r2/] proof let r1, r2 be real number ; ::_thesis: ( r1 <= r2 implies [\r1/] <= [\r2/] ) ( r1 <= r2 implies [\r1/] <= [\r2/] ) proof assume A1: r1 <= r2 ; ::_thesis: [\r1/] <= [\r2/] now__::_thesis:_not_[\r2/]_<_[\r1/] assume [\r2/] < [\r1/] ; ::_thesis: contradiction then A2: [\r2/] + 1 <= [\r1/] by INT_1:7; [\r1/] <= r1 by INT_1:def_6; then [\r2/] + 1 <= r1 by A2, XXREAL_0:2; hence contradiction by A1, INT_1:29, XXREAL_0:2; ::_thesis: verum end; hence [\r1/] <= [\r2/] ; ::_thesis: verum end; hence ( r1 <= r2 implies [\r1/] <= [\r2/] ) ; ::_thesis: verum end; Lm5: for r1, r2 being real number st r1 <= r2 - 1 holds [\r1/] <= [\r2/] - 1 proof let r1, r2 be real number ; ::_thesis: ( r1 <= r2 - 1 implies [\r1/] <= [\r2/] - 1 ) ( r1 <= r2 - 1 implies [\r1/] <= [\r2/] - 1 ) proof assume r1 <= r2 - 1 ; ::_thesis: [\r1/] <= [\r2/] - 1 then r1 + 1 <= (r2 - 1) + 1 by XREAL_1:6; then [\(r1 + 1)/] <= [\r2/] by Lm4; then [\r1/] + 1 <= [\r2/] by INT_1:28; then ([\r1/] + 1) - 1 <= [\r2/] - 1 by XREAL_1:9; hence [\r1/] <= [\r2/] - 1 ; ::_thesis: verum end; hence ( r1 <= r2 - 1 implies [\r1/] <= [\r2/] - 1 ) ; ::_thesis: verum end; Lm6: for n being Nat holds ( n = 0 or 1 <= n ) proof let n be Nat; ::_thesis: ( n = 0 or 1 <= n ) ( n = 0 or 0 < 0 + n ) ; hence ( n = 0 or 1 <= n ) by NAT_1:19; ::_thesis: verum end; Lm7: for H being LTL-formula st ( H is negative or H is next ) holds the_argument_of H is_subformula_of H proof let H be LTL-formula; ::_thesis: ( ( H is negative or H is next ) implies the_argument_of H is_subformula_of H ) set G = the_argument_of H; assume ( H is negative or H is next ) ; ::_thesis: the_argument_of H is_subformula_of H then the_argument_of H is_immediate_constituent_of H by MODELC_2:20, MODELC_2:21; then the_argument_of H is_proper_subformula_of H by MODELC_2:29; hence the_argument_of H is_subformula_of H by MODELC_2:def_23; ::_thesis: verum end; Lm8: for H being LTL-formula st ( H is conjunctive or H is disjunctive or H is Until or H is Release ) holds ( the_left_argument_of H is_subformula_of H & the_right_argument_of H is_subformula_of H ) proof let H be LTL-formula; ::_thesis: ( ( H is conjunctive or H is disjunctive or H is Until or H is Release ) implies ( the_left_argument_of H is_subformula_of H & the_right_argument_of H is_subformula_of H ) ) set G1 = the_left_argument_of H; set G2 = the_right_argument_of H; assume A1: ( H is conjunctive or H is disjunctive or H is Until or H is Release ) ; ::_thesis: ( the_left_argument_of H is_subformula_of H & the_right_argument_of H is_subformula_of H ) then the_right_argument_of H is_immediate_constituent_of H by MODELC_2:22, MODELC_2:23, MODELC_2:24, MODELC_2:25; then A2: the_right_argument_of H is_proper_subformula_of H by MODELC_2:29; the_left_argument_of H is_immediate_constituent_of H by A1, MODELC_2:22, MODELC_2:23, MODELC_2:24, MODELC_2:25; then the_left_argument_of H is_proper_subformula_of H by MODELC_2:29; hence ( the_left_argument_of H is_subformula_of H & the_right_argument_of H is_subformula_of H ) by A2, MODELC_2:def_23; ::_thesis: verum end; Lm9: for F, H being LTL-formula st F is_subformula_of H holds {F} is Subset of (Subformulae H) proof let F, H be LTL-formula; ::_thesis: ( F is_subformula_of H implies {F} is Subset of (Subformulae H) ) set E = Subformulae H; assume F is_subformula_of H ; ::_thesis: {F} is Subset of (Subformulae H) then F in Subformulae H by MODELC_2:45; hence {F} is Subset of (Subformulae H) by SUBSET_1:41; ::_thesis: verum end; Lm10: for F, H, G being LTL-formula st F is_subformula_of H & G is_subformula_of H holds {F,G} is Subset of (Subformulae H) proof let F, H, G be LTL-formula; ::_thesis: ( F is_subformula_of H & G is_subformula_of H implies {F,G} is Subset of (Subformulae H) ) set E = Subformulae H; assume ( F is_subformula_of H & G is_subformula_of H ) ; ::_thesis: {F,G} is Subset of (Subformulae H) then ( F in Subformulae H & G in Subformulae H ) by MODELC_2:45; hence {F,G} is Subset of (Subformulae H) by SUBSET_1:34; ::_thesis: verum end; Lm11: for H being LTL-formula st ( H is disjunctive or H is conjunctive or H is Until or H is Release ) holds {(the_left_argument_of H),(the_right_argument_of H)} is Subset of (Subformulae H) proof let H be LTL-formula; ::_thesis: ( ( H is disjunctive or H is conjunctive or H is Until or H is Release ) implies {(the_left_argument_of H),(the_right_argument_of H)} is Subset of (Subformulae H) ) assume ( H is disjunctive or H is conjunctive or H is Until or H is Release ) ; ::_thesis: {(the_left_argument_of H),(the_right_argument_of H)} is Subset of (Subformulae H) then ( the_left_argument_of H is_subformula_of H & the_right_argument_of H is_subformula_of H ) by Lm8; hence {(the_left_argument_of H),(the_right_argument_of H)} is Subset of (Subformulae H) by Lm10; ::_thesis: verum end; Lm12: for H being LTL-formula st ( H is disjunctive or H is conjunctive or H is Until or H is Release ) holds ( {(the_left_argument_of H)} is Subset of (Subformulae H) & {(the_right_argument_of H)} is Subset of (Subformulae H) ) proof let H be LTL-formula; ::_thesis: ( ( H is disjunctive or H is conjunctive or H is Until or H is Release ) implies ( {(the_left_argument_of H)} is Subset of (Subformulae H) & {(the_right_argument_of H)} is Subset of (Subformulae H) ) ) assume ( H is disjunctive or H is conjunctive or H is Until or H is Release ) ; ::_thesis: ( {(the_left_argument_of H)} is Subset of (Subformulae H) & {(the_right_argument_of H)} is Subset of (Subformulae H) ) then ( the_left_argument_of H is_subformula_of H & the_right_argument_of H is_subformula_of H ) by Lm8; hence ( {(the_left_argument_of H)} is Subset of (Subformulae H) & {(the_right_argument_of H)} is Subset of (Subformulae H) ) by Lm9; ::_thesis: verum end; Lm13: for H being LTL-formula holds {H} is Subset of (Subformulae H) by Lm9; Lm14: for H being LTL-formula st ( H is negative or H is next ) holds {(the_argument_of H)} is Subset of (Subformulae H) proof let H be LTL-formula; ::_thesis: ( ( H is negative or H is next ) implies {(the_argument_of H)} is Subset of (Subformulae H) ) assume ( H is negative or H is next ) ; ::_thesis: {(the_argument_of H)} is Subset of (Subformulae H) then the_argument_of H is_subformula_of H by Lm7; hence {(the_argument_of H)} is Subset of (Subformulae H) by Lm9; ::_thesis: verum end; definition let F be LTL-formula; :: original: Subformulae redefine func Subformulae F -> Subset of LTL_WFF; coherence Subformulae F is Subset of LTL_WFF proof set E = Subformulae F; Subformulae F is Subset of (Subformulae F) by SUBSET:3; hence Subformulae F is Subset of LTL_WFF by MODELC_2:47; ::_thesis: verum end; end; definition let H be LTL-formula; func LTLNew1 H -> Subset of (Subformulae H) equals :Def1: :: MODELC_3:def 1 {(the_left_argument_of H),(the_right_argument_of H)} if H is conjunctive {(the_left_argument_of H)} if H is disjunctive {} if H is next {(the_left_argument_of H)} if H is Until {(the_right_argument_of H)} if H is Release otherwise {} ; correctness coherence ( ( H is conjunctive implies {(the_left_argument_of H),(the_right_argument_of H)} is Subset of (Subformulae H) ) & ( H is disjunctive implies {(the_left_argument_of H)} is Subset of (Subformulae H) ) & ( H is next implies {} is Subset of (Subformulae H) ) & ( H is Until implies {(the_left_argument_of H)} is Subset of (Subformulae H) ) & ( H is Release implies {(the_right_argument_of H)} is Subset of (Subformulae H) ) & ( not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release implies {} is Subset of (Subformulae H) ) ); consistency for b1 being Subset of (Subformulae H) holds ( ( H is conjunctive & H is disjunctive implies ( b1 = {(the_left_argument_of H),(the_right_argument_of H)} iff b1 = {(the_left_argument_of H)} ) ) & ( H is conjunctive & H is next implies ( b1 = {(the_left_argument_of H),(the_right_argument_of H)} iff b1 = {} ) ) & ( H is conjunctive & H is Until implies ( b1 = {(the_left_argument_of H),(the_right_argument_of H)} iff b1 = {(the_left_argument_of H)} ) ) & ( H is conjunctive & H is Release implies ( b1 = {(the_left_argument_of H),(the_right_argument_of H)} iff b1 = {(the_right_argument_of H)} ) ) & ( H is disjunctive & H is next implies ( b1 = {(the_left_argument_of H)} iff b1 = {} ) ) & ( H is disjunctive & H is Until implies ( b1 = {(the_left_argument_of H)} iff b1 = {(the_left_argument_of H)} ) ) & ( H is disjunctive & H is Release implies ( b1 = {(the_left_argument_of H)} iff b1 = {(the_right_argument_of H)} ) ) & ( H is next & H is Until implies ( b1 = {} iff b1 = {(the_left_argument_of H)} ) ) & ( H is next & H is Release implies ( b1 = {} iff b1 = {(the_right_argument_of H)} ) ) & ( H is Until & H is Release implies ( b1 = {(the_left_argument_of H)} iff b1 = {(the_right_argument_of H)} ) ) ); by Lm11, Lm12, MODELC_2:78, SUBSET_1:1; func LTLNew2 H -> Subset of (Subformulae H) equals :Def2: :: MODELC_3:def 2 {} if H is conjunctive {(the_right_argument_of H)} if H is disjunctive {} if H is next {(the_right_argument_of H)} if H is Until {(the_left_argument_of H),(the_right_argument_of H)} if H is Release otherwise {} ; correctness coherence ( ( H is conjunctive implies {} is Subset of (Subformulae H) ) & ( H is disjunctive implies {(the_right_argument_of H)} is Subset of (Subformulae H) ) & ( H is next implies {} is Subset of (Subformulae H) ) & ( H is Until implies {(the_right_argument_of H)} is Subset of (Subformulae H) ) & ( H is Release implies {(the_left_argument_of H),(the_right_argument_of H)} is Subset of (Subformulae H) ) & ( not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release implies {} is Subset of (Subformulae H) ) ); consistency for b1 being Subset of (Subformulae H) holds ( ( H is conjunctive & H is disjunctive implies ( b1 = {} iff b1 = {(the_right_argument_of H)} ) ) & ( H is conjunctive & H is next implies ( b1 = {} iff b1 = {} ) ) & ( H is conjunctive & H is Until implies ( b1 = {} iff b1 = {(the_right_argument_of H)} ) ) & ( H is conjunctive & H is Release implies ( b1 = {} iff b1 = {(the_left_argument_of H),(the_right_argument_of H)} ) ) & ( H is disjunctive & H is next implies ( b1 = {(the_right_argument_of H)} iff b1 = {} ) ) & ( H is disjunctive & H is Until implies ( b1 = {(the_right_argument_of H)} iff b1 = {(the_right_argument_of H)} ) ) & ( H is disjunctive & H is Release implies ( b1 = {(the_right_argument_of H)} iff b1 = {(the_left_argument_of H),(the_right_argument_of H)} ) ) & ( H is next & H is Until implies ( b1 = {} iff b1 = {(the_right_argument_of H)} ) ) & ( H is next & H is Release implies ( b1 = {} iff b1 = {(the_left_argument_of H),(the_right_argument_of H)} ) ) & ( H is Until & H is Release implies ( b1 = {(the_right_argument_of H)} iff b1 = {(the_left_argument_of H),(the_right_argument_of H)} ) ) ); by Lm11, Lm12, MODELC_2:78, SUBSET_1:1; func LTLNext H -> Subset of (Subformulae H) equals :Def3: :: MODELC_3:def 3 {} if H is conjunctive {} if H is disjunctive {(the_argument_of H)} if H is next {H} if H is Until {H} if H is Release otherwise {} ; correctness coherence ( ( H is conjunctive implies {} is Subset of (Subformulae H) ) & ( H is disjunctive implies {} is Subset of (Subformulae H) ) & ( H is next implies {(the_argument_of H)} is Subset of (Subformulae H) ) & ( H is Until implies {H} is Subset of (Subformulae H) ) & ( H is Release implies {H} is Subset of (Subformulae H) ) & ( not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release implies {} is Subset of (Subformulae H) ) ); consistency for b1 being Subset of (Subformulae H) holds ( ( H is conjunctive & H is disjunctive implies ( b1 = {} iff b1 = {} ) ) & ( H is conjunctive & H is next implies ( b1 = {} iff b1 = {(the_argument_of H)} ) ) & ( H is conjunctive & H is Until implies ( b1 = {} iff b1 = {H} ) ) & ( H is conjunctive & H is Release implies ( b1 = {} iff b1 = {H} ) ) & ( H is disjunctive & H is next implies ( b1 = {} iff b1 = {(the_argument_of H)} ) ) & ( H is disjunctive & H is Until implies ( b1 = {} iff b1 = {H} ) ) & ( H is disjunctive & H is Release implies ( b1 = {} iff b1 = {H} ) ) & ( H is next & H is Until implies ( b1 = {(the_argument_of H)} iff b1 = {H} ) ) & ( H is next & H is Release implies ( b1 = {(the_argument_of H)} iff b1 = {H} ) ) & ( H is Until & H is Release implies ( b1 = {H} iff b1 = {H} ) ) ); by Lm13, Lm14, MODELC_2:78, SUBSET_1:1; end; :: deftheorem Def1 defines LTLNew1 MODELC_3:def_1_:_ for H being LTL-formula holds ( ( H is conjunctive implies LTLNew1 H = {(the_left_argument_of H),(the_right_argument_of H)} ) & ( H is disjunctive implies LTLNew1 H = {(the_left_argument_of H)} ) & ( H is next implies LTLNew1 H = {} ) & ( H is Until implies LTLNew1 H = {(the_left_argument_of H)} ) & ( H is Release implies LTLNew1 H = {(the_right_argument_of H)} ) & ( not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release implies LTLNew1 H = {} ) ); :: deftheorem Def2 defines LTLNew2 MODELC_3:def_2_:_ for H being LTL-formula holds ( ( H is conjunctive implies LTLNew2 H = {} ) & ( H is disjunctive implies LTLNew2 H = {(the_right_argument_of H)} ) & ( H is next implies LTLNew2 H = {} ) & ( H is Until implies LTLNew2 H = {(the_right_argument_of H)} ) & ( H is Release implies LTLNew2 H = {(the_left_argument_of H),(the_right_argument_of H)} ) & ( not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release implies LTLNew2 H = {} ) ); :: deftheorem Def3 defines LTLNext MODELC_3:def_3_:_ for H being LTL-formula holds ( ( H is conjunctive implies LTLNext H = {} ) & ( H is disjunctive implies LTLNext H = {} ) & ( H is next implies LTLNext H = {(the_argument_of H)} ) & ( H is Until implies LTLNext H = {H} ) & ( H is Release implies LTLNext H = {H} ) & ( not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release implies LTLNext H = {} ) ); definition let v be LTL-formula; attrc2 is strict ; struct LTLnode over v -> ; aggrLTLnode(# LTLold, LTLnew, LTLnext #) -> LTLnode over v; sel LTLold c2 -> Subset of (Subformulae v); sel LTLnew c2 -> Subset of (Subformulae v); sel LTLnext c2 -> Subset of (Subformulae v); end; definition let v be LTL-formula; let N be LTLnode over v; let H be LTL-formula; assume A1: H in the LTLnew of N ; func SuccNode1 (H,N) -> strict LTLnode over v means :Def4: :: MODELC_3:def 4 ( the LTLold of it = the LTLold of N \/ {H} & the LTLnew of it = ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) & the LTLnext of it = the LTLnext of N \/ (LTLNext H) ); existence ex b1 being strict LTLnode over v st ( the LTLold of b1 = the LTLold of N \/ {H} & the LTLnew of b1 = ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) & the LTLnext of b1 = the LTLnext of N \/ (LTLNext H) ) proof set NextD = the LTLnext of N \/ (LTLNext H); set NewB = (LTLNew1 H) \ the LTLold of N; set NewA = the LTLnew of N \ {H}; set Old = the LTLold of N \/ {H}; set NewC = ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N); {H} c= Subformulae v by A1, ZFMISC_1:31; then reconsider Old = the LTLold of N \/ {H} as Subset of (Subformulae v) by XBOOLE_1:8; ex F being LTL-formula st ( H = F & F is_subformula_of v ) by A1, MODELC_2:def_24; then A2: Subformulae H c= Subformulae v by MODELC_2:46; then (LTLNew1 H) \ the LTLold of N c= Subformulae v by XBOOLE_1:1; then reconsider NewC = ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) as Subset of (Subformulae v) by XBOOLE_1:8; LTLNext H c= Subformulae v by A2, XBOOLE_1:1; then reconsider NextD = the LTLnext of N \/ (LTLNext H) as Subset of (Subformulae v) by XBOOLE_1:8; set IT = LTLnode(# Old,NewC,NextD #); take LTLnode(# Old,NewC,NextD #) ; ::_thesis: ( the LTLold of LTLnode(# Old,NewC,NextD #) = the LTLold of N \/ {H} & the LTLnew of LTLnode(# Old,NewC,NextD #) = ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) & the LTLnext of LTLnode(# Old,NewC,NextD #) = the LTLnext of N \/ (LTLNext H) ) thus ( the LTLold of LTLnode(# Old,NewC,NextD #) = the LTLold of N \/ {H} & the LTLnew of LTLnode(# Old,NewC,NextD #) = ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) & the LTLnext of LTLnode(# Old,NewC,NextD #) = the LTLnext of N \/ (LTLNext H) ) ; ::_thesis: verum end; uniqueness for b1, b2 being strict LTLnode over v st the LTLold of b1 = the LTLold of N \/ {H} & the LTLnew of b1 = ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) & the LTLnext of b1 = the LTLnext of N \/ (LTLNext H) & the LTLold of b2 = the LTLold of N \/ {H} & the LTLnew of b2 = ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) & the LTLnext of b2 = the LTLnext of N \/ (LTLNext H) holds b1 = b2 ; end; :: deftheorem Def4 defines SuccNode1 MODELC_3:def_4_:_ for v being LTL-formula for N being LTLnode over v for H being LTL-formula st H in the LTLnew of N holds for b4 being strict LTLnode over v holds ( b4 = SuccNode1 (H,N) iff ( the LTLold of b4 = the LTLold of N \/ {H} & the LTLnew of b4 = ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) & the LTLnext of b4 = the LTLnext of N \/ (LTLNext H) ) ); definition let v be LTL-formula; let N be LTLnode over v; let H be LTL-formula; assume A1: H in the LTLnew of N ; func SuccNode2 (H,N) -> strict LTLnode over v means :Def5: :: MODELC_3:def 5 ( the LTLold of it = the LTLold of N \/ {H} & the LTLnew of it = ( the LTLnew of N \ {H}) \/ ((LTLNew2 H) \ the LTLold of N) & the LTLnext of it = the LTLnext of N ); existence ex b1 being strict LTLnode over v st ( the LTLold of b1 = the LTLold of N \/ {H} & the LTLnew of b1 = ( the LTLnew of N \ {H}) \/ ((LTLNew2 H) \ the LTLold of N) & the LTLnext of b1 = the LTLnext of N ) proof set NextD = the LTLnext of N; set NewB = (LTLNew2 H) \ the LTLold of N; set NewA = the LTLnew of N \ {H}; set Old = the LTLold of N \/ {H}; set NewC = ( the LTLnew of N \ {H}) \/ ((LTLNew2 H) \ the LTLold of N); {H} c= Subformulae v by A1, ZFMISC_1:31; then reconsider Old = the LTLold of N \/ {H} as Subset of (Subformulae v) by XBOOLE_1:8; ex F being LTL-formula st ( H = F & F is_subformula_of v ) by A1, MODELC_2:def_24; then Subformulae H c= Subformulae v by MODELC_2:46; then (LTLNew2 H) \ the LTLold of N c= Subformulae v by XBOOLE_1:1; then reconsider NewC = ( the LTLnew of N \ {H}) \/ ((LTLNew2 H) \ the LTLold of N) as Subset of (Subformulae v) by XBOOLE_1:8; set IT = LTLnode(# Old,NewC, the LTLnext of N #); take LTLnode(# Old,NewC, the LTLnext of N #) ; ::_thesis: ( the LTLold of LTLnode(# Old,NewC, the LTLnext of N #) = the LTLold of N \/ {H} & the LTLnew of LTLnode(# Old,NewC, the LTLnext of N #) = ( the LTLnew of N \ {H}) \/ ((LTLNew2 H) \ the LTLold of N) & the LTLnext of LTLnode(# Old,NewC, the LTLnext of N #) = the LTLnext of N ) thus ( the LTLold of LTLnode(# Old,NewC, the LTLnext of N #) = the LTLold of N \/ {H} & the LTLnew of LTLnode(# Old,NewC, the LTLnext of N #) = ( the LTLnew of N \ {H}) \/ ((LTLNew2 H) \ the LTLold of N) & the LTLnext of LTLnode(# Old,NewC, the LTLnext of N #) = the LTLnext of N ) ; ::_thesis: verum end; uniqueness for b1, b2 being strict LTLnode over v st the LTLold of b1 = the LTLold of N \/ {H} & the LTLnew of b1 = ( the LTLnew of N \ {H}) \/ ((LTLNew2 H) \ the LTLold of N) & the LTLnext of b1 = the LTLnext of N & the LTLold of b2 = the LTLold of N \/ {H} & the LTLnew of b2 = ( the LTLnew of N \ {H}) \/ ((LTLNew2 H) \ the LTLold of N) & the LTLnext of b2 = the LTLnext of N holds b1 = b2 ; end; :: deftheorem Def5 defines SuccNode2 MODELC_3:def_5_:_ for v being LTL-formula for N being LTLnode over v for H being LTL-formula st H in the LTLnew of N holds for b4 being strict LTLnode over v holds ( b4 = SuccNode2 (H,N) iff ( the LTLold of b4 = the LTLold of N \/ {H} & the LTLnew of b4 = ( the LTLnew of N \ {H}) \/ ((LTLNew2 H) \ the LTLold of N) & the LTLnext of b4 = the LTLnext of N ) ); definition let v be LTL-formula; let N1, N2 be LTLnode over v; let H be LTL-formula; predN2 is_succ_of N1,H means :Def6: :: MODELC_3:def 6 ( H in the LTLnew of N1 & ( N2 = SuccNode1 (H,N1) or ( ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ) ); end; :: deftheorem Def6 defines is_succ_of MODELC_3:def_6_:_ for v being LTL-formula for N1, N2 being LTLnode over v for H being LTL-formula holds ( N2 is_succ_of N1,H iff ( H in the LTLnew of N1 & ( N2 = SuccNode1 (H,N1) or ( ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ) ) ); definition let v be LTL-formula; let N1, N2 be LTLnode over v; predN2 is_succ1_of N1 means :Def7: :: MODELC_3:def 7 ex H being LTL-formula st ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ); predN2 is_succ2_of N1 means :Def8: :: MODELC_3:def 8 ex H being LTL-formula st ( H in the LTLnew of N1 & ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ); end; :: deftheorem Def7 defines is_succ1_of MODELC_3:def_7_:_ for v being LTL-formula for N1, N2 being LTLnode over v holds ( N2 is_succ1_of N1 iff ex H being LTL-formula st ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) ); :: deftheorem Def8 defines is_succ2_of MODELC_3:def_8_:_ for v being LTL-formula for N1, N2 being LTLnode over v holds ( N2 is_succ2_of N1 iff ex H being LTL-formula st ( H in the LTLnew of N1 & ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ); definition let v be LTL-formula; let N1, N2 be LTLnode over v; predN2 is_succ_of N1 means :Def9: :: MODELC_3:def 9 ( N2 is_succ1_of N1 or N2 is_succ2_of N1 ); end; :: deftheorem Def9 defines is_succ_of MODELC_3:def_9_:_ for v being LTL-formula for N1, N2 being LTLnode over v holds ( N2 is_succ_of N1 iff ( N2 is_succ1_of N1 or N2 is_succ2_of N1 ) ); definition let v be LTL-formula; let N be LTLnode over v; attrN is failure means :: MODELC_3:def 10 ex H, F being LTL-formula st ( H is atomic & F = 'not' H & H in the LTLold of N & F in the LTLold of N ); end; :: deftheorem defines failure MODELC_3:def_10_:_ for v being LTL-formula for N being LTLnode over v holds ( N is failure iff ex H, F being LTL-formula st ( H is atomic & F = 'not' H & H in the LTLold of N & F in the LTLold of N ) ); definition let v be LTL-formula; let N be LTLnode over v; attrN is elementary means :Def11: :: MODELC_3:def 11 the LTLnew of N = {} ; end; :: deftheorem Def11 defines elementary MODELC_3:def_11_:_ for v being LTL-formula for N being LTLnode over v holds ( N is elementary iff the LTLnew of N = {} ); definition let v be LTL-formula; let N be LTLnode over v; attrN is final means :: MODELC_3:def 12 ( N is elementary & the LTLnext of N = {} ); end; :: deftheorem defines final MODELC_3:def_12_:_ for v being LTL-formula for N being LTLnode over v holds ( N is final iff ( N is elementary & the LTLnext of N = {} ) ); definition let v be LTL-formula; func {} v -> Subset of (Subformulae v) equals :: MODELC_3:def 13 {} ; correctness coherence {} is Subset of (Subformulae v); by SUBSET_1:1; end; :: deftheorem defines {} MODELC_3:def_13_:_ for v being LTL-formula holds {} v = {} ; definition let v be LTL-formula; func Seed v -> Subset of (Subformulae v) equals :: MODELC_3:def 14 {v}; correctness coherence {v} is Subset of (Subformulae v); by Lm9; end; :: deftheorem defines Seed MODELC_3:def_14_:_ for v being LTL-formula holds Seed v = {v}; registration let v be LTL-formula; cluster strict elementary for LTLnode over v; existence ex b1 being LTLnode over v st ( b1 is elementary & b1 is strict ) proof set X = LTLnode(# ({} v),({} v),({} v) #); take LTLnode(# ({} v),({} v),({} v) #) ; ::_thesis: ( LTLnode(# ({} v),({} v),({} v) #) is elementary & LTLnode(# ({} v),({} v),({} v) #) is strict ) thus ( LTLnode(# ({} v),({} v),({} v) #) is elementary & LTLnode(# ({} v),({} v),({} v) #) is strict ) by Def11; ::_thesis: verum end; end; definition let v be LTL-formula; func FinalNode v -> strict elementary LTLnode over v equals :: MODELC_3:def 15 LTLnode(# ({} v),({} v),({} v) #); correctness coherence LTLnode(# ({} v),({} v),({} v) #) is strict elementary LTLnode over v; by Def11; end; :: deftheorem defines FinalNode MODELC_3:def_15_:_ for v being LTL-formula holds FinalNode v = LTLnode(# ({} v),({} v),({} v) #); definition let x be set ; let v be LTL-formula; func CastNode (x,v) -> strict LTLnode over v equals :Def16: :: MODELC_3:def 16 x if x is strict LTLnode over v otherwise LTLnode(# ({} v),({} v),({} v) #); correctness coherence ( ( x is strict LTLnode over v implies x is strict LTLnode over v ) & ( x is not strict LTLnode over v implies LTLnode(# ({} v),({} v),({} v) #) is strict LTLnode over v ) ); consistency for b1 being strict LTLnode over v holds verum; ; end; :: deftheorem Def16 defines CastNode MODELC_3:def_16_:_ for x being set for v being LTL-formula holds ( ( x is strict LTLnode over v implies CastNode (x,v) = x ) & ( x is not strict LTLnode over v implies CastNode (x,v) = LTLnode(# ({} v),({} v),({} v) #) ) ); definition let v be LTL-formula; func init v -> strict elementary LTLnode over v equals :: MODELC_3:def 17 LTLnode(# ({} v),({} v),(Seed v) #); correctness coherence LTLnode(# ({} v),({} v),(Seed v) #) is strict elementary LTLnode over v; by Def11; end; :: deftheorem defines init MODELC_3:def_17_:_ for v being LTL-formula holds init v = LTLnode(# ({} v),({} v),(Seed v) #); definition let v be LTL-formula; let N be LTLnode over v; func 'X' N -> strict LTLnode over v equals :: MODELC_3:def 18 LTLnode(# ({} v), the LTLnext of N,({} v) #); correctness coherence LTLnode(# ({} v), the LTLnext of N,({} v) #) is strict LTLnode over v; ; end; :: deftheorem defines 'X' MODELC_3:def_18_:_ for v being LTL-formula for N being LTLnode over v holds 'X' N = LTLnode(# ({} v), the LTLnext of N,({} v) #); definition let v be LTL-formula; let L be FinSequence; predL is_Finseq_for v means :Def19: :: MODELC_3:def 19 for k being Nat st 1 <= k & k < len L holds ex N, M being strict LTLnode over v st ( N = L . k & M = L . (k + 1) & M is_succ_of N ); end; :: deftheorem Def19 defines is_Finseq_for MODELC_3:def_19_:_ for v being LTL-formula for L being FinSequence holds ( L is_Finseq_for v iff for k being Nat st 1 <= k & k < len L holds ex N, M being strict LTLnode over v st ( N = L . k & M = L . (k + 1) & M is_succ_of N ) ); Lm15: for m being Nat for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= m & m <= len L holds ex L1, L2 being FinSequence st ( L2 is_Finseq_for v & L = L1 ^ L2 & L2 . 1 = L . m & 1 <= len L2 & len L2 = (len L) - (m - 1) & L2 . (len L2) = L . (len L) ) proof let m be Nat; ::_thesis: for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= m & m <= len L holds ex L1, L2 being FinSequence st ( L2 is_Finseq_for v & L = L1 ^ L2 & L2 . 1 = L . m & 1 <= len L2 & len L2 = (len L) - (m - 1) & L2 . (len L2) = L . (len L) ) let L be FinSequence; ::_thesis: for v being LTL-formula st L is_Finseq_for v & 1 <= m & m <= len L holds ex L1, L2 being FinSequence st ( L2 is_Finseq_for v & L = L1 ^ L2 & L2 . 1 = L . m & 1 <= len L2 & len L2 = (len L) - (m - 1) & L2 . (len L2) = L . (len L) ) let v be LTL-formula; ::_thesis: ( L is_Finseq_for v & 1 <= m & m <= len L implies ex L1, L2 being FinSequence st ( L2 is_Finseq_for v & L = L1 ^ L2 & L2 . 1 = L . m & 1 <= len L2 & len L2 = (len L) - (m - 1) & L2 . (len L2) = L . (len L) ) ) assume that A1: L is_Finseq_for v and A2: 1 <= m and A3: m <= len L ; ::_thesis: ex L1, L2 being FinSequence st ( L2 is_Finseq_for v & L = L1 ^ L2 & L2 . 1 = L . m & 1 <= len L2 & len L2 = (len L) - (m - 1) & L2 . (len L2) = L . (len L) ) A4: m - 1 <= (len L) - 0 by A3, XREAL_1:13; set m1 = m - 1; reconsider m1 = m - 1 as Nat by A2, NAT_1:21; set L1 = L | (Seg m1); reconsider L1 = L | (Seg m1) as FinSequence by FINSEQ_1:15; consider L2 being FinSequence such that A5: L = L1 ^ L2 by FINSEQ_1:80; len L = (len L1) + (len L2) by A5, FINSEQ_1:22; then A6: len L2 = (len L) - (len L1) .= (len L) - m1 by A4, FINSEQ_1:17 ; m - m <= (len L) - m by A3, XREAL_1:9; then A7: 0 + 1 <= ((len L) - m) + 1 by XREAL_1:6; then 1 in dom L2 by A6, FINSEQ_3:25; then A8: L2 . 1 = L . ((len L1) + 1) by A5, FINSEQ_1:def_7 .= L . (m1 + 1) by A4, FINSEQ_1:17 .= L . m ; A9: len L1 = m1 by A4, FINSEQ_1:17; for k being Nat st 1 <= k & k < len L2 holds ex N, M being strict LTLnode over v st ( N = L2 . k & M = L2 . (k + 1) & M is_succ_of N ) proof let k be Nat; ::_thesis: ( 1 <= k & k < len L2 implies ex N, M being strict LTLnode over v st ( N = L2 . k & M = L2 . (k + 1) & M is_succ_of N ) ) assume A10: ( 1 <= k & k < len L2 ) ; ::_thesis: ex N, M being strict LTLnode over v st ( N = L2 . k & M = L2 . (k + 1) & M is_succ_of N ) set k1 = k + 1; ( 1 <= k + 1 & k + 1 <= len L2 ) by A10, NAT_1:13; then A11: k + 1 in dom L2 by FINSEQ_3:25; set km1 = k + m1; ( 1 + 0 <= k + m1 & k + m1 < ((len L) - m1) + m1 ) by A6, A10, XREAL_1:6, XREAL_1:7; then consider N, M being strict LTLnode over v such that A12: N = L . (k + m1) and A13: M = L . ((k + m1) + 1) and A14: M is_succ_of N by A1, Def19; A15: M = L . (m1 + (k + 1)) by A13 .= L2 . (k + 1) by A9, A5, A11, FINSEQ_1:def_7 ; k in dom L2 by A10, FINSEQ_3:25; then N = L2 . k by A9, A5, A12, FINSEQ_1:def_7; hence ex N, M being strict LTLnode over v st ( N = L2 . k & M = L2 . (k + 1) & M is_succ_of N ) by A14, A15; ::_thesis: verum end; then A16: L2 is_Finseq_for v by Def19; len L2 in dom L2 by A7, A6, FINSEQ_3:25; then L2 . (len L2) = L . ((len L1) + (len L2)) by A5, FINSEQ_1:def_7 .= L . (len L) by A5, FINSEQ_1:22 ; hence ex L1, L2 being FinSequence st ( L2 is_Finseq_for v & L = L1 ^ L2 & L2 . 1 = L . m & 1 <= len L2 & len L2 = (len L) - (m - 1) & L2 . (len L2) = L . (len L) ) by A7, A5, A6, A8, A16; ::_thesis: verum end; definition let v be LTL-formula; let N1, N2 be strict LTLnode over v; predN2 is_next_of N1 means :Def20: :: MODELC_3:def 20 ( N1 is elementary & N2 is elementary & ex L being FinSequence st ( 1 <= len L & L is_Finseq_for v & L . 1 = 'X' N1 & L . (len L) = N2 ) ); end; :: deftheorem Def20 defines is_next_of MODELC_3:def_20_:_ for v being LTL-formula for N1, N2 being strict LTLnode over v holds ( N2 is_next_of N1 iff ( N1 is elementary & N2 is elementary & ex L being FinSequence st ( 1 <= len L & L is_Finseq_for v & L . 1 = 'X' N1 & L . (len L) = N2 ) ) ); definition let v be LTL-formula; let W be Subset of (Subformulae v); func CastLTL W -> Subset of LTL_WFF equals :: MODELC_3:def 21 W; correctness coherence W is Subset of LTL_WFF; by MODELC_2:47; end; :: deftheorem defines CastLTL MODELC_3:def_21_:_ for v being LTL-formula for W being Subset of (Subformulae v) holds CastLTL W = W; definition let v be LTL-formula; let N be strict LTLnode over v; func * N -> Subset of LTL_WFF equals :: MODELC_3:def 22 ( the LTLold of N \/ the LTLnew of N) \/ ('X' (CastLTL the LTLnext of N)); correctness coherence ( the LTLold of N \/ the LTLnew of N) \/ ('X' (CastLTL the LTLnext of N)) is Subset of LTL_WFF; proof set S2 = the LTLnew of N; set S1 = the LTLold of N; ( the LTLold of N is Subset of LTL_WFF & the LTLnew of N is Subset of LTL_WFF ) by MODELC_2:47; then the LTLold of N \/ the LTLnew of N c= LTL_WFF by XBOOLE_1:8; hence ( the LTLold of N \/ the LTLnew of N) \/ ('X' (CastLTL the LTLnext of N)) is Subset of LTL_WFF by XBOOLE_1:8; ::_thesis: verum end; end; :: deftheorem defines * MODELC_3:def_22_:_ for v being LTL-formula for N being strict LTLnode over v holds * N = ( the LTLold of N \/ the LTLnew of N) \/ ('X' (CastLTL the LTLnext of N)); Lm16: for H, v being LTL-formula for N being strict LTLnode over v st H in the LTLnew of N & ( H is atomic or H is negative ) holds * N = * (SuccNode1 (H,N)) proof let H, v be LTL-formula; ::_thesis: for N being strict LTLnode over v st H in the LTLnew of N & ( H is atomic or H is negative ) holds * N = * (SuccNode1 (H,N)) let N be strict LTLnode over v; ::_thesis: ( H in the LTLnew of N & ( H is atomic or H is negative ) implies * N = * (SuccNode1 (H,N)) ) set N1 = SuccNode1 (H,N); assume that A1: H in the LTLnew of N and A2: ( H is atomic or H is negative ) ; ::_thesis: * N = * (SuccNode1 (H,N)) A3: ( not H is next & not H is Until ) by A2, MODELC_2:78; set NX = the LTLnext of N; set N1X = the LTLnext of (SuccNode1 (H,N)); A4: the LTLnext of (SuccNode1 (H,N)) = the LTLnext of N \/ (LTLNext H) by A1, Def4; set NN = the LTLnew of N; set N1N = the LTLnew of (SuccNode1 (H,N)); set NO = the LTLold of N; set N1O = the LTLold of (SuccNode1 (H,N)); A5: the LTLold of (SuccNode1 (H,N)) = the LTLold of N \/ {H} by A1, Def4; A6: not H is Release by A2, MODELC_2:78; A7: ( not H is conjunctive & not H is disjunctive ) by A2, MODELC_2:78; then A8: LTLNew1 H = {} by A3, A6, Def1; A9: the LTLnew of (SuccNode1 (H,N)) = ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) by A1, Def4; A10: for a being set st a in the LTLold of (SuccNode1 (H,N)) \/ the LTLnew of (SuccNode1 (H,N)) holds a in the LTLold of N \/ the LTLnew of N proof let a be set ; ::_thesis: ( a in the LTLold of (SuccNode1 (H,N)) \/ the LTLnew of (SuccNode1 (H,N)) implies a in the LTLold of N \/ the LTLnew of N ) assume A11: a in the LTLold of (SuccNode1 (H,N)) \/ the LTLnew of (SuccNode1 (H,N)) ; ::_thesis: a in the LTLold of N \/ the LTLnew of N ( not a in the LTLold of (SuccNode1 (H,N)) or a in the LTLold of N or a in {H} ) by A5, XBOOLE_0:def_3; then A12: ( not a in the LTLold of (SuccNode1 (H,N)) or a in the LTLold of N or a in the LTLnew of N ) by A1, TARSKI:def_1; ( a in the LTLnew of (SuccNode1 (H,N)) implies ( a in the LTLnew of N & not a in {H} ) ) by A8, A9, XBOOLE_0:def_5; hence a in the LTLold of N \/ the LTLnew of N by A11, A12, XBOOLE_0:def_3; ::_thesis: verum end; A13: for a being set st a in the LTLold of N \/ the LTLnew of N holds a in the LTLold of (SuccNode1 (H,N)) \/ the LTLnew of (SuccNode1 (H,N)) proof let a be set ; ::_thesis: ( a in the LTLold of N \/ the LTLnew of N implies a in the LTLold of (SuccNode1 (H,N)) \/ the LTLnew of (SuccNode1 (H,N)) ) assume A14: a in the LTLold of N \/ the LTLnew of N ; ::_thesis: a in the LTLold of (SuccNode1 (H,N)) \/ the LTLnew of (SuccNode1 (H,N)) ( not a in the LTLnew of N or ( not a in {H} & a in the LTLnew of N ) or ( a in {H} & a in the LTLnew of N ) ) ; then A15: ( not a in the LTLnew of N or a in the LTLnew of N \ {H} or a in the LTLold of N \/ {H} ) by XBOOLE_0:def_3, XBOOLE_0:def_5; ( a in the LTLold of N implies a in the LTLold of (SuccNode1 (H,N)) ) by A5, XBOOLE_0:def_3; hence a in the LTLold of (SuccNode1 (H,N)) \/ the LTLnew of (SuccNode1 (H,N)) by A8, A5, A9, A14, A15, XBOOLE_0:def_3; ::_thesis: verum end; LTLNext H = {} by A7, A3, A6, Def3; hence * N = * (SuccNode1 (H,N)) by A4, A10, A13, TARSKI:1; ::_thesis: verum end; Lm17: for H, v being LTL-formula for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & ( H is conjunctive or H is next ) holds ( w |= * N iff w |= * (SuccNode1 (H,N)) ) proof let H, v be LTL-formula; ::_thesis: for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & ( H is conjunctive or H is next ) holds ( w |= * N iff w |= * (SuccNode1 (H,N)) ) let N be strict LTLnode over v; ::_thesis: for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & ( H is conjunctive or H is next ) holds ( w |= * N iff w |= * (SuccNode1 (H,N)) ) let w be Element of Inf_seq AtomicFamily; ::_thesis: ( H in the LTLnew of N & ( H is conjunctive or H is next ) implies ( w |= * N iff w |= * (SuccNode1 (H,N)) ) ) assume that A1: H in the LTLnew of N and A2: ( H is conjunctive or H is next ) ; ::_thesis: ( w |= * N iff w |= * (SuccNode1 (H,N)) ) set NX = the LTLnext of N; set NN = the LTLnew of N; set NO = the LTLold of N; set SN = SuccNode1 (H,N); set SNO = the LTLold of (SuccNode1 (H,N)); set SNN = the LTLnew of (SuccNode1 (H,N)); set SNX = the LTLnext of (SuccNode1 (H,N)); set XSNX = 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))); set XNX = 'X' (CastLTL the LTLnext of N); A3: H in * N by A1, Lm1; A4: ( w |= * N implies w |= * (SuccNode1 (H,N)) ) proof assume A5: w |= * N ; ::_thesis: w |= * (SuccNode1 (H,N)) then A6: w |= H by A3, MODELC_2:def_64; for F being LTL-formula st F in * (SuccNode1 (H,N)) holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * (SuccNode1 (H,N)) implies w |= F ) assume A7: F in * (SuccNode1 (H,N)) ; ::_thesis: w |= F now__::_thesis:_w_|=_F percases ( F in the LTLold of (SuccNode1 (H,N)) or F in the LTLnew of (SuccNode1 (H,N)) or F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) ) by A7, Lm1; suppose F in the LTLold of (SuccNode1 (H,N)) ; ::_thesis: w |= F then A8: F in the LTLold of N \/ {H} by A1, Def4; now__::_thesis:_w_|=_F percases ( F in the LTLold of N or F in {H} ) by A8, XBOOLE_0:def_3; suppose F in the LTLold of N ; ::_thesis: w |= F then F in * N by Lm1; hence w |= F by A5, MODELC_2:def_64; ::_thesis: verum end; suppose F in {H} ; ::_thesis: w |= F then F in * N by A3, TARSKI:def_1; hence w |= F by A5, MODELC_2:def_64; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; suppose F in the LTLnew of (SuccNode1 (H,N)) ; ::_thesis: w |= F then A9: F in ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) by A1, Def4; now__::_thesis:_w_|=_F percases ( F in the LTLnew of N or F in LTLNew1 H ) by A9, Lm2; suppose F in the LTLnew of N ; ::_thesis: w |= F then F in ( the LTLold of N \/ the LTLnew of N) \/ ('X' (CastLTL the LTLnext of N)) by Lm1; hence w |= F by A5, MODELC_2:def_64; ::_thesis: verum end; supposeA10: F in LTLNew1 H ; ::_thesis: w |= F now__::_thesis:_w_|=_F percases ( H is conjunctive or H is next ) by A2; supposeA11: H is conjunctive ; ::_thesis: w |= F then F in {(the_left_argument_of H),(the_right_argument_of H)} by A10, Def1; then A12: ( F = the_left_argument_of H or F = the_right_argument_of H ) by TARSKI:def_2; H = (the_left_argument_of H) '&' (the_right_argument_of H) by A11, MODELC_2:6; hence w |= F by A6, A12, MODELC_2:65; ::_thesis: verum end; suppose H is next ; ::_thesis: w |= F hence w |= F by A10, Def1; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; supposeA13: F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) ; ::_thesis: w |= F set SN1 = CastLTL the LTLnext of (SuccNode1 (H,N)); consider G being LTL-formula such that A14: F = G and A15: ex G1 being LTL-formula st ( G1 in CastLTL the LTLnext of (SuccNode1 (H,N)) & G = 'X' G1 ) by A13; consider G1 being LTL-formula such that A16: G1 in CastLTL the LTLnext of (SuccNode1 (H,N)) and A17: G = 'X' G1 by A15; A18: CastLTL the LTLnext of (SuccNode1 (H,N)) = the LTLnext of N \/ (LTLNext H) by A1, Def4; now__::_thesis:_w_|=_F percases ( G1 in the LTLnext of N or G1 in LTLNext H ) by A18, A16, XBOOLE_0:def_3; suppose G1 in the LTLnext of N ; ::_thesis: w |= F then F in 'X' (CastLTL the LTLnext of N) by A14, A17; then F in ( the LTLold of N \/ the LTLnew of N) \/ ('X' (CastLTL the LTLnext of N)) by Lm1; hence w |= F by A5, MODELC_2:def_64; ::_thesis: verum end; supposeA19: G1 in LTLNext H ; ::_thesis: w |= F now__::_thesis:_w_|=_F percases ( H is next or H is conjunctive ) by A2; supposeA20: H is next ; ::_thesis: w |= F then G1 in {(the_argument_of H)} by A19, Def3; then G1 = the_argument_of H by TARSKI:def_1; hence w |= F by A6, A14, A17, A20, MODELC_2:5; ::_thesis: verum end; suppose H is conjunctive ; ::_thesis: w |= F hence w |= F by A19, Def3; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; hence w |= * (SuccNode1 (H,N)) by MODELC_2:def_64; ::_thesis: verum end; ( w |= * (SuccNode1 (H,N)) implies w |= * N ) proof assume A21: w |= * (SuccNode1 (H,N)) ; ::_thesis: w |= * N for F being LTL-formula st F in * N holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * N implies w |= F ) assume A22: F in * N ; ::_thesis: w |= F now__::_thesis:_w_|=_F percases ( F in the LTLold of N or F in the LTLnew of N or F in 'X' (CastLTL the LTLnext of N) ) by A22, Lm1; suppose F in the LTLold of N ; ::_thesis: w |= F then F in the LTLold of N \/ {H} by XBOOLE_0:def_3; then F in the LTLold of (SuccNode1 (H,N)) by A1, Def4; then F in * (SuccNode1 (H,N)) by Lm1; hence w |= F by A21, MODELC_2:def_64; ::_thesis: verum end; supposeA23: F in the LTLnew of N ; ::_thesis: w |= F now__::_thesis:_w_|=_F percases ( F = H or not F = H ) ; suppose F = H ; ::_thesis: w |= F then F in {H} by TARSKI:def_1; then F in the LTLold of N \/ {H} by XBOOLE_0:def_3; then F in the LTLold of (SuccNode1 (H,N)) by A1, Def4; then F in * (SuccNode1 (H,N)) by Lm1; hence w |= F by A21, MODELC_2:def_64; ::_thesis: verum end; suppose not F = H ; ::_thesis: w |= F then not F in {H} by TARSKI:def_1; then F in the LTLnew of N \ {H} by A23, XBOOLE_0:def_5; then F in ( the LTLnew of N \ {H}) \/ ((LTLNew1 H) \ the LTLold of N) by XBOOLE_0:def_3; then F in the LTLnew of (SuccNode1 (H,N)) by A1, Def4; then F in * (SuccNode1 (H,N)) by Lm1; hence w |= F by A21, MODELC_2:def_64; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; supposeA24: F in 'X' (CastLTL the LTLnext of N) ; ::_thesis: w |= F set SN11 = the LTLnext of N \/ (LTLNext H); the LTLnext of (SuccNode1 (H,N)) = the LTLnext of N \/ (LTLNext H) by A1, Def4; then reconsider SN11 = the LTLnext of N \/ (LTLNext H) as Subset of (Subformulae v) ; set SN1 = CastLTL SN11; set N1 = CastLTL the LTLnext of N; consider G being LTL-formula such that A25: F = G and A26: ex G1 being LTL-formula st ( G1 in CastLTL the LTLnext of N & G = 'X' G1 ) by A24; consider G1 being LTL-formula such that A27: G1 in CastLTL the LTLnext of N and A28: G = 'X' G1 by A26; G1 in SN11 by A27, XBOOLE_0:def_3; then F in 'X' (CastLTL SN11) by A25, A28; then F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) by A1, Def4; then F in * (SuccNode1 (H,N)) by Lm1; hence w |= F by A21, MODELC_2:def_64; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; hence w |= * N by MODELC_2:def_64; ::_thesis: verum end; hence ( w |= * N iff w |= * (SuccNode1 (H,N)) ) by A4; ::_thesis: verum end; theorem :: MODELC_3:1 for H, v being LTL-formula for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & ( H is atomic or H is negative or H is conjunctive or H is next ) holds ( w |= * N iff w |= * (SuccNode1 (H,N)) ) by Lm16, Lm17; Lm18: for H, v being LTL-formula for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & H is disjunctive holds ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) proof let H, v be LTL-formula; ::_thesis: for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & H is disjunctive holds ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) let N be strict LTLnode over v; ::_thesis: for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & H is disjunctive holds ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) let w be Element of Inf_seq AtomicFamily; ::_thesis: ( H in the LTLnew of N & H is disjunctive implies ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) ) assume that A1: H in the LTLnew of N and A2: H is disjunctive ; ::_thesis: ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) set NN = the LTLnew of N; set NO = the LTLold of N; set SN2 = SuccNode2 (H,N); set NX = the LTLnext of N; set SN1 = SuccNode1 (H,N); A3: H in * N by A1, Lm1; set SN1X = the LTLnext of (SuccNode1 (H,N)); LTLNext H = {} by A2, Def3; then A4: the LTLnext of (SuccNode1 (H,N)) = the LTLnext of N \/ {} by A1, Def4 .= the LTLnext of N ; set H1 = the_left_argument_of H; set XSN1X = 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))); set SN1N = the LTLnew of (SuccNode1 (H,N)); set SN1O = the LTLold of (SuccNode1 (H,N)); A5: the LTLold of (SuccNode1 (H,N)) = the LTLold of N \/ {H} by A1, Def4; LTLNew1 H = {(the_left_argument_of H)} by A2, Def1; then A6: the LTLnew of (SuccNode1 (H,N)) = ( the LTLnew of N \ {H}) \/ ({(the_left_argument_of H)} \ the LTLold of N) by A1, Def4; A7: for F being LTL-formula holds ( not F in * (SuccNode1 (H,N)) or F in * N or F = the_left_argument_of H ) proof let F be LTL-formula; ::_thesis: ( not F in * (SuccNode1 (H,N)) or F in * N or F = the_left_argument_of H ) assume A8: F in * (SuccNode1 (H,N)) ; ::_thesis: ( F in * N or F = the_left_argument_of H ) now__::_thesis:_(_F_in_*_N_or_F_=_the_left_argument_of_H_) percases ( F in the LTLold of (SuccNode1 (H,N)) or F in the LTLnew of (SuccNode1 (H,N)) or F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) ) by A8, Lm1; suppose F in the LTLold of (SuccNode1 (H,N)) ; ::_thesis: ( F in * N or F = the_left_argument_of H ) then ( F in the LTLold of N or F in {H} ) by A5, XBOOLE_0:def_3; hence ( F in * N or F = the_left_argument_of H ) by A3, Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in the LTLnew of (SuccNode1 (H,N)) ; ::_thesis: ( F in * N or F = the_left_argument_of H ) then ( F in the LTLnew of N \ {H} or F in {(the_left_argument_of H)} \ the LTLold of N ) by A6, XBOOLE_0:def_3; then ( F in the LTLnew of N or F in {(the_left_argument_of H)} ) by XBOOLE_0:def_5; hence ( F in * N or F = the_left_argument_of H ) by Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) ; ::_thesis: ( F in * N or F = the_left_argument_of H ) hence ( F in * N or F = the_left_argument_of H ) by A4, Lm1; ::_thesis: verum end; end; end; hence ( F in * N or F = the_left_argument_of H ) ; ::_thesis: verum end; set XNX = 'X' (CastLTL the LTLnext of N); set SN2X = the LTLnext of (SuccNode2 (H,N)); set XSN2X = 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))); set SN2O = the LTLold of (SuccNode2 (H,N)); A9: the LTLold of (SuccNode2 (H,N)) = the LTLold of N \/ {H} by A1, Def5; set H2 = the_right_argument_of H; set SN2N = the LTLnew of (SuccNode2 (H,N)); LTLNew2 H = {(the_right_argument_of H)} by A2, Def2; then A10: the LTLnew of (SuccNode2 (H,N)) = ( the LTLnew of N \ {H}) \/ ({(the_right_argument_of H)} \ the LTLold of N) by A1, Def5; A11: the LTLnext of (SuccNode2 (H,N)) = the LTLnext of N by A1, Def5; A12: for F being LTL-formula holds ( not F in * (SuccNode2 (H,N)) or F in * N or F = the_right_argument_of H ) proof let F be LTL-formula; ::_thesis: ( not F in * (SuccNode2 (H,N)) or F in * N or F = the_right_argument_of H ) assume A13: F in * (SuccNode2 (H,N)) ; ::_thesis: ( F in * N or F = the_right_argument_of H ) now__::_thesis:_(_F_in_*_N_or_F_=_the_right_argument_of_H_) percases ( F in the LTLold of (SuccNode2 (H,N)) or F in the LTLnew of (SuccNode2 (H,N)) or F in 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))) ) by A13, Lm1; suppose F in the LTLold of (SuccNode2 (H,N)) ; ::_thesis: ( F in * N or F = the_right_argument_of H ) then ( F in the LTLold of N or F in {H} ) by A9, XBOOLE_0:def_3; hence ( F in * N or F = the_right_argument_of H ) by A3, Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in the LTLnew of (SuccNode2 (H,N)) ; ::_thesis: ( F in * N or F = the_right_argument_of H ) then ( F in the LTLnew of N \ {H} or F in {(the_right_argument_of H)} \ the LTLold of N ) by A10, XBOOLE_0:def_3; then ( F in the LTLnew of N or F in {(the_right_argument_of H)} ) by XBOOLE_0:def_5; hence ( F in * N or F = the_right_argument_of H ) by Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))) ; ::_thesis: ( F in * N or F = the_right_argument_of H ) hence ( F in * N or F = the_right_argument_of H ) by A11, Lm1; ::_thesis: verum end; end; end; hence ( F in * N or F = the_right_argument_of H ) ; ::_thesis: verum end; H = (the_left_argument_of H) 'or' (the_right_argument_of H) by A2, MODELC_2:7; then A14: ( w |= H iff ( w |= the_left_argument_of H or w |= the_right_argument_of H ) ) by MODELC_2:66; A15: ( not w |= * N or w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) proof assume A16: w |= * N ; ::_thesis: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) now__::_thesis:_(_w_|=_*_(SuccNode1_(H,N))_or_w_|=_*_(SuccNode2_(H,N))_) percases ( w |= the_left_argument_of H or w |= the_right_argument_of H ) by A3, A14, A16, MODELC_2:def_64; supposeA17: w |= the_left_argument_of H ; ::_thesis: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) for F being LTL-formula st F in * (SuccNode1 (H,N)) holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * (SuccNode1 (H,N)) implies w |= F ) assume F in * (SuccNode1 (H,N)) ; ::_thesis: w |= F then ( F in * N or F = the_left_argument_of H ) by A7; hence w |= F by A16, A17, MODELC_2:def_64; ::_thesis: verum end; hence ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) by MODELC_2:def_64; ::_thesis: verum end; supposeA18: w |= the_right_argument_of H ; ::_thesis: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) for F being LTL-formula st F in * (SuccNode2 (H,N)) holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * (SuccNode2 (H,N)) implies w |= F ) assume F in * (SuccNode2 (H,N)) ; ::_thesis: w |= F then ( F in * N or F = the_right_argument_of H ) by A12; hence w |= F by A16, A18, MODELC_2:def_64; ::_thesis: verum end; hence ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) by MODELC_2:def_64; ::_thesis: verum end; end; end; hence ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ; ::_thesis: verum end; A19: for F being LTL-formula st F in * N holds ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) proof let F be LTL-formula; ::_thesis: ( F in * N implies ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) ) assume A20: F in * N ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) now__::_thesis:_(_F_in_*_(SuccNode1_(H,N))_&_F_in_*_(SuccNode2_(H,N))_) percases ( F in the LTLold of N or F in the LTLnew of N or F in 'X' (CastLTL the LTLnext of N) ) by A20, Lm1; suppose F in the LTLold of N ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then ( F in the LTLold of (SuccNode1 (H,N)) & F in the LTLold of (SuccNode2 (H,N)) ) by A5, A9, XBOOLE_0:def_3; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by Lm1; ::_thesis: verum end; supposeA21: F in the LTLnew of N ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) now__::_thesis:_(_F_in_*_(SuccNode1_(H,N))_&_F_in_*_(SuccNode2_(H,N))_) percases ( F = H or not F = H ) ; suppose F = H ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then F in {H} by TARSKI:def_1; then ( F in the LTLold of (SuccNode1 (H,N)) & F in the LTLold of (SuccNode2 (H,N)) ) by A5, A9, XBOOLE_0:def_3; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by Lm1; ::_thesis: verum end; suppose not F = H ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then not F in {H} by TARSKI:def_1; then F in the LTLnew of N \ {H} by A21, XBOOLE_0:def_5; then ( F in the LTLnew of (SuccNode1 (H,N)) & F in the LTLnew of (SuccNode2 (H,N)) ) by A6, A10, XBOOLE_0:def_3; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by Lm1; ::_thesis: verum end; end; end; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) ; ::_thesis: verum end; supposeA22: F in 'X' (CastLTL the LTLnext of N) ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then F in 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))) by A1, Def5; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by A4, A22, Lm1; ::_thesis: verum end; end; end; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) ; ::_thesis: verum end; ( ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) implies w |= * N ) proof assume A23: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ; ::_thesis: w |= * N for F being LTL-formula st F in * N holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * N implies w |= F ) assume A24: F in * N ; ::_thesis: w |= F then A25: F in * (SuccNode2 (H,N)) by A19; A26: F in * (SuccNode1 (H,N)) by A19, A24; now__::_thesis:_w_|=_F percases ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) by A23; suppose w |= * (SuccNode1 (H,N)) ; ::_thesis: w |= F hence w |= F by A26, MODELC_2:def_64; ::_thesis: verum end; suppose w |= * (SuccNode2 (H,N)) ; ::_thesis: w |= F hence w |= F by A25, MODELC_2:def_64; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; hence w |= * N by MODELC_2:def_64; ::_thesis: verum end; hence ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) by A15; ::_thesis: verum end; Lm19: for H, v being LTL-formula for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & H is Until holds ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) proof let H, v be LTL-formula; ::_thesis: for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & H is Until holds ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) let N be strict LTLnode over v; ::_thesis: for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & H is Until holds ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) let w be Element of Inf_seq AtomicFamily; ::_thesis: ( H in the LTLnew of N & H is Until implies ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) ) assume that A1: H in the LTLnew of N and A2: H is Until ; ::_thesis: ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) set NX = the LTLnext of N; set SN1 = SuccNode1 (H,N); A3: H in * N by A1, Lm1; set SN1X = the LTLnext of (SuccNode1 (H,N)); LTLNext H = {H} by A2, Def3; then A4: the LTLnext of (SuccNode1 (H,N)) = the LTLnext of N \/ {H} by A1, Def4; set NN = the LTLnew of N; set NO = the LTLold of N; set SN2 = SuccNode2 (H,N); set H2 = the_right_argument_of H; set SN2N = the LTLnew of (SuccNode2 (H,N)); LTLNew2 H = {(the_right_argument_of H)} by A2, Def2; then A5: the LTLnew of (SuccNode2 (H,N)) = ( the LTLnew of N \ {H}) \/ ({(the_right_argument_of H)} \ the LTLold of N) by A1, Def5; set H1 = the_left_argument_of H; set XNX = 'X' (CastLTL the LTLnext of N); set XSN1X = 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))); set SN1N = the LTLnew of (SuccNode1 (H,N)); set SN1O = the LTLold of (SuccNode1 (H,N)); A6: the LTLold of (SuccNode1 (H,N)) = the LTLold of N \/ {H} by A1, Def4; LTLNew1 H = {(the_left_argument_of H)} by A2, Def1; then A7: the LTLnew of (SuccNode1 (H,N)) = ( the LTLnew of N \ {H}) \/ ({(the_left_argument_of H)} \ the LTLold of N) by A1, Def4; A8: for F being LTL-formula holds ( not F in * (SuccNode1 (H,N)) or F in * N or F = the_left_argument_of H or F = 'X' H ) proof let F be LTL-formula; ::_thesis: ( not F in * (SuccNode1 (H,N)) or F in * N or F = the_left_argument_of H or F = 'X' H ) assume A9: F in * (SuccNode1 (H,N)) ; ::_thesis: ( F in * N or F = the_left_argument_of H or F = 'X' H ) now__::_thesis:_(_F_in_*_N_or_F_=_the_left_argument_of_H_or_F_=_'X'_H_) percases ( F in the LTLold of (SuccNode1 (H,N)) or F in the LTLnew of (SuccNode1 (H,N)) or F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) ) by A9, Lm1; suppose F in the LTLold of (SuccNode1 (H,N)) ; ::_thesis: ( F in * N or F = the_left_argument_of H or F = 'X' H ) then ( F in the LTLold of N or F in {H} ) by A6, XBOOLE_0:def_3; hence ( F in * N or F = the_left_argument_of H or F = 'X' H ) by A3, Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in the LTLnew of (SuccNode1 (H,N)) ; ::_thesis: ( F in * N or F = the_left_argument_of H or F = 'X' H ) then ( F in the LTLnew of N \ {H} or F in {(the_left_argument_of H)} \ the LTLold of N ) by A7, XBOOLE_0:def_3; then ( F in the LTLnew of N or F in {(the_left_argument_of H)} ) by XBOOLE_0:def_5; hence ( F in * N or F = the_left_argument_of H or F = 'X' H ) by Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) ; ::_thesis: ( F in * N or F = the_left_argument_of H or F = 'X' H ) then consider G being LTL-formula such that A10: F = G and A11: ex G1 being LTL-formula st ( G1 in CastLTL the LTLnext of (SuccNode1 (H,N)) & G = 'X' G1 ) ; consider G1 being LTL-formula such that A12: G1 in the LTLnext of (SuccNode1 (H,N)) and A13: G = 'X' G1 by A11; A14: ( G1 in the LTLnext of N or G1 in {H} ) by A4, A12, XBOOLE_0:def_3; now__::_thesis:_(_F_in_*_N_or_F_=_the_left_argument_of_H_or_F_=_'X'_H_) percases ( G1 in the LTLnext of N or G1 = H ) by A14, TARSKI:def_1; suppose G1 in the LTLnext of N ; ::_thesis: ( F in * N or F = the_left_argument_of H or F = 'X' H ) then F in 'X' (CastLTL the LTLnext of N) by A10, A13; hence ( F in * N or F = the_left_argument_of H or F = 'X' H ) by Lm1; ::_thesis: verum end; suppose G1 = H ; ::_thesis: ( F in * N or F = the_left_argument_of H or F = 'X' H ) hence ( F in * N or F = the_left_argument_of H or F = 'X' H ) by A10, A13; ::_thesis: verum end; end; end; hence ( F in * N or F = the_left_argument_of H or F = 'X' H ) ; ::_thesis: verum end; end; end; hence ( F in * N or F = the_left_argument_of H or F = 'X' H ) ; ::_thesis: verum end; set SN2X = the LTLnext of (SuccNode2 (H,N)); set XSN2X = 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))); set SN2O = the LTLold of (SuccNode2 (H,N)); A15: the LTLold of (SuccNode2 (H,N)) = the LTLold of N \/ {H} by A1, Def5; A16: the LTLnext of (SuccNode2 (H,N)) = the LTLnext of N by A1, Def5; A17: for F being LTL-formula holds ( not F in * (SuccNode2 (H,N)) or F in * N or F = the_right_argument_of H ) proof let F be LTL-formula; ::_thesis: ( not F in * (SuccNode2 (H,N)) or F in * N or F = the_right_argument_of H ) assume A18: F in * (SuccNode2 (H,N)) ; ::_thesis: ( F in * N or F = the_right_argument_of H ) now__::_thesis:_(_F_in_*_N_or_F_=_the_right_argument_of_H_) percases ( F in the LTLold of (SuccNode2 (H,N)) or F in the LTLnew of (SuccNode2 (H,N)) or F in 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))) ) by A18, Lm1; suppose F in the LTLold of (SuccNode2 (H,N)) ; ::_thesis: ( F in * N or F = the_right_argument_of H ) then ( F in the LTLold of N or F in {H} ) by A15, XBOOLE_0:def_3; hence ( F in * N or F = the_right_argument_of H ) by A3, Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in the LTLnew of (SuccNode2 (H,N)) ; ::_thesis: ( F in * N or F = the_right_argument_of H ) then ( F in the LTLnew of N \ {H} or F in {(the_right_argument_of H)} \ the LTLold of N ) by A5, XBOOLE_0:def_3; then ( F in the LTLnew of N or F in {(the_right_argument_of H)} ) by XBOOLE_0:def_5; hence ( F in * N or F = the_right_argument_of H ) by Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))) ; ::_thesis: ( F in * N or F = the_right_argument_of H ) hence ( F in * N or F = the_right_argument_of H ) by A16, Lm1; ::_thesis: verum end; end; end; hence ( F in * N or F = the_right_argument_of H ) ; ::_thesis: verum end; H = (the_left_argument_of H) 'U' (the_right_argument_of H) by A2, MODELC_2:8; then ( w |= H iff w |= (the_right_argument_of H) 'or' ((the_left_argument_of H) '&' ('X' H)) ) by MODELC_2:75; then A19: ( w |= H iff ( w |= the_right_argument_of H or w |= (the_left_argument_of H) '&' ('X' H) ) ) by MODELC_2:66; A20: ( not w |= * N or w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) proof assume A21: w |= * N ; ::_thesis: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) now__::_thesis:_(_w_|=_*_(SuccNode1_(H,N))_or_w_|=_*_(SuccNode2_(H,N))_) percases ( ( w |= the_left_argument_of H & w |= 'X' H ) or w |= the_right_argument_of H ) by A3, A19, A21, MODELC_2:65, MODELC_2:def_64; supposeA22: ( w |= the_left_argument_of H & w |= 'X' H ) ; ::_thesis: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) for F being LTL-formula st F in * (SuccNode1 (H,N)) holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * (SuccNode1 (H,N)) implies w |= F ) assume F in * (SuccNode1 (H,N)) ; ::_thesis: w |= F then ( F in * N or F = the_left_argument_of H or F = 'X' H ) by A8; hence w |= F by A21, A22, MODELC_2:def_64; ::_thesis: verum end; hence ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) by MODELC_2:def_64; ::_thesis: verum end; supposeA23: w |= the_right_argument_of H ; ::_thesis: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) for F being LTL-formula st F in * (SuccNode2 (H,N)) holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * (SuccNode2 (H,N)) implies w |= F ) assume F in * (SuccNode2 (H,N)) ; ::_thesis: w |= F then ( F in * N or F = the_right_argument_of H ) by A17; hence w |= F by A21, A23, MODELC_2:def_64; ::_thesis: verum end; hence ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) by MODELC_2:def_64; ::_thesis: verum end; end; end; hence ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ; ::_thesis: verum end; A24: for F being LTL-formula st F in * N holds ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) proof let F be LTL-formula; ::_thesis: ( F in * N implies ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) ) assume A25: F in * N ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) now__::_thesis:_(_F_in_*_(SuccNode1_(H,N))_&_F_in_*_(SuccNode2_(H,N))_) percases ( F in the LTLold of N or F in the LTLnew of N or F in 'X' (CastLTL the LTLnext of N) ) by A25, Lm1; suppose F in the LTLold of N ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then ( F in the LTLold of (SuccNode1 (H,N)) & F in the LTLold of (SuccNode2 (H,N)) ) by A6, A15, XBOOLE_0:def_3; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by Lm1; ::_thesis: verum end; supposeA26: F in the LTLnew of N ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) now__::_thesis:_(_F_in_*_(SuccNode1_(H,N))_&_F_in_*_(SuccNode2_(H,N))_) percases ( F = H or F <> H ) ; suppose F = H ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then F in {H} by TARSKI:def_1; then ( F in the LTLold of (SuccNode1 (H,N)) & F in the LTLold of (SuccNode2 (H,N)) ) by A6, A15, XBOOLE_0:def_3; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by Lm1; ::_thesis: verum end; suppose F <> H ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then not F in {H} by TARSKI:def_1; then F in the LTLnew of N \ {H} by A26, XBOOLE_0:def_5; then ( F in the LTLnew of (SuccNode1 (H,N)) & F in the LTLnew of (SuccNode2 (H,N)) ) by A7, A5, XBOOLE_0:def_3; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by Lm1; ::_thesis: verum end; end; end; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) ; ::_thesis: verum end; suppose F in 'X' (CastLTL the LTLnext of N) ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then consider G being LTL-formula such that A27: F = G and A28: ex G1 being LTL-formula st ( G1 in CastLTL the LTLnext of N & G = 'X' G1 ) ; consider G1 being LTL-formula such that A29: G1 in the LTLnext of N and A30: G = 'X' G1 by A28; G1 in the LTLnext of (SuccNode1 (H,N)) by A4, A29, XBOOLE_0:def_3; then A31: F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) by A27, A30; F in 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))) by A16, A27, A29, A30; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by A31, Lm1; ::_thesis: verum end; end; end; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) ; ::_thesis: verum end; ( ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) implies w |= * N ) proof assume A32: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ; ::_thesis: w |= * N for F being LTL-formula st F in * N holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * N implies w |= F ) assume A33: F in * N ; ::_thesis: w |= F then A34: F in * (SuccNode2 (H,N)) by A24; A35: F in * (SuccNode1 (H,N)) by A24, A33; now__::_thesis:_w_|=_F percases ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) by A32; suppose w |= * (SuccNode1 (H,N)) ; ::_thesis: w |= F hence w |= F by A35, MODELC_2:def_64; ::_thesis: verum end; suppose w |= * (SuccNode2 (H,N)) ; ::_thesis: w |= F hence w |= F by A34, MODELC_2:def_64; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; hence w |= * N by MODELC_2:def_64; ::_thesis: verum end; hence ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) by A20; ::_thesis: verum end; Lm20: for H, v being LTL-formula for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & H is Release holds ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) proof let H, v be LTL-formula; ::_thesis: for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & H is Release holds ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) let N be strict LTLnode over v; ::_thesis: for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & H is Release holds ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) let w be Element of Inf_seq AtomicFamily; ::_thesis: ( H in the LTLnew of N & H is Release implies ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) ) assume that A1: H in the LTLnew of N and A2: H is Release ; ::_thesis: ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) set NX = the LTLnext of N; set SN1 = SuccNode1 (H,N); A3: H in * N by A1, Lm1; set SN1X = the LTLnext of (SuccNode1 (H,N)); LTLNext H = {H} by A2, Def3; then A4: the LTLnext of (SuccNode1 (H,N)) = the LTLnext of N \/ {H} by A1, Def4; set H2 = the_right_argument_of H; set NN = the LTLnew of N; set NO = the LTLold of N; set SN2 = SuccNode2 (H,N); set H1 = the_left_argument_of H; set SN2N = the LTLnew of (SuccNode2 (H,N)); LTLNew2 H = {(the_left_argument_of H),(the_right_argument_of H)} by A2, Def2; then A5: the LTLnew of (SuccNode2 (H,N)) = ( the LTLnew of N \ {H}) \/ ({(the_left_argument_of H),(the_right_argument_of H)} \ the LTLold of N) by A1, Def5; set XNX = 'X' (CastLTL the LTLnext of N); set XSN1X = 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))); set SN1N = the LTLnew of (SuccNode1 (H,N)); set SN1O = the LTLold of (SuccNode1 (H,N)); A6: the LTLold of (SuccNode1 (H,N)) = the LTLold of N \/ {H} by A1, Def4; LTLNew1 H = {(the_right_argument_of H)} by A2, Def1; then A7: the LTLnew of (SuccNode1 (H,N)) = ( the LTLnew of N \ {H}) \/ ({(the_right_argument_of H)} \ the LTLold of N) by A1, Def4; A8: for F being LTL-formula holds ( not F in * (SuccNode1 (H,N)) or F in * N or F = the_right_argument_of H or F = 'X' H ) proof let F be LTL-formula; ::_thesis: ( not F in * (SuccNode1 (H,N)) or F in * N or F = the_right_argument_of H or F = 'X' H ) assume A9: F in * (SuccNode1 (H,N)) ; ::_thesis: ( F in * N or F = the_right_argument_of H or F = 'X' H ) now__::_thesis:_(_F_in_*_N_or_F_=_the_right_argument_of_H_or_F_=_'X'_H_) percases ( F in the LTLold of (SuccNode1 (H,N)) or F in the LTLnew of (SuccNode1 (H,N)) or F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) ) by A9, Lm1; suppose F in the LTLold of (SuccNode1 (H,N)) ; ::_thesis: ( F in * N or F = the_right_argument_of H or F = 'X' H ) then ( F in the LTLold of N or F in {H} ) by A6, XBOOLE_0:def_3; hence ( F in * N or F = the_right_argument_of H or F = 'X' H ) by A3, Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in the LTLnew of (SuccNode1 (H,N)) ; ::_thesis: ( F in * N or F = the_right_argument_of H or F = 'X' H ) then ( F in the LTLnew of N \ {H} or F in {(the_right_argument_of H)} \ the LTLold of N ) by A7, XBOOLE_0:def_3; then ( F in the LTLnew of N or F in {(the_right_argument_of H)} ) by XBOOLE_0:def_5; hence ( F in * N or F = the_right_argument_of H or F = 'X' H ) by Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) ; ::_thesis: ( F in * N or F = the_right_argument_of H or F = 'X' H ) then consider G being LTL-formula such that A10: F = G and A11: ex G1 being LTL-formula st ( G1 in CastLTL the LTLnext of (SuccNode1 (H,N)) & G = 'X' G1 ) ; consider G1 being LTL-formula such that A12: G1 in the LTLnext of (SuccNode1 (H,N)) and A13: G = 'X' G1 by A11; A14: ( G1 in the LTLnext of N or G1 in {H} ) by A4, A12, XBOOLE_0:def_3; now__::_thesis:_(_F_in_*_N_or_F_=_the_right_argument_of_H_or_F_=_'X'_H_) percases ( G1 in the LTLnext of N or G1 = H ) by A14, TARSKI:def_1; suppose G1 in the LTLnext of N ; ::_thesis: ( F in * N or F = the_right_argument_of H or F = 'X' H ) then F in 'X' (CastLTL the LTLnext of N) by A10, A13; hence ( F in * N or F = the_right_argument_of H or F = 'X' H ) by Lm1; ::_thesis: verum end; suppose G1 = H ; ::_thesis: ( F in * N or F = the_right_argument_of H or F = 'X' H ) hence ( F in * N or F = the_right_argument_of H or F = 'X' H ) by A10, A13; ::_thesis: verum end; end; end; hence ( F in * N or F = the_right_argument_of H or F = 'X' H ) ; ::_thesis: verum end; end; end; hence ( F in * N or F = the_right_argument_of H or F = 'X' H ) ; ::_thesis: verum end; set SN2X = the LTLnext of (SuccNode2 (H,N)); set XSN2X = 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))); set SN2O = the LTLold of (SuccNode2 (H,N)); A15: the LTLold of (SuccNode2 (H,N)) = the LTLold of N \/ {H} by A1, Def5; A16: the LTLnext of (SuccNode2 (H,N)) = the LTLnext of N by A1, Def5; A17: for F being LTL-formula holds ( not F in * (SuccNode2 (H,N)) or F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) proof let F be LTL-formula; ::_thesis: ( not F in * (SuccNode2 (H,N)) or F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) assume A18: F in * (SuccNode2 (H,N)) ; ::_thesis: ( F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) now__::_thesis:_(_F_in_*_N_or_F_=_the_left_argument_of_H_or_F_=_the_right_argument_of_H_) percases ( F in the LTLold of (SuccNode2 (H,N)) or F in the LTLnew of (SuccNode2 (H,N)) or F in 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))) ) by A18, Lm1; suppose F in the LTLold of (SuccNode2 (H,N)) ; ::_thesis: ( F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) then ( F in the LTLold of N or F in {H} ) by A15, XBOOLE_0:def_3; hence ( F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) by A3, Lm1, TARSKI:def_1; ::_thesis: verum end; suppose F in the LTLnew of (SuccNode2 (H,N)) ; ::_thesis: ( F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) then ( F in the LTLnew of N \ {H} or F in {(the_left_argument_of H),(the_right_argument_of H)} \ the LTLold of N ) by A5, XBOOLE_0:def_3; then ( F in the LTLnew of N or F in {(the_left_argument_of H),(the_right_argument_of H)} ) by XBOOLE_0:def_5; hence ( F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) by Lm1, TARSKI:def_2; ::_thesis: verum end; suppose F in 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))) ; ::_thesis: ( F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) hence ( F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) by A16, Lm1; ::_thesis: verum end; end; end; hence ( F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) ; ::_thesis: verum end; H = (the_left_argument_of H) 'R' (the_right_argument_of H) by A2, MODELC_2:9; then ( w |= H iff w |= ((the_left_argument_of H) '&' (the_right_argument_of H)) 'or' ((the_right_argument_of H) '&' ('X' H)) ) by MODELC_2:76; then A19: ( w |= H iff ( w |= (the_left_argument_of H) '&' (the_right_argument_of H) or w |= (the_right_argument_of H) '&' ('X' H) ) ) by MODELC_2:66; A20: ( not w |= * N or w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) proof assume A21: w |= * N ; ::_thesis: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) now__::_thesis:_(_w_|=_*_(SuccNode1_(H,N))_or_w_|=_*_(SuccNode2_(H,N))_) percases ( ( w |= the_right_argument_of H & w |= 'X' H ) or ( w |= the_left_argument_of H & w |= the_right_argument_of H ) ) by A3, A19, A21, MODELC_2:65, MODELC_2:def_64; supposeA22: ( w |= the_right_argument_of H & w |= 'X' H ) ; ::_thesis: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) for F being LTL-formula st F in * (SuccNode1 (H,N)) holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * (SuccNode1 (H,N)) implies w |= F ) assume F in * (SuccNode1 (H,N)) ; ::_thesis: w |= F then ( F in * N or F = the_right_argument_of H or F = 'X' H ) by A8; hence w |= F by A21, A22, MODELC_2:def_64; ::_thesis: verum end; hence ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) by MODELC_2:def_64; ::_thesis: verum end; supposeA23: ( w |= the_left_argument_of H & w |= the_right_argument_of H ) ; ::_thesis: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) for F being LTL-formula st F in * (SuccNode2 (H,N)) holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * (SuccNode2 (H,N)) implies w |= F ) assume F in * (SuccNode2 (H,N)) ; ::_thesis: w |= F then ( F in * N or F = the_left_argument_of H or F = the_right_argument_of H ) by A17; hence w |= F by A21, A23, MODELC_2:def_64; ::_thesis: verum end; hence ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) by MODELC_2:def_64; ::_thesis: verum end; end; end; hence ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ; ::_thesis: verum end; A24: for F being LTL-formula st F in * N holds ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) proof let F be LTL-formula; ::_thesis: ( F in * N implies ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) ) assume A25: F in * N ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) now__::_thesis:_(_F_in_*_(SuccNode1_(H,N))_&_F_in_*_(SuccNode2_(H,N))_) percases ( F in the LTLold of N or F in the LTLnew of N or F in 'X' (CastLTL the LTLnext of N) ) by A25, Lm1; suppose F in the LTLold of N ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then ( F in the LTLold of (SuccNode1 (H,N)) & F in the LTLold of (SuccNode2 (H,N)) ) by A6, A15, XBOOLE_0:def_3; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by Lm1; ::_thesis: verum end; supposeA26: F in the LTLnew of N ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) now__::_thesis:_(_F_in_*_(SuccNode1_(H,N))_&_F_in_*_(SuccNode2_(H,N))_) percases ( F = H or not F = H ) ; suppose F = H ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then F in {H} by TARSKI:def_1; then ( F in the LTLold of (SuccNode1 (H,N)) & F in the LTLold of (SuccNode2 (H,N)) ) by A6, A15, XBOOLE_0:def_3; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by Lm1; ::_thesis: verum end; suppose not F = H ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then not F in {H} by TARSKI:def_1; then F in the LTLnew of N \ {H} by A26, XBOOLE_0:def_5; then ( F in the LTLnew of (SuccNode1 (H,N)) & F in the LTLnew of (SuccNode2 (H,N)) ) by A7, A5, XBOOLE_0:def_3; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by Lm1; ::_thesis: verum end; end; end; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) ; ::_thesis: verum end; suppose F in 'X' (CastLTL the LTLnext of N) ; ::_thesis: ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) then consider G being LTL-formula such that A27: F = G and A28: ex G1 being LTL-formula st ( G1 in CastLTL the LTLnext of N & G = 'X' G1 ) ; consider G1 being LTL-formula such that A29: G1 in the LTLnext of N and A30: G = 'X' G1 by A28; G1 in the LTLnext of (SuccNode1 (H,N)) by A4, A29, XBOOLE_0:def_3; then A31: F in 'X' (CastLTL the LTLnext of (SuccNode1 (H,N))) by A27, A30; F in 'X' (CastLTL the LTLnext of (SuccNode2 (H,N))) by A16, A27, A29, A30; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) by A31, Lm1; ::_thesis: verum end; end; end; hence ( F in * (SuccNode1 (H,N)) & F in * (SuccNode2 (H,N)) ) ; ::_thesis: verum end; ( ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) implies w |= * N ) proof assume A32: ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ; ::_thesis: w |= * N for F being LTL-formula st F in * N holds w |= F proof let F be LTL-formula; ::_thesis: ( F in * N implies w |= F ) assume A33: F in * N ; ::_thesis: w |= F then A34: F in * (SuccNode2 (H,N)) by A24; A35: F in * (SuccNode1 (H,N)) by A24, A33; now__::_thesis:_w_|=_F percases ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) by A32; suppose w |= * (SuccNode1 (H,N)) ; ::_thesis: w |= F hence w |= F by A35, MODELC_2:def_64; ::_thesis: verum end; suppose w |= * (SuccNode2 (H,N)) ; ::_thesis: w |= F hence w |= F by A34, MODELC_2:def_64; ::_thesis: verum end; end; end; hence w |= F ; ::_thesis: verum end; hence w |= * N by MODELC_2:def_64; ::_thesis: verum end; hence ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) by A20; ::_thesis: verum end; theorem :: MODELC_3:2 for H, v being LTL-formula for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily st H in the LTLnew of N & ( H is disjunctive or H is Until or H is Release ) holds ( w |= * N iff ( w |= * (SuccNode1 (H,N)) or w |= * (SuccNode2 (H,N)) ) ) by Lm18, Lm19, Lm20; Lm21: for H being LTL-formula st ( H is negative or H is next ) holds Subformulae H = (Subformulae (the_argument_of H)) \/ {H} proof let H be LTL-formula; ::_thesis: ( ( H is negative or H is next ) implies Subformulae H = (Subformulae (the_argument_of H)) \/ {H} ) set H1 = the_argument_of H; H in Subformulae H by MODELC_2:45; then A1: {H} c= Subformulae H by ZFMISC_1:31; assume A2: ( H is negative or H is next ) ; ::_thesis: Subformulae H = (Subformulae (the_argument_of H)) \/ {H} then the_argument_of H is_immediate_constituent_of H by MODELC_2:20, MODELC_2:21; then the_argument_of H is_proper_subformula_of H by MODELC_2:29; then the_argument_of H is_subformula_of H by MODELC_2:def_23; then Subformulae (the_argument_of H) c= Subformulae H by MODELC_2:46; then A3: (Subformulae (the_argument_of H)) \/ {H} c= Subformulae H by A1, XBOOLE_1:8; for x being set holds ( x in Subformulae H iff x in (Subformulae (the_argument_of H)) \/ {H} ) proof let x be set ; ::_thesis: ( x in Subformulae H iff x in (Subformulae (the_argument_of H)) \/ {H} ) ( x in Subformulae H implies x in (Subformulae (the_argument_of H)) \/ {H} ) proof assume x in Subformulae H ; ::_thesis: x in (Subformulae (the_argument_of H)) \/ {H} then consider F being LTL-formula such that A4: F = x and A5: F is_subformula_of H by MODELC_2:def_24; now__::_thesis:_x_in_(Subformulae_(the_argument_of_H))_\/_{H} percases ( F = H or F <> H ) ; suppose F = H ; ::_thesis: x in (Subformulae (the_argument_of H)) \/ {H} then F in {H} by TARSKI:def_1; hence x in (Subformulae (the_argument_of H)) \/ {H} by A4, XBOOLE_0:def_3; ::_thesis: verum end; suppose F <> H ; ::_thesis: x in (Subformulae (the_argument_of H)) \/ {H} then F is_proper_subformula_of H by A5, MODELC_2:def_23; then F is_subformula_of the_argument_of H by A2, MODELC_2:37; then F in Subformulae (the_argument_of H) by MODELC_2:45; hence x in (Subformulae (the_argument_of H)) \/ {H} by A4, XBOOLE_0:def_3; ::_thesis: verum end; end; end; hence x in (Subformulae (the_argument_of H)) \/ {H} ; ::_thesis: verum end; hence ( x in Subformulae H iff x in (Subformulae (the_argument_of H)) \/ {H} ) by A3; ::_thesis: verum end; hence Subformulae H = (Subformulae (the_argument_of H)) \/ {H} by TARSKI:1; ::_thesis: verum end; Lm22: for H being LTL-formula st ( H is conjunctive or H is disjunctive or H is Until or H is Release ) holds Subformulae H = ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} proof let H be LTL-formula; ::_thesis: ( ( H is conjunctive or H is disjunctive or H is Until or H is Release ) implies Subformulae H = ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} ) set H1 = the_left_argument_of H; set H2 = the_right_argument_of H; set SUBF = (Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H)); H in Subformulae H by MODELC_2:def_24; then A1: {H} c= Subformulae H by ZFMISC_1:31; assume A2: ( H is conjunctive or H is disjunctive or H is Until or H is Release ) ; ::_thesis: Subformulae H = ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} then the_right_argument_of H is_immediate_constituent_of H by MODELC_2:22, MODELC_2:23, MODELC_2:24, MODELC_2:25; then the_right_argument_of H is_proper_subformula_of H by MODELC_2:29; then the_right_argument_of H is_subformula_of H by MODELC_2:def_23; then A3: Subformulae (the_right_argument_of H) c= Subformulae H by MODELC_2:46; the_left_argument_of H is_immediate_constituent_of H by A2, MODELC_2:22, MODELC_2:23, MODELC_2:24, MODELC_2:25; then the_left_argument_of H is_proper_subformula_of H by MODELC_2:29; then the_left_argument_of H is_subformula_of H by MODELC_2:def_23; then Subformulae (the_left_argument_of H) c= Subformulae H by MODELC_2:46; then (Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H)) c= Subformulae H by A3, XBOOLE_1:8; then A4: ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} c= Subformulae H by A1, XBOOLE_1:8; for x being set holds ( x in Subformulae H iff x in ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} ) proof let x be set ; ::_thesis: ( x in Subformulae H iff x in ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} ) ( x in Subformulae H implies x in ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} ) proof assume x in Subformulae H ; ::_thesis: x in ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} then consider F being LTL-formula such that A5: F = x and A6: F is_subformula_of H by MODELC_2:def_24; now__::_thesis:_x_in_((Subformulae_(the_left_argument_of_H))_\/_(Subformulae_(the_right_argument_of_H)))_\/_{H} percases ( F = H or F <> H ) ; suppose F = H ; ::_thesis: x in ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} then F in {H} by TARSKI:def_1; hence x in ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} by A5, XBOOLE_0:def_3; ::_thesis: verum end; suppose F <> H ; ::_thesis: x in ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} then F is_proper_subformula_of H by A6, MODELC_2:def_23; then ( F is_subformula_of the_left_argument_of H or F is_subformula_of the_right_argument_of H ) by A2, MODELC_2:38; then ( F in Subformulae (the_left_argument_of H) or F in Subformulae (the_right_argument_of H) ) by MODELC_2:45; then F in (Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H)) by XBOOLE_0:def_3; hence x in ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} by A5, XBOOLE_0:def_3; ::_thesis: verum end; end; end; hence x in ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} ; ::_thesis: verum end; hence ( x in Subformulae H iff x in ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} ) by A4; ::_thesis: verum end; hence Subformulae H = ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} by TARSKI:1; ::_thesis: verum end; Lm23: for H being LTL-formula st H is atomic holds Subformulae H = {H} proof let H be LTL-formula; ::_thesis: ( H is atomic implies Subformulae H = {H} ) assume H is atomic ; ::_thesis: Subformulae H = {H} then ex n being Nat st H = atom. n by MODELC_2:def_11; then A1: len H = 1 by FINSEQ_1:40; A2: for x being set st x in Subformulae H holds x in {H} proof let x be set ; ::_thesis: ( x in Subformulae H implies x in {H} ) assume x in Subformulae H ; ::_thesis: x in {H} then consider G being LTL-formula such that A3: G = x and A4: G is_subformula_of H by MODELC_2:def_24; now__::_thesis:_not_G_<>_H assume G <> H ; ::_thesis: contradiction then G is_proper_subformula_of H by A4, MODELC_2:def_23; then len G < 1 by A1, MODELC_2:32; hence contradiction by MODELC_2:3; ::_thesis: verum end; hence x in {H} by A3, TARSKI:def_1; ::_thesis: verum end; for x being set st x in {H} holds x in Subformulae H proof let x be set ; ::_thesis: ( x in {H} implies x in Subformulae H ) assume x in {H} ; ::_thesis: x in Subformulae H then x = H by TARSKI:def_1; hence x in Subformulae H by MODELC_2:45; ::_thesis: verum end; hence Subformulae H = {H} by A2, TARSKI:1; ::_thesis: verum end; Lm24: for H being LTL-formula for W being Subset of (Subformulae H) holds not {} in W proof let H be LTL-formula; ::_thesis: for W being Subset of (Subformulae H) holds not {} in W let W be Subset of (Subformulae H); ::_thesis: not {} in W assume {} in W ; ::_thesis: contradiction then ex F being LTL-formula st ( F = {} & F is_subformula_of H ) by MODELC_2:def_24; hence contradiction by CARD_1:27, MODELC_2:3; ::_thesis: verum end; theorem Th3: :: MODELC_3:3 for H being LTL-formula ex L being FinSequence st Subformulae H = rng L proof let H be LTL-formula; ::_thesis: ex L being FinSequence st Subformulae H = rng L defpred S1[ LTL-formula] means ex L being FinSequence st Subformulae $1 = rng L; A1: for H being LTL-formula st ( H is negative or H is next ) & S1[ the_argument_of H] holds S1[H] proof let H be LTL-formula; ::_thesis: ( ( H is negative or H is next ) & S1[ the_argument_of H] implies S1[H] ) assume that A2: ( H is negative or H is next ) and A3: S1[ the_argument_of H] ; ::_thesis: S1[H] consider L1 being FinSequence such that A4: Subformulae (the_argument_of H) = rng L1 by A3; set L = L1 ^ <*H*>; take L1 ^ <*H*> ; ::_thesis: Subformulae H = rng (L1 ^ <*H*>) rng (L1 ^ <*H*>) = (rng L1) \/ (rng <*H*>) by FINSEQ_1:31 .= (Subformulae (the_argument_of H)) \/ {H} by A4, Lm3 .= Subformulae H by A2, Lm21 ; hence Subformulae H = rng (L1 ^ <*H*>) ; ::_thesis: verum end; A5: for H being LTL-formula st ( H is conjunctive or H is disjunctive or H is Until or H is Release ) & S1[ the_left_argument_of H] & S1[ the_right_argument_of H] holds S1[H] proof let H be LTL-formula; ::_thesis: ( ( H is conjunctive or H is disjunctive or H is Until or H is Release ) & S1[ the_left_argument_of H] & S1[ the_right_argument_of H] implies S1[H] ) assume that A6: ( H is conjunctive or H is disjunctive or H is Until or H is Release ) and A7: S1[ the_left_argument_of H] and A8: S1[ the_right_argument_of H] ; ::_thesis: S1[H] consider L1 being FinSequence such that A9: Subformulae (the_left_argument_of H) = rng L1 by A7; consider L2 being FinSequence such that A10: Subformulae (the_right_argument_of H) = rng L2 by A8; A11: rng (L1 ^ L2) = (Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H)) by A9, A10, FINSEQ_1:31; set L = (L1 ^ L2) ^ <*H*>; take (L1 ^ L2) ^ <*H*> ; ::_thesis: Subformulae H = rng ((L1 ^ L2) ^ <*H*>) rng ((L1 ^ L2) ^ <*H*>) = (rng (L1 ^ L2)) \/ (rng <*H*>) by FINSEQ_1:31 .= ((Subformulae (the_left_argument_of H)) \/ (Subformulae (the_right_argument_of H))) \/ {H} by A11, Lm3 .= Subformulae H by A6, Lm22 ; hence Subformulae H = rng ((L1 ^ L2) ^ <*H*>) ; ::_thesis: verum end; A12: for H being LTL-formula st H is atomic holds S1[H] proof let H be LTL-formula; ::_thesis: ( H is atomic implies S1[H] ) assume A13: H is atomic ; ::_thesis: S1[H] set L = <*H*>; take <*H*> ; ::_thesis: Subformulae H = rng <*H*> rng <*H*> = {H} by Lm3 .= Subformulae H by A13, Lm23 ; hence Subformulae H = rng <*H*> ; ::_thesis: verum end; for H being LTL-formula holds S1[H] from MODELC_2:sch_1(A12, A1, A5); hence ex L being FinSequence st Subformulae H = rng L ; ::_thesis: verum end; registration let H be LTL-formula; cluster Subformulae H -> finite ; correctness coherence Subformulae H is finite ; proof ex L being FinSequence st Subformulae H = rng L by Th3; hence Subformulae H is finite ; ::_thesis: verum end; end; definition let H be LTL-formula; let W be Subset of (Subformulae H); let L be FinSequence; let x be set ; func Length_fun (L,W,x) -> Nat equals :Def23: :: MODELC_3:def 23 len (CastLTL (L . x)) if L . x in W otherwise 0 ; correctness coherence ( ( L . x in W implies len (CastLTL (L . x)) is Nat ) & ( not L . x in W implies 0 is Nat ) ); consistency for b1 being Nat holds verum; ; end; :: deftheorem Def23 defines Length_fun MODELC_3:def_23_:_ for H being LTL-formula for W being Subset of (Subformulae H) for L being FinSequence for x being set holds ( ( L . x in W implies Length_fun (L,W,x) = len (CastLTL (L . x)) ) & ( not L . x in W implies Length_fun (L,W,x) = 0 ) ); definition let H be LTL-formula; let W be Subset of (Subformulae H); let L be FinSequence; func Partial_seq (L,W) -> Real_Sequence means :Def24: :: MODELC_3:def 24 for k being Nat holds ( ( L . k in W implies it . k = len (CastLTL (L . k)) ) & ( not L . k in W implies it . k = 0 ) ); existence ex b1 being Real_Sequence st for k being Nat holds ( ( L . k in W implies b1 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies b1 . k = 0 ) ) proof deffunc H1( set ) -> Nat = Length_fun (L,W,$1); A1: for x being set st x in NAT holds H1(x) in REAL proof let x be set ; ::_thesis: ( x in NAT implies H1(x) in REAL ) assume x in NAT ; ::_thesis: H1(x) in REAL H1(x) in NAT by ORDINAL1:def_12; hence H1(x) in REAL ; ::_thesis: verum end; consider IT being Function of NAT,REAL such that A2: for x being set st x in NAT holds IT . x = H1(x) from FUNCT_2:sch_2(A1); take IT ; ::_thesis: for k being Nat holds ( ( L . k in W implies IT . k = len (CastLTL (L . k)) ) & ( not L . k in W implies IT . k = 0 ) ) for k being Nat holds ( ( L . k in W implies IT . k = len (CastLTL (L . k)) ) & ( not L . k in W implies IT . k = 0 ) ) proof let k be Nat; ::_thesis: ( ( L . k in W implies IT . k = len (CastLTL (L . k)) ) & ( not L . k in W implies IT . k = 0 ) ) A3: k in NAT by ORDINAL1:def_12; A4: ( not L . k in W implies IT . k = 0 ) proof assume A5: not L . k in W ; ::_thesis: IT . k = 0 IT . k = Length_fun (L,W,k) by A2, A3; hence IT . k = 0 by A5, Def23; ::_thesis: verum end; ( L . k in W implies IT . k = len (CastLTL (L . k)) ) proof assume A6: L . k in W ; ::_thesis: IT . k = len (CastLTL (L . k)) IT . k = Length_fun (L,W,k) by A2, A3; hence IT . k = len (CastLTL (L . k)) by A6, Def23; ::_thesis: verum end; hence ( ( L . k in W implies IT . k = len (CastLTL (L . k)) ) & ( not L . k in W implies IT . k = 0 ) ) by A4; ::_thesis: verum end; hence for k being Nat holds ( ( L . k in W implies IT . k = len (CastLTL (L . k)) ) & ( not L . k in W implies IT . k = 0 ) ) ; ::_thesis: verum end; uniqueness for b1, b2 being Real_Sequence st ( for k being Nat holds ( ( L . k in W implies b1 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies b1 . k = 0 ) ) ) & ( for k being Nat holds ( ( L . k in W implies b2 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies b2 . k = 0 ) ) ) holds b1 = b2 proof let R1, R2 be Real_Sequence; ::_thesis: ( ( for k being Nat holds ( ( L . k in W implies R1 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies R1 . k = 0 ) ) ) & ( for k being Nat holds ( ( L . k in W implies R2 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies R2 . k = 0 ) ) ) implies R1 = R2 ) ( ( for k being Nat holds ( ( L . k in W implies R1 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies R1 . k = 0 ) ) ) & ( for k being Nat holds ( ( L . k in W implies R2 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies R2 . k = 0 ) ) ) implies R1 = R2 ) proof assume that A7: for k being Nat holds ( ( L . k in W implies R1 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies R1 . k = 0 ) ) and A8: for k being Nat holds ( ( L . k in W implies R2 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies R2 . k = 0 ) ) ; ::_thesis: R1 = R2 for x being set st x in NAT holds R1 . x = R2 . x proof let x be set ; ::_thesis: ( x in NAT implies R1 . x = R2 . x ) assume x in NAT ; ::_thesis: R1 . x = R2 . x then reconsider x = x as Nat ; now__::_thesis:_R1_._x_=_R2_._x percases ( L . x in W or not L . x in W ) ; supposeA9: L . x in W ; ::_thesis: R1 . x = R2 . x then R1 . x = len (CastLTL (L . x)) by A7; hence R1 . x = R2 . x by A8, A9; ::_thesis: verum end; supposeA10: not L . x in W ; ::_thesis: R1 . x = R2 . x then R1 . x = 0 by A7; hence R1 . x = R2 . x by A8, A10; ::_thesis: verum end; end; end; hence R1 . x = R2 . x ; ::_thesis: verum end; hence R1 = R2 by FUNCT_2:12; ::_thesis: verum end; hence ( ( for k being Nat holds ( ( L . k in W implies R1 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies R1 . k = 0 ) ) ) & ( for k being Nat holds ( ( L . k in W implies R2 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies R2 . k = 0 ) ) ) implies R1 = R2 ) ; ::_thesis: verum end; end; :: deftheorem Def24 defines Partial_seq MODELC_3:def_24_:_ for H being LTL-formula for W being Subset of (Subformulae H) for L being FinSequence for b4 being Real_Sequence holds ( b4 = Partial_seq (L,W) iff for k being Nat holds ( ( L . k in W implies b4 . k = len (CastLTL (L . k)) ) & ( not L . k in W implies b4 . k = 0 ) ) ); definition let H be LTL-formula; let W be Subset of (Subformulae H); let L be FinSequence; func len (L,W) -> Real equals :: MODELC_3:def 25 Sum ((Partial_seq (L,W)),(len L)); correctness coherence Sum ((Partial_seq (L,W)),(len L)) is Real; ; end; :: deftheorem defines len MODELC_3:def_25_:_ for H being LTL-formula for W being Subset of (Subformulae H) for L being FinSequence holds len (L,W) = Sum ((Partial_seq (L,W)),(len L)); Lm25: for n being Nat for R1, R2 being Real_Sequence st ( for i being Nat st i <= n holds R1 . i = R2 . i ) holds Sum (R1,n) = Sum (R2,n) proof let n be Nat; ::_thesis: for R1, R2 being Real_Sequence st ( for i being Nat st i <= n holds R1 . i = R2 . i ) holds Sum (R1,n) = Sum (R2,n) let R1, R2 be Real_Sequence; ::_thesis: ( ( for i being Nat st i <= n holds R1 . i = R2 . i ) implies Sum (R1,n) = Sum (R2,n) ) A1: CastNat n = n by MODELC_2:def_1; defpred S1[ Nat] means ( ( for i being Nat st i <= $1 holds R1 . i = R2 . i ) implies Sum (R1,(CastNat $1)) = Sum (R2,(CastNat $1)) ); A2: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A3: S1[k] ; ::_thesis: S1[k + 1] S1[k + 1] proof set m = k + 1; assume A4: for i being Nat st i <= k + 1 holds R1 . i = R2 . i ; ::_thesis: Sum (R1,(CastNat (k + 1))) = Sum (R2,(CastNat (k + 1))) then A5: ( CastNat k = k & R1 . (k + 1) = R2 . (k + 1) ) by MODELC_2:def_1; A6: for i being Nat st i <= k holds R1 . i = R2 . i proof A7: k <= k + 1 by NAT_1:11; let i be Nat; ::_thesis: ( i <= k implies R1 . i = R2 . i ) assume i <= k ; ::_thesis: R1 . i = R2 . i hence R1 . i = R2 . i by A4, A7, XXREAL_0:2; ::_thesis: verum end; reconsider k = k as Element of NAT by ORDINAL1:def_12; Sum (R1,(CastNat (k + 1))) = Sum (R1,(k + 1)) by MODELC_2:def_1 .= (Sum (R2,k)) + (R2 . (k + 1)) by A3, A6, A5, SERIES_1:def_1 .= Sum (R2,(k + 1)) by SERIES_1:def_1 ; hence Sum (R1,(CastNat (k + 1))) = Sum (R2,(CastNat (k + 1))) by MODELC_2:def_1; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A8: S1[ 0 ] proof assume A9: for i being Nat st i <= 0 holds R1 . i = R2 . i ; ::_thesis: Sum (R1,(CastNat 0)) = Sum (R2,(CastNat 0)) Sum (R1,(CastNat 0)) = Sum (R1,0) by MODELC_2:def_1 .= R1 . 0 by SERIES_1:def_1 .= R2 . 0 by A9 .= Sum (R2,0) by SERIES_1:def_1 ; hence Sum (R1,(CastNat 0)) = Sum (R2,(CastNat 0)) by MODELC_2:def_1; ::_thesis: verum end; for k being Nat holds S1[k] from NAT_1:sch_2(A8, A2); hence ( ( for i being Nat st i <= n holds R1 . i = R2 . i ) implies Sum (R1,n) = Sum (R2,n) ) by A1; ::_thesis: verum end; Lm26: for n, j being Nat for R1, R2 being Real_Sequence st ( for i being Nat st i <= n & not i = j holds R1 . i = R2 . i ) & j <= n holds (Sum (R1,n)) - (R1 . j) = (Sum (R2,n)) - (R2 . j) proof let n, j be Nat; ::_thesis: for R1, R2 being Real_Sequence st ( for i being Nat st i <= n & not i = j holds R1 . i = R2 . i ) & j <= n holds (Sum (R1,n)) - (R1 . j) = (Sum (R2,n)) - (R2 . j) let R1, R2 be Real_Sequence; ::_thesis: ( ( for i being Nat st i <= n & not i = j holds R1 . i = R2 . i ) & j <= n implies (Sum (R1,n)) - (R1 . j) = (Sum (R2,n)) - (R2 . j) ) A1: CastNat n = n by MODELC_2:def_1; defpred S1[ Nat] means ( ( for i being Nat st i <= $1 & not i = j holds R1 . i = R2 . i ) & j <= $1 implies (Sum (R1,(CastNat $1))) - (R1 . j) = (Sum (R2,(CastNat $1))) - (R2 . j) ); A2: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A3: S1[k] ; ::_thesis: S1[k + 1] S1[k + 1] proof A4: CastNat k = k by MODELC_2:def_1; set m = k + 1; assume that A5: for i being Nat st i <= k + 1 & not i = j holds R1 . i = R2 . i and A6: j <= k + 1 ; ::_thesis: (Sum (R1,(CastNat (k + 1)))) - (R1 . j) = (Sum (R2,(CastNat (k + 1)))) - (R2 . j) reconsider k = k as Element of NAT by ORDINAL1:def_12; now__::_thesis:_(Sum_(R1,(CastNat_(k_+_1))))_-_(R1_._j)_=_(Sum_(R2,(CastNat_(k_+_1))))_-_(R2_._j) percases ( j <= k or j = k + 1 ) by A6, NAT_1:8; supposeA7: j <= k ; ::_thesis: (Sum (R1,(CastNat (k + 1)))) - (R1 . j) = (Sum (R2,(CastNat (k + 1)))) - (R2 . j) then A8: j < k + 1 by NAT_1:13; (Sum (R1,(CastNat (k + 1)))) - (R1 . j) = (Sum (R1,(k + 1))) - (R1 . j) by MODELC_2:def_1 .= ((Sum (R1,k)) + (R1 . (k + 1))) - (R1 . j) by SERIES_1:def_1 .= ((Sum (R1,k)) - (R1 . j)) + (R1 . (k + 1)) .= ((Sum (R2,k)) - (R2 . j)) + (R2 . (k + 1)) by A3, A5, A4, A7, A8, NAT_1:12 .= ((Sum (R2,k)) + (R2 . (k + 1))) - (R2 . j) .= (Sum (R2,(k + 1))) - (R2 . j) by SERIES_1:def_1 ; hence (Sum (R1,(CastNat (k + 1)))) - (R1 . j) = (Sum (R2,(CastNat (k + 1)))) - (R2 . j) by MODELC_2:def_1; ::_thesis: verum end; supposeA9: j = k + 1 ; ::_thesis: (Sum (R1,(CastNat (k + 1)))) - (R1 . j) = (Sum (R2,(CastNat (k + 1)))) - (R2 . j) A10: for i being Nat st i <= k holds R1 . i = R2 . i proof let i be Nat; ::_thesis: ( i <= k implies R1 . i = R2 . i ) assume A11: i <= k ; ::_thesis: R1 . i = R2 . i i < j by A9, A11, NAT_1:13; hence R1 . i = R2 . i by A5, A11, NAT_1:12; ::_thesis: verum end; (Sum (R1,(CastNat (k + 1)))) - (R1 . j) = (Sum (R1,(k + 1))) - (R1 . j) by MODELC_2:def_1 .= ((Sum (R1,k)) + (R1 . (k + 1))) - (R1 . j) by SERIES_1:def_1 .= ((Sum (R2,k)) + (R2 . (k + 1))) - (R2 . j) by A9, A10, Lm25 .= (Sum (R2,(k + 1))) - (R2 . j) by SERIES_1:def_1 ; hence (Sum (R1,(CastNat (k + 1)))) - (R1 . j) = (Sum (R2,(CastNat (k + 1)))) - (R2 . j) by MODELC_2:def_1; ::_thesis: verum end; end; end; hence (Sum (R1,(CastNat (k + 1)))) - (R1 . j) = (Sum (R2,(CastNat (k + 1)))) - (R2 . j) ; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A12: S1[ 0 ] proof A13: Sum (R2,(CastNat 0)) = Sum (R2,0) by MODELC_2:def_1 .= R2 . 0 by SERIES_1:def_1 ; assume that for i being Nat st i <= 0 & not i = j holds R1 . i = R2 . i and A14: j <= 0 ; ::_thesis: (Sum (R1,(CastNat 0))) - (R1 . j) = (Sum (R2,(CastNat 0))) - (R2 . j) A15: Sum (R1,(CastNat 0)) = Sum (R1,0) by MODELC_2:def_1 .= R1 . 0 by SERIES_1:def_1 ; j = 0 by A14; hence (Sum (R1,(CastNat 0))) - (R1 . j) = (Sum (R2,(CastNat 0))) - (R2 . j) by A15, A13; ::_thesis: verum end; for k being Nat holds S1[k] from NAT_1:sch_2(A12, A2); hence ( ( for i being Nat st i <= n & not i = j holds R1 . i = R2 . i ) & j <= n implies (Sum (R1,n)) - (R1 . j) = (Sum (R2,n)) - (R2 . j) ) by A1; ::_thesis: verum end; theorem Th4: :: MODELC_3:4 for L being FinSequence for H being LTL-formula holds len (L,({} H)) = 0 proof let L be FinSequence; ::_thesis: for H being LTL-formula holds len (L,({} H)) = 0 let H be LTL-formula; ::_thesis: len (L,({} H)) = 0 set s = Partial_seq (L,({} H)); A1: for n being Element of NAT holds (Partial_seq (L,({} H))) . n = (0 * n) + 0 by Def24; for n being Nat holds (Partial_Sums (Partial_seq (L,({} H)))) . n = 0 proof let n be Nat; ::_thesis: (Partial_Sums (Partial_seq (L,({} H)))) . n = 0 reconsider n = n as Element of NAT by ORDINAL1:def_12; A2: (Partial_seq (L,({} H))) . 0 = 0 by Def24; (Partial_Sums (Partial_seq (L,({} H)))) . n = ((n + 1) * (((Partial_seq (L,({} H))) . 0) + ((Partial_seq (L,({} H))) . n))) / 2 by A1, SERIES_2:42 .= ((n + 1) * (0 + 0)) / 2 by A2, Def24 ; hence (Partial_Sums (Partial_seq (L,({} H)))) . n = 0 ; ::_thesis: verum end; hence len (L,({} H)) = 0 ; ::_thesis: verum end; theorem Th5: :: MODELC_3:5 for L being FinSequence for H, F being LTL-formula for W being Subset of (Subformulae H) st not F in W holds len (L,(W \ {F})) = len (L,W) proof let L be FinSequence; ::_thesis: for H, F being LTL-formula for W being Subset of (Subformulae H) st not F in W holds len (L,(W \ {F})) = len (L,W) let H, F be LTL-formula; ::_thesis: for W being Subset of (Subformulae H) st not F in W holds len (L,(W \ {F})) = len (L,W) let W be Subset of (Subformulae H); ::_thesis: ( not F in W implies len (L,(W \ {F})) = len (L,W) ) assume A1: not F in W ; ::_thesis: len (L,(W \ {F})) = len (L,W) A2: for x being set st x in W holds x in W \ {F} proof let x be set ; ::_thesis: ( x in W implies x in W \ {F} ) assume A3: x in W ; ::_thesis: x in W \ {F} then not x in {F} by A1, TARSKI:def_1; hence x in W \ {F} by A3, XBOOLE_0:def_5; ::_thesis: verum end; for x being set st x in W \ {F} holds x in W by XBOOLE_0:def_5; hence len (L,(W \ {F})) = len (L,W) by A2, TARSKI:1; ::_thesis: verum end; theorem Th6: :: MODELC_3:6 for L being FinSequence for H, F being LTL-formula for W being Subset of (Subformulae H) st rng L = Subformulae H & L is one-to-one & F in W holds len (L,(W \ {F})) = (len (L,W)) - (len F) proof let L be FinSequence; ::_thesis: for H, F being LTL-formula for W being Subset of (Subformulae H) st rng L = Subformulae H & L is one-to-one & F in W holds len (L,(W \ {F})) = (len (L,W)) - (len F) let H, F be LTL-formula; ::_thesis: for W being Subset of (Subformulae H) st rng L = Subformulae H & L is one-to-one & F in W holds len (L,(W \ {F})) = (len (L,W)) - (len F) let W be Subset of (Subformulae H); ::_thesis: ( rng L = Subformulae H & L is one-to-one & F in W implies len (L,(W \ {F})) = (len (L,W)) - (len F) ) assume that A1: rng L = Subformulae H and A2: L is one-to-one and A3: F in W ; ::_thesis: len (L,(W \ {F})) = (len (L,W)) - (len F) consider x being set such that A4: x in dom L and A5: L . x = F by A1, A3, FUNCT_1:def_3; set R2 = Partial_seq (L,(W \ {F})); set R1 = Partial_seq (L,W); set n = len L; A6: F in LTL_WFF by MODELC_2:1; x in Seg (len L) by A4, FINSEQ_1:def_3; then x in { k where k is Element of NAT : ( 1 <= k & k <= len L ) } by FINSEQ_1:def_1; then consider k being Element of NAT such that A7: x = k and 1 <= k and A8: k <= len L ; reconsider k = k as Nat ; L . k in {F} by A5, A7, TARSKI:def_1; then not L . k in W \ {F} by XBOOLE_0:def_5; then A9: (Partial_seq (L,(W \ {F}))) . k = 0 by Def24; for i being Nat st i <= len L & not i = k holds (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i proof let i be Nat; ::_thesis: ( i <= len L & not i = k implies (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i ) assume that i <= len L and A10: not i = k ; ::_thesis: (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i now__::_thesis:_(Partial_seq_(L,W))_._i_=_(Partial_seq_(L,(W_\_{F})))_._i percases ( not i in dom L or i in dom L ) ; suppose not i in dom L ; ::_thesis: (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i then A11: L . i = {} by FUNCT_1:def_2; then A12: not L . i in W by Lm24; not L . i in W \ {F} by A11, Lm24; then (Partial_seq (L,(W \ {F}))) . i = 0 by Def24 .= (Partial_seq (L,W)) . i by A12, Def24 ; hence (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i ; ::_thesis: verum end; suppose i in dom L ; ::_thesis: (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i then not L . i = F by A2, A4, A5, A7, A10, FUNCT_1:def_4; then A13: not L . i in {F} by TARSKI:def_1; now__::_thesis:_(Partial_seq_(L,W))_._i_=_(Partial_seq_(L,(W_\_{F})))_._i percases ( L . i in W or not L . i in W ) ; supposeA14: L . i in W ; ::_thesis: (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i then L . i in W \ {F} by A13, XBOOLE_0:def_5; then (Partial_seq (L,(W \ {F}))) . i = len (CastLTL (L . i)) by Def24 .= (Partial_seq (L,W)) . i by A14, Def24 ; hence (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i ; ::_thesis: verum end; supposeA15: not L . i in W ; ::_thesis: (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i then not L . i in W \ {F} by XBOOLE_0:def_5; then (Partial_seq (L,(W \ {F}))) . i = 0 by Def24 .= (Partial_seq (L,W)) . i by A15, Def24 ; hence (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i ; ::_thesis: verum end; end; end; hence (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i ; ::_thesis: verum end; end; end; hence (Partial_seq (L,W)) . i = (Partial_seq (L,(W \ {F}))) . i ; ::_thesis: verum end; then A16: (Sum ((Partial_seq (L,W)),(len L))) - ((Partial_seq (L,W)) . k) = (Sum ((Partial_seq (L,(W \ {F}))),(len L))) - ((Partial_seq (L,(W \ {F}))) . k) by A8, Lm26; (Partial_seq (L,W)) . k = len (CastLTL (L . k)) by A3, A5, A7, Def24 .= len F by A5, A7, A6, MODELC_2:def_25 ; hence len (L,(W \ {F})) = (len (L,W)) - (len F) by A9, A16; ::_thesis: verum end; theorem Th7: :: MODELC_3:7 for L being FinSequence for H, F being LTL-formula for W, W1 being Subset of (Subformulae H) st rng L = Subformulae H & L is one-to-one & not F in W & W1 = W \/ {F} holds len (L,W1) = (len (L,W)) + (len F) proof let L be FinSequence; ::_thesis: for H, F being LTL-formula for W, W1 being Subset of (Subformulae H) st rng L = Subformulae H & L is one-to-one & not F in W & W1 = W \/ {F} holds len (L,W1) = (len (L,W)) + (len F) let H, F be LTL-formula; ::_thesis: for W, W1 being Subset of (Subformulae H) st rng L = Subformulae H & L is one-to-one & not F in W & W1 = W \/ {F} holds len (L,W1) = (len (L,W)) + (len F) let W, W1 be Subset of (Subformulae H); ::_thesis: ( rng L = Subformulae H & L is one-to-one & not F in W & W1 = W \/ {F} implies len (L,W1) = (len (L,W)) + (len F) ) assume that A1: ( rng L = Subformulae H & L is one-to-one ) and A2: not F in W and A3: W1 = W \/ {F} ; ::_thesis: len (L,W1) = (len (L,W)) + (len F) A4: for x being set st x in W1 \ {F} holds x in W proof let x be set ; ::_thesis: ( x in W1 \ {F} implies x in W ) assume x in W1 \ {F} ; ::_thesis: x in W then ( x in W1 & not x in {F} ) by XBOOLE_0:def_5; hence x in W by A3, XBOOLE_0:def_3; ::_thesis: verum end; for x being set st x in W holds x in W1 \ {F} proof let x be set ; ::_thesis: ( x in W implies x in W1 \ {F} ) assume x in W ; ::_thesis: x in W1 \ {F} then ( not x in {F} & x in W1 ) by A2, A3, TARSKI:def_1, XBOOLE_0:def_3; hence x in W1 \ {F} by XBOOLE_0:def_5; ::_thesis: verum end; then A5: W1 \ {F} = W by A4, TARSKI:1; F in {F} by TARSKI:def_1; then F in W1 by A3, XBOOLE_0:def_3; then len (L,W) = (len (L,W1)) - (len F) by A1, A5, Th6; hence len (L,W1) = (len (L,W)) + (len F) ; ::_thesis: verum end; theorem Th8: :: MODELC_3:8 for L1, L2 being FinSequence for H being LTL-formula for W being Subset of (Subformulae H) st rng L1 = Subformulae H & L1 is one-to-one & rng L2 = Subformulae H & L2 is one-to-one holds len (L1,W) = len (L2,W) proof let L1, L2 be FinSequence; ::_thesis: for H being LTL-formula for W being Subset of (Subformulae H) st rng L1 = Subformulae H & L1 is one-to-one & rng L2 = Subformulae H & L2 is one-to-one holds len (L1,W) = len (L2,W) let H be LTL-formula; ::_thesis: for W being Subset of (Subformulae H) st rng L1 = Subformulae H & L1 is one-to-one & rng L2 = Subformulae H & L2 is one-to-one holds len (L1,W) = len (L2,W) let W be Subset of (Subformulae H); ::_thesis: ( rng L1 = Subformulae H & L1 is one-to-one & rng L2 = Subformulae H & L2 is one-to-one implies len (L1,W) = len (L2,W) ) defpred S1[ Nat] means for W1 being Subset of (Subformulae H) st card W1 <= $1 & rng L1 = Subformulae H & L1 is one-to-one & rng L2 = Subformulae H & L2 is one-to-one holds len (L1,W1) = len (L2,W1); set k = card W; A1: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A2: S1[k] ; ::_thesis: S1[k + 1] S1[k + 1] proof let W1 be Subset of (Subformulae H); ::_thesis: ( card W1 <= k + 1 & rng L1 = Subformulae H & L1 is one-to-one & rng L2 = Subformulae H & L2 is one-to-one implies len (L1,W1) = len (L2,W1) ) assume A3: card W1 <= k + 1 ; ::_thesis: ( not rng L1 = Subformulae H or not L1 is one-to-one or not rng L2 = Subformulae H or not L2 is one-to-one or len (L1,W1) = len (L2,W1) ) ( rng L1 = Subformulae H & L1 is one-to-one & rng L2 = Subformulae H & L2 is one-to-one implies len (L1,W1) = len (L2,W1) ) proof assume that A4: ( rng L1 = Subformulae H & L1 is one-to-one ) and A5: ( rng L2 = Subformulae H & L2 is one-to-one ) ; ::_thesis: len (L1,W1) = len (L2,W1) now__::_thesis:_len_(L1,W1)_=_len_(L2,W1) percases ( card W1 <= k or card W1 = k + 1 ) by A3, NAT_1:8; suppose card W1 <= k ; ::_thesis: len (L1,W1) = len (L2,W1) hence len (L1,W1) = len (L2,W1) by A2, A4, A5; ::_thesis: verum end; supposeA6: card W1 = k + 1 ; ::_thesis: len (L1,W1) = len (L2,W1) then W1 <> {} ; then consider F being set such that A7: F in W1 by XBOOLE_0:def_1; F in Subformulae H by A7; then reconsider F = F as LTL-formula by MODELC_2:1; {F} c= W1 by A7, ZFMISC_1:31; then A8: card (W1 \ {F}) = (card W1) - (card {F}) by CARD_2:44 .= (card W1) - 1 by CARD_1:30 .= k by A6 ; A9: len (L1,W1) = ((len (L1,W1)) - (len F)) + (len F) .= (len (L1,(W1 \ {F}))) + (len F) by A4, A7, Th6 ; len (L2,W1) = ((len (L2,W1)) - (len F)) + (len F) .= (len (L2,(W1 \ {F}))) + (len F) by A5, A7, Th6 .= (len (L1,(W1 \ {F}))) + (len F) by A2, A4, A5, A8 ; hence len (L1,W1) = len (L2,W1) by A9; ::_thesis: verum end; end; end; hence len (L1,W1) = len (L2,W1) ; ::_thesis: verum end; hence ( not rng L1 = Subformulae H or not L1 is one-to-one or not rng L2 = Subformulae H or not L2 is one-to-one or len (L1,W1) = len (L2,W1) ) ; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A10: S1[ 0 ] proof let W1 be Subset of (Subformulae H); ::_thesis: ( card W1 <= 0 & rng L1 = Subformulae H & L1 is one-to-one & rng L2 = Subformulae H & L2 is one-to-one implies len (L1,W1) = len (L2,W1) ) assume card W1 <= 0 ; ::_thesis: ( not rng L1 = Subformulae H or not L1 is one-to-one or not rng L2 = Subformulae H or not L2 is one-to-one or len (L1,W1) = len (L2,W1) ) then A11: W1 = {} H ; then len (L1,W1) = 0 by Th4; hence ( not rng L1 = Subformulae H or not L1 is one-to-one or not rng L2 = Subformulae H or not L2 is one-to-one or len (L1,W1) = len (L2,W1) ) by A11, Th4; ::_thesis: verum end; for k being Nat holds S1[k] from NAT_1:sch_2(A10, A1); then S1[ card W] ; hence ( rng L1 = Subformulae H & L1 is one-to-one & rng L2 = Subformulae H & L2 is one-to-one implies len (L1,W) = len (L2,W) ) ; ::_thesis: verum end; definition let H be LTL-formula; let W be Subset of (Subformulae H); func len W -> Real means :Def26: :: MODELC_3:def 26 ex L being FinSequence st ( rng L = Subformulae H & L is one-to-one & it = len (L,W) ); existence ex b1 being Real ex L being FinSequence st ( rng L = Subformulae H & L is one-to-one & b1 = len (L,W) ) proof consider L being FinSequence such that A1: ( rng L = Subformulae H & L is one-to-one ) by FINSEQ_4:58; set IT = len (L,W); take len (L,W) ; ::_thesis: ex L being FinSequence st ( rng L = Subformulae H & L is one-to-one & len (L,W) = len (L,W) ) thus ex L being FinSequence st ( rng L = Subformulae H & L is one-to-one & len (L,W) = len (L,W) ) by A1; ::_thesis: verum end; uniqueness for b1, b2 being Real st ex L being FinSequence st ( rng L = Subformulae H & L is one-to-one & b1 = len (L,W) ) & ex L being FinSequence st ( rng L = Subformulae H & L is one-to-one & b2 = len (L,W) ) holds b1 = b2 by Th8; end; :: deftheorem Def26 defines len MODELC_3:def_26_:_ for H being LTL-formula for W being Subset of (Subformulae H) for b3 being Real holds ( b3 = len W iff ex L being FinSequence st ( rng L = Subformulae H & L is one-to-one & b3 = len (L,W) ) ); theorem :: MODELC_3:9 for H, F being LTL-formula for W being Subset of (Subformulae H) st not F in W holds len (W \ {F}) = len W proof let H, F be LTL-formula; ::_thesis: for W being Subset of (Subformulae H) st not F in W holds len (W \ {F}) = len W let W be Subset of (Subformulae H); ::_thesis: ( not F in W implies len (W \ {F}) = len W ) assume A1: not F in W ; ::_thesis: len (W \ {F}) = len W consider L being FinSequence such that A2: ( rng L = Subformulae H & L is one-to-one ) by FINSEQ_4:58; len (W \ {F}) = len (L,(W \ {F})) by A2, Def26 .= len (L,W) by A1, Th5 ; hence len (W \ {F}) = len W by A2, Def26; ::_thesis: verum end; theorem Th10: :: MODELC_3:10 for H, F being LTL-formula for W being Subset of (Subformulae H) st F in W holds len (W \ {F}) = (len W) - (len F) proof let H, F be LTL-formula; ::_thesis: for W being Subset of (Subformulae H) st F in W holds len (W \ {F}) = (len W) - (len F) let W be Subset of (Subformulae H); ::_thesis: ( F in W implies len (W \ {F}) = (len W) - (len F) ) assume A1: F in W ; ::_thesis: len (W \ {F}) = (len W) - (len F) consider L being FinSequence such that A2: ( rng L = Subformulae H & L is one-to-one ) by FINSEQ_4:58; len (W \ {F}) = len (L,(W \ {F})) by A2, Def26 .= (len (L,W)) - (len F) by A1, A2, Th6 ; hence len (W \ {F}) = (len W) - (len F) by A2, Def26; ::_thesis: verum end; theorem Th11: :: MODELC_3:11 for H, F being LTL-formula for W, W1 being Subset of (Subformulae H) st not F in W & W1 = W \/ {F} holds len W1 = (len W) + (len F) proof let H, F be LTL-formula; ::_thesis: for W, W1 being Subset of (Subformulae H) st not F in W & W1 = W \/ {F} holds len W1 = (len W) + (len F) let W, W1 be Subset of (Subformulae H); ::_thesis: ( not F in W & W1 = W \/ {F} implies len W1 = (len W) + (len F) ) assume A1: ( not F in W & W1 = W \/ {F} ) ; ::_thesis: len W1 = (len W) + (len F) consider L being FinSequence such that A2: ( rng L = Subformulae H & L is one-to-one ) by FINSEQ_4:58; len W1 = len (L,W1) by A2, Def26 .= (len (L,W)) + (len F) by A1, A2, Th7 ; hence len W1 = (len W) + (len F) by A2, Def26; ::_thesis: verum end; theorem Th12: :: MODELC_3:12 for H, F being LTL-formula for W1, W being Subset of (Subformulae H) st W1 = W \/ {F} holds len W1 <= (len W) + (len F) proof let H, F be LTL-formula; ::_thesis: for W1, W being Subset of (Subformulae H) st W1 = W \/ {F} holds len W1 <= (len W) + (len F) let W1, W be Subset of (Subformulae H); ::_thesis: ( W1 = W \/ {F} implies len W1 <= (len W) + (len F) ) assume A1: W1 = W \/ {F} ; ::_thesis: len W1 <= (len W) + (len F) now__::_thesis:_len_W1_<=_(len_W)_+_(len_F) percases ( F in W or not F in W ) ; suppose F in W ; ::_thesis: len W1 <= (len W) + (len F) then {F} c= W by ZFMISC_1:31; then W1 = W by A1, XBOOLE_1:12; hence len W1 <= (len W) + (len F) by XREAL_1:31; ::_thesis: verum end; suppose not F in W ; ::_thesis: len W1 <= (len W) + (len F) hence len W1 <= (len W) + (len F) by A1, Th11; ::_thesis: verum end; end; end; hence len W1 <= (len W) + (len F) ; ::_thesis: verum end; theorem Th13: :: MODELC_3:13 for H being LTL-formula holds len ({} H) = 0 proof let H be LTL-formula; ::_thesis: len ({} H) = 0 consider L being FinSequence such that A1: ( rng L = Subformulae H & L is one-to-one ) by FINSEQ_4:58; len ({} H) = len (L,({} H)) by A1, Def26; hence len ({} H) = 0 by Th4; ::_thesis: verum end; theorem Th14: :: MODELC_3:14 for H, F being LTL-formula for W being Subset of (Subformulae H) st W = {F} holds len W = len F proof let H, F be LTL-formula; ::_thesis: for W being Subset of (Subformulae H) st W = {F} holds len W = len F let W be Subset of (Subformulae H); ::_thesis: ( W = {F} implies len W = len F ) assume A1: W = {F} ; ::_thesis: len W = len F then A2: F in W by TARSKI:def_1; now__::_thesis:_for_x_being_set_holds_not_x_in_W_\_{F} assume ex x being set st x in W \ {F} ; ::_thesis: contradiction then consider x being set such that A3: x in W \ {F} ; x in W by A3, XBOOLE_0:def_5; hence contradiction by A1, A3, XBOOLE_0:def_5; ::_thesis: verum end; then A4: W \ {F} = {} H by XBOOLE_0:def_1; len W = ((len W) - (len F)) + (len F) .= (len (W \ {F})) + (len F) by A2, Th10 .= 0 + (len F) by A4, Th13 ; hence len W = len F ; ::_thesis: verum end; Lm27: for H being LTL-formula for W, W1 being Subset of (Subformulae H) holds ( not W c= W1 or W = W1 or ex x being set st ( x in W1 & W c= W1 \ {x} ) ) proof let H be LTL-formula; ::_thesis: for W, W1 being Subset of (Subformulae H) holds ( not W c= W1 or W = W1 or ex x being set st ( x in W1 & W c= W1 \ {x} ) ) let W, W1 be Subset of (Subformulae H); ::_thesis: ( not W c= W1 or W = W1 or ex x being set st ( x in W1 & W c= W1 \ {x} ) ) assume A1: W c= W1 ; ::_thesis: ( W = W1 or ex x being set st ( x in W1 & W c= W1 \ {x} ) ) ( not W = W1 implies ex x being set st ( x in W1 & W c= W1 \ {x} ) ) proof assume not W = W1 ; ::_thesis: ex x being set st ( x in W1 & W c= W1 \ {x} ) then consider x being set such that A2: ( ( x in W & not x in W1 ) or ( x in W1 & not x in W ) ) by TARSKI:1; take x ; ::_thesis: ( x in W1 & W c= W1 \ {x} ) A3: for y being set st y in W holds y in W \ {x} proof let y be set ; ::_thesis: ( y in W implies y in W \ {x} ) assume A4: y in W ; ::_thesis: y in W \ {x} then not y in {x} by A1, A2, TARSKI:def_1; hence y in W \ {x} by A4, XBOOLE_0:def_5; ::_thesis: verum end; for y being set st y in W \ {x} holds y in W by XBOOLE_0:def_5; then W \ {x} = W by A3, TARSKI:1; hence ( x in W1 & W c= W1 \ {x} ) by A1, A2, XBOOLE_1:33; ::_thesis: verum end; hence ( W = W1 or ex x being set st ( x in W1 & W c= W1 \ {x} ) ) ; ::_thesis: verum end; theorem Th15: :: MODELC_3:15 for H being LTL-formula for W, W1 being Subset of (Subformulae H) st W c= W1 holds len W <= len W1 proof let H be LTL-formula; ::_thesis: for W, W1 being Subset of (Subformulae H) st W c= W1 holds len W <= len W1 let W, W1 be Subset of (Subformulae H); ::_thesis: ( W c= W1 implies len W <= len W1 ) defpred S1[ Nat] means for W1 being Subset of (Subformulae H) st card W1 <= $1 & W c= W1 holds len W <= len W1; set k = card W1; A1: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A2: S1[k] ; ::_thesis: S1[k + 1] S1[k + 1] proof let W1 be Subset of (Subformulae H); ::_thesis: ( card W1 <= k + 1 & W c= W1 implies len W <= len W1 ) assume A3: card W1 <= k + 1 ; ::_thesis: ( not W c= W1 or len W <= len W1 ) ( W c= W1 implies len W <= len W1 ) proof assume A4: W c= W1 ; ::_thesis: len W <= len W1 now__::_thesis:_len_W_<=_len_W1 percases ( W = W1 or ex x being set st ( x in W1 & W c= W1 \ {x} ) ) by A4, Lm27; suppose W = W1 ; ::_thesis: len W <= len W1 hence len W <= len W1 ; ::_thesis: verum end; suppose ex x being set st ( x in W1 & W c= W1 \ {x} ) ; ::_thesis: len W <= len W1 then consider x being set such that A5: x in W1 and A6: W c= W1 \ {x} ; x in Subformulae H by A5; then reconsider x = x as LTL-formula by MODELC_2:1; set X = {x}; {x} c= W1 by A5, ZFMISC_1:31; then card (W1 \ {x}) = (card W1) - (card {x}) by CARD_2:44 .= (card W1) - 1 by CARD_1:30 ; then (card (W1 \ {x})) + 1 <= k + 1 by A3; then card (W1 \ {x}) <= k by XREAL_1:6; then len W <= len (W1 \ {x}) by A2, A6; then A7: len W <= (len W1) - (len x) by A5, Th10; (len W1) - (len x) <= len W1 by XREAL_1:43; hence len W <= len W1 by A7, XXREAL_0:2; ::_thesis: verum end; end; end; hence len W <= len W1 ; ::_thesis: verum end; hence ( not W c= W1 or len W <= len W1 ) ; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A8: S1[ 0 ] proof let W1 be Subset of (Subformulae H); ::_thesis: ( card W1 <= 0 & W c= W1 implies len W <= len W1 ) assume card W1 <= 0 ; ::_thesis: ( not W c= W1 or len W <= len W1 ) then W1 = {} H ; hence ( not W c= W1 or len W <= len W1 ) ; ::_thesis: verum end; for k being Nat holds S1[k] from NAT_1:sch_2(A8, A1); then S1[ card W1] ; hence ( W c= W1 implies len W <= len W1 ) ; ::_thesis: verum end; theorem Th16: :: MODELC_3:16 for H being LTL-formula for W being Subset of (Subformulae H) st len W < 1 holds W = {} H proof let H be LTL-formula; ::_thesis: for W being Subset of (Subformulae H) st len W < 1 holds W = {} H let W be Subset of (Subformulae H); ::_thesis: ( len W < 1 implies W = {} H ) assume A1: len W < 1 ; ::_thesis: W = {} H now__::_thesis:_not_W_<>_{}_H assume W <> {} H ; ::_thesis: contradiction then consider x being set such that A2: x in W by XBOOLE_0:def_1; x in Subformulae H by A2; then reconsider x = x as LTL-formula by MODELC_2:1; set X = {x}; A3: {x} c= W by A2, ZFMISC_1:31; x is_subformula_of H by A2, MODELC_2:45; then reconsider X = {x} as Subset of (Subformulae H) by Lm9; len X = len x by Th14; then A4: len X >= 1 by MODELC_2:3; len X <= len W by A3, Th15; hence contradiction by A1, A4, XXREAL_0:2; ::_thesis: verum end; hence W = {} H ; ::_thesis: verum end; theorem Th17: :: MODELC_3:17 for H being LTL-formula for W being Subset of (Subformulae H) holds len W >= 0 proof let H be LTL-formula; ::_thesis: for W being Subset of (Subformulae H) holds len W >= 0 let W be Subset of (Subformulae H); ::_thesis: len W >= 0 now__::_thesis:_len_W_>=_0 percases ( W = {} H or W <> {} H ) ; suppose W = {} H ; ::_thesis: len W >= 0 hence len W >= 0 by Th13; ::_thesis: verum end; suppose W <> {} H ; ::_thesis: len W >= 0 hence len W >= 0 by Th16; ::_thesis: verum end; end; end; hence len W >= 0 ; ::_thesis: verum end; theorem Th18: :: MODELC_3:18 for H being LTL-formula for W, W1, W2 being Subset of (Subformulae H) st W = W1 \/ W2 holds len W <= (len W1) + (len W2) proof let H be LTL-formula; ::_thesis: for W, W1, W2 being Subset of (Subformulae H) st W = W1 \/ W2 holds len W <= (len W1) + (len W2) let W, W1, W2 be Subset of (Subformulae H); ::_thesis: ( W = W1 \/ W2 implies len W <= (len W1) + (len W2) ) defpred S1[ Nat] means for W, W1, W2 being Subset of (Subformulae H) st card W1 <= $1 & W = W1 \/ W2 holds len W <= (len W1) + (len W2); set k = card W1; A1: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A2: S1[k] ; ::_thesis: S1[k + 1] S1[k + 1] proof let W, W1, W2 be Subset of (Subformulae H); ::_thesis: ( card W1 <= k + 1 & W = W1 \/ W2 implies len W <= (len W1) + (len W2) ) assume A3: card W1 <= k + 1 ; ::_thesis: ( not W = W1 \/ W2 or len W <= (len W1) + (len W2) ) ( W = W1 \/ W2 implies len W <= (len W1) + (len W2) ) proof assume A4: W = W1 \/ W2 ; ::_thesis: len W <= (len W1) + (len W2) now__::_thesis:_len_W_<=_(len_W1)_+_(len_W2) percases ( card W1 <= k or card W1 = k + 1 ) by A3, NAT_1:8; suppose card W1 <= k ; ::_thesis: len W <= (len W1) + (len W2) hence len W <= (len W1) + (len W2) by A2, A4; ::_thesis: verum end; suppose card W1 = k + 1 ; ::_thesis: len W <= (len W1) + (len W2) then W1 <> {} ; then consider x being set such that A5: x in W1 by XBOOLE_0:def_1; x in Subformulae H by A5; then reconsider x = x as LTL-formula by MODELC_2:1; set X = {x}; set Y = W1 \ {x}; set Z = (W1 \ {x}) \/ W2; A6: {x} c= W1 by A5, ZFMISC_1:31; then card (W1 \ {x}) = (card W1) - (card {x}) by CARD_2:44 .= (card W1) - 1 by CARD_1:30 ; then (card (W1 \ {x})) + 1 = card W1 ; then card (W1 \ {x}) <= k by A3, XREAL_1:6; then ( (W1 \ {x}) \/ W2 = (W1 \ {x}) \/ W2 implies len ((W1 \ {x}) \/ W2) <= (len (W1 \ {x})) + (len W2) ) by A2; then len ((W1 \ {x}) \/ W2) <= ((len W1) - (len x)) + (len W2) by A5, Th10; then len ((W1 \ {x}) \/ W2) <= ((len W1) + (len W2)) - (len x) ; then A7: (len ((W1 \ {x}) \/ W2)) + (len x) <= (len W1) + (len W2) by XREAL_1:19; ((W1 \ {x}) \/ W2) \/ {x} = ((W1 \ {x}) \/ {x}) \/ W2 by XBOOLE_1:4 .= W1 \/ W2 by A6, XBOOLE_1:45 ; then len W <= (len ((W1 \ {x}) \/ W2)) + (len x) by A4, Th12; hence len W <= (len W1) + (len W2) by A7, XXREAL_0:2; ::_thesis: verum end; end; end; hence len W <= (len W1) + (len W2) ; ::_thesis: verum end; hence ( not W = W1 \/ W2 or len W <= (len W1) + (len W2) ) ; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A8: S1[ 0 ] proof let W, W1, W2 be Subset of (Subformulae H); ::_thesis: ( card W1 <= 0 & W = W1 \/ W2 implies len W <= (len W1) + (len W2) ) assume card W1 <= 0 ; ::_thesis: ( not W = W1 \/ W2 or len W <= (len W1) + (len W2) ) then A9: W1 = {} H ; then len W1 = 0 by Th13; hence ( not W = W1 \/ W2 or len W <= (len W1) + (len W2) ) by A9; ::_thesis: verum end; for k being Nat holds S1[k] from NAT_1:sch_2(A8, A1); then S1[ card W1] ; hence ( W = W1 \/ W2 implies len W <= (len W1) + (len W2) ) ; ::_thesis: verum end; definition let v, H be LTL-formula; assume A1: H in Subformulae v ; func LTLNew1 (H,v) -> Subset of (Subformulae v) equals :Def27: :: MODELC_3:def 27 LTLNew1 H; correctness coherence LTLNew1 H is Subset of (Subformulae v); proof ex F being LTL-formula st ( H = F & F is_subformula_of v ) by A1, MODELC_2:def_24; then Subformulae H c= Subformulae v by MODELC_2:46; hence LTLNew1 H is Subset of (Subformulae v) by XBOOLE_1:1; ::_thesis: verum end; func LTLNew2 (H,v) -> Subset of (Subformulae v) equals :Def28: :: MODELC_3:def 28 LTLNew2 H; correctness coherence LTLNew2 H is Subset of (Subformulae v); proof ex F being LTL-formula st ( H = F & F is_subformula_of v ) by A1, MODELC_2:def_24; then Subformulae H c= Subformulae v by MODELC_2:46; hence LTLNew2 H is Subset of (Subformulae v) by XBOOLE_1:1; ::_thesis: verum end; end; :: deftheorem Def27 defines LTLNew1 MODELC_3:def_27_:_ for v, H being LTL-formula st H in Subformulae v holds LTLNew1 (H,v) = LTLNew1 H; :: deftheorem Def28 defines LTLNew2 MODELC_3:def_28_:_ for v, H being LTL-formula st H in Subformulae v holds LTLNew2 (H,v) = LTLNew2 H; Lm28: for H, v being LTL-formula st H in Subformulae v holds len (LTLNew1 (H,v)) <= (len H) - 1 proof let H, v be LTL-formula; ::_thesis: ( H in Subformulae v implies len (LTLNew1 (H,v)) <= (len H) - 1 ) set New = LTLNew1 (H,v); set Left = {(the_left_argument_of H)}; set Right = {(the_right_argument_of H)}; assume A1: H in Subformulae v ; ::_thesis: len (LTLNew1 (H,v)) <= (len H) - 1 then A2: LTLNew1 (H,v) = LTLNew1 H by Def27; ex F being LTL-formula st ( H = F & F is_subformula_of v ) by A1, MODELC_2:def_24; then A3: Subformulae H c= Subformulae v by MODELC_2:46; now__::_thesis:_len_(LTLNew1_(H,v))_<=_(len_H)_-_1 percases ( H is conjunctive or H is disjunctive or H is Until or H is next or H is Release or ( not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) ) ; supposeA4: H is conjunctive ; ::_thesis: len (LTLNew1 (H,v)) <= (len H) - 1 then {(the_right_argument_of H)} is Subset of (Subformulae H) by Lm12; then reconsider Right = {(the_right_argument_of H)} as Subset of (Subformulae v) by A3, XBOOLE_1:1; {(the_left_argument_of H)} is Subset of (Subformulae H) by A4, Lm12; then reconsider Left = {(the_left_argument_of H)} as Subset of (Subformulae v) by A3, XBOOLE_1:1; LTLNew1 (H,v) = {(the_left_argument_of H),(the_right_argument_of H)} by A2, A4, Def1; then LTLNew1 (H,v) = Left \/ Right by ENUMSET1:1; then A5: len (LTLNew1 (H,v)) <= (len Left) + (len Right) by Th18; A6: len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by A4, MODELC_2:11; ( len Left = len (the_left_argument_of H) & len Right = len (the_right_argument_of H) ) by Th14; hence len (LTLNew1 (H,v)) <= (len H) - 1 by A6, A5; ::_thesis: verum end; supposeA7: ( H is disjunctive or H is Until ) ; ::_thesis: len (LTLNew1 (H,v)) <= (len H) - 1 then LTLNew1 (H,v) = {(the_left_argument_of H)} by A2, Def1; then len (LTLNew1 (H,v)) = len (the_left_argument_of H) by Th14; then A8: (len (LTLNew1 (H,v))) + 0 <= (len (the_left_argument_of H)) + (len (the_right_argument_of H)) by XREAL_1:7; len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by A7, MODELC_2:11; hence len (LTLNew1 (H,v)) <= (len H) - 1 by A8; ::_thesis: verum end; supposeA9: H is next ; ::_thesis: len (LTLNew1 (H,v)) <= (len H) - 1 1 <= len H by MODELC_2:3; then A10: 1 - 1 <= (len H) - 1 by XREAL_1:9; LTLNew1 (H,v) = {} v by A2, A9, Def1; hence len (LTLNew1 (H,v)) <= (len H) - 1 by A10, Th13; ::_thesis: verum end; supposeA11: H is Release ; ::_thesis: len (LTLNew1 (H,v)) <= (len H) - 1 then LTLNew1 (H,v) = {(the_right_argument_of H)} by A2, Def1; then len (LTLNew1 (H,v)) = len (the_right_argument_of H) by Th14; then A12: (len (LTLNew1 (H,v))) + 0 <= (len (the_left_argument_of H)) + (len (the_right_argument_of H)) by XREAL_1:7; len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by A11, MODELC_2:11; hence len (LTLNew1 (H,v)) <= (len H) - 1 by A12; ::_thesis: verum end; supposeA13: ( not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) ; ::_thesis: len (LTLNew1 (H,v)) <= (len H) - 1 1 <= len H by MODELC_2:3; then A14: 1 - 1 <= (len H) - 1 by XREAL_1:9; LTLNew1 (H,v) = {} v by A2, A13, Def1; hence len (LTLNew1 (H,v)) <= (len H) - 1 by A14, Th13; ::_thesis: verum end; end; end; hence len (LTLNew1 (H,v)) <= (len H) - 1 ; ::_thesis: verum end; Lm29: for H, v being LTL-formula st H in Subformulae v holds len (LTLNew2 (H,v)) <= (len H) - 1 proof let H, v be LTL-formula; ::_thesis: ( H in Subformulae v implies len (LTLNew2 (H,v)) <= (len H) - 1 ) set New = LTLNew2 (H,v); set Left = {(the_left_argument_of H)}; set Right = {(the_right_argument_of H)}; assume A1: H in Subformulae v ; ::_thesis: len (LTLNew2 (H,v)) <= (len H) - 1 then A2: LTLNew2 (H,v) = LTLNew2 H by Def28; ex F being LTL-formula st ( H = F & F is_subformula_of v ) by A1, MODELC_2:def_24; then A3: Subformulae H c= Subformulae v by MODELC_2:46; now__::_thesis:_len_(LTLNew2_(H,v))_<=_(len_H)_-_1 percases ( H is Release or H is disjunctive or H is Until or H is conjunctive or H is next or ( not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) ) ; supposeA4: H is Release ; ::_thesis: len (LTLNew2 (H,v)) <= (len H) - 1 then {(the_right_argument_of H)} is Subset of (Subformulae H) by Lm12; then reconsider Right = {(the_right_argument_of H)} as Subset of (Subformulae v) by A3, XBOOLE_1:1; {(the_left_argument_of H)} is Subset of (Subformulae H) by A4, Lm12; then reconsider Left = {(the_left_argument_of H)} as Subset of (Subformulae v) by A3, XBOOLE_1:1; LTLNew2 (H,v) = {(the_left_argument_of H),(the_right_argument_of H)} by A2, A4, Def2; then LTLNew2 (H,v) = Left \/ Right by ENUMSET1:1; then A5: len (LTLNew2 (H,v)) <= (len Left) + (len Right) by Th18; A6: len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by A4, MODELC_2:11; ( len Left = len (the_left_argument_of H) & len Right = len (the_right_argument_of H) ) by Th14; hence len (LTLNew2 (H,v)) <= (len H) - 1 by A6, A5; ::_thesis: verum end; supposeA7: ( H is disjunctive or H is Until ) ; ::_thesis: len (LTLNew2 (H,v)) <= (len H) - 1 then LTLNew2 (H,v) = {(the_right_argument_of H)} by A2, Def2; then len (LTLNew2 (H,v)) = len (the_right_argument_of H) by Th14; then A8: (len (LTLNew2 (H,v))) + 0 <= (len (the_left_argument_of H)) + (len (the_right_argument_of H)) by XREAL_1:7; len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by A7, MODELC_2:11; hence len (LTLNew2 (H,v)) <= (len H) - 1 by A8; ::_thesis: verum end; supposeA9: ( H is conjunctive or H is next ) ; ::_thesis: len (LTLNew2 (H,v)) <= (len H) - 1 1 <= len H by MODELC_2:3; then A10: 1 - 1 <= (len H) - 1 by XREAL_1:9; LTLNew2 (H,v) = {} v by A2, A9, Def2; hence len (LTLNew2 (H,v)) <= (len H) - 1 by A10, Th13; ::_thesis: verum end; supposeA11: ( not H is conjunctive & not H is disjunctive & not H is next & not H is Until & not H is Release ) ; ::_thesis: len (LTLNew2 (H,v)) <= (len H) - 1 1 <= len H by MODELC_2:3; then A12: 1 - 1 <= (len H) - 1 by XREAL_1:9; LTLNew2 (H,v) = {} v by A2, A11, Def2; hence len (LTLNew2 (H,v)) <= (len H) - 1 by A12, Th13; ::_thesis: verum end; end; end; hence len (LTLNew2 (H,v)) <= (len H) - 1 ; ::_thesis: verum end; theorem Th19: :: MODELC_3:19 for v being LTL-formula for N2, N1 being strict LTLnode over v st N2 is_succ1_of N1 holds len the LTLnew of N2 <= (len the LTLnew of N1) - 1 proof let v be LTL-formula; ::_thesis: for N2, N1 being strict LTLnode over v st N2 is_succ1_of N1 holds len the LTLnew of N2 <= (len the LTLnew of N1) - 1 let N2, N1 be strict LTLnode over v; ::_thesis: ( N2 is_succ1_of N1 implies len the LTLnew of N2 <= (len the LTLnew of N1) - 1 ) set NN1 = the LTLnew of N1; set NN2 = the LTLnew of N2; assume N2 is_succ1_of N1 ; ::_thesis: len the LTLnew of N2 <= (len the LTLnew of N1) - 1 then consider H being LTL-formula such that A1: H in the LTLnew of N1 and A2: N2 = SuccNode1 (H,N1) by Def7; set M1 = the LTLnew of N1 \ {H}; set New1 = LTLNew1 (H,v); set M2 = (LTLNew1 (H,v)) \ the LTLold of N1; reconsider M1 = the LTLnew of N1 \ {H} as Subset of (Subformulae v) ; reconsider M2 = (LTLNew1 (H,v)) \ the LTLold of N1 as Subset of (Subformulae v) ; LTLNew1 (H,v) = LTLNew1 H by A1, Def27; then the LTLnew of N2 = M1 \/ M2 by A1, A2, Def4; then A3: len the LTLnew of N2 <= (len M1) + (len M2) by Th18; reconsider NN1 = the LTLnew of N1 as Subset of (Subformulae v) ; A4: len M2 <= len (LTLNew1 (H,v)) by Th15, XBOOLE_1:36; len (LTLNew1 (H,v)) <= (len H) - 1 by A1, Lm28; then len M2 <= (len H) - 1 by A4, XXREAL_0:2; then A5: (len M1) + (len M2) <= (len M1) + ((len H) - 1) by XREAL_1:6; len M1 = (len NN1) - (len H) by A1, Th10; hence len the LTLnew of N2 <= (len the LTLnew of N1) - 1 by A5, A3, XXREAL_0:2; ::_thesis: verum end; theorem Th20: :: MODELC_3:20 for v being LTL-formula for N2, N1 being strict LTLnode over v st N2 is_succ2_of N1 holds len the LTLnew of N2 <= (len the LTLnew of N1) - 1 proof let v be LTL-formula; ::_thesis: for N2, N1 being strict LTLnode over v st N2 is_succ2_of N1 holds len the LTLnew of N2 <= (len the LTLnew of N1) - 1 let N2, N1 be strict LTLnode over v; ::_thesis: ( N2 is_succ2_of N1 implies len the LTLnew of N2 <= (len the LTLnew of N1) - 1 ) set NN1 = the LTLnew of N1; set NN2 = the LTLnew of N2; assume N2 is_succ2_of N1 ; ::_thesis: len the LTLnew of N2 <= (len the LTLnew of N1) - 1 then consider H being LTL-formula such that A1: H in the LTLnew of N1 and ( H is disjunctive or H is Until or H is Release ) and A2: N2 = SuccNode2 (H,N1) by Def8; set M1 = the LTLnew of N1 \ {H}; set New2 = LTLNew2 (H,v); set M2 = (LTLNew2 (H,v)) \ the LTLold of N1; reconsider M1 = the LTLnew of N1 \ {H} as Subset of (Subformulae v) ; reconsider M2 = (LTLNew2 (H,v)) \ the LTLold of N1 as Subset of (Subformulae v) ; LTLNew2 (H,v) = LTLNew2 H by A1, Def28; then the LTLnew of N2 = M1 \/ M2 by A1, A2, Def5; then A3: len the LTLnew of N2 <= (len M1) + (len M2) by Th18; reconsider NN1 = the LTLnew of N1 as Subset of (Subformulae v) ; A4: len M2 <= len (LTLNew2 (H,v)) by Th15, XBOOLE_1:36; len (LTLNew2 (H,v)) <= (len H) - 1 by A1, Lm29; then len M2 <= (len H) - 1 by A4, XXREAL_0:2; then A5: (len M1) + (len M2) <= (len M1) + ((len H) - 1) by XREAL_1:6; len M1 = (len NN1) - (len H) by A1, Th10; hence len the LTLnew of N2 <= (len the LTLnew of N1) - 1 by A5, A3, XXREAL_0:2; ::_thesis: verum end; definition let v be LTL-formula; let N be strict LTLnode over v; func len N -> Nat equals :: MODELC_3:def 29 [\(len the LTLnew of N)/]; correctness coherence [\(len the LTLnew of N)/] is Nat; proof len the LTLnew of N >= 0 by Th17; hence [\(len the LTLnew of N)/] is Nat by INT_1:53; ::_thesis: verum end; end; :: deftheorem defines len MODELC_3:def_29_:_ for v being LTL-formula for N being strict LTLnode over v holds len N = [\(len the LTLnew of N)/]; theorem Th21: :: MODELC_3:21 for v being LTL-formula for N2, N1 being strict LTLnode over v st N2 is_succ_of N1 holds len N2 <= (len N1) - 1 proof let v be LTL-formula; ::_thesis: for N2, N1 being strict LTLnode over v st N2 is_succ_of N1 holds len N2 <= (len N1) - 1 let N2, N1 be strict LTLnode over v; ::_thesis: ( N2 is_succ_of N1 implies len N2 <= (len N1) - 1 ) set r1 = len the LTLnew of N1; set r2 = len the LTLnew of N2; assume N2 is_succ_of N1 ; ::_thesis: len N2 <= (len N1) - 1 then ( N2 is_succ1_of N1 or N2 is_succ2_of N1 ) by Def9; then len the LTLnew of N2 <= (len the LTLnew of N1) - 1 by Th19, Th20; hence len N2 <= (len N1) - 1 by Lm5; ::_thesis: verum end; theorem Th22: :: MODELC_3:22 for v being LTL-formula for N being strict LTLnode over v st len N <= 0 holds the LTLnew of N = {} v proof let v be LTL-formula; ::_thesis: for N being strict LTLnode over v st len N <= 0 holds the LTLnew of N = {} v let N be strict LTLnode over v; ::_thesis: ( len N <= 0 implies the LTLnew of N = {} v ) assume A1: len N <= 0 ; ::_thesis: the LTLnew of N = {} v (len the LTLnew of N) - 1 < [\(len the LTLnew of N)/] by INT_1:def_6; then ((len the LTLnew of N) - 1) + 1 < 0 + 1 by A1, XREAL_1:8; hence the LTLnew of N = {} v by Th16; ::_thesis: verum end; theorem Th23: :: MODELC_3:23 for v being LTL-formula for N being strict LTLnode over v st len N > 0 holds the LTLnew of N <> {} v proof let v be LTL-formula; ::_thesis: for N being strict LTLnode over v st len N > 0 holds the LTLnew of N <> {} v let N be strict LTLnode over v; ::_thesis: ( len N > 0 implies the LTLnew of N <> {} v ) assume A1: len N > 0 ; ::_thesis: the LTLnew of N <> {} v now__::_thesis:_not_the_LTLnew_of_N_=_{}_v assume the LTLnew of N = {} v ; ::_thesis: contradiction then len the LTLnew of N = 0 by Th13; hence contradiction by A1, INT_1:25; ::_thesis: verum end; hence the LTLnew of N <> {} v ; ::_thesis: verum end; theorem :: MODELC_3:24 for v being LTL-formula for N being strict LTLnode over v ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) proof let v be LTL-formula; ::_thesis: for N being strict LTLnode over v ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) let N be strict LTLnode over v; ::_thesis: ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) defpred S1[ Nat] means for N being strict LTLnode over v st len N <= $1 holds ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ); A1: for l being Nat st S1[l] holds S1[l + 1] proof let l be Nat; ::_thesis: ( S1[l] implies S1[l + 1] ) assume A2: S1[l] ; ::_thesis: S1[l + 1] S1[l + 1] proof let N be strict LTLnode over v; ::_thesis: ( len N <= l + 1 implies ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) ) ( len N <= l + 1 implies ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) ) proof assume A3: len N <= l + 1 ; ::_thesis: ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) proof set NewN = the LTLnew of N; now__::_thesis:_ex_n_being_Nat_ex_L_being_FinSequence_ex_M_being_strict_LTLnode_over_v_st_ (_1_<=_n_&_len_L_=_n_&_L_._1_=_N_&_L_._n_=_M_&_the_LTLnew_of_M_=_{}_v_&_L_is_Finseq_for_v_) percases ( len N <= l or len N = l + 1 ) by A3, NAT_1:8; suppose len N <= l ; ::_thesis: ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) hence ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) by A2; ::_thesis: verum end; supposeA4: len N = l + 1 ; ::_thesis: ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) then the LTLnew of N <> {} v by Th23; then consider x being set such that A5: x in the LTLnew of N by XBOOLE_0:def_1; x in Subformulae v by A5; then reconsider x = x as LTL-formula by MODELC_2:1; set M1 = SuccNode1 (x,N); SuccNode1 (x,N) is_succ1_of N by A5, Def7; then A6: SuccNode1 (x,N) is_succ_of N by Def9; then len (SuccNode1 (x,N)) <= (len N) - 1 by Th21; then consider n being Nat, L being FinSequence, M being strict LTLnode over v such that A7: 1 <= n and A8: len L = n and A9: L . 1 = SuccNode1 (x,N) and A10: L . n = M and A11: the LTLnew of M = {} v and A12: L is_Finseq_for v by A2, A4; set L1 = <*N*> ^ L; set n1 = n + 1; A13: len (<*N*> ^ L) = (len <*N*>) + (len L) by FINSEQ_1:22 .= n + 1 by A8, FINSEQ_1:39 ; A14: <*N*> ^ L is_Finseq_for v proof let k be Nat; :: according to MODELC_3:def_19 ::_thesis: ( 1 <= k & k < len (<*N*> ^ L) implies ex N, M being strict LTLnode over v st ( N = (<*N*> ^ L) . k & M = (<*N*> ^ L) . (k + 1) & M is_succ_of N ) ) assume that A15: 1 <= k and A16: k < len (<*N*> ^ L) ; ::_thesis: ex N, M being strict LTLnode over v st ( N = (<*N*> ^ L) . k & M = (<*N*> ^ L) . (k + 1) & M is_succ_of N ) A17: k + 1 <= len (<*N*> ^ L) by A16, NAT_1:13; ex N1, N2 being strict LTLnode over v st ( (<*N*> ^ L) . k = N1 & (<*N*> ^ L) . (k + 1) = N2 & N2 is_succ_of N1 ) proof set N2 = (<*N*> ^ L) . (k + 1); set N1 = (<*N*> ^ L) . k; now__::_thesis:_ex_N1,_N2,_N1,_N2_being_strict_LTLnode_over_v_st_ (_(<*N*>_^_L)_._k_=_N1_&_(<*N*>_^_L)_._(k_+_1)_=_N2_&_N2_is_succ_of_N1_) percases ( k <= 1 or 1 < k ) ; suppose k <= 1 ; ::_thesis: ex N1, N2, N1, N2 being strict LTLnode over v st ( (<*N*> ^ L) . k = N1 & (<*N*> ^ L) . (k + 1) = N2 & N2 is_succ_of N1 ) then A18: k = 1 by A15, XXREAL_0:1; then reconsider N1 = (<*N*> ^ L) . k as strict LTLnode over v by FINSEQ_1:41; len <*N*> = 1 by FINSEQ_1:39; then A19: (<*N*> ^ L) . (k + 1) = L . (2 - 1) by A17, A18, FINSEQ_1:24 .= SuccNode1 (x,N) by A9 ; then reconsider N2 = (<*N*> ^ L) . (k + 1) as strict LTLnode over v ; take N1 = N1; ::_thesis: ex N2, N1, N2 being strict LTLnode over v st ( (<*N*> ^ L) . k = N1 & (<*N*> ^ L) . (k + 1) = N2 & N2 is_succ_of N1 ) take N2 = N2; ::_thesis: ex N1, N2 being strict LTLnode over v st ( (<*N*> ^ L) . k = N1 & (<*N*> ^ L) . (k + 1) = N2 & N2 is_succ_of N1 ) thus ex N1, N2 being strict LTLnode over v st ( (<*N*> ^ L) . k = N1 & (<*N*> ^ L) . (k + 1) = N2 & N2 is_succ_of N1 ) by A6, A18, A19, FINSEQ_1:41; ::_thesis: verum end; supposeA20: 1 < k ; ::_thesis: ex N1, N2, N1, N2 being strict LTLnode over v st ( (<*N*> ^ L) . k = N1 & (<*N*> ^ L) . (k + 1) = N2 & N2 is_succ_of N1 ) set km1 = k - 1; reconsider km1 = k - 1 as Nat by A20, NAT_1:20; 1 < km1 + 1 by A20; then A21: 1 <= km1 by NAT_1:13; A22: len <*N*> < k by A20, FINSEQ_1:39; then A23: (<*N*> ^ L) . k = L . (k - (len <*N*>)) by A16, FINSEQ_1:24 .= L . km1 by FINSEQ_1:39 ; k <= k + 1 by NAT_1:11; then len <*N*> < k + 1 by A22, XXREAL_0:2; then A24: (<*N*> ^ L) . (k + 1) = L . ((k + 1) - (len <*N*>)) by A17, FINSEQ_1:24 .= L . ((k + 1) - 1) by FINSEQ_1:39 .= L . (km1 + 1) ; A25: km1 < (n + 1) - 1 by A13, A16, XREAL_1:14; then A26: ex N10, N20 being strict LTLnode over v st ( L . km1 = N10 & L . (km1 + 1) = N20 & N20 is_succ_of N10 ) by A8, A12, A21, Def19; then reconsider N1 = (<*N*> ^ L) . k as strict LTLnode over v by A23; reconsider N2 = (<*N*> ^ L) . (k + 1) as strict LTLnode over v by A24, A26; take N1 = N1; ::_thesis: ex N2, N1, N2 being strict LTLnode over v st ( (<*N*> ^ L) . k = N1 & (<*N*> ^ L) . (k + 1) = N2 & N2 is_succ_of N1 ) take N2 = N2; ::_thesis: ex N1, N2 being strict LTLnode over v st ( (<*N*> ^ L) . k = N1 & (<*N*> ^ L) . (k + 1) = N2 & N2 is_succ_of N1 ) thus ex N1, N2 being strict LTLnode over v st ( (<*N*> ^ L) . k = N1 & (<*N*> ^ L) . (k + 1) = N2 & N2 is_succ_of N1 ) by A8, A12, A21, A25, A23, A24, Def19; ::_thesis: verum end; end; end; hence ex N1, N2 being strict LTLnode over v st ( (<*N*> ^ L) . k = N1 & (<*N*> ^ L) . (k + 1) = N2 & N2 is_succ_of N1 ) ; ::_thesis: verum end; hence ex N, M being strict LTLnode over v st ( N = (<*N*> ^ L) . k & M = (<*N*> ^ L) . (k + 1) & M is_succ_of N ) ; ::_thesis: verum end; A27: len <*N*> = 1 by FINSEQ_1:39; A28: (<*N*> ^ L) . 1 = N by FINSEQ_1:41; 1 < n + 1 by A7, NAT_1:13; then (<*N*> ^ L) . (n + 1) = L . ((n + 1) - 1) by A13, A27, FINSEQ_1:24 .= M by A10 ; hence ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) by A11, A13, A28, A14, NAT_1:11; ::_thesis: verum end; end; end; hence ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) ; ::_thesis: verum end; hence ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) ; ::_thesis: verum end; hence ( len N <= l + 1 implies ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) ) ; ::_thesis: verum end; hence S1[l + 1] ; ::_thesis: verum end; set k = len N; reconsider k = len N as Nat ; A29: S1[ 0 ] proof let N be strict LTLnode over v; ::_thesis: ( len N <= 0 implies ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) ) ( len N <= 0 implies ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) ) proof set n = 1; set M = N; assume A30: len N <= 0 ; ::_thesis: ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) take 1 ; ::_thesis: ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= 1 & len L = 1 & L . 1 = N & L . 1 = M & the LTLnew of M = {} v & L is_Finseq_for v ) set L = <*N*>; take <*N*> ; ::_thesis: ex M being strict LTLnode over v st ( 1 <= 1 & len <*N*> = 1 & <*N*> . 1 = N & <*N*> . 1 = M & the LTLnew of M = {} v & <*N*> is_Finseq_for v ) take N ; ::_thesis: ( 1 <= 1 & len <*N*> = 1 & <*N*> . 1 = N & <*N*> . 1 = N & the LTLnew of N = {} v & <*N*> is_Finseq_for v ) for k being Nat st 1 <= k & k < len <*N*> holds ex N1, N2 being strict LTLnode over v st ( <*N*> . k = N1 & <*N*> . (k + 1) = N2 & N2 is_succ_of N1 ) by FINSEQ_1:39; hence ( 1 <= 1 & len <*N*> = 1 & <*N*> . 1 = N & <*N*> . 1 = N & the LTLnew of N = {} v & <*N*> is_Finseq_for v ) by A30, Def19, Th22, FINSEQ_1:40; ::_thesis: verum end; hence ( len N <= 0 implies ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) ) ; ::_thesis: verum end; for k being Nat holds S1[k] from NAT_1:sch_2(A29, A1); then S1[k] ; hence ex n being Nat ex L being FinSequence ex M being strict LTLnode over v st ( 1 <= n & len L = n & L . 1 = N & L . n = M & the LTLnew of M = {} v & L is_Finseq_for v ) ; ::_thesis: verum end; theorem Th25: :: MODELC_3:25 for v being LTL-formula for N2, N1 being strict LTLnode over v st N2 is_succ_of N1 holds ( the LTLold of N1 c= the LTLold of N2 & the LTLnext of N1 c= the LTLnext of N2 ) proof let v be LTL-formula; ::_thesis: for N2, N1 being strict LTLnode over v st N2 is_succ_of N1 holds ( the LTLold of N1 c= the LTLold of N2 & the LTLnext of N1 c= the LTLnext of N2 ) let N2, N1 be strict LTLnode over v; ::_thesis: ( N2 is_succ_of N1 implies ( the LTLold of N1 c= the LTLold of N2 & the LTLnext of N1 c= the LTLnext of N2 ) ) assume A1: N2 is_succ_of N1 ; ::_thesis: ( the LTLold of N1 c= the LTLold of N2 & the LTLnext of N1 c= the LTLnext of N2 ) now__::_thesis:_(_the_LTLold_of_N1_c=_the_LTLold_of_N2_&_the_LTLnext_of_N1_c=_the_LTLnext_of_N2_) percases ( N2 is_succ1_of N1 or N2 is_succ2_of N1 ) by A1, Def9; suppose N2 is_succ1_of N1 ; ::_thesis: ( the LTLold of N1 c= the LTLold of N2 & the LTLnext of N1 c= the LTLnext of N2 ) then consider H being LTL-formula such that A2: ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) by Def7; ( the LTLold of N2 = the LTLold of N1 \/ {H} & the LTLnext of N2 = the LTLnext of N1 \/ (LTLNext H) ) by A2, Def4; hence ( the LTLold of N1 c= the LTLold of N2 & the LTLnext of N1 c= the LTLnext of N2 ) by XBOOLE_1:7; ::_thesis: verum end; suppose N2 is_succ2_of N1 ; ::_thesis: ( the LTLold of N1 c= the LTLold of N2 & the LTLnext of N1 c= the LTLnext of N2 ) then consider H being LTL-formula such that A3: H in the LTLnew of N1 and ( H is disjunctive or H is Until or H is Release ) and A4: N2 = SuccNode2 (H,N1) by Def8; the LTLold of N2 = the LTLold of N1 \/ {H} by A3, A4, Def5; hence ( the LTLold of N1 c= the LTLold of N2 & the LTLnext of N1 c= the LTLnext of N2 ) by A3, A4, Def5, XBOOLE_1:7; ::_thesis: verum end; end; end; hence ( the LTLold of N1 c= the LTLold of N2 & the LTLnext of N1 c= the LTLnext of N2 ) ; ::_thesis: verum end; theorem Th26: :: MODELC_3:26 for m being Nat for L, L1 being FinSequence for v being LTL-formula st L is_Finseq_for v & m <= len L & L1 = L | (Seg m) holds L1 is_Finseq_for v proof let m be Nat; ::_thesis: for L, L1 being FinSequence for v being LTL-formula st L is_Finseq_for v & m <= len L & L1 = L | (Seg m) holds L1 is_Finseq_for v let L, L1 be FinSequence; ::_thesis: for v being LTL-formula st L is_Finseq_for v & m <= len L & L1 = L | (Seg m) holds L1 is_Finseq_for v let v be LTL-formula; ::_thesis: ( L is_Finseq_for v & m <= len L & L1 = L | (Seg m) implies L1 is_Finseq_for v ) assume that A1: L is_Finseq_for v and A2: m <= len L and A3: L1 = L | (Seg m) ; ::_thesis: L1 is_Finseq_for v reconsider L1 = L1 as FinSequence ; A4: len L1 = m by A2, A3, FINSEQ_1:17; A5: dom L1 = Seg m by A2, A3, FINSEQ_1:17; for k being Nat st 1 <= k & k < len L1 holds ex N1, N2 being strict LTLnode over v st ( N1 = L1 . k & N2 = L1 . (k + 1) & N2 is_succ_of N1 ) proof let k be Nat; ::_thesis: ( 1 <= k & k < len L1 implies ex N1, N2 being strict LTLnode over v st ( N1 = L1 . k & N2 = L1 . (k + 1) & N2 is_succ_of N1 ) ) assume that A6: 1 <= k and A7: k < len L1 ; ::_thesis: ex N1, N2 being strict LTLnode over v st ( N1 = L1 . k & N2 = L1 . (k + 1) & N2 is_succ_of N1 ) k in dom L1 by A4, A5, A6, A7, FINSEQ_1:1; then A8: L1 . k = L . k by A3, FUNCT_1:47; ( 1 <= k + 1 & k + 1 <= m ) by A4, A6, A7, NAT_1:13; then k + 1 in dom L1 by A5, FINSEQ_1:1; then A9: L1 . (k + 1) = L . (k + 1) by A3, FUNCT_1:47; k < len L by A2, A4, A7, XXREAL_0:2; hence ex N1, N2 being strict LTLnode over v st ( N1 = L1 . k & N2 = L1 . (k + 1) & N2 is_succ_of N1 ) by A1, A6, A8, A9, Def19; ::_thesis: verum end; hence L1 is_Finseq_for v by Def19; ::_thesis: verum end; theorem Th27: :: MODELC_3:27 for n being Nat for L being FinSequence for F, v being LTL-formula st L is_Finseq_for v & not F in the LTLold of (CastNode ((L . 1),v)) & 1 < n & n <= len L & F in the LTLold of (CastNode ((L . n),v)) holds ex m being Nat st ( 1 <= m & m < n & not F in the LTLold of (CastNode ((L . m),v)) & F in the LTLold of (CastNode ((L . (m + 1)),v)) ) proof let n be Nat; ::_thesis: for L being FinSequence for F, v being LTL-formula st L is_Finseq_for v & not F in the LTLold of (CastNode ((L . 1),v)) & 1 < n & n <= len L & F in the LTLold of (CastNode ((L . n),v)) holds ex m being Nat st ( 1 <= m & m < n & not F in the LTLold of (CastNode ((L . m),v)) & F in the LTLold of (CastNode ((L . (m + 1)),v)) ) let L be FinSequence; ::_thesis: for F, v being LTL-formula st L is_Finseq_for v & not F in the LTLold of (CastNode ((L . 1),v)) & 1 < n & n <= len L & F in the LTLold of (CastNode ((L . n),v)) holds ex m being Nat st ( 1 <= m & m < n & not F in the LTLold of (CastNode ((L . m),v)) & F in the LTLold of (CastNode ((L . (m + 1)),v)) ) let F, v be LTL-formula; ::_thesis: ( L is_Finseq_for v & not F in the LTLold of (CastNode ((L . 1),v)) & 1 < n & n <= len L & F in the LTLold of (CastNode ((L . n),v)) implies ex m being Nat st ( 1 <= m & m < n & not F in the LTLold of (CastNode ((L . m),v)) & F in the LTLold of (CastNode ((L . (m + 1)),v)) ) ) assume A1: ( L is_Finseq_for v & not F in the LTLold of (CastNode ((L . 1),v)) & 1 < n & n <= len L & F in the LTLold of (CastNode ((L . n),v)) ) ; ::_thesis: ex m being Nat st ( 1 <= m & m < n & not F in the LTLold of (CastNode ((L . m),v)) & F in the LTLold of (CastNode ((L . (m + 1)),v)) ) defpred S1[ Nat] means for F1 being LTL-formula for n1 being Nat for L1 being FinSequence st len L1 <= $1 & L1 is_Finseq_for v & not F1 in the LTLold of (CastNode ((L1 . 1),v)) & 1 < n1 & n1 <= len L1 & F1 in the LTLold of (CastNode ((L1 . n1),v)) holds ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ); A2: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A3: S1[k] ; ::_thesis: S1[k + 1] S1[k + 1] proof let F1 be LTL-formula; ::_thesis: for n1 being Nat for L1 being FinSequence st len L1 <= k + 1 & L1 is_Finseq_for v & not F1 in the LTLold of (CastNode ((L1 . 1),v)) & 1 < n1 & n1 <= len L1 & F1 in the LTLold of (CastNode ((L1 . n1),v)) holds ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) let n1 be Nat; ::_thesis: for L1 being FinSequence st len L1 <= k + 1 & L1 is_Finseq_for v & not F1 in the LTLold of (CastNode ((L1 . 1),v)) & 1 < n1 & n1 <= len L1 & F1 in the LTLold of (CastNode ((L1 . n1),v)) holds ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) let L1 be FinSequence; ::_thesis: ( len L1 <= k + 1 & L1 is_Finseq_for v & not F1 in the LTLold of (CastNode ((L1 . 1),v)) & 1 < n1 & n1 <= len L1 & F1 in the LTLold of (CastNode ((L1 . n1),v)) implies ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) ) assume A4: len L1 <= k + 1 ; ::_thesis: ( not L1 is_Finseq_for v or F1 in the LTLold of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or not F1 in the LTLold of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) ) now__::_thesis:_(_not_L1_is_Finseq_for_v_or_F1_in_the_LTLold_of_(CastNode_((L1_._1),v))_or_not_1_<_n1_or_not_n1_<=_len_L1_or_not_F1_in_the_LTLold_of_(CastNode_((L1_._n1),v))_or_ex_m_being_Nat_st_ (_1_<=_m_&_m_<_n1_&_not_F1_in_the_LTLold_of_(CastNode_((L1_._m),v))_&_F1_in_the_LTLold_of_(CastNode_((L1_._(m_+_1)),v))_)_) percases ( len L1 <= k or len L1 = k + 1 ) by A4, NAT_1:8; suppose len L1 <= k ; ::_thesis: ( not L1 is_Finseq_for v or F1 in the LTLold of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or not F1 in the LTLold of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) ) hence ( not L1 is_Finseq_for v or F1 in the LTLold of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or not F1 in the LTLold of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) ) by A3; ::_thesis: verum end; supposeA5: len L1 = k + 1 ; ::_thesis: ( not L1 is_Finseq_for v or F1 in the LTLold of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or not F1 in the LTLold of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) ) ( L1 is_Finseq_for v & not F1 in the LTLold of (CastNode ((L1 . 1),v)) & 1 < n1 & n1 <= len L1 & F1 in the LTLold of (CastNode ((L1 . n1),v)) implies ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) ) proof assume that A6: L1 is_Finseq_for v and A7: not F1 in the LTLold of (CastNode ((L1 . 1),v)) and A8: 1 < n1 and A9: n1 <= len L1 and A10: F1 in the LTLold of (CastNode ((L1 . n1),v)) ; ::_thesis: ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) now__::_thesis:_ex_m_being_Nat_st_ (_1_<=_m_&_m_<_n1_&_not_F1_in_the_LTLold_of_(CastNode_((L1_._m),v))_&_F1_in_the_LTLold_of_(CastNode_((L1_._(m_+_1)),v))_) percases ( n1 <= k or n1 = k + 1 ) by A5, A9, NAT_1:8; supposeA11: n1 <= k ; ::_thesis: ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) set L2 = L1 | (Seg k); reconsider L2 = L1 | (Seg k) as FinSequence by FINSEQ_1:15; A12: k + 0 <= k + 1 by XREAL_1:7; then A13: dom L2 = Seg k by A5, FINSEQ_1:17; then n1 in dom L2 by A8, A11, FINSEQ_1:1; then A14: L2 . n1 = L1 . n1 by FUNCT_1:47; 1 < k by A8, A11, XXREAL_0:2; then 1 in dom L2 by A13, FINSEQ_1:1; then A15: not F1 in the LTLold of (CastNode ((L2 . 1),v)) by A7, FUNCT_1:47; ( len L2 = k & L2 is_Finseq_for v ) by A5, A6, A12, Th26, FINSEQ_1:17; then consider m being Nat such that A16: 1 <= m and A17: m < n1 and A18: ( not F1 in the LTLold of (CastNode ((L2 . m),v)) & F1 in the LTLold of (CastNode ((L2 . (m + 1)),v)) ) by A3, A8, A10, A11, A15, A14; m + 1 <= n1 by A17, NAT_1:13; then A19: m + 1 <= k by A11, XXREAL_0:2; 1 <= m + 1 by A16, NAT_1:13; then m + 1 in dom L2 by A13, A19, FINSEQ_1:1; then A20: L2 . (m + 1) = L1 . (m + 1) by FUNCT_1:47; m <= k by A11, A17, XXREAL_0:2; then m in dom L2 by A13, A16, FINSEQ_1:1; then L2 . m = L1 . m by FUNCT_1:47; hence ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) by A16, A17, A18, A20; ::_thesis: verum end; supposeA21: n1 = k + 1 ; ::_thesis: ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) then A22: 1 <= k by A8, NAT_1:13; A23: k + 0 < k + 1 by XREAL_1:8; now__::_thesis:_ex_m_being_Nat_st_ (_1_<=_m_&_m_<_n1_&_not_F1_in_the_LTLold_of_(CastNode_((L1_._m),v))_&_F1_in_the_LTLold_of_(CastNode_((L1_._(m_+_1)),v))_) percases ( not F1 in the LTLold of (CastNode ((L1 . k),v)) or F1 in the LTLold of (CastNode ((L1 . k),v)) ) ; suppose not F1 in the LTLold of (CastNode ((L1 . k),v)) ; ::_thesis: ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) hence ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) by A10, A21, A23, A22; ::_thesis: verum end; supposeA24: F1 in the LTLold of (CastNode ((L1 . k),v)) ; ::_thesis: ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) A25: 1 < k proof set b = 1 - k; set a = k - 1; A26: ( (k - 1) + (1 - k) = 0 & 1 - 1 <= k - 1 ) by A22, XREAL_1:9; now__::_thesis:_not_k_<=_1 assume k <= 1 ; ::_thesis: contradiction then 1 - 1 <= 1 - k by XREAL_1:10; then k - 1 = 0 by A26; hence contradiction by A7, A24; ::_thesis: verum end; hence 1 < k ; ::_thesis: verum end; set L2 = L1 | (Seg k); reconsider L2 = L1 | (Seg k) as FinSequence by FINSEQ_1:15; A27: k + 0 <= k + 1 by XREAL_1:7; then A28: dom L2 = Seg k by A5, FINSEQ_1:17; then k in dom L2 by A22, FINSEQ_1:1; then A29: F1 in the LTLold of (CastNode ((L2 . k),v)) by A24, FUNCT_1:47; 1 in dom L2 by A22, A28, FINSEQ_1:1; then A30: not F1 in the LTLold of (CastNode ((L2 . 1),v)) by A7, FUNCT_1:47; ( len L2 = k & L2 is_Finseq_for v ) by A5, A6, A27, Th26, FINSEQ_1:17; then consider m being Nat such that A31: 1 <= m and A32: m < k and A33: not F1 in the LTLold of (CastNode ((L2 . m),v)) and A34: F1 in the LTLold of (CastNode ((L2 . (m + 1)),v)) by A3, A30, A29, A25; m in dom L2 by A28, A31, A32, FINSEQ_1:1; then A35: not F1 in the LTLold of (CastNode ((L1 . m),v)) by A33, FUNCT_1:47; ( 1 <= m + 1 & m + 1 <= k ) by A31, A32, NAT_1:13; then m + 1 in dom L2 by A28, FINSEQ_1:1; then A36: L2 . (m + 1) = L1 . (m + 1) by FUNCT_1:47; m < n1 by A21, A23, A32, XXREAL_0:2; hence ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) by A31, A34, A35, A36; ::_thesis: verum end; end; end; hence ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) ; ::_thesis: verum end; end; end; hence ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) ; ::_thesis: verum end; hence ( not L1 is_Finseq_for v or F1 in the LTLold of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or not F1 in the LTLold of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) ) ; ::_thesis: verum end; end; end; hence ( not L1 is_Finseq_for v or F1 in the LTLold of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or not F1 in the LTLold of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & not F1 in the LTLold of (CastNode ((L1 . m),v)) & F1 in the LTLold of (CastNode ((L1 . (m + 1)),v)) ) ) ; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A37: S1[ 0 ] ; for k being Nat holds S1[k] from NAT_1:sch_2(A37, A2); hence ex m being Nat st ( 1 <= m & m < n & not F in the LTLold of (CastNode ((L . m),v)) & F in the LTLold of (CastNode ((L . (m + 1)),v)) ) by A1; ::_thesis: verum end; theorem Th28: :: MODELC_3:28 for F, v being LTL-formula for N2, N1 being strict LTLnode over v st N2 is_succ_of N1 & not F in the LTLold of N1 & F in the LTLold of N2 holds N2 is_succ_of N1,F proof let F, v be LTL-formula; ::_thesis: for N2, N1 being strict LTLnode over v st N2 is_succ_of N1 & not F in the LTLold of N1 & F in the LTLold of N2 holds N2 is_succ_of N1,F let N2, N1 be strict LTLnode over v; ::_thesis: ( N2 is_succ_of N1 & not F in the LTLold of N1 & F in the LTLold of N2 implies N2 is_succ_of N1,F ) assume that A1: N2 is_succ_of N1 and A2: not F in the LTLold of N1 and A3: F in the LTLold of N2 ; ::_thesis: N2 is_succ_of N1,F now__::_thesis:_N2_is_succ_of_N1,F percases ( N2 is_succ1_of N1 or N2 is_succ2_of N1 ) by A1, Def9; suppose N2 is_succ1_of N1 ; ::_thesis: N2 is_succ_of N1,F then consider H being LTL-formula such that A4: ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) by Def7; the LTLold of N2 = the LTLold of N1 \/ {H} by A4, Def4; then ( F in the LTLold of N1 or F in {H} ) by A3, XBOOLE_0:def_3; then F = H by A2, TARSKI:def_1; hence N2 is_succ_of N1,F by A4, Def6; ::_thesis: verum end; suppose N2 is_succ2_of N1 ; ::_thesis: N2 is_succ_of N1,F then consider H being LTL-formula such that A5: H in the LTLnew of N1 and A6: ( H is disjunctive or H is Until or H is Release ) and A7: N2 = SuccNode2 (H,N1) by Def8; the LTLold of N2 = the LTLold of N1 \/ {H} by A5, A7, Def5; then ( F in the LTLold of N1 or F in {H} ) by A3, XBOOLE_0:def_3; then F = H by A2, TARSKI:def_1; hence N2 is_succ_of N1,F by A5, A6, A7, Def6; ::_thesis: verum end; end; end; hence N2 is_succ_of N1,F ; ::_thesis: verum end; theorem Th29: :: MODELC_3:29 for n being Nat for L being FinSequence for F, v being LTL-formula st L is_Finseq_for v & F in the LTLnew of (CastNode ((L . 1),v)) & 1 < n & n <= len L & not F in the LTLnew of (CastNode ((L . n),v)) holds ex m being Nat st ( 1 <= m & m < n & F in the LTLnew of (CastNode ((L . m),v)) & not F in the LTLnew of (CastNode ((L . (m + 1)),v)) ) proof let n be Nat; ::_thesis: for L being FinSequence for F, v being LTL-formula st L is_Finseq_for v & F in the LTLnew of (CastNode ((L . 1),v)) & 1 < n & n <= len L & not F in the LTLnew of (CastNode ((L . n),v)) holds ex m being Nat st ( 1 <= m & m < n & F in the LTLnew of (CastNode ((L . m),v)) & not F in the LTLnew of (CastNode ((L . (m + 1)),v)) ) let L be FinSequence; ::_thesis: for F, v being LTL-formula st L is_Finseq_for v & F in the LTLnew of (CastNode ((L . 1),v)) & 1 < n & n <= len L & not F in the LTLnew of (CastNode ((L . n),v)) holds ex m being Nat st ( 1 <= m & m < n & F in the LTLnew of (CastNode ((L . m),v)) & not F in the LTLnew of (CastNode ((L . (m + 1)),v)) ) let F, v be LTL-formula; ::_thesis: ( L is_Finseq_for v & F in the LTLnew of (CastNode ((L . 1),v)) & 1 < n & n <= len L & not F in the LTLnew of (CastNode ((L . n),v)) implies ex m being Nat st ( 1 <= m & m < n & F in the LTLnew of (CastNode ((L . m),v)) & not F in the LTLnew of (CastNode ((L . (m + 1)),v)) ) ) assume A1: ( L is_Finseq_for v & F in the LTLnew of (CastNode ((L . 1),v)) & 1 < n & n <= len L & not F in the LTLnew of (CastNode ((L . n),v)) ) ; ::_thesis: ex m being Nat st ( 1 <= m & m < n & F in the LTLnew of (CastNode ((L . m),v)) & not F in the LTLnew of (CastNode ((L . (m + 1)),v)) ) defpred S1[ Nat] means for F1 being LTL-formula for n1 being Nat for L1 being FinSequence st len L1 <= $1 & L1 is_Finseq_for v & F1 in the LTLnew of (CastNode ((L1 . 1),v)) & 1 < n1 & n1 <= len L1 & not F1 in the LTLnew of (CastNode ((L1 . n1),v)) holds ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ); A2: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A3: S1[k] ; ::_thesis: S1[k + 1] S1[k + 1] proof let F1 be LTL-formula; ::_thesis: for n1 being Nat for L1 being FinSequence st len L1 <= k + 1 & L1 is_Finseq_for v & F1 in the LTLnew of (CastNode ((L1 . 1),v)) & 1 < n1 & n1 <= len L1 & not F1 in the LTLnew of (CastNode ((L1 . n1),v)) holds ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) let n1 be Nat; ::_thesis: for L1 being FinSequence st len L1 <= k + 1 & L1 is_Finseq_for v & F1 in the LTLnew of (CastNode ((L1 . 1),v)) & 1 < n1 & n1 <= len L1 & not F1 in the LTLnew of (CastNode ((L1 . n1),v)) holds ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) let L1 be FinSequence; ::_thesis: ( len L1 <= k + 1 & L1 is_Finseq_for v & F1 in the LTLnew of (CastNode ((L1 . 1),v)) & 1 < n1 & n1 <= len L1 & not F1 in the LTLnew of (CastNode ((L1 . n1),v)) implies ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) ) assume A4: len L1 <= k + 1 ; ::_thesis: ( not L1 is_Finseq_for v or not F1 in the LTLnew of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or F1 in the LTLnew of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) ) now__::_thesis:_(_not_L1_is_Finseq_for_v_or_not_F1_in_the_LTLnew_of_(CastNode_((L1_._1),v))_or_not_1_<_n1_or_not_n1_<=_len_L1_or_F1_in_the_LTLnew_of_(CastNode_((L1_._n1),v))_or_ex_m_being_Nat_st_ (_1_<=_m_&_m_<_n1_&_F1_in_the_LTLnew_of_(CastNode_((L1_._m),v))_&_not_F1_in_the_LTLnew_of_(CastNode_((L1_._(m_+_1)),v))_)_) percases ( len L1 <= k or len L1 = k + 1 ) by A4, NAT_1:8; suppose len L1 <= k ; ::_thesis: ( not L1 is_Finseq_for v or not F1 in the LTLnew of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or F1 in the LTLnew of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) ) hence ( not L1 is_Finseq_for v or not F1 in the LTLnew of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or F1 in the LTLnew of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) ) by A3; ::_thesis: verum end; supposeA5: len L1 = k + 1 ; ::_thesis: ( not L1 is_Finseq_for v or not F1 in the LTLnew of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or F1 in the LTLnew of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) ) ( L1 is_Finseq_for v & F1 in the LTLnew of (CastNode ((L1 . 1),v)) & 1 < n1 & n1 <= len L1 & not F1 in the LTLnew of (CastNode ((L1 . n1),v)) implies ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) ) proof assume that A6: L1 is_Finseq_for v and A7: F1 in the LTLnew of (CastNode ((L1 . 1),v)) and A8: 1 < n1 and A9: n1 <= len L1 and A10: not F1 in the LTLnew of (CastNode ((L1 . n1),v)) ; ::_thesis: ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) now__::_thesis:_ex_m_being_Nat_st_ (_1_<=_m_&_m_<_n1_&_F1_in_the_LTLnew_of_(CastNode_((L1_._m),v))_&_not_F1_in_the_LTLnew_of_(CastNode_((L1_._(m_+_1)),v))_) percases ( n1 <= k or n1 = k + 1 ) by A5, A9, NAT_1:8; supposeA11: n1 <= k ; ::_thesis: ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) set L2 = L1 | (Seg k); reconsider L2 = L1 | (Seg k) as FinSequence by FINSEQ_1:15; A12: k + 0 <= k + 1 by XREAL_1:7; then A13: dom L2 = Seg k by A5, FINSEQ_1:17; then n1 in dom L2 by A8, A11, FINSEQ_1:1; then A14: L2 . n1 = L1 . n1 by FUNCT_1:47; 1 < k by A8, A11, XXREAL_0:2; then 1 in dom L2 by A13, FINSEQ_1:1; then A15: F1 in the LTLnew of (CastNode ((L2 . 1),v)) by A7, FUNCT_1:47; ( len L2 = k & L2 is_Finseq_for v ) by A5, A6, A12, Th26, FINSEQ_1:17; then consider m being Nat such that A16: 1 <= m and A17: m < n1 and A18: ( F1 in the LTLnew of (CastNode ((L2 . m),v)) & not F1 in the LTLnew of (CastNode ((L2 . (m + 1)),v)) ) by A3, A8, A10, A11, A15, A14; m + 1 <= n1 by A17, NAT_1:13; then A19: m + 1 <= k by A11, XXREAL_0:2; 1 <= m + 1 by A16, NAT_1:13; then m + 1 in dom L2 by A13, A19, FINSEQ_1:1; then A20: L2 . (m + 1) = L1 . (m + 1) by FUNCT_1:47; m <= k by A11, A17, XXREAL_0:2; then m in dom L2 by A13, A16, FINSEQ_1:1; then L2 . m = L1 . m by FUNCT_1:47; hence ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) by A16, A17, A18, A20; ::_thesis: verum end; supposeA21: n1 = k + 1 ; ::_thesis: ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) then A22: 1 <= k by A8, NAT_1:13; A23: k + 0 < k + 1 by XREAL_1:8; now__::_thesis:_ex_m_being_Nat_st_ (_1_<=_m_&_m_<_n1_&_F1_in_the_LTLnew_of_(CastNode_((L1_._m),v))_&_not_F1_in_the_LTLnew_of_(CastNode_((L1_._(m_+_1)),v))_) percases ( F1 in the LTLnew of (CastNode ((L1 . k),v)) or not F1 in the LTLnew of (CastNode ((L1 . k),v)) ) ; suppose F1 in the LTLnew of (CastNode ((L1 . k),v)) ; ::_thesis: ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) hence ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) by A10, A21, A23, A22; ::_thesis: verum end; supposeA24: not F1 in the LTLnew of (CastNode ((L1 . k),v)) ; ::_thesis: ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) A25: 1 < k proof set b = 1 - k; set a = k - 1; A26: ( (k - 1) + (1 - k) = 0 & 1 - 1 <= k - 1 ) by A22, XREAL_1:9; now__::_thesis:_not_k_<=_1 assume k <= 1 ; ::_thesis: contradiction then 1 - 1 <= 1 - k by XREAL_1:10; then k - 1 = 0 by A26; hence contradiction by A7, A24; ::_thesis: verum end; hence 1 < k ; ::_thesis: verum end; set L2 = L1 | (Seg k); reconsider L2 = L1 | (Seg k) as FinSequence by FINSEQ_1:15; A27: k + 0 <= k + 1 by XREAL_1:7; then A28: dom L2 = Seg k by A5, FINSEQ_1:17; then k in dom L2 by A22, FINSEQ_1:1; then A29: not F1 in the LTLnew of (CastNode ((L2 . k),v)) by A24, FUNCT_1:47; 1 in dom L2 by A22, A28, FINSEQ_1:1; then A30: F1 in the LTLnew of (CastNode ((L2 . 1),v)) by A7, FUNCT_1:47; ( len L2 = k & L2 is_Finseq_for v ) by A5, A6, A27, Th26, FINSEQ_1:17; then consider m being Nat such that A31: 1 <= m and A32: m < k and A33: F1 in the LTLnew of (CastNode ((L2 . m),v)) and A34: not F1 in the LTLnew of (CastNode ((L2 . (m + 1)),v)) by A3, A30, A29, A25; m in dom L2 by A28, A31, A32, FINSEQ_1:1; then A35: F1 in the LTLnew of (CastNode ((L1 . m),v)) by A33, FUNCT_1:47; ( 1 <= m + 1 & m + 1 <= k ) by A31, A32, NAT_1:13; then m + 1 in dom L2 by A28, FINSEQ_1:1; then A36: L2 . (m + 1) = L1 . (m + 1) by FUNCT_1:47; m < n1 by A21, A23, A32, XXREAL_0:2; hence ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) by A31, A34, A35, A36; ::_thesis: verum end; end; end; hence ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) ; ::_thesis: verum end; end; end; hence ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) ; ::_thesis: verum end; hence ( not L1 is_Finseq_for v or not F1 in the LTLnew of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or F1 in the LTLnew of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) ) ; ::_thesis: verum end; end; end; hence ( not L1 is_Finseq_for v or not F1 in the LTLnew of (CastNode ((L1 . 1),v)) or not 1 < n1 or not n1 <= len L1 or F1 in the LTLnew of (CastNode ((L1 . n1),v)) or ex m being Nat st ( 1 <= m & m < n1 & F1 in the LTLnew of (CastNode ((L1 . m),v)) & not F1 in the LTLnew of (CastNode ((L1 . (m + 1)),v)) ) ) ; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A37: S1[ 0 ] ; for k being Nat holds S1[k] from NAT_1:sch_2(A37, A2); hence ex m being Nat st ( 1 <= m & m < n & F in the LTLnew of (CastNode ((L . m),v)) & not F in the LTLnew of (CastNode ((L . (m + 1)),v)) ) by A1; ::_thesis: verum end; theorem Th30: :: MODELC_3:30 for F, v being LTL-formula for N2, N1 being strict LTLnode over v st N2 is_succ_of N1 & F in the LTLnew of N1 & not F in the LTLnew of N2 holds N2 is_succ_of N1,F proof let F, v be LTL-formula; ::_thesis: for N2, N1 being strict LTLnode over v st N2 is_succ_of N1 & F in the LTLnew of N1 & not F in the LTLnew of N2 holds N2 is_succ_of N1,F let N2, N1 be strict LTLnode over v; ::_thesis: ( N2 is_succ_of N1 & F in the LTLnew of N1 & not F in the LTLnew of N2 implies N2 is_succ_of N1,F ) assume that A1: N2 is_succ_of N1 and A2: F in the LTLnew of N1 and A3: not F in the LTLnew of N2 ; ::_thesis: N2 is_succ_of N1,F now__::_thesis:_N2_is_succ_of_N1,F percases ( N2 is_succ1_of N1 or N2 is_succ2_of N1 ) by A1, Def9; suppose N2 is_succ1_of N1 ; ::_thesis: N2 is_succ_of N1,F then consider H being LTL-formula such that A4: ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) by Def7; the LTLnew of N2 = ( the LTLnew of N1 \ {H}) \/ ((LTLNew1 H) \ the LTLold of N1) by A4, Def4; then not F in the LTLnew of N1 \ {H} by A3, XBOOLE_0:def_3; then ( not F in the LTLnew of N1 or F in {H} ) by XBOOLE_0:def_5; then F = H by A2, TARSKI:def_1; hence N2 is_succ_of N1,F by A4, Def6; ::_thesis: verum end; suppose N2 is_succ2_of N1 ; ::_thesis: N2 is_succ_of N1,F then consider H being LTL-formula such that A5: H in the LTLnew of N1 and A6: ( H is disjunctive or H is Until or H is Release ) and A7: N2 = SuccNode2 (H,N1) by Def8; the LTLnew of N2 = ( the LTLnew of N1 \ {H}) \/ ((LTLNew2 H) \ the LTLold of N1) by A5, A7, Def5; then not F in the LTLnew of N1 \ {H} by A3, XBOOLE_0:def_3; then ( not F in the LTLnew of N1 or F in {H} ) by XBOOLE_0:def_5; then F = H by A2, TARSKI:def_1; hence N2 is_succ_of N1,F by A5, A6, A7, Def6; ::_thesis: verum end; end; end; hence N2 is_succ_of N1,F ; ::_thesis: verum end; theorem Th31: :: MODELC_3:31 for m, n being Nat for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= m & m <= n & n <= len L holds ( the LTLold of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . n),v)) & the LTLnext of (CastNode ((L . m),v)) c= the LTLnext of (CastNode ((L . n),v)) ) proof let m, n be Nat; ::_thesis: for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= m & m <= n & n <= len L holds ( the LTLold of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . n),v)) & the LTLnext of (CastNode ((L . m),v)) c= the LTLnext of (CastNode ((L . n),v)) ) let L be FinSequence; ::_thesis: for v being LTL-formula st L is_Finseq_for v & 1 <= m & m <= n & n <= len L holds ( the LTLold of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . n),v)) & the LTLnext of (CastNode ((L . m),v)) c= the LTLnext of (CastNode ((L . n),v)) ) let v be LTL-formula; ::_thesis: ( L is_Finseq_for v & 1 <= m & m <= n & n <= len L implies ( the LTLold of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . n),v)) & the LTLnext of (CastNode ((L . m),v)) c= the LTLnext of (CastNode ((L . n),v)) ) ) assume A1: ( L is_Finseq_for v & 1 <= m & m <= n & n <= len L ) ; ::_thesis: ( the LTLold of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . n),v)) & the LTLnext of (CastNode ((L . m),v)) c= the LTLnext of (CastNode ((L . n),v)) ) defpred S1[ Nat] means for n1, m1 being Nat for L1 being FinSequence st len L1 <= $1 & L1 is_Finseq_for v & 1 <= m1 & m1 <= n1 & n1 <= len L1 holds ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ); A2: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A3: S1[k] ; ::_thesis: S1[k + 1] S1[k + 1] proof let n1, m1 be Nat; ::_thesis: for L1 being FinSequence st len L1 <= k + 1 & L1 is_Finseq_for v & 1 <= m1 & m1 <= n1 & n1 <= len L1 holds ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) let L1 be FinSequence; ::_thesis: ( len L1 <= k + 1 & L1 is_Finseq_for v & 1 <= m1 & m1 <= n1 & n1 <= len L1 implies ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ) assume A4: len L1 <= k + 1 ; ::_thesis: ( not L1 is_Finseq_for v or not 1 <= m1 or not m1 <= n1 or not n1 <= len L1 or ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ) now__::_thesis:_(_not_L1_is_Finseq_for_v_or_not_1_<=_m1_or_not_m1_<=_n1_or_not_n1_<=_len_L1_or_(_the_LTLold_of_(CastNode_((L1_._m1),v))_c=_the_LTLold_of_(CastNode_((L1_._n1),v))_&_the_LTLnext_of_(CastNode_((L1_._m1),v))_c=_the_LTLnext_of_(CastNode_((L1_._n1),v))_)_) percases ( len L1 <= k or len L1 = k + 1 ) by A4, NAT_1:8; suppose len L1 <= k ; ::_thesis: ( not L1 is_Finseq_for v or not 1 <= m1 or not m1 <= n1 or not n1 <= len L1 or ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ) hence ( not L1 is_Finseq_for v or not 1 <= m1 or not m1 <= n1 or not n1 <= len L1 or ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ) by A3; ::_thesis: verum end; supposeA5: len L1 = k + 1 ; ::_thesis: ( not L1 is_Finseq_for v or not 1 <= m1 or not m1 <= n1 or not n1 <= len L1 or ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ) ( L1 is_Finseq_for v & 1 <= m1 & m1 <= n1 & n1 <= len L1 implies ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ) proof assume that A6: L1 is_Finseq_for v and A7: 1 <= m1 and A8: m1 <= n1 and A9: n1 <= len L1 ; ::_thesis: ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) A10: 1 <= n1 by A7, A8, XXREAL_0:2; now__::_thesis:_(_the_LTLold_of_(CastNode_((L1_._m1),v))_c=_the_LTLold_of_(CastNode_((L1_._n1),v))_&_the_LTLnext_of_(CastNode_((L1_._m1),v))_c=_the_LTLnext_of_(CastNode_((L1_._n1),v))_) percases ( n1 <= k or n1 = k + 1 ) by A5, A9, NAT_1:8; supposeA11: n1 <= k ; ::_thesis: ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) set L2 = L1 | (Seg k); reconsider L2 = L1 | (Seg k) as FinSequence by FINSEQ_1:15; A12: k + 0 <= k + 1 by XREAL_1:7; then A13: dom L2 = Seg k by A5, FINSEQ_1:17; then n1 in dom L2 by A10, A11, FINSEQ_1:1; then A14: L2 . n1 = L1 . n1 by FUNCT_1:47; m1 <= k by A8, A11, XXREAL_0:2; then m1 in dom L2 by A7, A13, FINSEQ_1:1; then A15: L2 . m1 = L1 . m1 by FUNCT_1:47; ( len L2 = k & L2 is_Finseq_for v ) by A5, A6, A12, Th26, FINSEQ_1:17; hence ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) by A3, A7, A8, A11, A15, A14; ::_thesis: verum end; supposeA16: n1 = k + 1 ; ::_thesis: ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) now__::_thesis:_(_the_LTLold_of_(CastNode_((L1_._m1),v))_c=_the_LTLold_of_(CastNode_((L1_._n1),v))_&_the_LTLnext_of_(CastNode_((L1_._m1),v))_c=_the_LTLnext_of_(CastNode_((L1_._n1),v))_) percases ( m1 < n1 or m1 = n1 ) by A8, XXREAL_0:1; supposeA17: m1 < n1 ; ::_thesis: ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) set L2 = L1 | (Seg k); reconsider L2 = L1 | (Seg k) as FinSequence by FINSEQ_1:15; A18: m1 <= k by A16, A17, NAT_1:13; A19: k + 0 <= k + 1 by XREAL_1:7; then A20: dom L2 = Seg k by A5, FINSEQ_1:17; then m1 in dom L2 by A7, A18, FINSEQ_1:1; then A21: L2 . m1 = L1 . m1 by FUNCT_1:47; A22: 1 <= k by A7, A18, XXREAL_0:2; then k in dom L2 by A20, FINSEQ_1:1; then A23: L2 . k = L1 . k by FUNCT_1:47; ( len L2 = k & L2 is_Finseq_for v ) by A5, A6, A19, Th26, FINSEQ_1:17; then A24: ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . k),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . k),v)) ) by A3, A7, A18, A21, A23; k < len L1 by A5, NAT_1:13; then consider N1, N2 being strict LTLnode over v such that A25: ( N1 = L1 . k & N2 = L1 . (k + 1) ) and A26: N2 is_succ_of N1 by A6, A22, Def19; A27: ( N1 = CastNode (N1,v) & N2 = CastNode (N2,v) ) by Def16; ( the LTLold of N1 c= the LTLold of N2 & the LTLnext of N1 c= the LTLnext of N2 ) by A26, Th25; hence ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) by A16, A24, A25, A27, XBOOLE_1:1; ::_thesis: verum end; suppose m1 = n1 ; ::_thesis: ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) hence ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ; ::_thesis: verum end; end; end; hence ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ; ::_thesis: verum end; end; end; hence ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ; ::_thesis: verum end; hence ( not L1 is_Finseq_for v or not 1 <= m1 or not m1 <= n1 or not n1 <= len L1 or ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ) ; ::_thesis: verum end; end; end; hence ( not L1 is_Finseq_for v or not 1 <= m1 or not m1 <= n1 or not n1 <= len L1 or ( the LTLold of (CastNode ((L1 . m1),v)) c= the LTLold of (CastNode ((L1 . n1),v)) & the LTLnext of (CastNode ((L1 . m1),v)) c= the LTLnext of (CastNode ((L1 . n1),v)) ) ) ; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A28: S1[ 0 ] ; for k being Nat holds S1[k] from NAT_1:sch_2(A28, A2); hence ( the LTLold of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . n),v)) & the LTLnext of (CastNode ((L . m),v)) c= the LTLnext of (CastNode ((L . n),v)) ) by A1; ::_thesis: verum end; theorem Th32: :: MODELC_3:32 for F, v being LTL-formula for N2, N1 being strict LTLnode over v st N2 is_succ_of N1,F holds F in the LTLold of N2 proof let F, v be LTL-formula; ::_thesis: for N2, N1 being strict LTLnode over v st N2 is_succ_of N1,F holds F in the LTLold of N2 let N2, N1 be strict LTLnode over v; ::_thesis: ( N2 is_succ_of N1,F implies F in the LTLold of N2 ) assume A1: N2 is_succ_of N1,F ; ::_thesis: F in the LTLold of N2 now__::_thesis:_F_in_the_LTLold_of_N2 percases ( ( F in the LTLnew of N1 & N2 = SuccNode1 (F,N1) ) or ( F in the LTLnew of N1 & ( F is disjunctive or F is Until or F is Release ) & N2 = SuccNode2 (F,N1) ) ) by A1, Def6; suppose ( F in the LTLnew of N1 & N2 = SuccNode1 (F,N1) ) ; ::_thesis: F in the LTLold of N2 then the LTLold of N2 = the LTLold of N1 \/ {F} by Def4; then A2: {F} c= the LTLold of N2 by XBOOLE_1:7; F in {F} by TARSKI:def_1; hence F in the LTLold of N2 by A2; ::_thesis: verum end; suppose ( F in the LTLnew of N1 & ( F is disjunctive or F is Until or F is Release ) & N2 = SuccNode2 (F,N1) ) ; ::_thesis: F in the LTLold of N2 then the LTLold of N2 = the LTLold of N1 \/ {F} by Def5; then A3: {F} c= the LTLold of N2 by XBOOLE_1:7; F in {F} by TARSKI:def_1; hence F in the LTLold of N2 by A3; ::_thesis: verum end; end; end; hence F in the LTLold of N2 ; ::_thesis: verum end; theorem Th33: :: MODELC_3:33 for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= len L & the LTLnew of (CastNode ((L . (len L)),v)) = {} v holds the LTLnew of (CastNode ((L . 1),v)) c= the LTLold of (CastNode ((L . (len L)),v)) proof let L be FinSequence; ::_thesis: for v being LTL-formula st L is_Finseq_for v & 1 <= len L & the LTLnew of (CastNode ((L . (len L)),v)) = {} v holds the LTLnew of (CastNode ((L . 1),v)) c= the LTLold of (CastNode ((L . (len L)),v)) let v be LTL-formula; ::_thesis: ( L is_Finseq_for v & 1 <= len L & the LTLnew of (CastNode ((L . (len L)),v)) = {} v implies the LTLnew of (CastNode ((L . 1),v)) c= the LTLold of (CastNode ((L . (len L)),v)) ) assume that A1: L is_Finseq_for v and A2: 1 <= len L and A3: the LTLnew of (CastNode ((L . (len L)),v)) = {} v ; ::_thesis: the LTLnew of (CastNode ((L . 1),v)) c= the LTLold of (CastNode ((L . (len L)),v)) set n = len L; the LTLnew of (CastNode ((L . 1),v)) c= the LTLold of (CastNode ((L . (len L)),v)) proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in the LTLnew of (CastNode ((L . 1),v)) or x in the LTLold of (CastNode ((L . (len L)),v)) ) assume A4: x in the LTLnew of (CastNode ((L . 1),v)) ; ::_thesis: x in the LTLold of (CastNode ((L . (len L)),v)) then x in Subformulae v ; then reconsider x = x as LTL-formula by MODELC_2:1; 1 < len L by A2, A3, A4, XXREAL_0:1; then consider m being Nat such that A5: ( 1 <= m & m < len L ) and A6: ( x in the LTLnew of (CastNode ((L . m),v)) & not x in the LTLnew of (CastNode ((L . (m + 1)),v)) ) by A1, A3, A4, Th29; set m1 = m + 1; ( 1 <= m + 1 & m + 1 <= len L ) by A5, NAT_1:13; then A7: the LTLold of (CastNode ((L . (m + 1)),v)) c= the LTLold of (CastNode ((L . (len L)),v)) by A1, Th31; consider N1, N2 being strict LTLnode over v such that A8: N1 = L . m and A9: N2 = L . (m + 1) and A10: N2 is_succ_of N1 by A1, A5, Def19; A11: N2 = CastNode ((L . (m + 1)),v) by A9, Def16; N1 = CastNode ((L . m),v) by A8, Def16; then x in the LTLold of N2 by A6, A10, A11, Th30, Th32; hence x in the LTLold of (CastNode ((L . (len L)),v)) by A11, A7; ::_thesis: verum end; hence the LTLnew of (CastNode ((L . 1),v)) c= the LTLold of (CastNode ((L . (len L)),v)) ; ::_thesis: verum end; theorem Th34: :: MODELC_3:34 for m being Nat for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= m & m <= len L & the LTLnew of (CastNode ((L . (len L)),v)) = {} v holds the LTLnew of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . (len L)),v)) proof let m be Nat; ::_thesis: for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= m & m <= len L & the LTLnew of (CastNode ((L . (len L)),v)) = {} v holds the LTLnew of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . (len L)),v)) let L be FinSequence; ::_thesis: for v being LTL-formula st L is_Finseq_for v & 1 <= m & m <= len L & the LTLnew of (CastNode ((L . (len L)),v)) = {} v holds the LTLnew of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . (len L)),v)) let v be LTL-formula; ::_thesis: ( L is_Finseq_for v & 1 <= m & m <= len L & the LTLnew of (CastNode ((L . (len L)),v)) = {} v implies the LTLnew of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . (len L)),v)) ) assume that A1: ( L is_Finseq_for v & 1 <= m & m <= len L ) and A2: the LTLnew of (CastNode ((L . (len L)),v)) = {} v ; ::_thesis: the LTLnew of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . (len L)),v)) ex L1, L2 being FinSequence st ( L2 is_Finseq_for v & L = L1 ^ L2 & L2 . 1 = L . m & 1 <= len L2 & len L2 = (len L) - (m - 1) & L2 . (len L2) = L . (len L) ) by A1, Lm15; hence the LTLnew of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . (len L)),v)) by A2, Th33; ::_thesis: verum end; theorem Th35: :: MODELC_3:35 for k being Nat for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= k & k < len L holds CastNode ((L . (k + 1)),v) is_succ_of CastNode ((L . k),v) proof let k be Nat; ::_thesis: for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= k & k < len L holds CastNode ((L . (k + 1)),v) is_succ_of CastNode ((L . k),v) let L be FinSequence; ::_thesis: for v being LTL-formula st L is_Finseq_for v & 1 <= k & k < len L holds CastNode ((L . (k + 1)),v) is_succ_of CastNode ((L . k),v) let v be LTL-formula; ::_thesis: ( L is_Finseq_for v & 1 <= k & k < len L implies CastNode ((L . (k + 1)),v) is_succ_of CastNode ((L . k),v) ) assume ( L is_Finseq_for v & 1 <= k & k < len L ) ; ::_thesis: CastNode ((L . (k + 1)),v) is_succ_of CastNode ((L . k),v) then consider N, M being strict LTLnode over v such that A1: N = L . k and A2: ( M = L . (k + 1) & M is_succ_of N ) by Def19; CastNode ((L . k),v) = N by A1, Def16; hence CastNode ((L . (k + 1)),v) is_succ_of CastNode ((L . k),v) by A2, Def16; ::_thesis: verum end; theorem Th36: :: MODELC_3:36 for k being Nat for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= k & k <= len L holds len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 proof let k be Nat; ::_thesis: for L being FinSequence for v being LTL-formula st L is_Finseq_for v & 1 <= k & k <= len L holds len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 let L be FinSequence; ::_thesis: for v being LTL-formula st L is_Finseq_for v & 1 <= k & k <= len L holds len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 let v be LTL-formula; ::_thesis: ( L is_Finseq_for v & 1 <= k & k <= len L implies len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 ) defpred S1[ Nat] means for L being FinSequence for j being Nat st len L <= $1 & L is_Finseq_for v & 1 <= j & j <= len L holds len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1; A1: for n being Nat st S1[n] holds S1[n + 1] proof let n be Nat; ::_thesis: ( S1[n] implies S1[n + 1] ) assume A2: S1[n] ; ::_thesis: S1[n + 1] A3: for L being FinSequence for k being Nat st len L = n + 1 & L is_Finseq_for v & 1 <= k & k <= len L holds len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 proof let L be FinSequence; ::_thesis: for k being Nat st len L = n + 1 & L is_Finseq_for v & 1 <= k & k <= len L holds len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 let k be Nat; ::_thesis: ( len L = n + 1 & L is_Finseq_for v & 1 <= k & k <= len L implies len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 ) assume A4: len L = n + 1 ; ::_thesis: ( not L is_Finseq_for v or not 1 <= k or not k <= len L or len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 ) ( L is_Finseq_for v & 1 <= k & k <= len L implies len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 ) proof set L1 = L | (Seg n); assume that A5: L is_Finseq_for v and A6: 1 <= k and A7: k <= len L ; ::_thesis: len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 reconsider L1 = L | (Seg n) as FinSequence by FINSEQ_1:15; A8: n < len L by A4, NAT_1:13; then A9: len L1 = n by FINSEQ_1:17; A10: dom L1 = Seg n by A8, FINSEQ_1:17; A11: for m being Nat st 1 <= m & m <= n holds L1 . m = L . m proof let m be Nat; ::_thesis: ( 1 <= m & m <= n implies L1 . m = L . m ) assume ( 1 <= m & m <= n ) ; ::_thesis: L1 . m = L . m then m in dom L1 by A10, FINSEQ_1:1; hence L1 . m = L . m by FUNCT_1:47; ::_thesis: verum end; A12: ( not n = 0 implies 0 < 0 + n ) ; now__::_thesis:_len_(CastNode_((L_._k),v))_<=_((len_(CastNode_((L_._1),v)))_-_k)_+_1 percases ( k <= n or ( k = n + 1 & n >= 1 ) or ( k = n + 1 & n = 0 ) ) by A4, A7, A12, NAT_1:8, NAT_1:19; supposeA13: k <= n ; ::_thesis: len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 then 1 <= n by A6, XXREAL_0:2; then A14: L1 . 1 = L . 1 by A11; L1 . k = L . k by A6, A11, A13; hence len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 by A2, A5, A6, A8, A9, A13, A14, Th26; ::_thesis: verum end; supposeA15: ( k = n + 1 & n >= 1 ) ; ::_thesis: len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 then len (CastNode ((L . k),v)) <= (len (CastNode ((L . n),v))) - 1 by A5, A8, Th21, Th35; then A16: (len (CastNode ((L . k),v))) + 1 <= ((len (CastNode ((L . n),v))) - 1) + 1 by XREAL_1:6; ( L1 . n = L . n & L1 . 1 = L . 1 ) by A11, A15; then len (CastNode ((L . n),v)) <= ((len (CastNode ((L . 1),v))) - n) + 1 by A2, A5, A8, A9, A15, Th26; then (len (CastNode ((L . k),v))) + 1 <= ((len (CastNode ((L . 1),v))) - n) + 1 by A16, XXREAL_0:2; hence len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 by A15, XREAL_1:6; ::_thesis: verum end; suppose ( k = n + 1 & n = 0 ) ; ::_thesis: len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 hence len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 ; ::_thesis: verum end; end; end; hence len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 ; ::_thesis: verum end; hence ( not L is_Finseq_for v or not 1 <= k or not k <= len L or len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 ) ; ::_thesis: verum end; S1[n + 1] proof let L be FinSequence; ::_thesis: for j being Nat st len L <= n + 1 & L is_Finseq_for v & 1 <= j & j <= len L holds len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1 let j be Nat; ::_thesis: ( len L <= n + 1 & L is_Finseq_for v & 1 <= j & j <= len L implies len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1 ) assume A17: len L <= n + 1 ; ::_thesis: ( not L is_Finseq_for v or not 1 <= j or not j <= len L or len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1 ) ( L is_Finseq_for v & 1 <= j & j <= len L implies len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1 ) proof now__::_thesis:_(_L_is_Finseq_for_v_&_1_<=_j_&_j_<=_len_L_implies_len_(CastNode_((L_._j),v))_<=_((len_(CastNode_((L_._1),v)))_-_j)_+_1_) percases ( len L <= n or len L = n + 1 ) by A17, NAT_1:8; suppose len L <= n ; ::_thesis: ( L is_Finseq_for v & 1 <= j & j <= len L implies len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1 ) hence ( L is_Finseq_for v & 1 <= j & j <= len L implies len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1 ) by A2; ::_thesis: verum end; suppose len L = n + 1 ; ::_thesis: ( L is_Finseq_for v & 1 <= j & j <= len L implies len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1 ) hence ( L is_Finseq_for v & 1 <= j & j <= len L implies len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1 ) by A3; ::_thesis: verum end; end; end; hence ( L is_Finseq_for v & 1 <= j & j <= len L implies len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1 ) ; ::_thesis: verum end; hence ( not L is_Finseq_for v or not 1 <= j or not j <= len L or len (CastNode ((L . j),v)) <= ((len (CastNode ((L . 1),v))) - j) + 1 ) ; ::_thesis: verum end; hence S1[n + 1] ; ::_thesis: verum end; A18: S1[ 0 ] ; for n being Nat holds S1[n] from NAT_1:sch_2(A18, A1); hence ( L is_Finseq_for v & 1 <= k & k <= len L implies len (CastNode ((L . k),v)) <= ((len (CastNode ((L . 1),v))) - k) + 1 ) ; ::_thesis: verum end; theorem Th37: :: MODELC_3:37 for v being LTL-formula for s2, s1 being strict elementary LTLnode over v st s2 is_next_of s1 holds the LTLnext of s1 c= the LTLold of s2 proof let v be LTL-formula; ::_thesis: for s2, s1 being strict elementary LTLnode over v st s2 is_next_of s1 holds the LTLnext of s1 c= the LTLold of s2 let s2, s1 be strict elementary LTLnode over v; ::_thesis: ( s2 is_next_of s1 implies the LTLnext of s1 c= the LTLold of s2 ) set N1 = 'X' s1; A1: the LTLnew of s2 = {} v by Def11; assume s2 is_next_of s1 ; ::_thesis: the LTLnext of s1 c= the LTLold of s2 then consider L being FinSequence such that A2: 1 <= len L and A3: L is_Finseq_for v and A4: L . 1 = 'X' s1 and A5: L . (len L) = s2 by Def20; set n = len L; A6: CastNode ((L . (len L)),v) = s2 by A5, Def16; A7: CastNode ((L . 1),v) = 'X' s1 by A4, Def16; the LTLnext of s1 c= the LTLold of s2 proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in the LTLnext of s1 or x in the LTLold of s2 ) assume A8: x in the LTLnext of s1 ; ::_thesis: x in the LTLold of s2 then x in Subformulae v ; then reconsider x = x as LTL-formula by MODELC_2:1; 1 < len L by A2, A4, A5, A1, A8, XXREAL_0:1; then consider m being Nat such that A9: ( 1 <= m & m < len L ) and A10: ( x in the LTLnew of (CastNode ((L . m),v)) & not x in the LTLnew of (CastNode ((L . (m + 1)),v)) ) by A3, A7, A6, A1, A8, Th29; set m1 = m + 1; consider N1, N2 being strict LTLnode over v such that A11: N1 = L . m and A12: N2 = L . (m + 1) and A13: N2 is_succ_of N1 by A3, A9, Def19; A14: N2 = CastNode ((L . (m + 1)),v) by A12, Def16; ( 1 <= m + 1 & m + 1 <= len L ) by A9, NAT_1:13; then A15: the LTLold of N2 c= the LTLold of (CastNode ((L . (len L)),v)) by A3, A14, Th31; N1 = CastNode ((L . m),v) by A11, Def16; then x in the LTLold of N2 by A10, A13, A14, Th30, Th32; hence x in the LTLold of s2 by A6, A15; ::_thesis: verum end; hence the LTLnext of s1 c= the LTLold of s2 ; ::_thesis: verum end; theorem Th38: :: MODELC_3:38 for F, v being LTL-formula for s2, s1 being strict elementary LTLnode over v st s2 is_next_of s1 & F in the LTLold of s2 holds ex L being FinSequence ex m being Nat st ( 1 <= len L & L is_Finseq_for v & L . 1 = 'X' s1 & L . (len L) = s2 & 1 <= m & m < len L & CastNode ((L . (m + 1)),v) is_succ_of CastNode ((L . m),v),F ) proof let F, v be LTL-formula; ::_thesis: for s2, s1 being strict elementary LTLnode over v st s2 is_next_of s1 & F in the LTLold of s2 holds ex L being FinSequence ex m being Nat st ( 1 <= len L & L is_Finseq_for v & L . 1 = 'X' s1 & L . (len L) = s2 & 1 <= m & m < len L & CastNode ((L . (m + 1)),v) is_succ_of CastNode ((L . m),v),F ) let s2, s1 be strict elementary LTLnode over v; ::_thesis: ( s2 is_next_of s1 & F in the LTLold of s2 implies ex L being FinSequence ex m being Nat st ( 1 <= len L & L is_Finseq_for v & L . 1 = 'X' s1 & L . (len L) = s2 & 1 <= m & m < len L & CastNode ((L . (m + 1)),v) is_succ_of CastNode ((L . m),v),F ) ) assume that A1: s2 is_next_of s1 and A2: F in the LTLold of s2 ; ::_thesis: ex L being FinSequence ex m being Nat st ( 1 <= len L & L is_Finseq_for v & L . 1 = 'X' s1 & L . (len L) = s2 & 1 <= m & m < len L & CastNode ((L . (m + 1)),v) is_succ_of CastNode ((L . m),v),F ) set N1 = 'X' s1; consider L being FinSequence such that A3: 1 <= len L and A4: L is_Finseq_for v and A5: ( L . 1 = 'X' s1 & L . (len L) = s2 ) by A1, Def20; set n = len L; A6: ( CastNode ((L . 1),v) = 'X' s1 & CastNode ((L . (len L)),v) = s2 ) by A5, Def16; 1 < len L by A2, A3, A5, XXREAL_0:1; then consider m being Nat such that A7: ( 1 <= m & m < len L ) and A8: ( not F in the LTLold of (CastNode ((L . m),v)) & F in the LTLold of (CastNode ((L . (m + 1)),v)) ) by A2, A4, A6, Th27; set m1 = m + 1; consider N1, N2 being strict LTLnode over v such that A9: ( N1 = L . m & N2 = L . (m + 1) ) and A10: N2 is_succ_of N1 by A4, A7, Def19; ( N1 = CastNode ((L . m),v) & N2 = CastNode ((L . (m + 1)),v) ) by A9, Def16; hence ex L being FinSequence ex m being Nat st ( 1 <= len L & L is_Finseq_for v & L . 1 = 'X' s1 & L . (len L) = s2 & 1 <= m & m < len L & CastNode ((L . (m + 1)),v) is_succ_of CastNode ((L . m),v),F ) by A3, A4, A5, A7, A8, A10, Th28; ::_thesis: verum end; theorem Th39: :: MODELC_3:39 for H, v being LTL-formula for s2, s1 being strict elementary LTLnode over v st s2 is_next_of s1 & H is Release & H in the LTLold of s2 & not the_left_argument_of H in the LTLold of s2 holds ( the_right_argument_of H in the LTLold of s2 & H in the LTLnext of s2 ) proof let H, v be LTL-formula; ::_thesis: for s2, s1 being strict elementary LTLnode over v st s2 is_next_of s1 & H is Release & H in the LTLold of s2 & not the_left_argument_of H in the LTLold of s2 holds ( the_right_argument_of H in the LTLold of s2 & H in the LTLnext of s2 ) let s2, s1 be strict elementary LTLnode over v; ::_thesis: ( s2 is_next_of s1 & H is Release & H in the LTLold of s2 & not the_left_argument_of H in the LTLold of s2 implies ( the_right_argument_of H in the LTLold of s2 & H in the LTLnext of s2 ) ) set F = the_left_argument_of H; set G = the_right_argument_of H; set N1 = 'X' s1; assume that A1: s2 is_next_of s1 and A2: H is Release and A3: H in the LTLold of s2 and A4: not the_left_argument_of H in the LTLold of s2 ; ::_thesis: ( the_right_argument_of H in the LTLold of s2 & H in the LTLnext of s2 ) consider L being FinSequence, m being Nat such that 1 <= len L and A5: L is_Finseq_for v and L . 1 = 'X' s1 and A6: L . (len L) = s2 and A7: ( 1 <= m & m < len L ) and A8: CastNode ((L . (m + 1)),v) is_succ_of CastNode ((L . m),v),H by A1, A3, Th38; set m1 = m + 1; set M2 = CastNode ((L . (m + 1)),v); set n = len L; A9: CastNode ((L . (len L)),v) = s2 by A6, Def16; set M1 = CastNode ((L . m),v); A10: H in the LTLnew of (CastNode ((L . m),v)) by A8, Def6; A11: ( 1 <= m + 1 & m + 1 <= len L ) by A7, NAT_1:13; then A12: the LTLnext of (CastNode ((L . (m + 1)),v)) c= the LTLnext of s2 by A5, A9, Th31; the LTLnew of s2 = {} v by Def11; then A13: the LTLnew of (CastNode ((L . (m + 1)),v)) c= the LTLold of s2 by A5, A9, A11, Th34; LTLNew2 H = {(the_left_argument_of H),(the_right_argument_of H)} by A2, Def2; then A14: the_left_argument_of H in LTLNew2 H by TARSKI:def_2; A15: now__::_thesis:_not_CastNode_((L_._(m_+_1)),v)_=_SuccNode2_(H,(CastNode_((L_._m),v))) the LTLold of (CastNode ((L . m),v)) c= the LTLold of s2 by A5, A7, A9, Th31; then not the_left_argument_of H in the LTLold of (CastNode ((L . m),v)) by A4; then the_left_argument_of H in (LTLNew2 H) \ the LTLold of (CastNode ((L . m),v)) by A14, XBOOLE_0:def_5; then A16: the_left_argument_of H in ( the LTLnew of (CastNode ((L . m),v)) \ {H}) \/ ((LTLNew2 H) \ the LTLold of (CastNode ((L . m),v))) by XBOOLE_0:def_3; assume A17: CastNode ((L . (m + 1)),v) = SuccNode2 (H,(CastNode ((L . m),v))) ; ::_thesis: contradiction not the_left_argument_of H in the LTLnew of (CastNode ((L . (m + 1)),v)) by A4, A13; hence contradiction by A10, A17, A16, Def5; ::_thesis: verum end; LTLNew1 H = {(the_right_argument_of H)} by A2, Def1; then A18: the_right_argument_of H in LTLNew1 H by TARSKI:def_1; A19: ( CastNode ((L . (m + 1)),v) = SuccNode1 (H,(CastNode ((L . m),v))) or ( ( H is disjunctive or H is Until or H is Release ) & CastNode ((L . (m + 1)),v) = SuccNode2 (H,(CastNode ((L . m),v))) ) ) by A8, Def6; A20: the LTLold of (CastNode ((L . (m + 1)),v)) c= the LTLold of s2 by A5, A9, A11, Th31; A21: the_right_argument_of H in the LTLold of s2 proof now__::_thesis:_the_right_argument_of_H_in_the_LTLold_of_s2 percases ( not the_right_argument_of H in the LTLold of (CastNode ((L . m),v)) or the_right_argument_of H in the LTLold of (CastNode ((L . m),v)) ) ; suppose not the_right_argument_of H in the LTLold of (CastNode ((L . m),v)) ; ::_thesis: the_right_argument_of H in the LTLold of s2 then the_right_argument_of H in (LTLNew1 H) \ the LTLold of (CastNode ((L . m),v)) by A18, XBOOLE_0:def_5; then the_right_argument_of H in ( the LTLnew of (CastNode ((L . m),v)) \ {H}) \/ ((LTLNew1 H) \ the LTLold of (CastNode ((L . m),v))) by XBOOLE_0:def_3; then the_right_argument_of H in the LTLnew of (CastNode ((L . (m + 1)),v)) by A10, A19, A15, Def4; hence the_right_argument_of H in the LTLold of s2 by A13; ::_thesis: verum end; suppose the_right_argument_of H in the LTLold of (CastNode ((L . m),v)) ; ::_thesis: the_right_argument_of H in the LTLold of s2 then the_right_argument_of H in the LTLold of (CastNode ((L . m),v)) \/ {H} by XBOOLE_0:def_3; then the_right_argument_of H in the LTLold of (CastNode ((L . (m + 1)),v)) by A10, A19, A15, Def4; hence the_right_argument_of H in the LTLold of s2 by A20; ::_thesis: verum end; end; end; hence the_right_argument_of H in the LTLold of s2 ; ::_thesis: verum end; LTLNext H = {H} by A2, Def3; then H in LTLNext H by TARSKI:def_1; then H in the LTLnext of (CastNode ((L . m),v)) \/ (LTLNext H) by XBOOLE_0:def_3; then H in the LTLnext of (CastNode ((L . (m + 1)),v)) by A10, A19, A15, Def4; hence ( the_right_argument_of H in the LTLold of s2 & H in the LTLnext of s2 ) by A12, A21; ::_thesis: verum end; theorem Th40: :: MODELC_3:40 for H, v being LTL-formula for s2, s1 being strict elementary LTLnode over v st s2 is_next_of s1 & H is Release & H in the LTLnext of s1 holds ( the_right_argument_of H in the LTLold of s2 & H in the LTLold of s2 ) proof let H, v be LTL-formula; ::_thesis: for s2, s1 being strict elementary LTLnode over v st s2 is_next_of s1 & H is Release & H in the LTLnext of s1 holds ( the_right_argument_of H in the LTLold of s2 & H in the LTLold of s2 ) let s2, s1 be strict elementary LTLnode over v; ::_thesis: ( s2 is_next_of s1 & H is Release & H in the LTLnext of s1 implies ( the_right_argument_of H in the LTLold of s2 & H in the LTLold of s2 ) ) set F = the_left_argument_of H; set G = the_right_argument_of H; set N1 = 'X' s1; assume that A1: s2 is_next_of s1 and A2: H is Release and A3: H in the LTLnext of s1 ; ::_thesis: ( the_right_argument_of H in the LTLold of s2 & H in the LTLold of s2 ) A4: the LTLnext of s1 c= the LTLold of s2 by A1, Th37; then consider L being FinSequence, m being Nat such that 1 <= len L and A5: L is_Finseq_for v and L . 1 = 'X' s1 and A6: L . (len L) = s2 and A7: ( 1 <= m & m < len L ) and A8: CastNode ((L . (m + 1)),v) is_succ_of CastNode ((L . m),v),H by A1, A3, Th38; A9: the LTLnew of s2 = {} v by Def11; set M1 = CastNode ((L . m),v); set m1 = m + 1; set M2 = CastNode ((L . (m + 1)),v); set n = len L; A10: CastNode ((L . (len L)),v) = s2 by A6, Def16; ( 1 <= m + 1 & m + 1 <= len L ) by A7, NAT_1:13; then A11: the LTLnew of (CastNode ((L . (m + 1)),v)) c= the LTLold of s2 by A5, A10, A9, Th34; LTLNew2 H = {(the_left_argument_of H),(the_right_argument_of H)} by A2, Def2; then A12: the_right_argument_of H in LTLNew2 H by TARSKI:def_2; LTLNew1 H = {(the_right_argument_of H)} by A2, Def1; then A13: the_right_argument_of H in LTLNew1 H by TARSKI:def_1; A14: the LTLold of (CastNode ((L . m),v)) c= the LTLold of s2 by A5, A7, A10, Th31; the_right_argument_of H in the LTLold of s2 proof now__::_thesis:_the_right_argument_of_H_in_the_LTLold_of_s2 percases ( the_right_argument_of H in the LTLold of (CastNode ((L . m),v)) or not the_right_argument_of H in the LTLold of (CastNode ((L . m),v)) ) ; suppose the_right_argument_of H in the LTLold of (CastNode ((L . m),v)) ; ::_thesis: the_right_argument_of H in the LTLold of s2 hence the_right_argument_of H in the LTLold of s2 by A14; ::_thesis: verum end; supposeA15: not the_right_argument_of H in the LTLold of (CastNode ((L . m),v)) ; ::_thesis: the_right_argument_of H in the LTLold of s2 now__::_thesis:_the_right_argument_of_H_in_the_LTLold_of_s2 percases ( ( H in the LTLnew of (CastNode ((L . m),v)) & CastNode ((L . (m + 1)),v) = SuccNode1 (H,(CastNode ((L . m),v))) ) or ( H in the LTLnew of (CastNode ((L . m),v)) & ( H is disjunctive or H is Until or H is Release ) & CastNode ((L . (m + 1)),v) = SuccNode2 (H,(CastNode ((L . m),v))) ) ) by A8, Def6; supposeA16: ( H in the LTLnew of (CastNode ((L . m),v)) & CastNode ((L . (m + 1)),v) = SuccNode1 (H,(CastNode ((L . m),v))) ) ; ::_thesis: the_right_argument_of H in the LTLold of s2 the_right_argument_of H in (LTLNew1 H) \ the LTLold of (CastNode ((L . m),v)) by A13, A15, XBOOLE_0:def_5; then the_right_argument_of H in ( the LTLnew of (CastNode ((L . m),v)) \ {H}) \/ ((LTLNew1 H) \ the LTLold of (CastNode ((L . m),v))) by XBOOLE_0:def_3; then the_right_argument_of H in the LTLnew of (CastNode ((L . (m + 1)),v)) by A16, Def4; hence the_right_argument_of H in the LTLold of s2 by A11; ::_thesis: verum end; supposeA17: ( H in the LTLnew of (CastNode ((L . m),v)) & ( H is disjunctive or H is Until or H is Release ) & CastNode ((L . (m + 1)),v) = SuccNode2 (H,(CastNode ((L . m),v))) ) ; ::_thesis: the_right_argument_of H in the LTLold of s2 the_right_argument_of H in (LTLNew2 H) \ the LTLold of (CastNode ((L . m),v)) by A12, A15, XBOOLE_0:def_5; then the_right_argument_of H in ( the LTLnew of (CastNode ((L . m),v)) \ {H}) \/ ((LTLNew2 H) \ the LTLold of (CastNode ((L . m),v))) by XBOOLE_0:def_3; then the_right_argument_of H in the LTLnew of (CastNode ((L . (m + 1)),v)) by A17, Def5; hence the_right_argument_of H in the LTLold of s2 by A11; ::_thesis: verum end; end; end; hence the_right_argument_of H in the LTLold of s2 ; ::_thesis: verum end; end; end; hence the_right_argument_of H in the LTLold of s2 ; ::_thesis: verum end; hence ( the_right_argument_of H in the LTLold of s2 & H in the LTLold of s2 ) by A3, A4; ::_thesis: verum end; theorem Th41: :: MODELC_3:41 for H, v being LTL-formula for s1, s0 being strict elementary LTLnode over v st s1 is_next_of s0 & H in the LTLold of s1 holds ( ( H is conjunctive implies ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) ) & ( ( not H is disjunctive & not H is Until ) or the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) & ( H is next implies the_argument_of H in the LTLnext of s1 ) & ( H is Release implies the_right_argument_of H in the LTLold of s1 ) ) proof let H, v be LTL-formula; ::_thesis: for s1, s0 being strict elementary LTLnode over v st s1 is_next_of s0 & H in the LTLold of s1 holds ( ( H is conjunctive implies ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) ) & ( ( not H is disjunctive & not H is Until ) or the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) & ( H is next implies the_argument_of H in the LTLnext of s1 ) & ( H is Release implies the_right_argument_of H in the LTLold of s1 ) ) let s1, s0 be strict elementary LTLnode over v; ::_thesis: ( s1 is_next_of s0 & H in the LTLold of s1 implies ( ( H is conjunctive implies ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) ) & ( ( not H is disjunctive & not H is Until ) or the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) & ( H is next implies the_argument_of H in the LTLnext of s1 ) & ( H is Release implies the_right_argument_of H in the LTLold of s1 ) ) ) assume that A1: s1 is_next_of s0 and A2: H in the LTLold of s1 ; ::_thesis: ( ( H is conjunctive implies ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) ) & ( ( not H is disjunctive & not H is Until ) or the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) & ( H is next implies the_argument_of H in the LTLnext of s1 ) & ( H is Release implies the_right_argument_of H in the LTLold of s1 ) ) consider L being FinSequence such that A3: 1 <= len L and A4: L is_Finseq_for v and A5: L . 1 = 'X' s0 and A6: L . (len L) = s1 by A1, Def20; A7: CastNode ((L . 1),v) = 'X' s0 by A5, Def16; set n = len L; A8: CastNode ((L . (len L)),v) = s1 by A6, Def16; 1 < len L by A2, A3, A5, A6, XXREAL_0:1; then consider m being Nat such that A9: ( 1 <= m & m < len L ) and A10: ( not H in the LTLold of (CastNode ((L . m),v)) & H in the LTLold of (CastNode ((L . (m + 1)),v)) ) by A2, A4, A8, A7, Th27; consider N1, N2 being strict LTLnode over v such that A11: N1 = L . m and A12: N2 = L . (m + 1) and A13: N2 is_succ_of N1 by A4, A9, Def19; A14: CastNode ((L . m),v) = N1 by A11, Def16; then A15: the LTLold of N1 c= the LTLold of s1 by A4, A8, A9, Th31; set m1 = m + 1; A16: ( m + 1 <= len L & 1 <= m + 1 ) by A9, NAT_1:13; A17: CastNode ((L . (m + 1)),v) = N2 by A12, Def16; then A18: N2 is_succ_of N1,H by A10, A13, A14, Th28; the LTLnew of (CastNode ((L . (len L)),v)) = {} v by A8, Def11; then A19: the LTLnew of N2 c= the LTLold of s1 by A4, A8, A17, A16, Th34; A20: ( H is conjunctive implies ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) ) proof set G = the_right_argument_of H; set F = the_left_argument_of H; assume A21: H is conjunctive ; ::_thesis: ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) then A22: LTLNew1 H = {(the_left_argument_of H),(the_right_argument_of H)} by Def1; now__::_thesis:_(_the_left_argument_of_H_in_the_LTLold_of_s1_&_the_right_argument_of_H_in_the_LTLold_of_s1_) percases ( ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) or ( H in the LTLnew of N1 & ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ) by A18, Def6; suppose ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) ; ::_thesis: ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) then the LTLnew of N2 = ( the LTLnew of N1 \ {H}) \/ ((LTLNew1 H) \ the LTLold of N1) by Def4; then A23: (LTLNew1 H) \ the LTLold of N1 c= the LTLnew of N2 by XBOOLE_1:7; A24: the_right_argument_of H in the LTLold of s1 proof now__::_thesis:_the_right_argument_of_H_in_the_LTLold_of_s1 percases ( the_right_argument_of H in the LTLold of N1 or not the_right_argument_of H in the LTLold of N1 ) ; suppose the_right_argument_of H in the LTLold of N1 ; ::_thesis: the_right_argument_of H in the LTLold of s1 hence the_right_argument_of H in the LTLold of s1 by A15; ::_thesis: verum end; supposeA25: not the_right_argument_of H in the LTLold of N1 ; ::_thesis: the_right_argument_of H in the LTLold of s1 the_right_argument_of H in LTLNew1 H by A22, TARSKI:def_2; then the_right_argument_of H in (LTLNew1 H) \ the LTLold of N1 by A25, XBOOLE_0:def_5; then the_right_argument_of H in the LTLnew of N2 by A23; hence the_right_argument_of H in the LTLold of s1 by A19; ::_thesis: verum end; end; end; hence the_right_argument_of H in the LTLold of s1 ; ::_thesis: verum end; the_left_argument_of H in the LTLold of s1 proof now__::_thesis:_the_left_argument_of_H_in_the_LTLold_of_s1 percases ( the_left_argument_of H in the LTLold of N1 or not the_left_argument_of H in the LTLold of N1 ) ; suppose the_left_argument_of H in the LTLold of N1 ; ::_thesis: the_left_argument_of H in the LTLold of s1 hence the_left_argument_of H in the LTLold of s1 by A15; ::_thesis: verum end; supposeA26: not the_left_argument_of H in the LTLold of N1 ; ::_thesis: the_left_argument_of H in the LTLold of s1 the_left_argument_of H in LTLNew1 H by A22, TARSKI:def_2; then the_left_argument_of H in (LTLNew1 H) \ the LTLold of N1 by A26, XBOOLE_0:def_5; then the_left_argument_of H in the LTLnew of N2 by A23; hence the_left_argument_of H in the LTLold of s1 by A19; ::_thesis: verum end; end; end; hence the_left_argument_of H in the LTLold of s1 ; ::_thesis: verum end; hence ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) by A24; ::_thesis: verum end; suppose ( H in the LTLnew of N1 & ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ; ::_thesis: ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) hence ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) by A21, MODELC_2:78; ::_thesis: verum end; end; end; hence ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) ; ::_thesis: verum end; A27: ( H is Release implies the_right_argument_of H in the LTLold of s1 ) proof set G = the_right_argument_of H; set F = the_left_argument_of H; assume A28: H is Release ; ::_thesis: the_right_argument_of H in the LTLold of s1 then A29: LTLNew2 H = {(the_left_argument_of H),(the_right_argument_of H)} by Def2; A30: LTLNew1 H = {(the_right_argument_of H)} by A28, Def1; now__::_thesis:_the_right_argument_of_H_in_the_LTLold_of_s1 percases ( ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) or ( H in the LTLnew of N1 & ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ) by A18, Def6; suppose ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) ; ::_thesis: the_right_argument_of H in the LTLold of s1 then the LTLnew of N2 = ( the LTLnew of N1 \ {H}) \/ ((LTLNew1 H) \ the LTLold of N1) by Def4; then A31: (LTLNew1 H) \ the LTLold of N1 c= the LTLnew of N2 by XBOOLE_1:7; the_right_argument_of H in the LTLold of s1 proof now__::_thesis:_the_right_argument_of_H_in_the_LTLold_of_s1 percases ( the_right_argument_of H in the LTLold of N1 or not the_right_argument_of H in the LTLold of N1 ) ; suppose the_right_argument_of H in the LTLold of N1 ; ::_thesis: the_right_argument_of H in the LTLold of s1 hence the_right_argument_of H in the LTLold of s1 by A15; ::_thesis: verum end; supposeA32: not the_right_argument_of H in the LTLold of N1 ; ::_thesis: the_right_argument_of H in the LTLold of s1 the_right_argument_of H in LTLNew1 H by A30, TARSKI:def_1; then the_right_argument_of H in (LTLNew1 H) \ the LTLold of N1 by A32, XBOOLE_0:def_5; then the_right_argument_of H in the LTLnew of N2 by A31; hence the_right_argument_of H in the LTLold of s1 by A19; ::_thesis: verum end; end; end; hence the_right_argument_of H in the LTLold of s1 ; ::_thesis: verum end; hence the_right_argument_of H in the LTLold of s1 ; ::_thesis: verum end; suppose ( H in the LTLnew of N1 & ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ; ::_thesis: the_right_argument_of H in the LTLold of s1 then the LTLnew of N2 = ( the LTLnew of N1 \ {H}) \/ ((LTLNew2 H) \ the LTLold of N1) by Def5; then A33: (LTLNew2 H) \ the LTLold of N1 c= the LTLnew of N2 by XBOOLE_1:7; the_right_argument_of H in the LTLold of s1 proof now__::_thesis:_the_right_argument_of_H_in_the_LTLold_of_s1 percases ( the_right_argument_of H in the LTLold of N1 or not the_right_argument_of H in the LTLold of N1 ) ; suppose the_right_argument_of H in the LTLold of N1 ; ::_thesis: the_right_argument_of H in the LTLold of s1 hence the_right_argument_of H in the LTLold of s1 by A15; ::_thesis: verum end; supposeA34: not the_right_argument_of H in the LTLold of N1 ; ::_thesis: the_right_argument_of H in the LTLold of s1 the_right_argument_of H in LTLNew2 H by A29, TARSKI:def_2; then the_right_argument_of H in (LTLNew2 H) \ the LTLold of N1 by A34, XBOOLE_0:def_5; then the_right_argument_of H in the LTLnew of N2 by A33; hence the_right_argument_of H in the LTLold of s1 by A19; ::_thesis: verum end; end; end; hence the_right_argument_of H in the LTLold of s1 ; ::_thesis: verum end; hence the_right_argument_of H in the LTLold of s1 ; ::_thesis: verum end; end; end; hence the_right_argument_of H in the LTLold of s1 ; ::_thesis: verum end; A35: ( ( not H is disjunctive & not H is Until ) or the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) proof set G = the_right_argument_of H; set F = the_left_argument_of H; assume A36: ( H is disjunctive or H is Until ) ; ::_thesis: ( the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) then A37: LTLNew2 H = {(the_right_argument_of H)} by Def2; A38: LTLNew1 H = {(the_left_argument_of H)} by A36, Def1; now__::_thesis:_(_the_left_argument_of_H_in_the_LTLold_of_s1_or_the_right_argument_of_H_in_the_LTLold_of_s1_) percases ( ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) or ( H in the LTLnew of N1 & ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ) by A18, Def6; suppose ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) ; ::_thesis: ( the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) then the LTLnew of N2 = ( the LTLnew of N1 \ {H}) \/ ((LTLNew1 H) \ the LTLold of N1) by Def4; then A39: (LTLNew1 H) \ the LTLold of N1 c= the LTLnew of N2 by XBOOLE_1:7; the_left_argument_of H in the LTLold of s1 proof now__::_thesis:_the_left_argument_of_H_in_the_LTLold_of_s1 percases ( the_left_argument_of H in the LTLold of N1 or not the_left_argument_of H in the LTLold of N1 ) ; suppose the_left_argument_of H in the LTLold of N1 ; ::_thesis: the_left_argument_of H in the LTLold of s1 hence the_left_argument_of H in the LTLold of s1 by A15; ::_thesis: verum end; supposeA40: not the_left_argument_of H in the LTLold of N1 ; ::_thesis: the_left_argument_of H in the LTLold of s1 the_left_argument_of H in LTLNew1 H by A38, TARSKI:def_1; then the_left_argument_of H in (LTLNew1 H) \ the LTLold of N1 by A40, XBOOLE_0:def_5; then the_left_argument_of H in the LTLnew of N2 by A39; hence the_left_argument_of H in the LTLold of s1 by A19; ::_thesis: verum end; end; end; hence the_left_argument_of H in the LTLold of s1 ; ::_thesis: verum end; hence ( the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) ; ::_thesis: verum end; suppose ( H in the LTLnew of N1 & ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ; ::_thesis: ( the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) then the LTLnew of N2 = ( the LTLnew of N1 \ {H}) \/ ((LTLNew2 H) \ the LTLold of N1) by Def5; then A41: (LTLNew2 H) \ the LTLold of N1 c= the LTLnew of N2 by XBOOLE_1:7; the_right_argument_of H in the LTLold of s1 proof now__::_thesis:_the_right_argument_of_H_in_the_LTLold_of_s1 percases ( the_right_argument_of H in the LTLold of N1 or not the_right_argument_of H in the LTLold of N1 ) ; suppose the_right_argument_of H in the LTLold of N1 ; ::_thesis: the_right_argument_of H in the LTLold of s1 hence the_right_argument_of H in the LTLold of s1 by A15; ::_thesis: verum end; supposeA42: not the_right_argument_of H in the LTLold of N1 ; ::_thesis: the_right_argument_of H in the LTLold of s1 the_right_argument_of H in LTLNew2 H by A37, TARSKI:def_1; then the_right_argument_of H in (LTLNew2 H) \ the LTLold of N1 by A42, XBOOLE_0:def_5; then the_right_argument_of H in the LTLnew of N2 by A41; hence the_right_argument_of H in the LTLold of s1 by A19; ::_thesis: verum end; end; end; hence the_right_argument_of H in the LTLold of s1 ; ::_thesis: verum end; hence ( the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) ; ::_thesis: verum end; end; end; hence ( the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) ; ::_thesis: verum end; A43: the LTLnext of N2 c= the LTLnext of s1 by A4, A8, A17, A16, Th31; ( H is next implies the_argument_of H in the LTLnext of s1 ) proof set F = the_argument_of H; assume A44: H is next ; ::_thesis: the_argument_of H in the LTLnext of s1 then A45: LTLNext H = {(the_argument_of H)} by Def3; now__::_thesis:_the_argument_of_H_in_the_LTLnext_of_s1 percases ( ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) or ( H in the LTLnew of N1 & ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ) by A18, Def6; suppose ( H in the LTLnew of N1 & N2 = SuccNode1 (H,N1) ) ; ::_thesis: the_argument_of H in the LTLnext of s1 then the LTLnext of N2 = the LTLnext of N1 \/ (LTLNext H) by Def4; then LTLNext H c= the LTLnext of N2 by XBOOLE_1:7; then A46: LTLNext H c= the LTLnext of s1 by A43, XBOOLE_1:1; the_argument_of H in LTLNext H by A45, TARSKI:def_1; hence the_argument_of H in the LTLnext of s1 by A46; ::_thesis: verum end; suppose ( H in the LTLnew of N1 & ( H is disjunctive or H is Until or H is Release ) & N2 = SuccNode2 (H,N1) ) ; ::_thesis: the_argument_of H in the LTLnext of s1 hence the_argument_of H in the LTLnext of s1 by A44, MODELC_2:78; ::_thesis: verum end; end; end; hence the_argument_of H in the LTLnext of s1 ; ::_thesis: verum end; hence ( ( H is conjunctive implies ( the_left_argument_of H in the LTLold of s1 & the_right_argument_of H in the LTLold of s1 ) ) & ( ( not H is disjunctive & not H is Until ) or the_left_argument_of H in the LTLold of s1 or the_right_argument_of H in the LTLold of s1 ) & ( H is next implies the_argument_of H in the LTLnext of s1 ) & ( H is Release implies the_right_argument_of H in the LTLold of s1 ) ) by A20, A35, A27; ::_thesis: verum end; Lm30: for F, G, v being LTL-formula for s1, s0, s2 being strict elementary LTLnode over v st s1 is_next_of s0 & s2 is_next_of s1 & F 'U' G in the LTLold of s1 & not G in the LTLold of s1 holds ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) proof let F, G, v be LTL-formula; ::_thesis: for s1, s0, s2 being strict elementary LTLnode over v st s1 is_next_of s0 & s2 is_next_of s1 & F 'U' G in the LTLold of s1 & not G in the LTLold of s1 holds ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) let s1, s0, s2 be strict elementary LTLnode over v; ::_thesis: ( s1 is_next_of s0 & s2 is_next_of s1 & F 'U' G in the LTLold of s1 & not G in the LTLold of s1 implies ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) ) assume that A1: s1 is_next_of s0 and A2: s2 is_next_of s1 and A3: F 'U' G in the LTLold of s1 ; ::_thesis: ( G in the LTLold of s1 or ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) ) set F1 = F 'U' G; consider L being FinSequence such that A4: 1 <= len L and A5: L is_Finseq_for v and A6: L . 1 = 'X' s0 and A7: L . (len L) = s1 by A1, Def20; A8: CastNode ((L . 1),v) = 'X' s0 by A6, Def16; set n = len L; A9: CastNode ((L . (len L)),v) = s1 by A7, Def16; 1 < len L by A3, A4, A6, A7, XXREAL_0:1; then consider m being Nat such that A10: ( 1 <= m & m < len L ) and A11: ( not F 'U' G in the LTLold of (CastNode ((L . m),v)) & F 'U' G in the LTLold of (CastNode ((L . (m + 1)),v)) ) by A3, A5, A9, A8, Th27; consider N1, N2 being strict LTLnode over v such that A12: N1 = L . m and A13: N2 = L . (m + 1) and A14: N2 is_succ_of N1 by A5, A10, Def19; set m1 = m + 1; A15: CastNode ((L . (m + 1)),v) = N2 by A13, Def16; A16: F 'U' G is Until by MODELC_2:def_16; then A17: LTLNext (F 'U' G) = {(F 'U' G)} by Def3; the_right_argument_of (F 'U' G) = G by A16, MODELC_2:def_20; then A18: LTLNew2 (F 'U' G) = {G} by A16, Def2; the_left_argument_of (F 'U' G) = F by A16, MODELC_2:def_19; then A19: LTLNew1 (F 'U' G) = {F} by A16, Def1; A20: CastNode ((L . m),v) = N1 by A12, Def16; then A21: the LTLold of N1 c= the LTLold of s1 by A5, A9, A10, Th31; A22: ( m + 1 <= len L & 1 <= m + 1 ) by A10, NAT_1:13; then A23: the LTLnext of N2 c= the LTLnext of s1 by A5, A9, A15, Th31; the LTLnew of (CastNode ((L . (len L)),v)) = {} v by A9, Def11; then A24: the LTLnew of N2 c= the LTLold of s1 by A5, A9, A15, A22, Th34; A25: N2 is_succ_of N1,F 'U' G by A11, A14, A20, A15, Th28; ( not G in the LTLold of s1 implies ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) ) proof assume A26: not G in the LTLold of s1 ; ::_thesis: ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) now__::_thesis:_(_F_in_the_LTLold_of_s1_&_F_'U'_G_in_the_LTLold_of_s2_) percases ( ( F 'U' G in the LTLnew of N1 & N2 = SuccNode1 ((F 'U' G),N1) ) or ( F 'U' G in the LTLnew of N1 & ( F 'U' G is disjunctive or F 'U' G is Until or F 'U' G is Release ) & N2 = SuccNode2 ((F 'U' G),N1) ) ) by A25, Def6; supposeA27: ( F 'U' G in the LTLnew of N1 & N2 = SuccNode1 ((F 'U' G),N1) ) ; ::_thesis: ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) then the LTLnew of N2 = ( the LTLnew of N1 \ {(F 'U' G)}) \/ ((LTLNew1 (F 'U' G)) \ the LTLold of N1) by Def4; then A28: (LTLNew1 (F 'U' G)) \ the LTLold of N1 c= the LTLnew of N2 by XBOOLE_1:7; A29: F in the LTLold of s1 proof now__::_thesis:_F_in_the_LTLold_of_s1 percases ( F in the LTLold of N1 or not F in the LTLold of N1 ) ; suppose F in the LTLold of N1 ; ::_thesis: F in the LTLold of s1 hence F in the LTLold of s1 by A21; ::_thesis: verum end; supposeA30: not F in the LTLold of N1 ; ::_thesis: F in the LTLold of s1 F in LTLNew1 (F 'U' G) by A19, TARSKI:def_1; then F in (LTLNew1 (F 'U' G)) \ the LTLold of N1 by A30, XBOOLE_0:def_5; then F in the LTLnew of N2 by A28; hence F in the LTLold of s1 by A24; ::_thesis: verum end; end; end; hence F in the LTLold of s1 ; ::_thesis: verum end; the LTLnext of N2 = the LTLnext of N1 \/ (LTLNext (F 'U' G)) by A27, Def4; then A31: LTLNext (F 'U' G) c= the LTLnext of N2 by XBOOLE_1:7; F 'U' G in LTLNext (F 'U' G) by A17, TARSKI:def_1; then F 'U' G in the LTLnext of N2 by A31; then A32: F 'U' G in the LTLnext of s1 by A23; the LTLnext of s1 c= the LTLold of s2 by A2, Th37; hence ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) by A29, A32; ::_thesis: verum end; suppose ( F 'U' G in the LTLnew of N1 & ( F 'U' G is disjunctive or F 'U' G is Until or F 'U' G is Release ) & N2 = SuccNode2 ((F 'U' G),N1) ) ; ::_thesis: ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) then the LTLnew of N2 = ( the LTLnew of N1 \ {(F 'U' G)}) \/ ((LTLNew2 (F 'U' G)) \ the LTLold of N1) by Def5; then A33: (LTLNew2 (F 'U' G)) \ the LTLold of N1 c= the LTLnew of N2 by XBOOLE_1:7; G in the LTLold of s1 proof now__::_thesis:_G_in_the_LTLold_of_s1 percases ( G in the LTLold of N1 or not G in the LTLold of N1 ) ; suppose G in the LTLold of N1 ; ::_thesis: G in the LTLold of s1 hence G in the LTLold of s1 by A21; ::_thesis: verum end; supposeA34: not G in the LTLold of N1 ; ::_thesis: G in the LTLold of s1 G in LTLNew2 (F 'U' G) by A18, TARSKI:def_1; then G in (LTLNew2 (F 'U' G)) \ the LTLold of N1 by A34, XBOOLE_0:def_5; then G in the LTLnew of N2 by A33; hence G in the LTLold of s1 by A24; ::_thesis: verum end; end; end; hence G in the LTLold of s1 ; ::_thesis: verum end; hence ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) by A26; ::_thesis: verum end; end; end; hence ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) ; ::_thesis: verum end; hence ( G in the LTLold of s1 or ( F in the LTLold of s1 & F 'U' G in the LTLold of s2 ) ) ; ::_thesis: verum end; theorem :: MODELC_3:42 for H, v being LTL-formula for s1, s0, s2 being strict elementary LTLnode over v st s1 is_next_of s0 & s2 is_next_of s1 & H in the LTLold of s1 & H is Until & not the_right_argument_of H in the LTLold of s1 holds ( the_left_argument_of H in the LTLold of s1 & H in the LTLold of s2 ) proof let H, v be LTL-formula; ::_thesis: for s1, s0, s2 being strict elementary LTLnode over v st s1 is_next_of s0 & s2 is_next_of s1 & H in the LTLold of s1 & H is Until & not the_right_argument_of H in the LTLold of s1 holds ( the_left_argument_of H in the LTLold of s1 & H in the LTLold of s2 ) let s1, s0, s2 be strict elementary LTLnode over v; ::_thesis: ( s1 is_next_of s0 & s2 is_next_of s1 & H in the LTLold of s1 & H is Until & not the_right_argument_of H in the LTLold of s1 implies ( the_left_argument_of H in the LTLold of s1 & H in the LTLold of s2 ) ) assume that A1: ( s1 is_next_of s0 & s2 is_next_of s1 & H in the LTLold of s1 ) and A2: H is Until ; ::_thesis: ( the_right_argument_of H in the LTLold of s1 or ( the_left_argument_of H in the LTLold of s1 & H in the LTLold of s2 ) ) set G = the_right_argument_of H; set F = the_left_argument_of H; H = (the_left_argument_of H) 'U' (the_right_argument_of H) by A2, MODELC_2:8; hence ( the_right_argument_of H in the LTLold of s1 or ( the_left_argument_of H in the LTLold of s1 & H in the LTLold of s2 ) ) by A1, Lm30; ::_thesis: verum end; definition let v be LTL-formula; func LTLNodes v -> non empty set means :Def30: :: MODELC_3:def 30 for x being set holds ( x in it iff ex N being strict LTLnode over v st x = N ); existence ex b1 being non empty set st for x being set holds ( x in b1 iff ex N being strict LTLnode over v st x = N ) proof set T = bool (Subformulae v); set Y = [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):]; defpred S1[ set , set ] means ( $1 in [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] & ex y1, y2, y3 being Subset of (Subformulae v) ex N being strict LTLnode over v st ( $1 = [[y1,y2],y3] & $2 = N & the LTLold of N = y1 & the LTLnew of N = y2 & the LTLnext of N = y3 ) ); A1: for x, y, z being set st S1[x,y] & S1[x,z] holds y = z proof let x, y, z be set ; ::_thesis: ( S1[x,y] & S1[x,z] implies y = z ) assume that A2: S1[x,y] and A3: S1[x,z] ; ::_thesis: y = z consider y1, y2, y3 being Subset of (Subformulae v), N1 being strict LTLnode over v such that A4: x = [[y1,y2],y3] and A5: ( y = N1 & the LTLold of N1 = y1 & the LTLnew of N1 = y2 & the LTLnext of N1 = y3 ) by A2; consider z1, z2, z3 being Subset of (Subformulae v), N2 being strict LTLnode over v such that A6: x = [[z1,z2],z3] and A7: ( z = N2 & the LTLold of N2 = z1 & the LTLnew of N2 = z2 & the LTLnext of N2 = z3 ) by A3; A8: y3 = z3 by A4, A6, XTUPLE_0:1; A9: [y1,y2] = [z1,z2] by A4, A6, XTUPLE_0:1; then y1 = z1 by XTUPLE_0:1; hence y = z by A5, A7, A9, A8, XTUPLE_0:1; ::_thesis: verum end; consider IT being set such that A10: for x being set holds ( x in IT iff ex y being set st ( y in [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] & S1[y,x] ) ) from TARSKI:sch_1(A1); not IT is empty proof set e = {} v; set x = LTLnode(# ({} v),({} v),({} v) #); set y = [[({} v),({} v)],({} v)]; [({} v),({} v)] in [:(bool (Subformulae v)),(bool (Subformulae v)):] by ZFMISC_1:def_2; then [[({} v),({} v)],({} v)] in [:[:(bool (Subformulae v)),(bool (Subformulae v)):],(bool (Subformulae v)):] by ZFMISC_1:def_2; then S1[[[({} v),({} v)],({} v)], LTLnode(# ({} v),({} v),({} v) #)] by ZFMISC_1:def_3; hence not IT is empty by A10; ::_thesis: verum end; then reconsider IT = IT as non empty set ; A11: for x being set st ex N being strict LTLnode over v st x = N holds x in IT proof let x be set ; ::_thesis: ( ex N being strict LTLnode over v st x = N implies x in IT ) assume ex N being strict LTLnode over v st x = N ; ::_thesis: x in IT then consider N being strict LTLnode over v such that A12: x = N ; set y3 = the LTLnext of N; set y2 = the LTLnew of N; set y1 = the LTLold of N; set y = [[ the LTLold of N, the LTLnew of N], the LTLnext of N]; [ the LTLold of N, the LTLnew of N] in [:(bool (Subformulae v)),(bool (Subformulae v)):] by ZFMISC_1:def_2; then [[ the LTLold of N, the LTLnew of N], the LTLnext of N] in [:[:(bool (Subformulae v)),(bool (Subformulae v)):],(bool (Subformulae v)):] by ZFMISC_1:def_2; then [[ the LTLold of N, the LTLnew of N], the LTLnext of N] in [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] by ZFMISC_1:def_3; hence x in IT by A10, A12; ::_thesis: verum end; take IT ; ::_thesis: for x being set holds ( x in IT iff ex N being strict LTLnode over v st x = N ) for x being set st x in IT holds ex N being strict LTLnode over v st x = N proof let x be set ; ::_thesis: ( x in IT implies ex N being strict LTLnode over v st x = N ) assume x in IT ; ::_thesis: ex N being strict LTLnode over v st x = N then ex y being set st ( y in [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] & S1[y,x] ) by A10; hence ex N being strict LTLnode over v st x = N ; ::_thesis: verum end; hence for x being set holds ( x in IT iff ex N being strict LTLnode over v st x = N ) by A11; ::_thesis: verum end; uniqueness for b1, b2 being non empty set st ( for x being set holds ( x in b1 iff ex N being strict LTLnode over v st x = N ) ) & ( for x being set holds ( x in b2 iff ex N being strict LTLnode over v st x = N ) ) holds b1 = b2 proof let X, Y be non empty set ; ::_thesis: ( ( for x being set holds ( x in X iff ex N being strict LTLnode over v st x = N ) ) & ( for x being set holds ( x in Y iff ex N being strict LTLnode over v st x = N ) ) implies X = Y ) ( ( for x being set holds ( x in X iff ex N being strict LTLnode over v st x = N ) ) & ( for x being set holds ( x in Y iff ex N being strict LTLnode over v st x = N ) ) implies X = Y ) proof assume that A13: for x being set holds ( x in X iff ex N being strict LTLnode over v st x = N ) and A14: for x being set holds ( x in Y iff ex N being strict LTLnode over v st x = N ) ; ::_thesis: X = Y for x being set holds ( x in X iff x in Y ) proof let x be set ; ::_thesis: ( x in X iff x in Y ) ( x in X iff ex N being strict LTLnode over v st x = N ) by A13; hence ( x in X iff x in Y ) by A14; ::_thesis: verum end; hence X = Y by TARSKI:1; ::_thesis: verum end; hence ( ( for x being set holds ( x in X iff ex N being strict LTLnode over v st x = N ) ) & ( for x being set holds ( x in Y iff ex N being strict LTLnode over v st x = N ) ) implies X = Y ) ; ::_thesis: verum end; end; :: deftheorem Def30 defines LTLNodes MODELC_3:def_30_:_ for v being LTL-formula for b2 being non empty set holds ( b2 = LTLNodes v iff for x being set holds ( x in b2 iff ex N being strict LTLnode over v st x = N ) ); registration let v be LTL-formula; cluster LTLNodes v -> non empty finite ; correctness coherence LTLNodes v is finite ; proof deffunc H1( set ) -> set = [[ the LTLold of (CastNode (v,v)), the LTLnew of (CastNode (v,v))], the LTLnext of (CastNode (v,v))]; set X = bool (Subformulae v); set LN = LTLNodes v; set Y = [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):]; A1: for x being set st x in LTLNodes v holds H1(x) in [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] proof let x be set ; ::_thesis: ( x in LTLNodes v implies H1(x) in [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] ) set N1 = the LTLold of (CastNode (x,v)); set N2 = the LTLnew of (CastNode (x,v)); assume x in LTLNodes v ; ::_thesis: H1(x) in [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] set M1 = [ the LTLold of (CastNode (x,v)), the LTLnew of (CastNode (x,v))]; set X1 = [:(bool (Subformulae v)),(bool (Subformulae v)):]; ( [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] = [:[:(bool (Subformulae v)),(bool (Subformulae v)):],(bool (Subformulae v)):] & [ the LTLold of (CastNode (x,v)), the LTLnew of (CastNode (x,v))] in [:(bool (Subformulae v)),(bool (Subformulae v)):] ) by ZFMISC_1:87, ZFMISC_1:def_3; hence H1(x) in [:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] by ZFMISC_1:87; ::_thesis: verum end; ex f being Function of (LTLNodes v),[:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] st for x being set st x in LTLNodes v holds f . x = H1(x) from FUNCT_2:sch_2(A1); then consider f being Function of (LTLNodes v),[:(bool (Subformulae v)),(bool (Subformulae v)),(bool (Subformulae v)):] such that A2: for x being set st x in LTLNodes v holds f . x = H1(x) ; for x1, x2 being set st x1 in LTLNodes v & x2 in LTLNodes v & f . x1 = f . x2 holds x1 = x2 proof let x1, x2 be set ; ::_thesis: ( x1 in LTLNodes v & x2 in LTLNodes v & f . x1 = f . x2 implies x1 = x2 ) assume that A3: x1 in LTLNodes v and A4: x2 in LTLNodes v and A5: f . x1 = f . x2 ; ::_thesis: x1 = x2 A6: ex Nx2 being strict LTLnode over v st x2 = Nx2 by A4, Def30; set Nx23 = the LTLnext of (CastNode (x2,v)); set Nx22 = the LTLnew of (CastNode (x2,v)); set Nx21 = the LTLold of (CastNode (x2,v)); A7: ex Nx1 being strict LTLnode over v st x1 = Nx1 by A3, Def30; reconsider x2 = x2 as strict LTLnode over v by A6; set Nx11 = the LTLold of (CastNode (x1,v)); set Nx12 = the LTLnew of (CastNode (x1,v)); set Nx13 = the LTLnext of (CastNode (x1,v)); set Mx1 = [ the LTLold of (CastNode (x1,v)), the LTLnew of (CastNode (x1,v))]; set Mx2 = [ the LTLold of (CastNode (x2,v)), the LTLnew of (CastNode (x2,v))]; A8: ( the LTLnew of (CastNode (x2,v)) = the LTLnew of x2 & the LTLnext of (CastNode (x2,v)) = the LTLnext of x2 ) by Def16; reconsider x1 = x1 as strict LTLnode over v by A7; A9: ( f . x1 = [[ the LTLold of (CastNode (x1,v)), the LTLnew of (CastNode (x1,v))], the LTLnext of (CastNode (x1,v))] & f . x2 = [[ the LTLold of (CastNode (x2,v)), the LTLnew of (CastNode (x2,v))], the LTLnext of (CastNode (x2,v))] ) by A2, A3, A4; then A10: the LTLnext of (CastNode (x1,v)) = the LTLnext of (CastNode (x2,v)) by A5, XTUPLE_0:1; A11: ( the LTLnext of (CastNode (x1,v)) = the LTLnext of x1 & the LTLold of (CastNode (x2,v)) = the LTLold of x2 ) by Def16; A12: ( the LTLold of (CastNode (x1,v)) = the LTLold of x1 & the LTLnew of (CastNode (x1,v)) = the LTLnew of x1 ) by Def16; A13: [ the LTLold of (CastNode (x1,v)), the LTLnew of (CastNode (x1,v))] = [ the LTLold of (CastNode (x2,v)), the LTLnew of (CastNode (x2,v))] by A5, A9, XTUPLE_0:1; then the LTLold of (CastNode (x1,v)) = the LTLold of (CastNode (x2,v)) by XTUPLE_0:1; hence x1 = x2 by A12, A11, A8, A13, A10, XTUPLE_0:1; ::_thesis: verum end; then A14: f is one-to-one by FUNCT_2:19; rng f is finite ; then dom (f ") is finite by A14, FUNCT_1:33; then ( dom f = LTLNodes v & rng (f ") is finite ) by FINSET_1:8, FUNCT_2:def_1; hence LTLNodes v is finite by A14, FUNCT_1:33; ::_thesis: verum end; end; definition let v be LTL-formula; func LTLStates v -> non empty set equals :: MODELC_3:def 31 { x where x is Element of LTLNodes v : x is strict elementary LTLnode over v } ; coherence { x where x is Element of LTLNodes v : x is strict elementary LTLnode over v } is non empty set proof set IT = { x where x is Element of LTLNodes v : x is strict elementary LTLnode over v } ; init v is Element of LTLNodes v by Def30; then init v in { x where x is Element of LTLNodes v : x is strict elementary LTLnode over v } ; hence { x where x is Element of LTLNodes v : x is strict elementary LTLnode over v } is non empty set ; ::_thesis: verum end; end; :: deftheorem defines LTLStates MODELC_3:def_31_:_ for v being LTL-formula holds LTLStates v = { x where x is Element of LTLNodes v : x is strict elementary LTLnode over v } ; registration let v be LTL-formula; cluster LTLStates v -> non empty finite ; correctness coherence LTLStates v is finite ; proof LTLStates v c= LTLNodes v proof let a be set ; :: according to TARSKI:def_3 ::_thesis: ( not a in LTLStates v or a in LTLNodes v ) assume a in LTLStates v ; ::_thesis: a in LTLNodes v then ex x being Element of LTLNodes v st ( a = x & x is strict elementary LTLnode over v ) ; hence a in LTLNodes v ; ::_thesis: verum end; hence LTLStates v is finite ; ::_thesis: verum end; end; theorem :: MODELC_3:43 for v being LTL-formula holds init v is Element of LTLStates v proof let v be LTL-formula; ::_thesis: init v is Element of LTLStates v init v is Element of LTLNodes v by Def30; then init v in LTLStates v ; hence init v is Element of LTLStates v ; ::_thesis: verum end; theorem Th44: :: MODELC_3:44 for v being LTL-formula for s being strict elementary LTLnode over v holds s is Element of LTLStates v proof let v be LTL-formula; ::_thesis: for s being strict elementary LTLnode over v holds s is Element of LTLStates v let s be strict elementary LTLnode over v; ::_thesis: s is Element of LTLStates v s is Element of LTLNodes v by Def30; then s in LTLStates v ; hence s is Element of LTLStates v ; ::_thesis: verum end; theorem Th45: :: MODELC_3:45 for x being set for v being LTL-formula holds ( x is Element of LTLStates v iff ex s being strict elementary LTLnode over v st s = x ) proof let x be set ; ::_thesis: for v being LTL-formula holds ( x is Element of LTLStates v iff ex s being strict elementary LTLnode over v st s = x ) let v be LTL-formula; ::_thesis: ( x is Element of LTLStates v iff ex s being strict elementary LTLnode over v st s = x ) ( x is Element of LTLStates v implies ex s being strict elementary LTLnode over v st s = x ) proof assume x is Element of LTLStates v ; ::_thesis: ex s being strict elementary LTLnode over v st s = x then x in LTLStates v ; then consider y being Element of LTLNodes v such that A1: y = x and A2: y is strict elementary LTLnode over v ; reconsider y = y as strict elementary LTLnode over v by A2; take y ; ::_thesis: y = x thus y = x by A1; ::_thesis: verum end; hence ( x is Element of LTLStates v iff ex s being strict elementary LTLnode over v st s = x ) by Th44; ::_thesis: verum end; Lm31: for n being Nat for X being set st X <> {} & X c= Seg n holds ex k being Nat st ( 1 <= k & k <= n & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) proof let n be Nat; ::_thesis: for X being set st X <> {} & X c= Seg n holds ex k being Nat st ( 1 <= k & k <= n & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) let X be set ; ::_thesis: ( X <> {} & X c= Seg n implies ex k being Nat st ( 1 <= k & k <= n & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) ) defpred S1[ Nat] means for X being set st X <> {} & X c= Seg $1 holds ex k being Nat st ( 1 <= k & k <= $1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ); A1: for m being Nat st S1[m] holds S1[m + 1] proof let m be Nat; ::_thesis: ( S1[m] implies S1[m + 1] ) assume A2: S1[m] ; ::_thesis: S1[m + 1] set m1 = m + 1; A3: for Y being set st Y <> {} & Y c= Seg (m + 1) & not m + 1 in Y holds Y c= Seg m proof let Y be set ; ::_thesis: ( Y <> {} & Y c= Seg (m + 1) & not m + 1 in Y implies Y c= Seg m ) assume that Y <> {} and A4: Y c= Seg (m + 1) and A5: not m + 1 in Y ; ::_thesis: Y c= Seg m Y c= Seg m proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in Y or x in Seg m ) assume A6: x in Y ; ::_thesis: x in Seg m then x in Seg (m + 1) by A4; then x in { j where j is Element of NAT : ( 1 <= j & j <= m + 1 ) } by FINSEQ_1:def_1; then consider j being Element of NAT such that A7: x = j and A8: 1 <= j and A9: j <= m + 1 ; j < m + 1 by A5, A6, A7, A9, XXREAL_0:1; then j <= m by NAT_1:13; hence x in Seg m by A7, A8, FINSEQ_1:1; ::_thesis: verum end; hence Y c= Seg m ; ::_thesis: verum end; for X being set st X <> {} & X c= Seg (m + 1) holds ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) proof let X be set ; ::_thesis: ( X <> {} & X c= Seg (m + 1) implies ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) ) assume that A10: X <> {} and A11: X c= Seg (m + 1) ; ::_thesis: ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) now__::_thesis:_ex_k_being_Nat_st_ (_1_<=_k_&_k_<=_m_+_1_&_k_in_X_&_(_for_i_being_Nat_st_1_<=_i_&_i_<_k_holds_ not_i_in_X_)_) percases ( not m + 1 in X or m + 1 in X ) ; suppose not m + 1 in X ; ::_thesis: ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) then X c= Seg m by A3, A10, A11; then consider k being Nat such that A12: 1 <= k and A13: k <= m and A14: ( k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) by A2, A10; m <= m + 1 by NAT_1:11; then k <= m + 1 by A13, XXREAL_0:2; hence ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) by A12, A14; ::_thesis: verum end; supposeA15: m + 1 in X ; ::_thesis: ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) set X1 = X \ {(m + 1)}; m + 1 in {(m + 1)} by TARSKI:def_1; then A16: not m + 1 in X \ {(m + 1)} by XBOOLE_0:def_5; A17: X \ {(m + 1)} c= Seg (m + 1) by A11, XBOOLE_1:1; now__::_thesis:_ex_k_being_Nat_st_ (_1_<=_k_&_k_<=_m_+_1_&_k_in_X_&_(_for_i_being_Nat_st_1_<=_i_&_i_<_k_holds_ not_i_in_X_)_) percases ( X \ {(m + 1)} <> {} or X \ {(m + 1)} = {} ) ; supposeA18: X \ {(m + 1)} <> {} ; ::_thesis: ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) then X \ {(m + 1)} c= Seg m by A3, A16, A17; then consider k being Nat such that A19: 1 <= k and A20: k <= m and A21: k in X \ {(m + 1)} and A22: for i being Nat st 1 <= i & i < k holds not i in X \ {(m + 1)} by A2, A18; m <= m + 1 by NAT_1:11; then A23: k <= m + 1 by A20, XXREAL_0:2; for i being Nat st 1 <= i & i < k holds not i in X proof let i be Nat; ::_thesis: ( 1 <= i & i < k implies not i in X ) assume ( 1 <= i & i < k ) ; ::_thesis: not i in X then ( not i in {(m + 1)} & not i in X \ {(m + 1)} ) by A22, A23, TARSKI:def_1; hence not i in X by XBOOLE_0:def_5; ::_thesis: verum end; hence ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) by A19, A21, A23; ::_thesis: verum end; suppose X \ {(m + 1)} = {} ; ::_thesis: ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) then X c= {(m + 1)} by XBOOLE_1:37; then ( 1 <= m + 1 & ( for i being Nat st 1 <= i & i < m + 1 holds not i in X ) ) by NAT_1:11, TARSKI:def_1; hence ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) by A15; ::_thesis: verum end; end; end; hence ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) ; ::_thesis: verum end; end; end; hence ex k being Nat st ( 1 <= k & k <= m + 1 & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) ; ::_thesis: verum end; hence S1[m + 1] ; ::_thesis: verum end; A24: S1[ 0 ] ; for m being Nat holds S1[m] from NAT_1:sch_2(A24, A1); hence ( X <> {} & X c= Seg n implies ex k being Nat st ( 1 <= k & k <= n & k in X & ( for i being Nat st 1 <= i & i < k holds not i in X ) ) ) ; ::_thesis: verum end; definition let v be LTL-formula; let w be Element of Inf_seq AtomicFamily; let f be Function; predf is_succ_homomorphism v,w means :Def32: :: MODELC_3:def 32 for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ( CastNode ((f . x),v) is_succ_of CastNode (x,v) & w |= * (CastNode ((f . x),v)) ); predf is_homomorphism v,w means :Def33: :: MODELC_3:def 33 for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds w |= * (CastNode ((f . x),v)); end; :: deftheorem Def32 defines is_succ_homomorphism MODELC_3:def_32_:_ for v being LTL-formula for w being Element of Inf_seq AtomicFamily for f being Function holds ( f is_succ_homomorphism v,w iff for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ( CastNode ((f . x),v) is_succ_of CastNode (x,v) & w |= * (CastNode ((f . x),v)) ) ); :: deftheorem Def33 defines is_homomorphism MODELC_3:def_33_:_ for v being LTL-formula for w being Element of Inf_seq AtomicFamily for f being Function holds ( f is_homomorphism v,w iff for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds w |= * (CastNode ((f . x),v)) ); theorem Th46: :: MODELC_3:46 for v being LTL-formula for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds f is_homomorphism v,w proof let v be LTL-formula; ::_thesis: for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds f is_homomorphism v,w let w be Element of Inf_seq AtomicFamily; ::_thesis: for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds f is_homomorphism v,w set LN = LTLNodes v; let f be Function of (LTLNodes v),(LTLNodes v); ::_thesis: ( f is_succ_homomorphism v,w implies f is_homomorphism v,w ) assume f is_succ_homomorphism v,w ; ::_thesis: f is_homomorphism v,w then for y being set st y in LTLNodes v & not CastNode (y,v) is elementary & w |= * (CastNode (y,v)) holds w |= * (CastNode ((f . y),v)) by Def32; hence f is_homomorphism v,w by Def33; ::_thesis: verum end; theorem Th47: :: MODELC_3:47 for v being LTL-formula for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) proof let v be LTL-formula; ::_thesis: for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) let w be Element of Inf_seq AtomicFamily; ::_thesis: for f being Function of (LTLNodes v),(LTLNodes v) st f is_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) set LN = LTLNodes v; let f be Function of (LTLNodes v),(LTLNodes v); ::_thesis: ( f is_homomorphism v,w implies for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) ) assume f is_homomorphism v,w ; ::_thesis: for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) then A1: for y being set st y in LTLNodes v & not CastNode (y,v) is elementary & w |= * (CastNode (y,v)) holds w |= * (CastNode ((f . y),v)) by Def33; for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) proof let x be set ; ::_thesis: ( x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) implies for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) ) assume that A2: x in LTLNodes v and not CastNode (x,v) is elementary and A3: w |= * (CastNode (x,v)) ; ::_thesis: for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) proof defpred S1[ Nat] means ( ( for i being Nat st i <= $1 holds not CastNode (((f |** i) . x),v) is elementary ) implies w |= * (CastNode (((f |** $1) . x),v)) ); A4: for m being Nat st S1[m] holds S1[m + 1] proof let m be Nat; ::_thesis: ( S1[m] implies S1[m + 1] ) assume A5: S1[m] ; ::_thesis: S1[m + 1] S1[m + 1] proof set y = (f |** m) . x; A6: m <= m + 1 by NAT_1:13; A7: (f |** (m + 1)) . x = (f * (f |** m)) . x by FUNCT_7:71 .= f . ((f |** m) . x) by A2, FUNCT_2:15 ; assume for i being Nat st i <= m + 1 holds not CastNode (((f |** i) . x),v) is elementary ; ::_thesis: w |= * (CastNode (((f |** (m + 1)) . x),v)) then ( not CastNode (((f |** m) . x),v) is elementary & w |= * (CastNode (((f |** m) . x),v)) ) by A5, A6, XXREAL_0:2; hence w |= * (CastNode (((f |** (m + 1)) . x),v)) by A1, A2, A7, FUNCT_2:5; ::_thesis: verum end; hence S1[m + 1] ; ::_thesis: verum end; A8: S1[ 0 ] proof assume for i being Nat st i <= 0 holds not CastNode (((f |** i) . x),v) is elementary ; ::_thesis: w |= * (CastNode (((f |** 0) . x),v)) f |** 0 = id (LTLNodes v) by FUNCT_7:84; hence w |= * (CastNode (((f |** 0) . x),v)) by A2, A3, FUNCT_1:18; ::_thesis: verum end; A9: for m being Nat holds S1[m] from NAT_1:sch_2(A8, A4); let k be Nat; ::_thesis: ( ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) implies w |= * (CastNode (((f |** k) . x),v)) ) assume for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ; ::_thesis: w |= * (CastNode (((f |** k) . x),v)) hence w |= * (CastNode (((f |** k) . x),v)) by A9; ::_thesis: verum end; hence for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) ; ::_thesis: verum end; hence for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds w |= * (CastNode (((f |** k) . x),v)) ; ::_thesis: verum end; theorem Th48: :: MODELC_3:48 for v being LTL-formula for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) proof let v be LTL-formula; ::_thesis: for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) let w be Element of Inf_seq AtomicFamily; ::_thesis: for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) set LN = LTLNodes v; let f be Function of (LTLNodes v),(LTLNodes v); ::_thesis: ( f is_succ_homomorphism v,w implies for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) ) assume A1: f is_succ_homomorphism v,w ; ::_thesis: for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) then A2: f is_homomorphism v,w by Th46; for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) proof let x be set ; ::_thesis: ( x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) implies for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) ) assume that A3: x in LTLNodes v and A4: ( not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) ) ; ::_thesis: for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) proof let k be Nat; ::_thesis: ( ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) implies ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) ) assume A5: for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ; ::_thesis: ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) set y = (f |** k) . x; A6: (f |** k) . x in LTLNodes v by A3, FUNCT_2:5; A7: (f |** (k + 1)) . x = (f * (f |** k)) . x by FUNCT_7:71 .= f . ((f |** k) . x) by A3, FUNCT_2:15 ; ( not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) ) by A2, A3, A4, A5, Th47; hence ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) by A1, A6, A7, Def32; ::_thesis: verum end; hence for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) ; ::_thesis: verum end; hence for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds for k being Nat st ( for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary ) holds ( CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) & w |= * (CastNode (((f |** k) . x),v)) ) ; ::_thesis: verum end; theorem Th49: :: MODELC_3:49 for v being LTL-formula for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary ) & CastNode (((f |** n) . x),v) is elementary ) proof let v be LTL-formula; ::_thesis: for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary ) & CastNode (((f |** n) . x),v) is elementary ) let w be Element of Inf_seq AtomicFamily; ::_thesis: for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary ) & CastNode (((f |** n) . x),v) is elementary ) set LN = LTLNodes v; let f be Function of (LTLNodes v),(LTLNodes v); ::_thesis: ( f is_succ_homomorphism v,w implies for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary ) & CastNode (((f |** n) . x),v) is elementary ) ) assume A1: f is_succ_homomorphism v,w ; ::_thesis: for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary ) & CastNode (((f |** n) . x),v) is elementary ) for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary ) & CastNode (((f |** n) . x),v) is elementary ) proof let x be set ; ::_thesis: ( x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) implies ex n being Nat st ( ( for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary ) & CastNode (((f |** n) . x),v) is elementary ) ) assume that A2: x in LTLNodes v and A3: not CastNode (x,v) is elementary and A4: w |= * (CastNode (x,v)) ; ::_thesis: ex n being Nat st ( ( for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary ) & CastNode (((f |** n) . x),v) is elementary ) deffunc H1( set ) -> set = (f |** (CastNat $1)) . x; set len1 = (len (CastNode ((f . x),v))) + 1; 0 < 0 + ((len (CastNode ((f . x),v))) + 1) ; then A5: 1 <= (len (CastNode ((f . x),v))) + 1 by NAT_1:19; reconsider len1 = (len (CastNode ((f . x),v))) + 1 as Nat ; consider L being FinSequence such that A6: ( len L = len1 & ( for k being Nat st k in dom L holds L . k = H1(k) ) ) from FINSEQ_1:sch_2(); set X = { m where m is Element of NAT : ( 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) } ; A7: Seg len1 = dom L by A6, FINSEQ_1:def_3; A8: for k being Nat st 1 <= k & k <= len L holds L . k = (f |** k) . x proof let k be Nat; ::_thesis: ( 1 <= k & k <= len L implies L . k = (f |** k) . x ) assume ( 1 <= k & k <= len L ) ; ::_thesis: L . k = (f |** k) . x then k in Seg len1 by A6, FINSEQ_1:1; then L . k = (f |** (CastNat k)) . x by A6, A7; hence L . k = (f |** k) . x by MODELC_2:def_1; ::_thesis: verum end; A9: now__::_thesis:_not__{__m_where_m_is_Element_of_NAT_:_(_1_<=_m_&_m_<=_len1_&_CastNode_(((f_|**_m)_._x),v)_is_elementary_)__}__=_{} assume A10: { m where m is Element of NAT : ( 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) } = {} ; ::_thesis: contradiction A11: for k being Nat st 1 <= k & k <= len L holds not CastNode (((f |** k) . x),v) is elementary proof let k be Nat; ::_thesis: ( 1 <= k & k <= len L implies not CastNode (((f |** k) . x),v) is elementary ) assume A12: ( 1 <= k & k <= len L ) ; ::_thesis: not CastNode (((f |** k) . x),v) is elementary reconsider k = k as Element of NAT by ORDINAL1:def_12; not k in { m where m is Element of NAT : ( 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) } by A10; hence not CastNode (((f |** k) . x),v) is elementary by A6, A12; ::_thesis: verum end; A13: for k being Nat st 1 <= k & k < len L holds CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) proof let k be Nat; ::_thesis: ( 1 <= k & k < len L implies CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) ) assume that 1 <= k and A14: k < len L ; ::_thesis: CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) for i being Nat st i <= k holds not CastNode (((f |** i) . x),v) is elementary proof let i be Nat; ::_thesis: ( i <= k implies not CastNode (((f |** i) . x),v) is elementary ) assume i <= k ; ::_thesis: not CastNode (((f |** i) . x),v) is elementary then A15: i < len L by A14, XXREAL_0:2; now__::_thesis:_not_CastNode_(((f_|**_i)_._x),v)_is_elementary percases ( 1 <= i or i = 0 ) by Lm6; suppose 1 <= i ; ::_thesis: not CastNode (((f |** i) . x),v) is elementary hence not CastNode (((f |** i) . x),v) is elementary by A11, A15; ::_thesis: verum end; suppose i = 0 ; ::_thesis: not CastNode (((f |** i) . x),v) is elementary then f |** i = id (LTLNodes v) by FUNCT_7:84; hence not CastNode (((f |** i) . x),v) is elementary by A2, A3, FUNCT_1:18; ::_thesis: verum end; end; end; hence not CastNode (((f |** i) . x),v) is elementary ; ::_thesis: verum end; hence CastNode (((f |** (k + 1)) . x),v) is_succ_of CastNode (((f |** k) . x),v) by A1, A2, A3, A4, Th48; ::_thesis: verum end; for m being Nat st 1 <= m & m < len L holds ex N, M being strict LTLnode over v st ( N = L . m & M = L . (m + 1) & M is_succ_of N ) proof let m be Nat; ::_thesis: ( 1 <= m & m < len L implies ex N, M being strict LTLnode over v st ( N = L . m & M = L . (m + 1) & M is_succ_of N ) ) assume A16: ( 1 <= m & m < len L ) ; ::_thesis: ex N, M being strict LTLnode over v st ( N = L . m & M = L . (m + 1) & M is_succ_of N ) set M = L . (m + 1); ( 1 <= m + 1 & m + 1 <= len L ) by A16, NAT_1:13; then A17: L . (m + 1) = (f |** (m + 1)) . x by A8; then L . (m + 1) in LTLNodes v by A2, FUNCT_2:5; then A18: ex M1 being strict LTLnode over v st L . (m + 1) = M1 by Def30; set N = L . m; A19: L . m = (f |** m) . x by A8, A16; then L . m in LTLNodes v by A2, FUNCT_2:5; then A20: ex N1 being strict LTLnode over v st L . m = N1 by Def30; reconsider M = L . (m + 1) as strict LTLnode over v by A18; reconsider N = L . m as strict LTLnode over v by A20; ( CastNode (N,v) = N & CastNode (M,v) = M ) by Def16; hence ex N, M being strict LTLnode over v st ( N = L . m & M = L . (m + 1) & M is_succ_of N ) by A13, A16, A19, A17; ::_thesis: verum end; then L is_Finseq_for v by Def19; then len (CastNode ((L . len1),v)) <= ((len (CastNode ((L . 1),v))) - len1) + 1 by A5, A6, Th36; then len (CastNode ((L . len1),v)) <= ((len (CastNode (((f |** 1) . x),v))) - len1) + 1 by A5, A6, A8; then len (CastNode ((L . len1),v)) <= ((len (CastNode ((f . x),v))) - len1) + 1 by FUNCT_7:70; then len (CastNode (((f |** len1) . x),v)) <= 0 by A5, A6, A8; then the LTLnew of (CastNode (((f |** len1) . x),v)) = {} v by Th22; then CastNode (((f |** len1) . x),v) is elementary by Def11; then len1 in { m where m is Element of NAT : ( 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) } by A5; hence contradiction by A10; ::_thesis: verum end; { m where m is Element of NAT : ( 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) } c= Seg len1 proof let y be set ; :: according to TARSKI:def_3 ::_thesis: ( not y in { m where m is Element of NAT : ( 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) } or y in Seg len1 ) assume y in { m where m is Element of NAT : ( 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) } ; ::_thesis: y in Seg len1 then ex m being Element of NAT st ( y = m & 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) ; hence y in Seg len1 by FINSEQ_1:1; ::_thesis: verum end; then consider n being Nat such that 1 <= n and A21: n <= len1 and A22: n in { m where m is Element of NAT : ( 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) } and A23: for i being Nat st 1 <= i & i < n holds not i in { m where m is Element of NAT : ( 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) } by A9, Lm31; A24: for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary proof let i be Nat; ::_thesis: ( i < n implies not CastNode (((f |** i) . x),v) is elementary ) assume A25: i < n ; ::_thesis: not CastNode (((f |** i) . x),v) is elementary now__::_thesis:_not_CastNode_(((f_|**_i)_._x),v)_is_elementary percases ( i = 0 or 1 <= i ) by Lm6; suppose i = 0 ; ::_thesis: not CastNode (((f |** i) . x),v) is elementary then f |** i = id (LTLNodes v) by FUNCT_7:84; hence not CastNode (((f |** i) . x),v) is elementary by A2, A3, FUNCT_1:18; ::_thesis: verum end; supposeA26: 1 <= i ; ::_thesis: not CastNode (((f |** i) . x),v) is elementary then A27: not i in { m where m is Element of NAT : ( 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) } by A23, A25; now__::_thesis:_not_CastNode_(((f_|**_i)_._x),v)_is_elementary assume A28: CastNode (((f |** i) . x),v) is elementary ; ::_thesis: contradiction reconsider i = i as Element of NAT by ORDINAL1:def_12; i < len1 by A21, A25, XXREAL_0:2; hence contradiction by A26, A27, A28; ::_thesis: verum end; hence not CastNode (((f |** i) . x),v) is elementary ; ::_thesis: verum end; end; end; hence not CastNode (((f |** i) . x),v) is elementary ; ::_thesis: verum end; CastNode (((f |** n) . x),v) is elementary proof ex m being Element of NAT st ( n = m & 1 <= m & m <= len1 & CastNode (((f |** m) . x),v) is elementary ) by A22; hence CastNode (((f |** n) . x),v) is elementary ; ::_thesis: verum end; hence ex n being Nat st ( ( for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary ) & CastNode (((f |** n) . x),v) is elementary ) by A24; ::_thesis: verum end; hence for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary ) & CastNode (((f |** n) . x),v) is elementary ) ; ::_thesis: verum end; theorem Th50: :: MODELC_3:50 for v being LTL-formula for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary holds for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) proof let v be LTL-formula; ::_thesis: for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary holds for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) let w be Element of Inf_seq AtomicFamily; ::_thesis: for f being Function of (LTLNodes v),(LTLNodes v) st f is_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary holds for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) set LN = LTLNodes v; let f be Function of (LTLNodes v),(LTLNodes v); ::_thesis: ( f is_homomorphism v,w implies for x being set st x in LTLNodes v & not CastNode (x,v) is elementary holds for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) ) assume A1: f is_homomorphism v,w ; ::_thesis: for x being set st x in LTLNodes v & not CastNode (x,v) is elementary holds for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) for x being set st x in LTLNodes v & not CastNode (x,v) is elementary holds for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) proof let x be set ; ::_thesis: ( x in LTLNodes v & not CastNode (x,v) is elementary implies for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) ) assume that A2: x in LTLNodes v and not CastNode (x,v) is elementary ; ::_thesis: for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) proof let k be Nat; ::_thesis: ( not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) implies w |= * (CastNode (((f |** (k + 1)) . x),v)) ) assume A3: ( not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) ) ; ::_thesis: w |= * (CastNode (((f |** (k + 1)) . x),v)) set y = (f |** k) . x; A4: (f |** (k + 1)) . x = (f * (f |** k)) . x by FUNCT_7:71 .= f . ((f |** k) . x) by A2, FUNCT_2:15 ; (f |** k) . x in LTLNodes v by A2, FUNCT_2:5; hence w |= * (CastNode (((f |** (k + 1)) . x),v)) by A1, A3, A4, Def33; ::_thesis: verum end; hence for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) ; ::_thesis: verum end; hence for x being set st x in LTLNodes v & not CastNode (x,v) is elementary holds for k being Nat st not CastNode (((f |** k) . x),v) is elementary & w |= * (CastNode (((f |** k) . x),v)) holds w |= * (CastNode (((f |** (k + 1)) . x),v)) ; ::_thesis: verum end; theorem Th51: :: MODELC_3:51 for v being LTL-formula for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) ) & CastNode (((f |** n) . x),v) is elementary & ( for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ) ) proof let v be LTL-formula; ::_thesis: for w being Element of Inf_seq AtomicFamily for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) ) & CastNode (((f |** n) . x),v) is elementary & ( for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ) ) let w be Element of Inf_seq AtomicFamily; ::_thesis: for f being Function of (LTLNodes v),(LTLNodes v) st f is_succ_homomorphism v,w holds for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) ) & CastNode (((f |** n) . x),v) is elementary & ( for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ) ) set LN = LTLNodes v; let f be Function of (LTLNodes v),(LTLNodes v); ::_thesis: ( f is_succ_homomorphism v,w implies for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) ) & CastNode (((f |** n) . x),v) is elementary & ( for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ) ) ) assume A1: f is_succ_homomorphism v,w ; ::_thesis: for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) ) & CastNode (((f |** n) . x),v) is elementary & ( for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ) ) then for y being set st y in LTLNodes v & not CastNode (y,v) is elementary & w |= * (CastNode (y,v)) holds w |= * (CastNode ((f . y),v)) by Def32; then A2: f is_homomorphism v,w by Def33; for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) ) & CastNode (((f |** n) . x),v) is elementary & ( for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ) ) proof let x be set ; ::_thesis: ( x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) implies ex n being Nat st ( ( for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) ) & CastNode (((f |** n) . x),v) is elementary & ( for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ) ) ) assume that A3: x in LTLNodes v and A4: not CastNode (x,v) is elementary and A5: w |= * (CastNode (x,v)) ; ::_thesis: ex n being Nat st ( ( for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) ) & CastNode (((f |** n) . x),v) is elementary & ( for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ) ) consider n being Nat such that A6: for i being Nat st i < n holds not CastNode (((f |** i) . x),v) is elementary and A7: CastNode (((f |** n) . x),v) is elementary by A1, A3, A4, A5, Th49; for i being Nat st i < n holds CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) proof let i be Nat; ::_thesis: ( i < n implies CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) assume A8: i < n ; ::_thesis: CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) for j being Nat st j <= i holds not CastNode (((f |** j) . x),v) is elementary proof let j be Nat; ::_thesis: ( j <= i implies not CastNode (((f |** j) . x),v) is elementary ) assume j <= i ; ::_thesis: not CastNode (((f |** j) . x),v) is elementary then j < n by A8, XXREAL_0:2; hence not CastNode (((f |** j) . x),v) is elementary by A6; ::_thesis: verum end; hence CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) by A1, A3, A4, A5, Th48; ::_thesis: verum end; then A9: for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) by A6; defpred S1[ Nat] means ( $1 <= n implies for i being Nat st i <= $1 holds w |= * (CastNode (((f |** i) . x),v)) ); A10: for m being Nat st S1[m] holds S1[m + 1] proof let m be Nat; ::_thesis: ( S1[m] implies S1[m + 1] ) assume A11: S1[m] ; ::_thesis: S1[m + 1] S1[m + 1] proof assume A12: m + 1 <= n ; ::_thesis: for i being Nat st i <= m + 1 holds w |= * (CastNode (((f |** i) . x),v)) then A13: m < n by NAT_1:13; then A14: not CastNode (((f |** m) . x),v) is elementary by A6; for i being Nat st i <= m + 1 holds w |= * (CastNode (((f |** i) . x),v)) proof let i be Nat; ::_thesis: ( i <= m + 1 implies w |= * (CastNode (((f |** i) . x),v)) ) w |= * (CastNode (((f |** m) . x),v)) by A11, A12, NAT_1:13; then A15: w |= * (CastNode (((f |** (m + 1)) . x),v)) by A2, A3, A4, A14, Th50; assume i <= m + 1 ; ::_thesis: w |= * (CastNode (((f |** i) . x),v)) hence w |= * (CastNode (((f |** i) . x),v)) by A11, A13, A15, NAT_1:8; ::_thesis: verum end; hence for i being Nat st i <= m + 1 holds w |= * (CastNode (((f |** i) . x),v)) ; ::_thesis: verum end; hence S1[m + 1] ; ::_thesis: verum end; A16: S1[ 0 ] proof assume 0 <= n ; ::_thesis: for i being Nat st i <= 0 holds w |= * (CastNode (((f |** i) . x),v)) for i being Nat st i <= 0 holds w |= * (CastNode (((f |** i) . x),v)) proof let i be Nat; ::_thesis: ( i <= 0 implies w |= * (CastNode (((f |** i) . x),v)) ) assume i <= 0 ; ::_thesis: w |= * (CastNode (((f |** i) . x),v)) then i = 0 ; then f |** i = id (LTLNodes v) by FUNCT_7:84; hence w |= * (CastNode (((f |** i) . x),v)) by A3, A5, FUNCT_1:18; ::_thesis: verum end; hence for i being Nat st i <= 0 holds w |= * (CastNode (((f |** i) . x),v)) ; ::_thesis: verum end; for m being Nat holds S1[m] from NAT_1:sch_2(A16, A10); then for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ; hence ex n being Nat st ( ( for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) ) & CastNode (((f |** n) . x),v) is elementary & ( for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ) ) by A7, A9; ::_thesis: verum end; hence for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ex n being Nat st ( ( for i being Nat st i < n holds ( not CastNode (((f |** i) . x),v) is elementary & CastNode (((f |** (i + 1)) . x),v) is_succ_of CastNode (((f |** i) . x),v) ) ) & CastNode (((f |** n) . x),v) is elementary & ( for i being Nat st i <= n holds w |= * (CastNode (((f |** i) . x),v)) ) ) ; ::_thesis: verum end; theorem Th52: :: MODELC_3:52 for n being Nat for v being LTL-formula for q being sequence of (LTLStates v) ex s being strict elementary LTLnode over v st s = CastNode ((q . n),v) proof let n be Nat; ::_thesis: for v being LTL-formula for q being sequence of (LTLStates v) ex s being strict elementary LTLnode over v st s = CastNode ((q . n),v) let v be LTL-formula; ::_thesis: for q being sequence of (LTLStates v) ex s being strict elementary LTLnode over v st s = CastNode ((q . n),v) let q be sequence of (LTLStates v); ::_thesis: ex s being strict elementary LTLnode over v st s = CastNode ((q . n),v) reconsider n = n as Element of NAT by ORDINAL1:def_12; consider s being strict elementary LTLnode over v such that A1: s = q . n by Th45; CastNode ((q . n),v) = s by A1, Def16; hence ex s being strict elementary LTLnode over v st s = CastNode ((q . n),v) ; ::_thesis: verum end; Lm32: for n being Nat for F, G, v being LTL-formula for q being sequence of (LTLStates v) st F 'U' G in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ( for i being Nat st 1 <= i & i < n holds not G in the LTLold of (CastNode ((q . i),v)) ) holds for i being Nat st 1 <= i & i < n holds ( F in the LTLold of (CastNode ((q . i),v)) & F 'U' G in the LTLold of (CastNode ((q . i),v)) ) proof let n be Nat; ::_thesis: for F, G, v being LTL-formula for q being sequence of (LTLStates v) st F 'U' G in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ( for i being Nat st 1 <= i & i < n holds not G in the LTLold of (CastNode ((q . i),v)) ) holds for i being Nat st 1 <= i & i < n holds ( F in the LTLold of (CastNode ((q . i),v)) & F 'U' G in the LTLold of (CastNode ((q . i),v)) ) let F, G, v be LTL-formula; ::_thesis: for q being sequence of (LTLStates v) st F 'U' G in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ( for i being Nat st 1 <= i & i < n holds not G in the LTLold of (CastNode ((q . i),v)) ) holds for i being Nat st 1 <= i & i < n holds ( F in the LTLold of (CastNode ((q . i),v)) & F 'U' G in the LTLold of (CastNode ((q . i),v)) ) let q be sequence of (LTLStates v); ::_thesis: ( F 'U' G in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ( for i being Nat st 1 <= i & i < n holds not G in the LTLold of (CastNode ((q . i),v)) ) implies for i being Nat st 1 <= i & i < n holds ( F in the LTLold of (CastNode ((q . i),v)) & F 'U' G in the LTLold of (CastNode ((q . i),v)) ) ) deffunc H1( Nat) -> strict LTLnode over v = CastNode ((q . $1),v); assume that A1: F 'U' G in the LTLold of H1(1) and A2: for i being Nat holds H1(i + 1) is_next_of H1(i) ; ::_thesis: ( ex i being Nat st ( 1 <= i & i < n & G in the LTLold of (CastNode ((q . i),v)) ) or for i being Nat st 1 <= i & i < n holds ( F in the LTLold of (CastNode ((q . i),v)) & F 'U' G in the LTLold of (CastNode ((q . i),v)) ) ) defpred S1[ Nat] means ( ( for i being Nat st 1 <= i & i < $1 holds not G in the LTLold of H1(i) ) implies for i being Nat st 1 <= i & i < $1 holds ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) ); A3: for k being Nat st S1[k] holds S1[k + 1] proof let k be Nat; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A4: S1[k] ; ::_thesis: S1[k + 1] set k1 = k + 1; ( ( for i being Nat st 1 <= i & i < k + 1 holds not G in the LTLold of H1(i) ) implies for i being Nat st 1 <= i & i < k + 1 holds ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) ) proof assume A5: for i being Nat st 1 <= i & i < k + 1 holds not G in the LTLold of H1(i) ; ::_thesis: for i being Nat st 1 <= i & i < k + 1 holds ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) A6: k <= k + 1 by NAT_1:11; A7: for i being Nat st 1 <= i & i < k holds not G in the LTLold of H1(i) proof let i be Nat; ::_thesis: ( 1 <= i & i < k implies not G in the LTLold of H1(i) ) assume that A8: 1 <= i and A9: i < k ; ::_thesis: not G in the LTLold of H1(i) i < k + 1 by A6, A9, XXREAL_0:2; hence not G in the LTLold of H1(i) by A5, A8; ::_thesis: verum end; for i being Nat st 1 <= i & i < k + 1 holds ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) proof let i be Nat; ::_thesis: ( 1 <= i & i < k + 1 implies ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) ) assume that A10: 1 <= i and A11: i < k + 1 ; ::_thesis: ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) A12: i <= k by A11, NAT_1:13; now__::_thesis:_(_F_in_the_LTLold_of_H1(i)_&_F_'U'_G_in_the_LTLold_of_H1(i)_) percases ( i < k or i = k ) by A12, XXREAL_0:1; suppose i < k ; ::_thesis: ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) hence ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) by A4, A7, A10; ::_thesis: verum end; supposeA13: i = k ; ::_thesis: ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) now__::_thesis:_(_F_in_the_LTLold_of_H1(i)_&_F_'U'_G_in_the_LTLold_of_H1(i)_) percases ( k = 1 or 1 < k ) by A10, A13, XXREAL_0:1; supposeA14: k = 1 ; ::_thesis: ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) A15: ( H1(0 + 1) is_next_of H1( 0 ) & H1(1 + 1) is_next_of H1(1) ) by A2; A16: ( ex s0 being strict elementary LTLnode over v st s0 = H1( 0 ) & ex s2 being strict elementary LTLnode over v st s2 = H1(2) ) by Th52; consider s1 being strict elementary LTLnode over v such that A17: s1 = H1(1) by Th52; not G in the LTLold of s1 by A5, A14, A17; hence ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) by A1, A13, A14, A17, A16, A15, Lm30; ::_thesis: verum end; supposeA18: 1 < k ; ::_thesis: ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) set m = k - 1; reconsider m = k - 1 as Nat by A18, NAT_1:20; set m1 = m - 1; 1 < m + 1 by A18; then A19: 1 <= m by NAT_1:13; then reconsider m1 = m - 1 as Nat by NAT_1:21; consider sm being strict elementary LTLnode over v such that A20: sm = H1(m) by Th52; A21: m < m + 1 by NAT_1:19; then m < k + 1 by A6, XXREAL_0:2; then A22: not G in the LTLold of sm by A5, A19, A20; A23: ( ex sk1 being strict elementary LTLnode over v st sk1 = H1(k + 1) & H1(m + 1) is_next_of H1(m) ) by A2, Th52; A24: ( ex sm1 being strict elementary LTLnode over v st sm1 = H1(m1) & H1(m1 + 1) is_next_of H1(m1) ) by A2, Th52; A25: H1(m + 1) is_next_of H1(m) by A2; A26: H1(k + 1) is_next_of H1(k) by A2; consider sk being strict elementary LTLnode over v such that A27: sk = H1(k) by Th52; A28: not G in the LTLold of sk by A5, A10, A11, A13, A27; F 'U' G in the LTLold of sm by A4, A7, A19, A20, A21; then F 'U' G in the LTLold of sk by A20, A27, A22, A24, A25, Lm30; hence ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) by A13, A20, A27, A28, A23, A26, Lm30; ::_thesis: verum end; end; end; hence ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) ; ::_thesis: verum end; end; end; hence ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) ; ::_thesis: verum end; hence for i being Nat st 1 <= i & i < k + 1 holds ( F in the LTLold of H1(i) & F 'U' G in the LTLold of H1(i) ) ; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A29: S1[ 0 ] ; for n being Nat holds S1[n] from NAT_1:sch_2(A29, A3); hence ( ex i being Nat st ( 1 <= i & i < n & G in the LTLold of (CastNode ((q . i),v)) ) or for i being Nat st 1 <= i & i < n holds ( F in the LTLold of (CastNode ((q . i),v)) & F 'U' G in the LTLold of (CastNode ((q . i),v)) ) ) ; ::_thesis: verum end; theorem :: MODELC_3:53 for n being Nat for H, v being LTL-formula for q being sequence of (LTLStates v) st H is Until & H in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ( for i being Nat st 1 <= i & i < n holds not the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) holds for i being Nat st 1 <= i & i < n holds ( the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & H in the LTLold of (CastNode ((q . i),v)) ) proof let n be Nat; ::_thesis: for H, v being LTL-formula for q being sequence of (LTLStates v) st H is Until & H in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ( for i being Nat st 1 <= i & i < n holds not the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) holds for i being Nat st 1 <= i & i < n holds ( the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & H in the LTLold of (CastNode ((q . i),v)) ) let H, v be LTL-formula; ::_thesis: for q being sequence of (LTLStates v) st H is Until & H in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ( for i being Nat st 1 <= i & i < n holds not the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) holds for i being Nat st 1 <= i & i < n holds ( the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & H in the LTLold of (CastNode ((q . i),v)) ) let q be sequence of (LTLStates v); ::_thesis: ( H is Until & H in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ( for i being Nat st 1 <= i & i < n holds not the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) implies for i being Nat st 1 <= i & i < n holds ( the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & H in the LTLold of (CastNode ((q . i),v)) ) ) deffunc H1( Nat) -> strict LTLnode over v = CastNode ((q . $1),v); assume that A1: H is Until and A2: ( H in the LTLold of H1(1) & ( for i being Nat holds H1(i + 1) is_next_of H1(i) ) ) ; ::_thesis: ( ex i being Nat st ( 1 <= i & i < n & the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) or for i being Nat st 1 <= i & i < n holds ( the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & H in the LTLold of (CastNode ((q . i),v)) ) ) set G = the_right_argument_of H; set F = the_left_argument_of H; H = (the_left_argument_of H) 'U' (the_right_argument_of H) by A1, MODELC_2:8; hence ( ex i being Nat st ( 1 <= i & i < n & the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) or for i being Nat st 1 <= i & i < n holds ( the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & H in the LTLold of (CastNode ((q . i),v)) ) ) by A2, Lm32; ::_thesis: verum end; Lm33: for F, G, v being LTL-formula for q being sequence of (LTLStates v) st F 'U' G in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ex i being Nat st ( i >= 1 & not ( F 'U' G in the LTLold of (CastNode ((q . i),v)) & F in the LTLold of (CastNode ((q . i),v)) & not G in the LTLold of (CastNode ((q . i),v)) ) ) holds ex j being Nat st ( j >= 1 & G in the LTLold of (CastNode ((q . j),v)) & ( for i being Nat st 1 <= i & i < j holds ( F 'U' G in the LTLold of (CastNode ((q . i),v)) & F in the LTLold of (CastNode ((q . i),v)) ) ) ) proof let F, G, v be LTL-formula; ::_thesis: for q being sequence of (LTLStates v) st F 'U' G in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ex i being Nat st ( i >= 1 & not ( F 'U' G in the LTLold of (CastNode ((q . i),v)) & F in the LTLold of (CastNode ((q . i),v)) & not G in the LTLold of (CastNode ((q . i),v)) ) ) holds ex j being Nat st ( j >= 1 & G in the LTLold of (CastNode ((q . j),v)) & ( for i being Nat st 1 <= i & i < j holds ( F 'U' G in the LTLold of (CastNode ((q . i),v)) & F in the LTLold of (CastNode ((q . i),v)) ) ) ) let q be sequence of (LTLStates v); ::_thesis: ( F 'U' G in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ex i being Nat st ( i >= 1 & not ( F 'U' G in the LTLold of (CastNode ((q . i),v)) & F in the LTLold of (CastNode ((q . i),v)) & not G in the LTLold of (CastNode ((q . i),v)) ) ) implies ex j being Nat st ( j >= 1 & G in the LTLold of (CastNode ((q . j),v)) & ( for i being Nat st 1 <= i & i < j holds ( F 'U' G in the LTLold of (CastNode ((q . i),v)) & F in the LTLold of (CastNode ((q . i),v)) ) ) ) ) deffunc H1( Nat) -> strict LTLnode over v = CastNode ((q . $1),v); assume A1: ( F 'U' G in the LTLold of H1(1) & ( for i being Nat holds H1(i + 1) is_next_of H1(i) ) ) ; ::_thesis: ( for i being Nat st i >= 1 holds ( F 'U' G in the LTLold of (CastNode ((q . i),v)) & F in the LTLold of (CastNode ((q . i),v)) & not G in the LTLold of (CastNode ((q . i),v)) ) or ex j being Nat st ( j >= 1 & G in the LTLold of (CastNode ((q . j),v)) & ( for i being Nat st 1 <= i & i < j holds ( F 'U' G in the LTLold of (CastNode ((q . i),v)) & F in the LTLold of (CastNode ((q . i),v)) ) ) ) ) ( ex i being Nat st ( i >= 1 & not ( F 'U' G in the LTLold of H1(i) & F in the LTLold of H1(i) & not G in the LTLold of H1(i) ) ) implies ex j being Nat st ( j >= 1 & G in the LTLold of H1(j) & ( for i being Nat st 1 <= i & i < j holds ( F 'U' G in the LTLold of H1(i) & F in the LTLold of H1(i) ) ) ) ) proof assume ex i being Nat st ( i >= 1 & not ( F 'U' G in the LTLold of H1(i) & F in the LTLold of H1(i) & not G in the LTLold of H1(i) ) ) ; ::_thesis: ex j being Nat st ( j >= 1 & G in the LTLold of H1(j) & ( for i being Nat st 1 <= i & i < j holds ( F 'U' G in the LTLold of H1(i) & F in the LTLold of H1(i) ) ) ) then consider k being Nat such that A2: k >= 1 and A3: ( not F 'U' G in the LTLold of H1(k) or not F in the LTLold of H1(k) or G in the LTLold of H1(k) ) ; set k1 = k + 1; ex m being Nat st ( 1 <= m & m <= k & G in the LTLold of H1(m) ) proof now__::_thesis:_ex_m_being_Nat_st_ (_1_<=_m_&_m_<=_k_&_G_in_the_LTLold_of_H1(m)_) percases ( not F 'U' G in the LTLold of H1(k) or not F in the LTLold of H1(k) or G in the LTLold of H1(k) ) by A3; supposeA4: ( not F 'U' G in the LTLold of H1(k) or not F in the LTLold of H1(k) ) ; ::_thesis: ex m being Nat st ( 1 <= m & m <= k & G in the LTLold of H1(m) ) now__::_thesis:_ex_m_being_Nat_st_ (_1_<=_m_&_m_<=_k_&_G_in_the_LTLold_of_H1(m)_) assume A5: for m being Nat holds ( not 1 <= m or not m <= k or not G in the LTLold of H1(m) ) ; ::_thesis: contradiction A6: for m being Nat st 1 <= m & m < k + 1 holds not G in the LTLold of H1(m) proof let m be Nat; ::_thesis: ( 1 <= m & m < k + 1 implies not G in the LTLold of H1(m) ) assume that A7: 1 <= m and A8: m < k + 1 ; ::_thesis: not G in the LTLold of H1(m) m <= k by A8, NAT_1:13; hence not G in the LTLold of H1(m) by A5, A7; ::_thesis: verum end; k < k + 1 by NAT_1:13; hence contradiction by A1, A2, A4, A6, Lm32; ::_thesis: verum end; hence ex m being Nat st ( 1 <= m & m <= k & G in the LTLold of H1(m) ) ; ::_thesis: verum end; suppose G in the LTLold of H1(k) ; ::_thesis: ex m being Nat st ( 1 <= m & m <= k & G in the LTLold of H1(m) ) hence ex m being Nat st ( 1 <= m & m <= k & G in the LTLold of H1(m) ) by A2; ::_thesis: verum end; end; end; hence ex m being Nat st ( 1 <= m & m <= k & G in the LTLold of H1(m) ) ; ::_thesis: verum end; then consider m0 being Nat such that A9: ( 1 <= m0 & m0 <= k & G in the LTLold of H1(m0) ) ; set X = { m where m is Element of NAT : ( 1 <= m & m <= k & G in the LTLold of H1(m) ) } ; A10: { m where m is Element of NAT : ( 1 <= m & m <= k & G in the LTLold of H1(m) ) } c= Seg k proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in { m where m is Element of NAT : ( 1 <= m & m <= k & G in the LTLold of H1(m) ) } or x in Seg k ) assume x in { m where m is Element of NAT : ( 1 <= m & m <= k & G in the LTLold of H1(m) ) } ; ::_thesis: x in Seg k then ex m being Element of NAT st ( x = m & 1 <= m & m <= k & G in the LTLold of H1(m) ) ; hence x in Seg k by FINSEQ_1:1; ::_thesis: verum end; reconsider m0 = m0 as Element of NAT by ORDINAL1:def_12; m0 in { m where m is Element of NAT : ( 1 <= m & m <= k & G in the LTLold of H1(m) ) } by A9; then consider j being Nat such that 1 <= j and A11: j <= k and A12: j in { m where m is Element of NAT : ( 1 <= m & m <= k & G in the LTLold of H1(m) ) } and A13: for i being Nat st 1 <= i & i < j holds not i in { m where m is Element of NAT : ( 1 <= m & m <= k & G in the LTLold of H1(m) ) } by A10, Lm31; for i being Nat st 1 <= i & i < j holds not G in the LTLold of H1(i) proof let i be Nat; ::_thesis: ( 1 <= i & i < j implies not G in the LTLold of H1(i) ) assume that A14: 1 <= i and A15: i < j ; ::_thesis: not G in the LTLold of H1(i) A16: i < k by A11, A15, XXREAL_0:2; reconsider i = i as Element of NAT by ORDINAL1:def_12; not i in { m where m is Element of NAT : ( 1 <= m & m <= k & G in the LTLold of H1(m) ) } by A13, A14, A15; hence not G in the LTLold of H1(i) by A14, A16; ::_thesis: verum end; then A17: for i being Nat st 1 <= i & i < j holds ( F 'U' G in the LTLold of H1(i) & F in the LTLold of H1(i) ) by A1, Lm32; ( j >= 1 & G in the LTLold of H1(j) ) proof ex m being Element of NAT st ( j = m & 1 <= m & m <= k & G in the LTLold of H1(m) ) by A12; hence ( j >= 1 & G in the LTLold of H1(j) ) ; ::_thesis: verum end; hence ex j being Nat st ( j >= 1 & G in the LTLold of H1(j) & ( for i being Nat st 1 <= i & i < j holds ( F 'U' G in the LTLold of H1(i) & F in the LTLold of H1(i) ) ) ) by A17; ::_thesis: verum end; hence ( for i being Nat st i >= 1 holds ( F 'U' G in the LTLold of (CastNode ((q . i),v)) & F in the LTLold of (CastNode ((q . i),v)) & not G in the LTLold of (CastNode ((q . i),v)) ) or ex j being Nat st ( j >= 1 & G in the LTLold of (CastNode ((q . j),v)) & ( for i being Nat st 1 <= i & i < j holds ( F 'U' G in the LTLold of (CastNode ((q . i),v)) & F in the LTLold of (CastNode ((q . i),v)) ) ) ) ) ; ::_thesis: verum end; theorem Th54: :: MODELC_3:54 for H, v being LTL-formula for q being sequence of (LTLStates v) st H is Until & H in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ex i being Nat st ( i >= 1 & not ( H in the LTLold of (CastNode ((q . i),v)) & the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & not the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) ) holds ex j being Nat st ( j >= 1 & the_right_argument_of H in the LTLold of (CastNode ((q . j),v)) & ( for i being Nat st 1 <= i & i < j holds ( H in the LTLold of (CastNode ((q . i),v)) & the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) ) ) ) proof let H, v be LTL-formula; ::_thesis: for q being sequence of (LTLStates v) st H is Until & H in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ex i being Nat st ( i >= 1 & not ( H in the LTLold of (CastNode ((q . i),v)) & the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & not the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) ) holds ex j being Nat st ( j >= 1 & the_right_argument_of H in the LTLold of (CastNode ((q . j),v)) & ( for i being Nat st 1 <= i & i < j holds ( H in the LTLold of (CastNode ((q . i),v)) & the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) ) ) ) let q be sequence of (LTLStates v); ::_thesis: ( H is Until & H in the LTLold of (CastNode ((q . 1),v)) & ( for i being Nat holds CastNode ((q . (i + 1)),v) is_next_of CastNode ((q . i),v) ) & ex i being Nat st ( i >= 1 & not ( H in the LTLold of (CastNode ((q . i),v)) & the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & not the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) ) implies ex j being Nat st ( j >= 1 & the_right_argument_of H in the LTLold of (CastNode ((q . j),v)) & ( for i being Nat st 1 <= i & i < j holds ( H in the LTLold of (CastNode ((q . i),v)) & the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) ) ) ) ) deffunc H1( Nat) -> strict LTLnode over v = CastNode ((q . $1),v); assume that A1: H is Until and A2: ( H in the LTLold of H1(1) & ( for i being Nat holds H1(i + 1) is_next_of H1(i) ) ) ; ::_thesis: ( for i being Nat st i >= 1 holds ( H in the LTLold of (CastNode ((q . i),v)) & the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & not the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) or ex j being Nat st ( j >= 1 & the_right_argument_of H in the LTLold of (CastNode ((q . j),v)) & ( for i being Nat st 1 <= i & i < j holds ( H in the LTLold of (CastNode ((q . i),v)) & the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) ) ) ) ) set G = the_right_argument_of H; set F = the_left_argument_of H; H = (the_left_argument_of H) 'U' (the_right_argument_of H) by A1, MODELC_2:8; hence ( for i being Nat st i >= 1 holds ( H in the LTLold of (CastNode ((q . i),v)) & the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) & not the_right_argument_of H in the LTLold of (CastNode ((q . i),v)) ) or ex j being Nat st ( j >= 1 & the_right_argument_of H in the LTLold of (CastNode ((q . j),v)) & ( for i being Nat st 1 <= i & i < j holds ( H in the LTLold of (CastNode ((q . i),v)) & the_left_argument_of H in the LTLold of (CastNode ((q . i),v)) ) ) ) ) by A2, Lm33; ::_thesis: verum end; theorem Th55: :: MODELC_3:55 for X being set holds union (BOOL X) = X proof let X be set ; ::_thesis: union (BOOL X) = X {} c= X by XBOOLE_1:2; then ( BOOL X = (bool X) \ {{}} & {{}} c= bool X ) by ORDERS_1:def_2, ZFMISC_1:31; then A1: (BOOL X) \/ {{}} c= bool X by XBOOLE_1:8; (BOOL X) \/ {{}} = ((bool X) \ {{}}) \/ {{}} by ORDERS_1:def_2 .= (bool X) \/ {{}} by XBOOLE_1:39 ; then bool X c= (BOOL X) \/ {{}} by XBOOLE_1:7; then A2: bool X = (BOOL X) \/ {{}} by A1, XBOOLE_0:def_10; X = union (bool X) by ZFMISC_1:81 .= (union (BOOL X)) \/ (union {{}}) by A2, ZFMISC_1:78 .= (union (BOOL X)) \/ {} by ZFMISC_1:25 ; hence union (BOOL X) = X ; ::_thesis: verum end; theorem Th56: :: MODELC_3:56 for v being LTL-formula for N being strict LTLnode over v st not N is elementary holds ( the LTLnew of N <> {} & the LTLnew of N in BOOL (Subformulae v) ) proof let v be LTL-formula; ::_thesis: for N being strict LTLnode over v st not N is elementary holds ( the LTLnew of N <> {} & the LTLnew of N in BOOL (Subformulae v) ) let N be strict LTLnode over v; ::_thesis: ( not N is elementary implies ( the LTLnew of N <> {} & the LTLnew of N in BOOL (Subformulae v) ) ) set x = the LTLnew of N; assume not N is elementary ; ::_thesis: ( the LTLnew of N <> {} & the LTLnew of N in BOOL (Subformulae v) ) then the LTLnew of N <> {} by Def11; hence ( the LTLnew of N <> {} & the LTLnew of N in BOOL (Subformulae v) ) by ORDERS_1:2; ::_thesis: verum end; registration let v be LTL-formula; cluster union (BOOL (Subformulae v)) -> non empty ; correctness coherence not union (BOOL (Subformulae v)) is empty ; by Th55; cluster BOOL (Subformulae v) -> non empty ; correctness coherence not BOOL (Subformulae v) is empty ; ; end; theorem :: MODELC_3:57 for v being LTL-formula ex f being Choice_Function of BOOL (Subformulae v) st f is Function of (BOOL (Subformulae v)),(Subformulae v) proof let v be LTL-formula; ::_thesis: ex f being Choice_Function of BOOL (Subformulae v) st f is Function of (BOOL (Subformulae v)),(Subformulae v) set Y = Subformulae v; set X = BOOL (Subformulae v); for x being set st x in BOOL (Subformulae v) holds x <> {} by ORDERS_1:1; then consider Choice being Function such that A1: dom Choice = BOOL (Subformulae v) and A2: for x being set st x in BOOL (Subformulae v) holds Choice . x in x by FUNCT_1:111; A3: for x being set st x in BOOL (Subformulae v) holds Choice . x in Subformulae v proof let x be set ; ::_thesis: ( x in BOOL (Subformulae v) implies Choice . x in Subformulae v ) assume A4: x in BOOL (Subformulae v) ; ::_thesis: Choice . x in Subformulae v not x is empty by A4, ORDERS_1:1; then A5: x is Subset of (Subformulae v) by A4, ORDERS_1:2; Choice . x in x by A2, A4; hence Choice . x in Subformulae v by A5; ::_thesis: verum end; then A6: Choice is Function of (BOOL (Subformulae v)),(Subformulae v) by A1, FUNCT_2:3; ( not {} in BOOL (Subformulae v) & union (BOOL (Subformulae v)) = Subformulae v ) by Th55, ORDERS_1:1; then reconsider Choice = Choice as Choice_Function of BOOL (Subformulae v) by A2, A6, ORDERS_1:def_1; take Choice ; ::_thesis: Choice is Function of (BOOL (Subformulae v)),(Subformulae v) thus Choice is Function of (BOOL (Subformulae v)),(Subformulae v) by A1, A3, FUNCT_2:3; ::_thesis: verum end; definition let v be LTL-formula; let U be Choice_Function of BOOL (Subformulae v); let N be strict LTLnode over v; assume A1: not N is elementary ; func chosen_formula (U,N) -> LTL-formula equals :Def34: :: MODELC_3:def 34 U . the LTLnew of N; correctness coherence U . the LTLnew of N is LTL-formula; proof set x = the LTLnew of N; set a = U . the LTLnew of N; the LTLnew of N in BOOL (Subformulae v) by A1, Th56; then U . the LTLnew of N in union (BOOL (Subformulae v)) by FUNCT_2:5; then U . the LTLnew of N in Subformulae v by Th55; then ex F being LTL-formula st ( F = U . the LTLnew of N & F is_subformula_of v ) by MODELC_2:def_24; hence U . the LTLnew of N is LTL-formula ; ::_thesis: verum end; end; :: deftheorem Def34 defines chosen_formula MODELC_3:def_34_:_ for v being LTL-formula for U being Choice_Function of BOOL (Subformulae v) for N being strict LTLnode over v st not N is elementary holds chosen_formula (U,N) = U . the LTLnew of N; theorem Th58: :: MODELC_3:58 for v being LTL-formula for N being strict LTLnode over v for U being Choice_Function of BOOL (Subformulae v) st not N is elementary holds chosen_formula (U,N) in the LTLnew of N proof let v be LTL-formula; ::_thesis: for N being strict LTLnode over v for U being Choice_Function of BOOL (Subformulae v) st not N is elementary holds chosen_formula (U,N) in the LTLnew of N let N be strict LTLnode over v; ::_thesis: for U being Choice_Function of BOOL (Subformulae v) st not N is elementary holds chosen_formula (U,N) in the LTLnew of N let U be Choice_Function of BOOL (Subformulae v); ::_thesis: ( not N is elementary implies chosen_formula (U,N) in the LTLnew of N ) set x = the LTLnew of N; set X = BOOL (Subformulae v); assume A1: not N is elementary ; ::_thesis: chosen_formula (U,N) in the LTLnew of N then ( not {} in BOOL (Subformulae v) & the LTLnew of N in BOOL (Subformulae v) ) by Th56, ORDERS_1:1; then U . the LTLnew of N in the LTLnew of N by ORDERS_1:def_1; hence chosen_formula (U,N) in the LTLnew of N by A1, Def34; ::_thesis: verum end; definition let w be Element of Inf_seq AtomicFamily; let v be LTL-formula; let U be Choice_Function of BOOL (Subformulae v); let N be strict LTLnode over v; func chosen_succ (w,v,U,N) -> strict LTLnode over v equals :Def35: :: MODELC_3:def 35 SuccNode1 ((chosen_formula (U,N)),N) if ( ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) or ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) ) otherwise SuccNode2 ((chosen_formula (U,N)),N); correctness coherence ( ( ( ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) or ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) ) implies SuccNode1 ((chosen_formula (U,N)),N) is strict LTLnode over v ) & ( ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) or ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) or SuccNode2 ((chosen_formula (U,N)),N) is strict LTLnode over v ) ); consistency for b1 being strict LTLnode over v holds verum; ; end; :: deftheorem Def35 defines chosen_succ MODELC_3:def_35_:_ for w being Element of Inf_seq AtomicFamily for v being LTL-formula for U being Choice_Function of BOOL (Subformulae v) for N being strict LTLnode over v holds ( ( ( ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) or ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) ) implies chosen_succ (w,v,U,N) = SuccNode1 ((chosen_formula (U,N)),N) ) & ( ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) or ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) or chosen_succ (w,v,U,N) = SuccNode2 ((chosen_formula (U,N)),N) ) ); theorem Th59: :: MODELC_3:59 for v being LTL-formula for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) st w |= * N & not N is elementary holds ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) proof let v be LTL-formula; ::_thesis: for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) st w |= * N & not N is elementary holds ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) let N be strict LTLnode over v; ::_thesis: for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) st w |= * N & not N is elementary holds ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) let w be Element of Inf_seq AtomicFamily; ::_thesis: for U being Choice_Function of BOOL (Subformulae v) st w |= * N & not N is elementary holds ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) let U be Choice_Function of BOOL (Subformulae v); ::_thesis: ( w |= * N & not N is elementary implies ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) ) assume that A1: w |= * N and A2: not N is elementary ; ::_thesis: ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) set H = chosen_formula (U,N); set SN = chosen_succ (w,v,U,N); set H2 = the_right_argument_of (chosen_formula (U,N)); A3: chosen_formula (U,N) in the LTLnew of N by A2, Th58; now__::_thesis:_(_w_|=_*_(chosen_succ_(w,v,U,N))_&_chosen_succ_(w,v,U,N)_is_succ_of_N_) percases ( ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) or ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) or ( not ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) & not ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) ) ) ; supposeA4: ( ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) or ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) ) ; ::_thesis: ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) then A5: chosen_succ (w,v,U,N) = SuccNode1 ((chosen_formula (U,N)),N) by Def35; A6: w |= * (chosen_succ (w,v,U,N)) proof now__::_thesis:_w_|=_*_(chosen_succ_(w,v,U,N)) percases ( ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) or ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) ) by A4; suppose ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) ; ::_thesis: w |= * (chosen_succ (w,v,U,N)) hence w |= * (chosen_succ (w,v,U,N)) by Def35; ::_thesis: verum end; supposeA7: ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) ; ::_thesis: w |= * (chosen_succ (w,v,U,N)) set N2 = SuccNode2 ((chosen_formula (U,N)),N); A8: ( w |= * (chosen_succ (w,v,U,N)) or w |= * (SuccNode2 ((chosen_formula (U,N)),N)) ) by A1, A3, A5, A7, Lm19; now__::_thesis:_w_|=_*_(chosen_succ_(w,v,U,N)) the LTLold of (SuccNode2 ((chosen_formula (U,N)),N)) = the LTLold of N \/ {(chosen_formula (U,N))} by A3, Def5; then A9: ( the_right_argument_of (chosen_formula (U,N)) in the LTLold of N implies the_right_argument_of (chosen_formula (U,N)) in the LTLold of (SuccNode2 ((chosen_formula (U,N)),N)) ) by XBOOLE_0:def_3; LTLNew2 (chosen_formula (U,N)) = {(the_right_argument_of (chosen_formula (U,N)))} by A7, Def2; then the_right_argument_of (chosen_formula (U,N)) in LTLNew2 (chosen_formula (U,N)) by TARSKI:def_1; then A10: ( not the_right_argument_of (chosen_formula (U,N)) in the LTLold of N implies the_right_argument_of (chosen_formula (U,N)) in (LTLNew2 (chosen_formula (U,N))) \ the LTLold of N ) by XBOOLE_0:def_5; assume A11: not w |= * (chosen_succ (w,v,U,N)) ; ::_thesis: contradiction the LTLnew of (SuccNode2 ((chosen_formula (U,N)),N)) = ( the LTLnew of N \ {(chosen_formula (U,N))}) \/ ((LTLNew2 (chosen_formula (U,N))) \ the LTLold of N) by A3, Def5; then ( not the_right_argument_of (chosen_formula (U,N)) in the LTLold of N implies the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (SuccNode2 ((chosen_formula (U,N)),N)) ) by A10, XBOOLE_0:def_3; then the_right_argument_of (chosen_formula (U,N)) in * (SuccNode2 ((chosen_formula (U,N)),N)) by A9, Lm1; hence contradiction by A7, A8, A11, MODELC_2:def_64; ::_thesis: verum end; hence w |= * (chosen_succ (w,v,U,N)) ; ::_thesis: verum end; end; end; hence w |= * (chosen_succ (w,v,U,N)) ; ::_thesis: verum end; chosen_succ (w,v,U,N) is_succ1_of N by A3, A5, Def7; hence ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) by A6, Def9; ::_thesis: verum end; supposeA12: ( not ( not chosen_formula (U,N) is Until & w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) & not ( chosen_formula (U,N) is Until & w |/= the_right_argument_of (chosen_formula (U,N)) ) ) ; ::_thesis: ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) set N1 = SuccNode1 ((chosen_formula (U,N)),N); A13: chosen_succ (w,v,U,N) = SuccNode2 ((chosen_formula (U,N)),N) by A12, Def35; ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) proof now__::_thesis:_(_w_|=_*_(chosen_succ_(w,v,U,N))_&_chosen_succ_(w,v,U,N)_is_succ_of_N_) percases ( ( chosen_formula (U,N) is Until & w |= the_right_argument_of (chosen_formula (U,N)) ) or not w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ) by A12; supposeA14: ( chosen_formula (U,N) is Until & w |= the_right_argument_of (chosen_formula (U,N)) ) ; ::_thesis: ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) set NN = the LTLnew of N; set NO = the LTLold of N; set SNN = the LTLnew of (chosen_succ (w,v,U,N)); LTLNew2 (chosen_formula (U,N)) = {(the_right_argument_of (chosen_formula (U,N)))} by A14, Def2; then A15: the LTLnew of (chosen_succ (w,v,U,N)) = ( the LTLnew of N \ {(chosen_formula (U,N))}) \/ ({(the_right_argument_of (chosen_formula (U,N)))} \ the LTLold of N) by A3, A13, Def5; the LTLnew of N \ {(chosen_formula (U,N))} c= the LTLnew of N by XBOOLE_1:36; then A16: the LTLnew of (chosen_succ (w,v,U,N)) c= the LTLnew of N \/ {(the_right_argument_of (chosen_formula (U,N)))} by A15, XBOOLE_1:13; set NX = the LTLnext of N; set SNX = the LTLnext of (chosen_succ (w,v,U,N)); set SNO = the LTLold of (chosen_succ (w,v,U,N)); ( the LTLold of (chosen_succ (w,v,U,N)) = the LTLold of N \/ {(chosen_formula (U,N))} & {(chosen_formula (U,N))} c= the LTLnew of N ) by A3, A13, Def5, ZFMISC_1:31; then A17: the LTLold of (chosen_succ (w,v,U,N)) c= the LTLold of N \/ the LTLnew of N by XBOOLE_1:9; A18: the LTLnext of (chosen_succ (w,v,U,N)) = the LTLnext of N by A3, A13, Def5; A19: for G being LTL-formula st G in * (chosen_succ (w,v,U,N)) holds w |= G proof let G be LTL-formula; ::_thesis: ( G in * (chosen_succ (w,v,U,N)) implies w |= G ) assume A20: G in * (chosen_succ (w,v,U,N)) ; ::_thesis: w |= G now__::_thesis:_w_|=_G percases ( G in the LTLold of (chosen_succ (w,v,U,N)) or G in the LTLnew of (chosen_succ (w,v,U,N)) or G in 'X' (CastLTL the LTLnext of (chosen_succ (w,v,U,N))) ) by A20, Lm1; suppose G in the LTLold of (chosen_succ (w,v,U,N)) ; ::_thesis: w |= G then G in * N by A17, XBOOLE_0:def_3; hence w |= G by A1, MODELC_2:def_64; ::_thesis: verum end; suppose G in the LTLnew of (chosen_succ (w,v,U,N)) ; ::_thesis: w |= G then ( G in the LTLnew of N or G in {(the_right_argument_of (chosen_formula (U,N)))} ) by A16, XBOOLE_0:def_3; then ( G in * N or G = the_right_argument_of (chosen_formula (U,N)) ) by Lm1, TARSKI:def_1; hence w |= G by A1, A14, MODELC_2:def_64; ::_thesis: verum end; suppose G in 'X' (CastLTL the LTLnext of (chosen_succ (w,v,U,N))) ; ::_thesis: w |= G then G in * N by A18, Lm1; hence w |= G by A1, MODELC_2:def_64; ::_thesis: verum end; end; end; hence w |= G ; ::_thesis: verum end; chosen_succ (w,v,U,N) is_succ2_of N by A3, A13, A14, Def8; hence ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) by A19, Def9, MODELC_2:def_64; ::_thesis: verum end; supposeA21: not w |= * (SuccNode1 ((chosen_formula (U,N)),N)) ; ::_thesis: ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) now__::_thesis:_(_w_|=_*_(chosen_succ_(w,v,U,N))_&_chosen_succ_(w,v,U,N)_is_succ_of_N_) percases ( chosen_formula (U,N) is atomic or chosen_formula (U,N) is negative or chosen_formula (U,N) is conjunctive or chosen_formula (U,N) is next or chosen_formula (U,N) is disjunctive or chosen_formula (U,N) is Until or chosen_formula (U,N) is Release ) by MODELC_2:2; suppose ( chosen_formula (U,N) is atomic or chosen_formula (U,N) is negative or chosen_formula (U,N) is conjunctive or chosen_formula (U,N) is next ) ; ::_thesis: ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) hence ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) by A1, A3, A21, Lm16, Lm17; ::_thesis: verum end; supposeA22: ( chosen_formula (U,N) is disjunctive or chosen_formula (U,N) is Until or chosen_formula (U,N) is Release ) ; ::_thesis: ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) then chosen_succ (w,v,U,N) is_succ2_of N by A3, A13, Def8; hence ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) by A1, A3, A13, A21, A22, Def9, Lm18, Lm19, Lm20; ::_thesis: verum end; end; end; hence ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) ; ::_thesis: verum end; end; end; hence ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) ; ::_thesis: verum end; hence ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) ; ::_thesis: verum end; end; end; hence ( w |= * (chosen_succ (w,v,U,N)) & chosen_succ (w,v,U,N) is_succ_of N ) ; ::_thesis: verum end; theorem :: MODELC_3:60 for v being LTL-formula for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) st not N is elementary & chosen_formula (U,N) is Until & w |= the_right_argument_of (chosen_formula (U,N)) holds ( ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) & chosen_formula (U,N) in the LTLold of (chosen_succ (w,v,U,N)) ) proof let v be LTL-formula; ::_thesis: for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) st not N is elementary & chosen_formula (U,N) is Until & w |= the_right_argument_of (chosen_formula (U,N)) holds ( ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) & chosen_formula (U,N) in the LTLold of (chosen_succ (w,v,U,N)) ) let N be strict LTLnode over v; ::_thesis: for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) st not N is elementary & chosen_formula (U,N) is Until & w |= the_right_argument_of (chosen_formula (U,N)) holds ( ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) & chosen_formula (U,N) in the LTLold of (chosen_succ (w,v,U,N)) ) let w be Element of Inf_seq AtomicFamily; ::_thesis: for U being Choice_Function of BOOL (Subformulae v) st not N is elementary & chosen_formula (U,N) is Until & w |= the_right_argument_of (chosen_formula (U,N)) holds ( ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) & chosen_formula (U,N) in the LTLold of (chosen_succ (w,v,U,N)) ) let U be Choice_Function of BOOL (Subformulae v); ::_thesis: ( not N is elementary & chosen_formula (U,N) is Until & w |= the_right_argument_of (chosen_formula (U,N)) implies ( ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) & chosen_formula (U,N) in the LTLold of (chosen_succ (w,v,U,N)) ) ) set SN = chosen_succ (w,v,U,N); set H = chosen_formula (U,N); set H2 = the_right_argument_of (chosen_formula (U,N)); set SNO = the LTLold of (chosen_succ (w,v,U,N)); set SNN = the LTLnew of (chosen_succ (w,v,U,N)); set NO = the LTLold of N; set NN = the LTLnew of N; assume not N is elementary ; ::_thesis: ( not chosen_formula (U,N) is Until or not w |= the_right_argument_of (chosen_formula (U,N)) or ( ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) & chosen_formula (U,N) in the LTLold of (chosen_succ (w,v,U,N)) ) ) then A1: chosen_formula (U,N) in the LTLnew of N by Th58; ( chosen_formula (U,N) is Until & w |= the_right_argument_of (chosen_formula (U,N)) implies ( ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) & chosen_formula (U,N) in the LTLold of (chosen_succ (w,v,U,N)) ) ) proof assume that A2: chosen_formula (U,N) is Until and A3: w |= the_right_argument_of (chosen_formula (U,N)) ; ::_thesis: ( ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) & chosen_formula (U,N) in the LTLold of (chosen_succ (w,v,U,N)) ) A4: chosen_succ (w,v,U,N) = SuccNode2 ((chosen_formula (U,N)),N) by A2, A3, Def35; LTLNew2 (chosen_formula (U,N)) = {(the_right_argument_of (chosen_formula (U,N)))} by A2, Def2; then A5: the LTLnew of (chosen_succ (w,v,U,N)) = ( the LTLnew of N \ {(chosen_formula (U,N))}) \/ ({(the_right_argument_of (chosen_formula (U,N)))} \ the LTLold of N) by A1, A4, Def5; A6: now__::_thesis:_(_the_right_argument_of_(chosen_formula_(U,N))_in_the_LTLnew_of_(chosen_succ_(w,v,U,N))_or_the_right_argument_of_(chosen_formula_(U,N))_in_the_LTLold_of_N_) percases ( the_right_argument_of (chosen_formula (U,N)) in the LTLold of N or not the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) ; suppose the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ; ::_thesis: ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) hence ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) ; ::_thesis: verum end; supposeA7: not the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ; ::_thesis: ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) the_right_argument_of (chosen_formula (U,N)) in {(the_right_argument_of (chosen_formula (U,N)))} by TARSKI:def_1; then the_right_argument_of (chosen_formula (U,N)) in {(the_right_argument_of (chosen_formula (U,N)))} \ the LTLold of N by A7, XBOOLE_0:def_5; hence ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) by A5, XBOOLE_0:def_3; ::_thesis: verum end; end; end; A8: chosen_formula (U,N) in {(chosen_formula (U,N))} by TARSKI:def_1; the LTLold of (chosen_succ (w,v,U,N)) = the LTLold of N \/ {(chosen_formula (U,N))} by A1, A4, Def5; hence ( ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) & chosen_formula (U,N) in the LTLold of (chosen_succ (w,v,U,N)) ) by A8, A6, XBOOLE_0:def_3; ::_thesis: verum end; hence ( not chosen_formula (U,N) is Until or not w |= the_right_argument_of (chosen_formula (U,N)) or ( ( the_right_argument_of (chosen_formula (U,N)) in the LTLnew of (chosen_succ (w,v,U,N)) or the_right_argument_of (chosen_formula (U,N)) in the LTLold of N ) & chosen_formula (U,N) in the LTLold of (chosen_succ (w,v,U,N)) ) ) ; ::_thesis: verum end; theorem :: MODELC_3:61 for v being LTL-formula for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) st w |= * N & not N is elementary holds ( the LTLold of N c= the LTLold of (chosen_succ (w,v,U,N)) & the LTLnext of N c= the LTLnext of (chosen_succ (w,v,U,N)) ) proof let v be LTL-formula; ::_thesis: for N being strict LTLnode over v for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) st w |= * N & not N is elementary holds ( the LTLold of N c= the LTLold of (chosen_succ (w,v,U,N)) & the LTLnext of N c= the LTLnext of (chosen_succ (w,v,U,N)) ) let N be strict LTLnode over v; ::_thesis: for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) st w |= * N & not N is elementary holds ( the LTLold of N c= the LTLold of (chosen_succ (w,v,U,N)) & the LTLnext of N c= the LTLnext of (chosen_succ (w,v,U,N)) ) let w be Element of Inf_seq AtomicFamily; ::_thesis: for U being Choice_Function of BOOL (Subformulae v) st w |= * N & not N is elementary holds ( the LTLold of N c= the LTLold of (chosen_succ (w,v,U,N)) & the LTLnext of N c= the LTLnext of (chosen_succ (w,v,U,N)) ) let U be Choice_Function of BOOL (Subformulae v); ::_thesis: ( w |= * N & not N is elementary implies ( the LTLold of N c= the LTLold of (chosen_succ (w,v,U,N)) & the LTLnext of N c= the LTLnext of (chosen_succ (w,v,U,N)) ) ) assume ( w |= * N & not N is elementary ) ; ::_thesis: ( the LTLold of N c= the LTLold of (chosen_succ (w,v,U,N)) & the LTLnext of N c= the LTLnext of (chosen_succ (w,v,U,N)) ) then chosen_succ (w,v,U,N) is_succ_of N by Th59; hence ( the LTLold of N c= the LTLold of (chosen_succ (w,v,U,N)) & the LTLnext of N c= the LTLnext of (chosen_succ (w,v,U,N)) ) by Th25; ::_thesis: verum end; definition let w be Element of Inf_seq AtomicFamily; let v be LTL-formula; let U be Choice_Function of BOOL (Subformulae v); func choice_succ_func (w,v,U) -> Function of (LTLNodes v),(LTLNodes v) means :Def36: :: MODELC_3:def 36 for x being set st x in LTLNodes v holds it . x = chosen_succ (w,v,U,(CastNode (x,v))); existence ex b1 being Function of (LTLNodes v),(LTLNodes v) st for x being set st x in LTLNodes v holds b1 . x = chosen_succ (w,v,U,(CastNode (x,v))) proof deffunc H1( set ) -> strict LTLnode over v = chosen_succ (w,v,U,(CastNode ($1,v))); A1: for x being set st x in LTLNodes v holds H1(x) in LTLNodes v by Def30; consider IT being Function of (LTLNodes v),(LTLNodes v) such that A2: for x being set st x in LTLNodes v holds IT . x = H1(x) from FUNCT_2:sch_2(A1); take IT ; ::_thesis: for x being set st x in LTLNodes v holds IT . x = chosen_succ (w,v,U,(CastNode (x,v))) thus for x being set st x in LTLNodes v holds IT . x = chosen_succ (w,v,U,(CastNode (x,v))) by A2; ::_thesis: verum end; uniqueness for b1, b2 being Function of (LTLNodes v),(LTLNodes v) st ( for x being set st x in LTLNodes v holds b1 . x = chosen_succ (w,v,U,(CastNode (x,v))) ) & ( for x being set st x in LTLNodes v holds b2 . x = chosen_succ (w,v,U,(CastNode (x,v))) ) holds b1 = b2 proof let f1, f2 be Function of (LTLNodes v),(LTLNodes v); ::_thesis: ( ( for x being set st x in LTLNodes v holds f1 . x = chosen_succ (w,v,U,(CastNode (x,v))) ) & ( for x being set st x in LTLNodes v holds f2 . x = chosen_succ (w,v,U,(CastNode (x,v))) ) implies f1 = f2 ) assume that A3: for x being set st x in LTLNodes v holds f1 . x = chosen_succ (w,v,U,(CastNode (x,v))) and A4: for x being set st x in LTLNodes v holds f2 . x = chosen_succ (w,v,U,(CastNode (x,v))) ; ::_thesis: f1 = f2 for x being set st x in LTLNodes v holds f1 . x = f2 . x proof let x be set ; ::_thesis: ( x in LTLNodes v implies f1 . x = f2 . x ) assume A5: x in LTLNodes v ; ::_thesis: f1 . x = f2 . x then f1 . x = chosen_succ (w,v,U,(CastNode (x,v))) by A3 .= f2 . x by A4, A5 ; hence f1 . x = f2 . x ; ::_thesis: verum end; hence f1 = f2 by FUNCT_2:12; ::_thesis: verum end; end; :: deftheorem Def36 defines choice_succ_func MODELC_3:def_36_:_ for w being Element of Inf_seq AtomicFamily for v being LTL-formula for U being Choice_Function of BOOL (Subformulae v) for b4 being Function of (LTLNodes v),(LTLNodes v) holds ( b4 = choice_succ_func (w,v,U) iff for x being set st x in LTLNodes v holds b4 . x = chosen_succ (w,v,U,(CastNode (x,v))) ); theorem Th62: :: MODELC_3:62 for v being LTL-formula for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) holds choice_succ_func (w,v,U) is_succ_homomorphism v,w proof let v be LTL-formula; ::_thesis: for w being Element of Inf_seq AtomicFamily for U being Choice_Function of BOOL (Subformulae v) holds choice_succ_func (w,v,U) is_succ_homomorphism v,w let w be Element of Inf_seq AtomicFamily; ::_thesis: for U being Choice_Function of BOOL (Subformulae v) holds choice_succ_func (w,v,U) is_succ_homomorphism v,w let U be Choice_Function of BOOL (Subformulae v); ::_thesis: choice_succ_func (w,v,U) is_succ_homomorphism v,w set f = choice_succ_func (w,v,U); for x being set st x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) holds ( CastNode (((choice_succ_func (w,v,U)) . x),v) is_succ_of CastNode (x,v) & w |= * (CastNode (((choice_succ_func (w,v,U)) . x),v)) ) proof let x be set ; ::_thesis: ( x in LTLNodes v & not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) implies ( CastNode (((choice_succ_func (w,v,U)) . x),v) is_succ_of CastNode (x,v) & w |= * (CastNode (((choice_succ_func (w,v,U)) . x),v)) ) ) assume that A1: x in LTLNodes v and A2: ( not CastNode (x,v) is elementary & w |= * (CastNode (x,v)) ) ; ::_thesis: ( CastNode (((choice_succ_func (w,v,U)) . x),v) is_succ_of CastNode (x,v) & w |= * (CastNode (((choice_succ_func (w,v,U)) . x),v)) ) set N = CastNode (x,v); set SN = chosen_succ (w,v,U,(CastNode (x,v))); CastNode (((choice_succ_func (w,v,U)) . x),v) = CastNode ((chosen_succ (w,v,U,(CastNode (x,v)))),v) by A1, Def36 .= chosen_succ (w,v,U,(CastNode (x,v))) by Def16 ; hence ( CastNode (((choice_succ_func (w,v,U)) . x),v) is_succ_of CastNode (x,v) & w |= * (CastNode (((choice_succ_func (w,v,U)) . x),v)) ) by A2, Th59; ::_thesis: verum end; hence choice_succ_func (w,v,U) is_succ_homomorphism v,w by Def32; ::_thesis: verum end; begin definition let H be LTL-formula; attrH is neg-inner-most means :Def37: :: MODELC_3:def 37 for G being LTL-formula st G is_subformula_of H & G is negative holds the_argument_of G is atomic ; end; :: deftheorem Def37 defines neg-inner-most MODELC_3:def_37_:_ for H being LTL-formula holds ( H is neg-inner-most iff for G being LTL-formula st G is_subformula_of H & G is negative holds the_argument_of G is atomic ); registration cluster Relation-like NAT -defined NAT -valued Function-like finite FinSequence-like FinSubsequence-like LTL-formula-like V258() V259() V260() V261() neg-inner-most for FinSequence of NAT ; existence ex b1 being LTL-formula st b1 is neg-inner-most proof set a = atom. 0; take atom. 0 ; ::_thesis: atom. 0 is neg-inner-most A1: atom. 0 is atomic by MODELC_2:def_11; for G being LTL-formula st G is_subformula_of atom. 0 & G is negative holds the_argument_of G is atomic proof let G be LTL-formula; ::_thesis: ( G is_subformula_of atom. 0 & G is negative implies the_argument_of G is atomic ) assume G is_subformula_of atom. 0 ; ::_thesis: ( not G is negative or the_argument_of G is atomic ) then consider n being Nat, L being FinSequence such that A2: 1 <= n and len L = n and A3: L . 1 = G and A4: L . n = atom. 0 and A5: for k being Nat st 1 <= k & k < n holds ex H1, G1 being LTL-formula st ( L . k = H1 & L . (k + 1) = G1 & H1 is_immediate_constituent_of G1 ) by MODELC_2:def_22; n = 1 proof set k = n - 1; reconsider k = n - 1 as Nat by A2, NAT_1:21; now__::_thesis:_n_=_1 assume not n = 1 ; ::_thesis: contradiction then 1 < 1 + k by A2, XXREAL_0:1; then A6: 1 <= k by NAT_1:19; k < k + 1 by XREAL_1:29; then ex H1, G1 being LTL-formula st ( L . k = H1 & L . (k + 1) = G1 & H1 is_immediate_constituent_of G1 ) by A5, A6; hence contradiction by A1, A4, MODELC_2:19; ::_thesis: verum end; hence n = 1 ; ::_thesis: verum end; hence ( not G is negative or the_argument_of G is atomic ) by A1, A3, A4, MODELC_2:78; ::_thesis: verum end; hence atom. 0 is neg-inner-most by Def37; ::_thesis: verum end; end; definition let H be LTL-formula; attrH is Sub_atomic means :Def38: :: MODELC_3:def 38 ( H is atomic or ex G being LTL-formula st ( G is atomic & H = 'not' G ) ); end; :: deftheorem Def38 defines Sub_atomic MODELC_3:def_38_:_ for H being LTL-formula holds ( H is Sub_atomic iff ( H is atomic or ex G being LTL-formula st ( G is atomic & H = 'not' G ) ) ); theorem Th63: :: MODELC_3:63 for H, F being LTL-formula st H is neg-inner-most & F is_subformula_of H holds F is neg-inner-most proof let H, F be LTL-formula; ::_thesis: ( H is neg-inner-most & F is_subformula_of H implies F is neg-inner-most ) assume that A1: H is neg-inner-most and A2: F is_subformula_of H ; ::_thesis: F is neg-inner-most for G being LTL-formula st G is_subformula_of F & G is negative holds the_argument_of G is atomic proof let G be LTL-formula; ::_thesis: ( G is_subformula_of F & G is negative implies the_argument_of G is atomic ) assume G is_subformula_of F ; ::_thesis: ( not G is negative or the_argument_of G is atomic ) then G is_subformula_of H by A2, MODELC_2:35; hence ( not G is negative or the_argument_of G is atomic ) by A1, Def37; ::_thesis: verum end; hence F is neg-inner-most by Def37; ::_thesis: verum end; theorem Th64: :: MODELC_3:64 for H being LTL-formula holds ( H is Sub_atomic iff ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) ) proof let H be LTL-formula; ::_thesis: ( H is Sub_atomic iff ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) ) thus ( not H is Sub_atomic or H is atomic or ( H is negative & the_argument_of H is atomic ) ) ::_thesis: ( ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) implies H is Sub_atomic ) proof assume A1: H is Sub_atomic ; ::_thesis: ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) percases ( H is atomic or ex G being LTL-formula st ( G is atomic & H = 'not' G ) ) by A1, Def38; suppose H is atomic ; ::_thesis: ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) hence ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) ; ::_thesis: verum end; supposeA2: ex G being LTL-formula st ( G is atomic & H = 'not' G ) ; ::_thesis: ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) then H is negative by MODELC_2:def_12; hence ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) by A2, MODELC_2:def_18; ::_thesis: verum end; end; end; thus ( ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) implies H is Sub_atomic ) ::_thesis: verum proof assume A3: ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) ; ::_thesis: H is Sub_atomic percases ( H is atomic or ( H is negative & the_argument_of H is atomic ) ) by A3; suppose H is atomic ; ::_thesis: H is Sub_atomic hence H is Sub_atomic by Def38; ::_thesis: verum end; supposeA4: ( H is negative & the_argument_of H is atomic ) ; ::_thesis: H is Sub_atomic then H = 'not' (the_argument_of H) by MODELC_2:def_18; hence H is Sub_atomic by A4, Def38; ::_thesis: verum end; end; end; end; theorem Th65: :: MODELC_3:65 for H being LTL-formula holds ( not H is neg-inner-most or H is Sub_atomic or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) proof let H be LTL-formula; ::_thesis: ( not H is neg-inner-most or H is Sub_atomic or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) assume A1: H is neg-inner-most ; ::_thesis: ( H is Sub_atomic or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) percases ( H is atomic or H is negative or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) by MODELC_2:2; suppose H is atomic ; ::_thesis: ( H is Sub_atomic or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) hence ( H is Sub_atomic or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) by Def38; ::_thesis: verum end; supposeA2: H is negative ; ::_thesis: ( H is Sub_atomic or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) set G = the_argument_of H; A3: the_argument_of H is atomic by A1, A2, Def37; H = 'not' (the_argument_of H) by A2, MODELC_2:def_18; hence ( H is Sub_atomic or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) by A3, Def38; ::_thesis: verum end; suppose ( H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) ; ::_thesis: ( H is Sub_atomic or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) hence ( H is Sub_atomic or H is conjunctive or H is disjunctive or H is next or H is Until or H is Release ) ; ::_thesis: verum end; end; end; theorem :: MODELC_3:66 for H being LTL-formula st H is next & H is neg-inner-most holds the_argument_of H is neg-inner-most proof let H be LTL-formula; ::_thesis: ( H is next & H is neg-inner-most implies the_argument_of H is neg-inner-most ) assume that A1: H is next and A2: H is neg-inner-most ; ::_thesis: the_argument_of H is neg-inner-most set F = the_argument_of H; A3: the_argument_of H is_subformula_of H by A1, MODELC_2:30; for G being LTL-formula st G is_subformula_of the_argument_of H & G is negative holds the_argument_of G is atomic proof let G be LTL-formula; ::_thesis: ( G is_subformula_of the_argument_of H & G is negative implies the_argument_of G is atomic ) assume G is_subformula_of the_argument_of H ; ::_thesis: ( not G is negative or the_argument_of G is atomic ) then G is_subformula_of H by A3, MODELC_2:35; hence ( not G is negative or the_argument_of G is atomic ) by A2, Def37; ::_thesis: verum end; hence the_argument_of H is neg-inner-most by Def37; ::_thesis: verum end; theorem :: MODELC_3:67 for H being LTL-formula st ( H is conjunctive or H is disjunctive or H is Until or H is Release ) & H is neg-inner-most holds ( the_left_argument_of H is neg-inner-most & the_right_argument_of H is neg-inner-most ) proof let H be LTL-formula; ::_thesis: ( ( H is conjunctive or H is disjunctive or H is Until or H is Release ) & H is neg-inner-most implies ( the_left_argument_of H is neg-inner-most & the_right_argument_of H is neg-inner-most ) ) assume that A1: ( H is conjunctive or H is disjunctive or H is Until or H is Release ) and A2: H is neg-inner-most ; ::_thesis: ( the_left_argument_of H is neg-inner-most & the_right_argument_of H is neg-inner-most ) set F2 = the_right_argument_of H; A3: the_right_argument_of H is_subformula_of H by A1, MODELC_2:31; A4: for G being LTL-formula st G is_subformula_of the_right_argument_of H & G is negative holds the_argument_of G is atomic proof let G be LTL-formula; ::_thesis: ( G is_subformula_of the_right_argument_of H & G is negative implies the_argument_of G is atomic ) assume G is_subformula_of the_right_argument_of H ; ::_thesis: ( not G is negative or the_argument_of G is atomic ) then G is_subformula_of H by A3, MODELC_2:35; hence ( not G is negative or the_argument_of G is atomic ) by A2, Def37; ::_thesis: verum end; set F1 = the_left_argument_of H; A5: the_left_argument_of H is_subformula_of H by A1, MODELC_2:31; for G being LTL-formula st G is_subformula_of the_left_argument_of H & G is negative holds the_argument_of G is atomic proof let G be LTL-formula; ::_thesis: ( G is_subformula_of the_left_argument_of H & G is negative implies the_argument_of G is atomic ) assume G is_subformula_of the_left_argument_of H ; ::_thesis: ( not G is negative or the_argument_of G is atomic ) then G is_subformula_of H by A5, MODELC_2:35; hence ( not G is negative or the_argument_of G is atomic ) by A2, Def37; ::_thesis: verum end; hence ( the_left_argument_of H is neg-inner-most & the_right_argument_of H is neg-inner-most ) by A4, Def37; ::_thesis: verum end; begin definition let W be non empty set ; attrc2 is strict ; struct BuchiAutomaton over W -> 1-sorted ; aggrBuchiAutomaton(# carrier, Tran, InitS, FinalS #) -> BuchiAutomaton over W; sel Tran c2 -> Relation of [: the carrier of c2,W:], the carrier of c2; sel InitS c2 -> Element of bool the carrier of c2; sel FinalS c2 -> Subset of (bool the carrier of c2); end; definition let W be non empty set ; let B be BuchiAutomaton over W; let w be Element of Inf_seq W; predw is-accepted-by B means :Def39: :: MODELC_3:def 39 ex run being sequence of the carrier of B st ( run . 0 in the InitS of B & ( for i being Nat holds ( [[(run . i),((CastSeq (w,W)) . i)],(run . (i + 1))] in the Tran of B & ( for FSet being set st FSet in the FinalS of B holds { k where k is Element of NAT : run . k in FSet } is infinite set ) ) ) ); end; :: deftheorem Def39 defines is-accepted-by MODELC_3:def_39_:_ for W being non empty set for B being BuchiAutomaton over W for w being Element of Inf_seq W holds ( w is-accepted-by B iff ex run being sequence of the carrier of B st ( run . 0 in the InitS of B & ( for i being Nat holds ( [[(run . i),((CastSeq (w,W)) . i)],(run . (i + 1))] in the Tran of B & ( for FSet being set st FSet in the FinalS of B holds { k where k is Element of NAT : run . k in FSet } is infinite set ) ) ) ) ); definition let v be neg-inner-most LTL-formula; let N be strict LTLnode over v; func atomic_LTL N -> Subset of LTL_WFF equals :: MODELC_3:def 40 { x where x is LTL-formula : ( x is atomic & x in the LTLold of N ) } ; correctness coherence { x where x is LTL-formula : ( x is atomic & x in the LTLold of N ) } is Subset of LTL_WFF; proof set X = { x where x is LTL-formula : ( x is atomic & x in the LTLold of N ) } ; { x where x is LTL-formula : ( x is atomic & x in the LTLold of N ) } c= LTL_WFF proof let y be set ; :: according to TARSKI:def_3 ::_thesis: ( not y in { x where x is LTL-formula : ( x is atomic & x in the LTLold of N ) } or y in LTL_WFF ) assume y in { x where x is LTL-formula : ( x is atomic & x in the LTLold of N ) } ; ::_thesis: y in LTL_WFF then ex x being LTL-formula st ( y = x & x is atomic & x in the LTLold of N ) ; hence y in LTL_WFF by MODELC_2:1; ::_thesis: verum end; hence { x where x is LTL-formula : ( x is atomic & x in the LTLold of N ) } is Subset of LTL_WFF ; ::_thesis: verum end; func Neg_atomic_LTL N -> Subset of LTL_WFF equals :: MODELC_3:def 41 { x where x is LTL-formula : ( x is atomic & 'not' x in the LTLold of N ) } ; correctness coherence { x where x is LTL-formula : ( x is atomic & 'not' x in the LTLold of N ) } is Subset of LTL_WFF; proof set X = { x where x is LTL-formula : ( x is atomic & 'not' x in the LTLold of N ) } ; { x where x is LTL-formula : ( x is atomic & 'not' x in the LTLold of N ) } c= LTL_WFF proof let y be set ; :: according to TARSKI:def_3 ::_thesis: ( not y in { x where x is LTL-formula : ( x is atomic & 'not' x in the LTLold of N ) } or y in LTL_WFF ) assume y in { x where x is LTL-formula : ( x is atomic & 'not' x in the LTLold of N ) } ; ::_thesis: y in LTL_WFF then ex x being LTL-formula st ( y = x & x is atomic & 'not' x in the LTLold of N ) ; hence y in LTL_WFF by MODELC_2:1; ::_thesis: verum end; hence { x where x is LTL-formula : ( x is atomic & 'not' x in the LTLold of N ) } is Subset of LTL_WFF ; ::_thesis: verum end; end; :: deftheorem defines atomic_LTL MODELC_3:def_40_:_ for v being neg-inner-most LTL-formula for N being strict LTLnode over v holds atomic_LTL N = { x where x is LTL-formula : ( x is atomic & x in the LTLold of N ) } ; :: deftheorem defines Neg_atomic_LTL MODELC_3:def_41_:_ for v being neg-inner-most LTL-formula for N being strict LTLnode over v holds Neg_atomic_LTL N = { x where x is LTL-formula : ( x is atomic & 'not' x in the LTLold of N ) } ; definition let v be neg-inner-most LTL-formula; let N be strict LTLnode over v; func Label_ N -> set equals :: MODELC_3:def 42 { x where x is Subset of atomic_LTL : ( atomic_LTL N c= x & Neg_atomic_LTL N misses x ) } ; correctness coherence { x where x is Subset of atomic_LTL : ( atomic_LTL N c= x & Neg_atomic_LTL N misses x ) } is set ; ; end; :: deftheorem defines Label_ MODELC_3:def_42_:_ for v being neg-inner-most LTL-formula for N being strict LTLnode over v holds Label_ N = { x where x is Subset of atomic_LTL : ( atomic_LTL N c= x & Neg_atomic_LTL N misses x ) } ; definition let v be neg-inner-most LTL-formula; func Tran_LTL v -> Relation of [:(LTLStates v),AtomicFamily:],(LTLStates v) equals :: MODELC_3:def 43 { y where y is Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] : ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) } ; correctness coherence { y where y is Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] : ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) } is Relation of [:(LTLStates v),AtomicFamily:],(LTLStates v); proof set X = { y where y is Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] : ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) } ; { y where y is Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] : ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) } c= [:(LTLStates v),AtomicFamily,(LTLStates v):] proof let a be set ; :: according to TARSKI:def_3 ::_thesis: ( not a in { y where y is Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] : ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) } or a in [:(LTLStates v),AtomicFamily,(LTLStates v):] ) assume a in { y where y is Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] : ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) } ; ::_thesis: a in [:(LTLStates v),AtomicFamily,(LTLStates v):] then ex y being Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] st ( a = y & ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) ) ; hence a in [:(LTLStates v),AtomicFamily,(LTLStates v):] ; ::_thesis: verum end; then reconsider X = { y where y is Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] : ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) } as Relation of [:(LTLStates v),AtomicFamily:],(LTLStates v) by ZFMISC_1:def_3; X is Relation of [:(LTLStates v),AtomicFamily:],(LTLStates v) ; hence { y where y is Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] : ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) } is Relation of [:(LTLStates v),AtomicFamily:],(LTLStates v) ; ::_thesis: verum end; func InitS_LTL v -> Element of bool (LTLStates v) equals :: MODELC_3:def 44 {(init v)}; correctness coherence {(init v)} is Element of bool (LTLStates v); proof set y = init v; reconsider y = init v as strict elementary LTLnode over v ; A1: y is Element of LTLNodes v by Def30; {y} c= LTLStates v proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in {y} or x in LTLStates v ) assume x in {y} ; ::_thesis: x in LTLStates v then x = y by TARSKI:def_1; hence x in LTLStates v by A1; ::_thesis: verum end; hence {(init v)} is Element of bool (LTLStates v) ; ::_thesis: verum end; end; :: deftheorem defines Tran_LTL MODELC_3:def_43_:_ for v being neg-inner-most LTL-formula holds Tran_LTL v = { y where y is Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] : ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) } ; :: deftheorem defines InitS_LTL MODELC_3:def_44_:_ for v being neg-inner-most LTL-formula holds InitS_LTL v = {(init v)}; definition let v be neg-inner-most LTL-formula; let F be LTL-formula; func FinalS_LTL (F,v) -> Element of bool (LTLStates v) equals :: MODELC_3:def 45 { x where x is Element of LTLStates v : ( not F in the LTLold of (CastNode (x,v)) or the_right_argument_of F in the LTLold of (CastNode (x,v)) ) } ; correctness coherence { x where x is Element of LTLStates v : ( not F in the LTLold of (CastNode (x,v)) or the_right_argument_of F in the LTLold of (CastNode (x,v)) ) } is Element of bool (LTLStates v); proof set X = { x where x is Element of LTLStates v : ( not F in the LTLold of (CastNode (x,v)) or the_right_argument_of F in the LTLold of (CastNode (x,v)) ) } ; { x where x is Element of LTLStates v : ( not F in the LTLold of (CastNode (x,v)) or the_right_argument_of F in the LTLold of (CastNode (x,v)) ) } c= LTLStates v proof let y be set ; :: according to TARSKI:def_3 ::_thesis: ( not y in { x where x is Element of LTLStates v : ( not F in the LTLold of (CastNode (x,v)) or the_right_argument_of F in the LTLold of (CastNode (x,v)) ) } or y in LTLStates v ) assume y in { x where x is Element of LTLStates v : ( not F in the LTLold of (CastNode (x,v)) or the_right_argument_of F in the LTLold of (CastNode (x,v)) ) } ; ::_thesis: y in LTLStates v then ex x being Element of LTLStates v st ( y = x & ( not F in the LTLold of (CastNode (x,v)) or the_right_argument_of F in the LTLold of (CastNode (x,v)) ) ) ; hence y in LTLStates v ; ::_thesis: verum end; hence { x where x is Element of LTLStates v : ( not F in the LTLold of (CastNode (x,v)) or the_right_argument_of F in the LTLold of (CastNode (x,v)) ) } is Element of bool (LTLStates v) ; ::_thesis: verum end; end; :: deftheorem defines FinalS_LTL MODELC_3:def_45_:_ for v being neg-inner-most LTL-formula for F being LTL-formula holds FinalS_LTL (F,v) = { x where x is Element of LTLStates v : ( not F in the LTLold of (CastNode (x,v)) or the_right_argument_of F in the LTLold of (CastNode (x,v)) ) } ; definition let v be neg-inner-most LTL-formula; func FinalS_LTL v -> Subset of (bool (LTLStates v)) equals :: MODELC_3:def 46 { x where x is Element of bool (LTLStates v) : ex F being LTL-formula st ( F is_subformula_of v & F is Until & x = FinalS_LTL (F,v) ) } ; correctness coherence { x where x is Element of bool (LTLStates v) : ex F being LTL-formula st ( F is_subformula_of v & F is Until & x = FinalS_LTL (F,v) ) } is Subset of (bool (LTLStates v)); proof set X = { x where x is Element of bool (LTLStates v) : ex F being LTL-formula st ( F is_subformula_of v & F is Until & x = FinalS_LTL (F,v) ) } ; { x where x is Element of bool (LTLStates v) : ex F being LTL-formula st ( F is_subformula_of v & F is Until & x = FinalS_LTL (F,v) ) } c= bool (LTLStates v) proof let y be set ; :: according to TARSKI:def_3 ::_thesis: ( not y in { x where x is Element of bool (LTLStates v) : ex F being LTL-formula st ( F is_subformula_of v & F is Until & x = FinalS_LTL (F,v) ) } or y in bool (LTLStates v) ) assume y in { x where x is Element of bool (LTLStates v) : ex F being LTL-formula st ( F is_subformula_of v & F is Until & x = FinalS_LTL (F,v) ) } ; ::_thesis: y in bool (LTLStates v) then ex x being Element of bool (LTLStates v) st ( y = x & ex F being LTL-formula st ( F is_subformula_of v & F is Until & x = FinalS_LTL (F,v) ) ) ; hence y in bool (LTLStates v) ; ::_thesis: verum end; hence { x where x is Element of bool (LTLStates v) : ex F being LTL-formula st ( F is_subformula_of v & F is Until & x = FinalS_LTL (F,v) ) } is Subset of (bool (LTLStates v)) ; ::_thesis: verum end; end; :: deftheorem defines FinalS_LTL MODELC_3:def_46_:_ for v being neg-inner-most LTL-formula holds FinalS_LTL v = { x where x is Element of bool (LTLStates v) : ex F being LTL-formula st ( F is_subformula_of v & F is Until & x = FinalS_LTL (F,v) ) } ; definition let v be neg-inner-most LTL-formula; func BAutomaton v -> BuchiAutomaton over AtomicFamily equals :: MODELC_3:def 47 BuchiAutomaton(# (LTLStates v),(Tran_LTL v),(InitS_LTL v),(FinalS_LTL v) #); correctness coherence BuchiAutomaton(# (LTLStates v),(Tran_LTL v),(InitS_LTL v),(FinalS_LTL v) #) is BuchiAutomaton over AtomicFamily ; ; end; :: deftheorem defines BAutomaton MODELC_3:def_47_:_ for v being neg-inner-most LTL-formula holds BAutomaton v = BuchiAutomaton(# (LTLStates v),(Tran_LTL v),(InitS_LTL v),(FinalS_LTL v) #); theorem Th68: :: MODELC_3:68 for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula st w is-accepted-by BAutomaton v holds w |= v proof let w be Element of Inf_seq AtomicFamily; ::_thesis: for v being neg-inner-most LTL-formula st w is-accepted-by BAutomaton v holds w |= v let v be neg-inner-most LTL-formula; ::_thesis: ( w is-accepted-by BAutomaton v implies w |= v ) deffunc H1( Nat) -> set = (CastSeq (w,AtomicFamily)) . $1; assume w is-accepted-by BAutomaton v ; ::_thesis: w |= v then consider run being sequence of (LTLStates v) such that A1: run . 0 in InitS_LTL v and A2: for i being Nat holds [[(run . i),H1(i)],(run . (i + 1))] in Tran_LTL v and A3: for FSet being set st FSet in FinalS_LTL v holds { k where k is Element of NAT : run . k in FSet } is infinite set by Def39; deffunc H2( Nat) -> strict LTLnode over v = CastNode ((run . $1),v); set Run01 = H2(0 + 1); set Run00 = H2( 0 ); A4: for i being Nat holds ( H2(i + 1) is_next_of H2(i) & H1(i) in Label_ H2(i + 1) ) proof let i be Nat; ::_thesis: ( H2(i + 1) is_next_of H2(i) & H1(i) in Label_ H2(i + 1) ) set z = [[(run . i),H1(i)],(run . (i + 1))]; [[(run . i),H1(i)],(run . (i + 1))] in Tran_LTL v by A2; then consider y being Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] such that A5: [[(run . i),H1(i)],(run . (i + 1))] = y and A6: ex s, s1 being strict elementary LTLnode over v ex x being set st ( y = [[s,x],s1] & s1 is_next_of s & x in Label_ s1 ) ; consider s, s1 being strict elementary LTLnode over v, x being set such that A7: y = [[s,x],s1] and A8: ( s1 is_next_of s & x in Label_ s1 ) by A6; A9: H2(i + 1) = CastNode (s1,v) by A5, A7, XTUPLE_0:1 .= s1 by Def16 ; A10: [s,x] = [(run . i),H1(i)] by A5, A7, XTUPLE_0:1; then H2(i) = CastNode (s,v) by XTUPLE_0:1 .= s by Def16 ; hence ( H2(i + 1) is_next_of H2(i) & H1(i) in Label_ H2(i + 1) ) by A8, A10, A9, XTUPLE_0:1; ::_thesis: verum end; then A11: H2(0 + 1) is_next_of H2( 0 ) ; defpred S1[ Nat] means for i being Nat for F being LTL-formula st F is_subformula_of v & len F <= $1 & F in the LTLold of H2(i + 1) holds Shift (w,i) |= F; A12: for i being Nat holds H2(i) = run . i proof let i be Nat; ::_thesis: H2(i) = run . i reconsider i = i as Element of NAT by ORDINAL1:def_12; run . i in LTLStates v ; then ex x being Element of LTLNodes v st ( run . i = x & x is strict elementary LTLnode over v ) ; hence H2(i) = run . i by Def16; ::_thesis: verum end; A13: for FSet being set st FSet in FinalS_LTL v holds { k where k is Element of NAT : H2(k) in FSet } is infinite proof let FSet be set ; ::_thesis: ( FSet in FinalS_LTL v implies { k where k is Element of NAT : H2(k) in FSet } is infinite ) set X = { k where k is Element of NAT : run . k in FSet } ; set Y = { k where k is Element of NAT : H2(k) in FSet } ; A14: { k where k is Element of NAT : run . k in FSet } c= { k where k is Element of NAT : H2(k) in FSet } proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in { k where k is Element of NAT : run . k in FSet } or x in { k where k is Element of NAT : H2(k) in FSet } ) assume x in { k where k is Element of NAT : run . k in FSet } ; ::_thesis: x in { k where k is Element of NAT : H2(k) in FSet } then consider k being Element of NAT such that A15: x = k and A16: run . k in FSet ; H2(k) in FSet by A12, A16; hence x in { k where k is Element of NAT : H2(k) in FSet } by A15; ::_thesis: verum end; assume FSet in FinalS_LTL v ; ::_thesis: { k where k is Element of NAT : H2(k) in FSet } is infinite hence { k where k is Element of NAT : H2(k) in FSet } is infinite by A3, A14; ::_thesis: verum end; A17: for n being Nat st S1[n] holds S1[n + 1] proof let n be Nat; ::_thesis: ( S1[n] implies S1[n + 1] ) assume A18: S1[n] ; ::_thesis: S1[n + 1] A19: for i being Nat for F being LTL-formula st F is_subformula_of v & len F = n + 1 & F in the LTLold of H2(i + 1) holds Shift (w,i) |= F proof let i be Nat; ::_thesis: for F being LTL-formula st F is_subformula_of v & len F = n + 1 & F in the LTLold of H2(i + 1) holds Shift (w,i) |= F let F be LTL-formula; ::_thesis: ( F is_subformula_of v & len F = n + 1 & F in the LTLold of H2(i + 1) implies Shift (w,i) |= F ) assume that A20: F is_subformula_of v and A21: len F = n + 1 and A22: F in the LTLold of H2(i + 1) ; ::_thesis: Shift (w,i) |= F set zeta = Shift (w,i); now__::_thesis:_Shift_(w,i)_|=_F percases ( F is Sub_atomic or F is conjunctive or F is disjunctive or F is next or F is Until or F is Release ) by A20, Th63, Th65; supposeA23: F is Sub_atomic ; ::_thesis: Shift (w,i) |= F set Gi9 = (CastSeq (w,AtomicFamily)) ^\ i; set Gi = H1(i); CastSeq ((Shift (w,i)),AtomicFamily) = (CastSeq (w,AtomicFamily)) ^\ i by MODELC_2:81; then A24: (CastSeq ((Shift (w,i)),AtomicFamily)) . 0 = (CastSeq (w,AtomicFamily)) . (0 + i) by NAT_1:def_3 .= H1(i) ; H1(i) in Label_ H2(i + 1) by A4; then consider X being Subset of atomic_LTL such that A25: H1(i) = X and A26: atomic_LTL H2(i + 1) c= X and A27: Neg_atomic_LTL H2(i + 1) misses X ; A28: (Neg_atomic_LTL H2(i + 1)) /\ X = {} by A27, XBOOLE_0:def_7; now__::_thesis:_Shift_(w,i)_|=_F percases ( F is atomic or ( F is negative & the_argument_of F is atomic ) ) by A23, Th64; supposeA29: F is atomic ; ::_thesis: Shift (w,i) |= F then F in atomic_LTL H2(i + 1) by A22; hence Shift (w,i) |= F by A25, A26, A24, A29, MODELC_2:63; ::_thesis: verum end; supposeA30: ( F is negative & the_argument_of F is atomic ) ; ::_thesis: Shift (w,i) |= F set Fa = the_argument_of F; A31: F = 'not' (the_argument_of F) by A30, MODELC_2:4; then ( Shift (w,i) |= F iff Shift (w,i) |/= the_argument_of F ) by MODELC_2:64; then A32: ( Shift (w,i) |= F iff not the_argument_of F in H1(i) ) by A24, A30, MODELC_2:63; the_argument_of F in Neg_atomic_LTL H2(i + 1) by A22, A30, A31; hence Shift (w,i) |= F by A25, A28, A32, XBOOLE_0:def_4; ::_thesis: verum end; end; end; hence Shift (w,i) |= F ; ::_thesis: verum end; supposeA33: ( F is conjunctive or F is disjunctive ) ; ::_thesis: Shift (w,i) |= F set h1 = the_left_argument_of F; len (the_left_argument_of F) < n + 1 by A21, A33, MODELC_2:11; then A34: len (the_left_argument_of F) <= n by NAT_1:13; set Runi1 = H2(i + 1); set Runi = H2(i); A35: H2(i + 1) is_next_of H2(i) by A4; set h2 = the_right_argument_of F; len (the_right_argument_of F) < n + 1 by A21, A33, MODELC_2:11; then A36: len (the_right_argument_of F) <= n by NAT_1:13; reconsider Runi1 = H2(i + 1) as strict elementary LTLnode over v by A35, Def20; reconsider Runi = H2(i) as strict elementary LTLnode over v by A35, Def20; A37: ( Runi1 is_next_of Runi & F in the LTLold of Runi1 implies ( ( F is conjunctive implies ( the_left_argument_of F in the LTLold of Runi1 & the_right_argument_of F in the LTLold of Runi1 ) ) & ( not F is disjunctive or the_left_argument_of F in the LTLold of Runi1 or the_right_argument_of F in the LTLold of Runi1 ) ) ) by Th41; A38: ( the_left_argument_of F is_subformula_of F & the_right_argument_of F is_subformula_of F ) by A33, MODELC_2:31; Shift (w,i) |= F proof now__::_thesis:_Shift_(w,i)_|=_F percases ( F is conjunctive or F is disjunctive ) by A33; supposeA39: F is conjunctive ; ::_thesis: Shift (w,i) |= F then ( Shift (w,i) |= the_left_argument_of F & Shift (w,i) |= the_right_argument_of F ) by A4, A18, A20, A22, A38, A34, A36, A37, MODELC_2:35; then Shift (w,i) |= (the_left_argument_of F) '&' (the_right_argument_of F) by MODELC_2:65; hence Shift (w,i) |= F by A39, MODELC_2:6; ::_thesis: verum end; supposeA40: F is disjunctive ; ::_thesis: Shift (w,i) |= F then ( Shift (w,i) |= the_left_argument_of F or Shift (w,i) |= the_right_argument_of F ) by A4, A18, A20, A22, A38, A34, A36, A37, MODELC_2:35; then Shift (w,i) |= (the_left_argument_of F) 'or' (the_right_argument_of F) by MODELC_2:66; hence Shift (w,i) |= F by A40, MODELC_2:7; ::_thesis: verum end; end; end; hence Shift (w,i) |= F ; ::_thesis: verum end; hence Shift (w,i) |= F ; ::_thesis: verum end; supposeA41: F is next ; ::_thesis: Shift (w,i) |= F set i1 = i + 1; set Runi1 = H2(i + 1); set Runi2 = H2((i + 1) + 1); H2((i + 1) + 1) is_next_of H2(i + 1) by A4; then reconsider Runi2 = H2((i + 1) + 1) as strict elementary LTLnode over v by Def20; set Runi = H2(i); A42: H2(i + 1) is_next_of H2(i) by A4; set h = the_argument_of F; A43: the_argument_of F is_subformula_of F by A41, MODELC_2:30; len (the_argument_of F) < n + 1 by A21, A41, MODELC_2:10; then A44: len (the_argument_of F) <= n by NAT_1:13; reconsider Runi1 = H2(i + 1) as strict elementary LTLnode over v by A42, Def20; reconsider Runi = H2(i) as strict elementary LTLnode over v by A42, Def20; A45: ( Runi1 is_next_of Runi & F in the LTLold of Runi1 & F is next implies the_argument_of F in the LTLnext of Runi1 ) by Th41; the LTLnext of Runi1 c= the LTLold of Runi2 by A4, Th37; then Shift (w,(i + 1)) |= the_argument_of F by A4, A18, A20, A22, A41, A43, A44, A45, MODELC_2:35; then Shift ((Shift (w,i)),1) |= the_argument_of F by MODELC_2:80; then Shift (w,i) |= 'X' (the_argument_of F) by MODELC_2:67; hence Shift (w,i) |= F by A41, MODELC_2:5; ::_thesis: verum end; supposeA46: F is Until ; ::_thesis: Shift (w,i) |= F set Fin = FinalS_LTL (F,v); deffunc H3( set ) -> set = run . ((CastNat $1) + i); set FRun = { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ; A47: for x being set st x in NAT holds H3(x) in LTLStates v proof let x be set ; ::_thesis: ( x in NAT implies H3(x) in LTLStates v ) assume x in NAT ; ::_thesis: H3(x) in LTLStates v set y = (CastNat x) + i; reconsider y = (CastNat x) + i as Element of NAT by ORDINAL1:def_12; H3(x) = run . y ; hence H3(x) in LTLStates v ; ::_thesis: verum end; consider runQ being Function of NAT,(LTLStates v) such that A48: for x being set st x in NAT holds runQ . x = H3(x) from FUNCT_2:sch_2(A47); reconsider runQ = runQ as sequence of (LTLStates v) ; deffunc H4( Nat) -> strict LTLnode over v = CastNode ((runQ . $1),v); A49: for m being Nat holds H4(m) = H2(m + i) proof let m be Nat; ::_thesis: H4(m) = H2(m + i) reconsider m = m as Element of NAT by ORDINAL1:def_12; H4(m) = CastNode (H3(m),v) by A48 .= H2(m + i) by MODELC_2:def_1 ; hence H4(m) = H2(m + i) ; ::_thesis: verum end; A50: for m being Nat holds H4(m + 1) is_next_of H4(m) proof let m be Nat; ::_thesis: H4(m + 1) is_next_of H4(m) set m1 = m + i; A51: H4(m + 1) = H2((m + 1) + i) by A49 .= H2((m + i) + 1) ; H4(m) = H2(m + i) by A49; hence H4(m + 1) is_next_of H4(m) by A4, A51; ::_thesis: verum end; set FRunQ = { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } ; A52: FinalS_LTL (F,v) in FinalS_LTL v by A20, A46; A53: { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } is infinite proof set FRun2 = { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } ; set FRun1 = { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } ; A54: { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } c= (Seg i) \/ {0} proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } or x in (Seg i) \/ {0} ) assume x in { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } ; ::_thesis: x in (Seg i) \/ {0} then consider k being Element of NAT such that A55: x = k and A56: k <= i and k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ; now__::_thesis:_x_in_(Seg_i)_\/_{0} percases ( k = 0 or k <> 0 ) ; suppose k = 0 ; ::_thesis: x in (Seg i) \/ {0} then k in {0} by TARSKI:def_1; hence x in (Seg i) \/ {0} by A55, XBOOLE_0:def_3; ::_thesis: verum end; suppose k <> 0 ; ::_thesis: x in (Seg i) \/ {0} then 0 < 0 + k ; then 1 <= k by NAT_1:19; then k in Seg i by A56, FINSEQ_1:1; hence x in (Seg i) \/ {0} by A55, XBOOLE_0:def_3; ::_thesis: verum end; end; end; hence x in (Seg i) \/ {0} ; ::_thesis: verum end; A57: ( { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } is finite implies { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } is finite ) proof deffunc H5( set ) -> set = (CastNat $1) + i; consider fun being Function such that A58: ( dom fun = { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } & ( for x being set st x in { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } holds fun . x = H5(x) ) ) from FUNCT_1:sch_3(); A59: for x being set st x in { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } holds (CastNat x) - i in { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } proof let x be set ; ::_thesis: ( x in { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } implies (CastNat x) - i in { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } ) assume x in { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } ; ::_thesis: (CastNat x) - i in { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } then consider k being Element of NAT such that A60: x = k and A61: i < k and A62: k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ; set k2 = k - i; reconsider k2 = k - i as Element of NAT by A61, NAT_1:21; A63: H4(k2) = H2(k2 + i) by A49 .= H2(k) ; ( ex k1 being Element of NAT st ( k = k1 & H2(k1) in FinalS_LTL (F,v) ) & (CastNat x) - i = k2 ) by A60, A62, MODELC_2:def_1; hence (CastNat x) - i in { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } by A63; ::_thesis: verum end; A64: for y being set st y in { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } holds ex x being set st ( x in dom fun & y = fun . x ) proof let y be set ; ::_thesis: ( y in { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } implies ex x being set st ( x in dom fun & y = fun . x ) ) assume A65: y in { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } ; ::_thesis: ex x being set st ( x in dom fun & y = fun . x ) consider k being Element of NAT such that A66: y = k and A67: i < k and k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } by A65; set x = (CastNat y) - i; A68: (CastNat y) - i in dom fun by A59, A58, A65; set k1 = k - i; reconsider k1 = k - i as Nat by A67, NAT_1:21; A69: (CastNat y) - i = k1 by A66, MODELC_2:def_1; fun . ((CastNat y) - i) = H5((CastNat y) - i) by A59, A58, A65 .= k1 + i by A69, MODELC_2:def_1 .= y by A66 ; hence ex x being set st ( x in dom fun & y = fun . x ) by A68; ::_thesis: verum end; assume { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } is finite ; ::_thesis: { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } is finite then rng fun is finite by A58, FINSET_1:8; hence { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } is finite by A64, FINSET_1:1, FUNCT_1:9; ::_thesis: verum end; { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } c= { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } \/ { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } or x in { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } \/ { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } ) assume A70: x in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ; ::_thesis: x in { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } \/ { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } then ex k being Element of NAT st ( x = k & H2(k) in FinalS_LTL (F,v) ) ; then reconsider x = x as Element of NAT ; now__::_thesis:_x_in__{__k_where_k_is_Element_of_NAT_:_(_k_<=_i_&_k_in__{__k_where_k_is_Element_of_NAT_:_H2(k)_in_FinalS_LTL_(F,v)__}__)__}__\/__{__k_where_k_is_Element_of_NAT_:_(_i_<_k_&_k_in__{__k_where_k_is_Element_of_NAT_:_H2(k)_in_FinalS_LTL_(F,v)__}__)__}_ percases ( x <= i or i < x ) ; suppose x <= i ; ::_thesis: x in { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } \/ { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } then x in { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } by A70; hence x in { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } \/ { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } by XBOOLE_0:def_3; ::_thesis: verum end; suppose i < x ; ::_thesis: x in { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } \/ { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } then x in { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } by A70; hence x in { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } \/ { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } by XBOOLE_0:def_3; ::_thesis: verum end; end; end; hence x in { k where k is Element of NAT : ( k <= i & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } \/ { k where k is Element of NAT : ( i < k & k in { k where k is Element of NAT : H2(k) in FinalS_LTL (F,v) } ) } ; ::_thesis: verum end; hence { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } is infinite by A13, A52, A57, A54; ::_thesis: verum end; set h2 = the_right_argument_of F; set h1 = the_left_argument_of F; len (the_left_argument_of F) < n + 1 by A21, A46, MODELC_2:11; then A71: len (the_left_argument_of F) <= n by NAT_1:13; A72: ( ( for m being Nat st m >= 1 holds ( F in the LTLold of H4(m) & the_left_argument_of F in the LTLold of H4(m) & not the_right_argument_of F in the LTLold of H4(m) ) ) implies { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } is finite ) proof assume A73: for m being Nat st m >= 1 holds ( F in the LTLold of H4(m) & the_left_argument_of F in the LTLold of H4(m) & not the_right_argument_of F in the LTLold of H4(m) ) ; ::_thesis: { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } is finite now__::_thesis:__{__k_where_k_is_Element_of_NAT_:_H4(k)_in_FinalS_LTL_(F,v)__}__c=_{0} assume not { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } c= {0} ; ::_thesis: contradiction then consider x being set such that A74: x in { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } and A75: not x in {0} by TARSKI:def_3; consider k being Element of NAT such that A76: x = k and A77: H4(k) in FinalS_LTL (F,v) by A74; k <> 0 by A75, A76, TARSKI:def_1; then 0 < 0 + k ; then A78: 1 <= k by NAT_1:19; set RQk = H4(k); consider y being Element of LTLStates v such that A79: H4(k) = y and A80: ( not F in the LTLold of (CastNode (y,v)) or the_right_argument_of F in the LTLold of (CastNode (y,v)) ) by A77; reconsider y = y as strict LTLnode over v by A79; CastNode (y,v) = H4(k) by A79, Def16; hence contradiction by A73, A78, A80; ::_thesis: verum end; hence { k where k is Element of NAT : H4(k) in FinalS_LTL (F,v) } is finite ; ::_thesis: verum end; F in the LTLold of H4(1) by A22, A49; then consider j being Nat such that A81: j >= 1 and A82: the_right_argument_of F in the LTLold of H4(j) and A83: for m being Nat st 1 <= m & m < j holds ( F in the LTLold of H4(m) & the_left_argument_of F in the LTLold of H4(m) ) by A46, A50, A53, A72, Th54; set j0 = j - 1; reconsider j0 = j - 1 as Nat by A81, NAT_1:21; set j1 = j0 + i; (j0 + i) + 1 = j + i ; then A84: the_right_argument_of F in the LTLold of H2((j0 + i) + 1) by A49, A82; A85: the_left_argument_of F is_subformula_of F by A46, MODELC_2:31; A86: for k being Nat st k < j0 holds Shift ((Shift (w,i)),k) |= the_left_argument_of F proof let k be Nat; ::_thesis: ( k < j0 implies Shift ((Shift (w,i)),k) |= the_left_argument_of F ) assume A87: k < j0 ; ::_thesis: Shift ((Shift (w,i)),k) |= the_left_argument_of F set k1 = k + 1; set ki = k + i; ( 1 <= k + 1 & k + 1 < j0 + 1 ) by A87, NAT_1:11, XREAL_1:8; then the_left_argument_of F in the LTLold of H4(k + 1) by A83; then the_left_argument_of F in the LTLold of H2((k + 1) + i) by A49; then the_left_argument_of F in the LTLold of H2((k + i) + 1) ; then Shift (w,(k + i)) |= the_left_argument_of F by A18, A20, A85, A71, MODELC_2:35; hence Shift ((Shift (w,i)),k) |= the_left_argument_of F by MODELC_2:80; ::_thesis: verum end; len (the_right_argument_of F) < n + 1 by A21, A46, MODELC_2:11; then A88: len (the_right_argument_of F) <= n by NAT_1:13; the_right_argument_of F is_subformula_of F by A46, MODELC_2:31; then Shift (w,(j0 + i)) |= the_right_argument_of F by A18, A20, A88, A84, MODELC_2:35; then A89: Shift ((Shift (w,i)),j0) |= the_right_argument_of F by MODELC_2:80; F = (the_left_argument_of F) 'U' (the_right_argument_of F) by A46, MODELC_2:8; hence Shift (w,i) |= F by A89, A86, MODELC_2:68; ::_thesis: verum end; supposeA90: F is Release ; ::_thesis: Shift (w,i) |= F set h2 = the_right_argument_of F; A91: the_right_argument_of F is_subformula_of F by A90, MODELC_2:31; set h1 = the_left_argument_of F; defpred S2[ Nat] means ( ( for k being Nat st k < $1 holds Shift ((Shift (w,i)),k) |= 'not' (the_left_argument_of F) ) implies ( Shift ((Shift (w,i)),$1) |= the_right_argument_of F & F in the LTLold of H2((i + 1) + $1) ) ); len (the_left_argument_of F) < n + 1 by A21, A90, MODELC_2:11; then A92: len (the_left_argument_of F) <= n by NAT_1:13; len (the_right_argument_of F) < n + 1 by A21, A90, MODELC_2:11; then A93: len (the_right_argument_of F) <= n by NAT_1:13; A94: the_left_argument_of F is_subformula_of F by A90, MODELC_2:31; A95: for j being Nat st S2[j] holds S2[j + 1] proof let j be Nat; ::_thesis: ( S2[j] implies S2[j + 1] ) assume A96: S2[j] ; ::_thesis: S2[j + 1] S2[j + 1] proof set i1 = i + j; set Run1 = H2((i + j) + 1); set Run0 = H2(i + j); assume A97: for k being Nat st k < j + 1 holds Shift ((Shift (w,i)),k) |= 'not' (the_left_argument_of F) ; ::_thesis: ( Shift ((Shift (w,i)),(j + 1)) |= the_right_argument_of F & F in the LTLold of H2((i + 1) + (j + 1)) ) A98: for k being Nat st k < j holds Shift ((Shift (w,i)),k) |= 'not' (the_left_argument_of F) proof A99: j <= j + 1 by NAT_1:11; let k be Nat; ::_thesis: ( k < j implies Shift ((Shift (w,i)),k) |= 'not' (the_left_argument_of F) ) assume k < j ; ::_thesis: Shift ((Shift (w,i)),k) |= 'not' (the_left_argument_of F) then k < j + 1 by A99, XXREAL_0:2; hence Shift ((Shift (w,i)),k) |= 'not' (the_left_argument_of F) by A97; ::_thesis: verum end; A100: H2((i + j) + 1) is_next_of H2(i + j) by A4; then reconsider Run0 = H2(i + j) as strict elementary LTLnode over v by Def20; set i2 = (i + j) + 1; set Run2 = H2(((i + j) + 1) + 1); A101: H2(((i + j) + 1) + 1) is_next_of H2((i + j) + 1) by A4; then reconsider Run2 = H2(((i + j) + 1) + 1) as strict elementary LTLnode over v by Def20; reconsider Run1 = H2((i + j) + 1) as strict elementary LTLnode over v by A100, Def20; j < j + 1 by NAT_1:13; then A102: Shift ((Shift (w,i)),j) |= 'not' (the_left_argument_of F) by A97; A103: now__::_thesis:_not_the_left_argument_of_F_in_the_LTLold_of_Run1 assume the_left_argument_of F in the LTLold of Run1 ; ::_thesis: contradiction then Shift (w,(i + j)) |= the_left_argument_of F by A18, A20, A94, A92, MODELC_2:35; then Shift ((Shift (w,i)),j) |= the_left_argument_of F by MODELC_2:80; hence contradiction by A102, MODELC_2:64; ::_thesis: verum end; A104: ( Run1 is_next_of Run0 & F is Release & F in the LTLold of Run1 & not the_left_argument_of F in the LTLold of Run1 implies ( the_right_argument_of F in the LTLold of Run1 & F in the LTLnext of Run1 ) ) by Th39; then the_right_argument_of F in the LTLold of Run2 by A4, A90, A96, A101, A98, A103, Th40; then A105: Shift (w,(i + (j + 1))) |= the_right_argument_of F by A18, A20, A91, A93, MODELC_2:35; F in the LTLold of Run2 by A4, A90, A96, A101, A98, A103, A104, Th40; hence ( Shift ((Shift (w,i)),(j + 1)) |= the_right_argument_of F & F in the LTLold of H2((i + 1) + (j + 1)) ) by A105, MODELC_2:80; ::_thesis: verum end; hence S2[j + 1] ; ::_thesis: verum end; A106: F = (the_left_argument_of F) 'R' (the_right_argument_of F) by A90, MODELC_2:9; A107: ( ( for j being Nat holds S2[j] ) implies Shift (w,i) |= F ) proof assume for j being Nat holds S2[j] ; ::_thesis: Shift (w,i) |= F then for j being Nat st ( for k being Nat st k < j holds Shift ((Shift (w,i)),k) |= 'not' (the_left_argument_of F) ) holds Shift ((Shift (w,i)),j) |= the_right_argument_of F ; hence Shift (w,i) |= F by A106, MODELC_2:69; ::_thesis: verum end; A108: S2[ 0 ] proof set Run0 = H2(i); set Run1 = H2(i + 1); A109: H2(i + 1) is_next_of H2(i) by A4; then reconsider Run1 = H2(i + 1) as strict elementary LTLnode over v by Def20; reconsider Run0 = H2(i) as strict elementary LTLnode over v by A109, Def20; assume for k being Nat st k < 0 holds Shift ((Shift (w,i)),k) |= 'not' (the_left_argument_of F) ; ::_thesis: ( Shift ((Shift (w,i)),0) |= the_right_argument_of F & F in the LTLold of H2((i + 1) + 0) ) A110: Shift ((Shift (w,i)),0) = Shift (w,i) by MODELC_2:79; ( Run1 is_next_of Run0 & F in the LTLold of Run1 & F is Release implies the_right_argument_of F in the LTLold of Run1 ) by Th41; hence ( Shift ((Shift (w,i)),0) |= the_right_argument_of F & F in the LTLold of H2((i + 1) + 0) ) by A4, A18, A20, A22, A90, A91, A93, A110, MODELC_2:35; ::_thesis: verum end; for j being Nat holds S2[j] from NAT_1:sch_2(A108, A95); hence Shift (w,i) |= F by A107; ::_thesis: verum end; end; end; hence Shift (w,i) |= F ; ::_thesis: verum end; S1[n + 1] proof let i be Nat; ::_thesis: for F being LTL-formula st F is_subformula_of v & len F <= n + 1 & F in the LTLold of H2(i + 1) holds Shift (w,i) |= F let F be LTL-formula; ::_thesis: ( F is_subformula_of v & len F <= n + 1 & F in the LTLold of H2(i + 1) implies Shift (w,i) |= F ) assume that A111: F is_subformula_of v and A112: len F <= n + 1 and A113: F in the LTLold of H2(i + 1) ; ::_thesis: Shift (w,i) |= F set L = len F; reconsider L = len F as Nat ; now__::_thesis:_Shift_(w,i)_|=_F percases ( L <= n or L = n + 1 ) by A112, NAT_1:8; suppose L <= n ; ::_thesis: Shift (w,i) |= F hence Shift (w,i) |= F by A18, A111, A113; ::_thesis: verum end; suppose L = n + 1 ; ::_thesis: Shift (w,i) |= F hence Shift (w,i) |= F by A19, A111, A113; ::_thesis: verum end; end; end; hence Shift (w,i) |= F ; ::_thesis: verum end; hence S1[n + 1] ; ::_thesis: verum end; A114: S1[ 0 ] by MODELC_2:3; A115: for n being Nat holds S1[n] from NAT_1:sch_2(A114, A17); set n = len v; A116: ( v in {v} & len v <= len v ) by TARSKI:def_1; reconsider Run01 = H2(0 + 1) as strict elementary LTLnode over v by A11, Def20; reconsider Run00 = H2( 0 ) as strict elementary LTLnode over v by A11, Def20; A117: the LTLnext of Run00 c= the LTLold of Run01 by A4, Th37; H2( 0 ) = CastNode ((init v),v) by A1, TARSKI:def_1 .= init v by Def16 ; then Shift (w,0) |= v by A117, A115, A116; hence w |= v by MODELC_2:79; ::_thesis: verum end; definition let w be Element of Inf_seq AtomicFamily; let v be neg-inner-most LTL-formula; let U be Choice_Function of BOOL (Subformulae v); let N be strict LTLnode over v; assume that A1: not N is elementary and A2: w |= * N ; func chosen_succ_end_num (w,v,U,N) -> Nat means :Def48: :: MODELC_3:def 48 ( ( for i being Nat st i < it holds ( not CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) is elementary & CastNode ((((choice_succ_func (w,v,U)) |** (i + 1)) . N),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) ) ) & CastNode ((((choice_succ_func (w,v,U)) |** it) . N),v) is elementary & ( for i being Nat st i <= it holds w |= * (CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v)) ) ); existence ex b1 being Nat st ( ( for i being Nat st i < b1 holds ( not CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) is elementary & CastNode ((((choice_succ_func (w,v,U)) |** (i + 1)) . N),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) ) ) & CastNode ((((choice_succ_func (w,v,U)) |** b1) . N),v) is elementary & ( for i being Nat st i <= b1 holds w |= * (CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v)) ) ) proof A3: w |= * (CastNode (N,v)) by A2, Def16; ( N in LTLNodes v & not CastNode (N,v) is elementary ) by A1, Def16, Def30; hence ex b1 being Nat st ( ( for i being Nat st i < b1 holds ( not CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) is elementary & CastNode ((((choice_succ_func (w,v,U)) |** (i + 1)) . N),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) ) ) & CastNode ((((choice_succ_func (w,v,U)) |** b1) . N),v) is elementary & ( for i being Nat st i <= b1 holds w |= * (CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v)) ) ) by A3, Th51, Th62; ::_thesis: verum end; uniqueness for b1, b2 being Nat st ( for i being Nat st i < b1 holds ( not CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) is elementary & CastNode ((((choice_succ_func (w,v,U)) |** (i + 1)) . N),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) ) ) & CastNode ((((choice_succ_func (w,v,U)) |** b1) . N),v) is elementary & ( for i being Nat st i <= b1 holds w |= * (CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v)) ) & ( for i being Nat st i < b2 holds ( not CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) is elementary & CastNode ((((choice_succ_func (w,v,U)) |** (i + 1)) . N),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) ) ) & CastNode ((((choice_succ_func (w,v,U)) |** b2) . N),v) is elementary & ( for i being Nat st i <= b2 holds w |= * (CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v)) ) holds b1 = b2 proof set f = choice_succ_func (w,v,U); let n1, n2 be Nat; ::_thesis: ( ( for i being Nat st i < n1 holds ( not CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) is elementary & CastNode ((((choice_succ_func (w,v,U)) |** (i + 1)) . N),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) ) ) & CastNode ((((choice_succ_func (w,v,U)) |** n1) . N),v) is elementary & ( for i being Nat st i <= n1 holds w |= * (CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v)) ) & ( for i being Nat st i < n2 holds ( not CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) is elementary & CastNode ((((choice_succ_func (w,v,U)) |** (i + 1)) . N),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) ) ) & CastNode ((((choice_succ_func (w,v,U)) |** n2) . N),v) is elementary & ( for i being Nat st i <= n2 holds w |= * (CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v)) ) implies n1 = n2 ) assume that A4: for i being Nat st i < n1 holds ( not CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) is elementary & CastNode ((((choice_succ_func (w,v,U)) |** (i + 1)) . N),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) ) and A5: CastNode ((((choice_succ_func (w,v,U)) |** n1) . N),v) is elementary and for i being Nat st i <= n1 holds w |= * (CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v)) and A6: for i being Nat st i < n2 holds ( not CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) is elementary & CastNode ((((choice_succ_func (w,v,U)) |** (i + 1)) . N),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) ) and A7: CastNode ((((choice_succ_func (w,v,U)) |** n2) . N),v) is elementary and for i being Nat st i <= n2 holds w |= * (CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v)) ; ::_thesis: n1 = n2 now__::_thesis:_not_n1_<>_n2 assume A8: n1 <> n2 ; ::_thesis: contradiction now__::_thesis:_contradiction percases ( n1 < n2 or n2 < n1 ) by A8, XXREAL_0:1; suppose n1 < n2 ; ::_thesis: contradiction hence contradiction by A5, A6; ::_thesis: verum end; suppose n2 < n1 ; ::_thesis: contradiction hence contradiction by A4, A7; ::_thesis: verum end; end; end; hence contradiction ; ::_thesis: verum end; hence n1 = n2 ; ::_thesis: verum end; end; :: deftheorem Def48 defines chosen_succ_end_num MODELC_3:def_48_:_ for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula for U being Choice_Function of BOOL (Subformulae v) for N being strict LTLnode over v st not N is elementary & w |= * N holds for b5 being Nat holds ( b5 = chosen_succ_end_num (w,v,U,N) iff ( ( for i being Nat st i < b5 holds ( not CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) is elementary & CastNode ((((choice_succ_func (w,v,U)) |** (i + 1)) . N),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v) ) ) & CastNode ((((choice_succ_func (w,v,U)) |** b5) . N),v) is elementary & ( for i being Nat st i <= b5 holds w |= * (CastNode ((((choice_succ_func (w,v,U)) |** i) . N),v)) ) ) ); definition let w be Element of Inf_seq AtomicFamily; let v be neg-inner-most LTL-formula; let U be Choice_Function of BOOL (Subformulae v); let N be strict LTLnode over v; assume A1: w |= * ('X' N) ; func chosen_next (w,v,U,N) -> strict elementary LTLnode over v equals :Def49: :: MODELC_3:def 49 CastNode ((((choice_succ_func (w,v,U)) |** (chosen_succ_end_num (w,v,U,('X' N)))) . ('X' N)),v) if not 'X' N is elementary otherwise FinalNode v; correctness coherence ( ( not 'X' N is elementary implies CastNode ((((choice_succ_func (w,v,U)) |** (chosen_succ_end_num (w,v,U,('X' N)))) . ('X' N)),v) is strict elementary LTLnode over v ) & ( 'X' N is elementary implies FinalNode v is strict elementary LTLnode over v ) ); consistency for b1 being strict elementary LTLnode over v holds verum; by A1, Def48; end; :: deftheorem Def49 defines chosen_next MODELC_3:def_49_:_ for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula for U being Choice_Function of BOOL (Subformulae v) for N being strict LTLnode over v st w |= * ('X' N) holds ( ( not 'X' N is elementary implies chosen_next (w,v,U,N) = CastNode ((((choice_succ_func (w,v,U)) |** (chosen_succ_end_num (w,v,U,('X' N)))) . ('X' N)),v) ) & ( 'X' N is elementary implies chosen_next (w,v,U,N) = FinalNode v ) ); theorem Th69: :: MODELC_3:69 for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula for U being Choice_Function of BOOL (Subformulae v) for s being strict elementary LTLnode over v st w |= * ('X' s) holds ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) proof let w be Element of Inf_seq AtomicFamily; ::_thesis: for v being neg-inner-most LTL-formula for U being Choice_Function of BOOL (Subformulae v) for s being strict elementary LTLnode over v st w |= * ('X' s) holds ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) let v be neg-inner-most LTL-formula; ::_thesis: for U being Choice_Function of BOOL (Subformulae v) for s being strict elementary LTLnode over v st w |= * ('X' s) holds ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) let U be Choice_Function of BOOL (Subformulae v); ::_thesis: for s being strict elementary LTLnode over v st w |= * ('X' s) holds ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) let s be strict elementary LTLnode over v; ::_thesis: ( w |= * ('X' s) implies ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) ) set LN = LTLNodes v; set N = 'X' s; assume A1: w |= * ('X' s) ; ::_thesis: ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) set n = chosen_succ_end_num (w,v,U,('X' s)); set f = choice_succ_func (w,v,U); set nextnode = CastNode ((((choice_succ_func (w,v,U)) |** (chosen_succ_end_num (w,v,U,('X' s)))) . ('X' s)),v); A2: 'X' s in LTLNodes v by Def30; now__::_thesis:_(_chosen_next_(w,v,U,s)_is_next_of_s_&_w_|=_*_(chosen_next_(w,v,U,s))_) percases ( not 'X' s is elementary or 'X' s is elementary ) ; supposeA3: not 'X' s is elementary ; ::_thesis: ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) deffunc H1( set ) -> strict LTLnode over v = CastNode ((((choice_succ_func (w,v,U)) |** (CastNat ((CastNat $1) - 1))) . ('X' s)),v); set n1 = (chosen_succ_end_num (w,v,U,('X' s))) + 1; ex L being FinSequence st ( len L = (chosen_succ_end_num (w,v,U,('X' s))) + 1 & ( for k being Nat st k in dom L holds L . k = H1(k) ) ) from FINSEQ_1:sch_2(); then consider L being FinSequence such that A4: len L = (chosen_succ_end_num (w,v,U,('X' s))) + 1 and A5: for k being Nat st k in dom L holds L . k = H1(k) ; A6: Seg ((chosen_succ_end_num (w,v,U,('X' s))) + 1) = dom L by A4, FINSEQ_1:def_3; A7: for k being Nat st 1 <= k & k <= (chosen_succ_end_num (w,v,U,('X' s))) + 1 holds L . k = CastNode ((((choice_succ_func (w,v,U)) |** (CastNat (k - 1))) . ('X' s)),v) proof let k be Nat; ::_thesis: ( 1 <= k & k <= (chosen_succ_end_num (w,v,U,('X' s))) + 1 implies L . k = CastNode ((((choice_succ_func (w,v,U)) |** (CastNat (k - 1))) . ('X' s)),v) ) assume ( 1 <= k & k <= (chosen_succ_end_num (w,v,U,('X' s))) + 1 ) ; ::_thesis: L . k = CastNode ((((choice_succ_func (w,v,U)) |** (CastNat (k - 1))) . ('X' s)),v) then k in Seg ((chosen_succ_end_num (w,v,U,('X' s))) + 1) by FINSEQ_1:1; then L . k = CastNode ((((choice_succ_func (w,v,U)) |** (CastNat ((CastNat k) - 1))) . ('X' s)),v) by A5, A6; hence L . k = CastNode ((((choice_succ_func (w,v,U)) |** (CastNat (k - 1))) . ('X' s)),v) by MODELC_2:def_1; ::_thesis: verum end; for k being Nat st 1 <= k & k < len L holds ex N1, M1 being strict LTLnode over v st ( N1 = L . k & M1 = L . (k + 1) & M1 is_succ_of N1 ) proof let k be Nat; ::_thesis: ( 1 <= k & k < len L implies ex N1, M1 being strict LTLnode over v st ( N1 = L . k & M1 = L . (k + 1) & M1 is_succ_of N1 ) ) assume that A8: 1 <= k and A9: k < len L ; ::_thesis: ex N1, M1 being strict LTLnode over v st ( N1 = L . k & M1 = L . (k + 1) & M1 is_succ_of N1 ) set k1 = k - 1; reconsider k1 = k - 1 as Nat by A8, NAT_1:21; set M1 = CastNode ((((choice_succ_func (w,v,U)) |** (k1 + 1)) . ('X' s)),v); set kp = k + 1; ( 1 <= k + 1 & k + 1 <= (chosen_succ_end_num (w,v,U,('X' s))) + 1 ) by A4, A8, A9, NAT_1:13; then A10: L . (k + 1) = CastNode ((((choice_succ_func (w,v,U)) |** (CastNat ((k + 1) - 1))) . ('X' s)),v) by A7 .= CastNode ((((choice_succ_func (w,v,U)) |** (k1 + 1)) . ('X' s)),v) by MODELC_2:def_1 ; set N1 = CastNode ((((choice_succ_func (w,v,U)) |** k1) . ('X' s)),v); k - 1 < ((chosen_succ_end_num (w,v,U,('X' s))) + 1) - 1 by A4, A9, XREAL_1:14; then A11: CastNode ((((choice_succ_func (w,v,U)) |** (k1 + 1)) . ('X' s)),v) is_succ_of CastNode ((((choice_succ_func (w,v,U)) |** k1) . ('X' s)),v) by A1, A3, Def48; L . k = CastNode ((((choice_succ_func (w,v,U)) |** (CastNat k1)) . ('X' s)),v) by A4, A7, A8, A9 .= CastNode ((((choice_succ_func (w,v,U)) |** k1) . ('X' s)),v) by MODELC_2:def_1 ; hence ex N1, M1 being strict LTLnode over v st ( N1 = L . k & M1 = L . (k + 1) & M1 is_succ_of N1 ) by A11, A10; ::_thesis: verum end; then A12: L is_Finseq_for v by Def19; A13: 1 <= (chosen_succ_end_num (w,v,U,('X' s))) + 1 by NAT_1:11; then A14: L . (len L) = CastNode ((((choice_succ_func (w,v,U)) |** (CastNat (((chosen_succ_end_num (w,v,U,('X' s))) + 1) - 1))) . ('X' s)),v) by A4, A7 .= CastNode ((((choice_succ_func (w,v,U)) |** (chosen_succ_end_num (w,v,U,('X' s)))) . ('X' s)),v) by MODELC_2:def_1 ; A15: CastNode ((((choice_succ_func (w,v,U)) |** (chosen_succ_end_num (w,v,U,('X' s)))) . ('X' s)),v) = chosen_next (w,v,U,s) by A1, A3, Def49; L . 1 = CastNode ((((choice_succ_func (w,v,U)) |** (CastNat (1 - 1))) . ('X' s)),v) by A13, A7 .= CastNode ((((choice_succ_func (w,v,U)) |** 0) . ('X' s)),v) by MODELC_2:def_1 .= CastNode (((id (LTLNodes v)) . ('X' s)),v) by FUNCT_7:84 .= CastNode (('X' s),v) by A2, FUNCT_1:18 .= 'X' s by Def16 ; hence ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) by A1, A3, A15, A13, A4, A14, A12, Def20, Def48; ::_thesis: verum end; suppose 'X' s is elementary ; ::_thesis: ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) then the LTLnew of ('X' s) = the LTLnew of (FinalNode v) by Def11; then A16: chosen_next (w,v,U,s) = 'X' s by A1, Def49; set L = <*('X' s)*>; A17: Seg 1 = dom <*('X' s)*> by FINSEQ_1:38; A18: for n being Nat st n in dom <*('X' s)*> holds <*('X' s)*> . n = 'X' s proof let n be Nat; ::_thesis: ( n in dom <*('X' s)*> implies <*('X' s)*> . n = 'X' s ) assume n in dom <*('X' s)*> ; ::_thesis: <*('X' s)*> . n = 'X' s then n = 1 by A17, FINSEQ_1:2, TARSKI:def_1; hence <*('X' s)*> . n = 'X' s by FINSEQ_1:40; ::_thesis: verum end; for k being Nat st 1 <= k & k < len <*('X' s)*> holds ex N1, M1 being strict LTLnode over v st ( N1 = <*('X' s)*> . k & M1 = <*('X' s)*> . (k + 1) & M1 is_succ_of N1 ) by FINSEQ_1:39; then A19: <*('X' s)*> is_Finseq_for v by Def19; 1 in Seg 1 by FINSEQ_1:1; then ( len <*('X' s)*> = 1 & <*('X' s)*> . 1 = 'X' s ) by A17, A18, FINSEQ_1:39; hence ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) by A1, A16, A19, Def20; ::_thesis: verum end; end; end; hence ( chosen_next (w,v,U,s) is_next_of s & w |= * (chosen_next (w,v,U,s)) ) ; ::_thesis: verum end; definition let w be Element of Inf_seq AtomicFamily; let v be neg-inner-most LTL-formula; let U be Choice_Function of BOOL (Subformulae v); func chosen_run (w,v,U) -> sequence of (LTLStates v) means :Def50: :: MODELC_3:def 50 ( it . 0 = init v & ( for n being Nat holds it . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((it . n),v))) ) ); existence ex b1 being sequence of (LTLStates v) st ( b1 . 0 = init v & ( for n being Nat holds b1 . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((b1 . n),v))) ) ) proof deffunc H1( set , set ) -> strict elementary LTLnode over v = chosen_next ((Shift (w,(CastNat $1))),v,U,(CastNode ($2,v))); set LS = LTLStates v; ( ex y being set ex f being Function st ( y = f . 0 & dom f = NAT & f . 0 = init v & ( for n being Element of NAT holds f . (n + 1) = H1(n,f . n) ) ) & ( for y1, y2 being set st ex f being Function st ( y1 = f . 0 & dom f = NAT & f . 0 = init v & ( for n being Element of NAT holds f . (n + 1) = H1(n,f . n) ) ) & ex f being Function st ( y2 = f . 0 & dom f = NAT & f . 0 = init v & ( for n being Element of NAT holds f . (n + 1) = H1(n,f . n) ) ) holds y1 = y2 ) ) from RECDEF_1:sch_12(); then consider IT being Function such that A1: dom IT = NAT and A2: IT . 0 = init v and A3: for n being Element of NAT holds IT . (n + 1) = H1(n,IT . n) ; A4: for n being Nat holds IT . (n + 1) = H1(n,IT . n) proof let n be Nat; ::_thesis: IT . (n + 1) = H1(n,IT . n) reconsider n = n as Element of NAT by ORDINAL1:def_12; IT . (n + 1) = H1(n,IT . n) by A3; hence IT . (n + 1) = H1(n,IT . n) ; ::_thesis: verum end; A5: for n being Nat holds IT . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((IT . n),v))) proof let n be Nat; ::_thesis: IT . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((IT . n),v))) IT . (n + 1) = chosen_next ((Shift (w,(CastNat n))),v,U,(CastNode ((IT . n),v))) by A4; hence IT . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((IT . n),v))) by MODELC_2:def_1; ::_thesis: verum end; for x being set st x in NAT holds IT . x in LTLStates v proof let x be set ; ::_thesis: ( x in NAT implies IT . x in LTLStates v ) assume x in NAT ; ::_thesis: IT . x in LTLStates v then reconsider x = x as Nat ; A6: ( x = 0 or 0 < 0 + x ) ; now__::_thesis:_IT_._x_in_LTLStates_v percases ( x = 0 or 1 <= x ) by A6, NAT_1:19; supposeA7: x = 0 ; ::_thesis: IT . x in LTLStates v set y = IT . x; reconsider y = IT . x as Element of LTLNodes v by A2, A7, Def30; IT . x = y ; hence IT . x in LTLStates v by A2, A7; ::_thesis: verum end; supposeA8: 1 <= x ; ::_thesis: IT . x in LTLStates v set x1 = x - 1; reconsider x1 = x - 1 as Nat by A8, NAT_1:21; set y = IT . x; A9: IT . x = IT . (x1 + 1) .= H1(x1,IT . x1) by A4 ; then reconsider y = IT . x as Element of LTLNodes v by Def30; IT . x = y ; hence IT . x in LTLStates v by A9; ::_thesis: verum end; end; end; hence IT . x in LTLStates v ; ::_thesis: verum end; then reconsider IT = IT as sequence of (LTLStates v) by A1, FUNCT_2:3; take IT ; ::_thesis: ( IT . 0 = init v & ( for n being Nat holds IT . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((IT . n),v))) ) ) thus ( IT . 0 = init v & ( for n being Nat holds IT . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((IT . n),v))) ) ) by A2, A5; ::_thesis: verum end; uniqueness for b1, b2 being sequence of (LTLStates v) st b1 . 0 = init v & ( for n being Nat holds b1 . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((b1 . n),v))) ) & b2 . 0 = init v & ( for n being Nat holds b2 . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((b2 . n),v))) ) holds b1 = b2 proof deffunc H1( set , set ) -> strict elementary LTLnode over v = chosen_next ((Shift (w,(CastNat $1))),v,U,(CastNode ($2,v))); deffunc H2( Nat, set ) -> strict elementary LTLnode over v = chosen_next ((Shift (w,$1)),v,U,(CastNode ($2,v))); set LS = LTLStates v; A10: for f, g being Function of NAT,(LTLStates v) st f . 0 = init v & ( for n being Nat holds f . (n + 1) = H1(n,f . n) ) & g . 0 = init v & ( for n being Nat holds g . (n + 1) = H1(n,g . n) ) holds f = g proof let f, g be Function of NAT,(LTLStates v); ::_thesis: ( f . 0 = init v & ( for n being Nat holds f . (n + 1) = H1(n,f . n) ) & g . 0 = init v & ( for n being Nat holds g . (n + 1) = H1(n,g . n) ) implies f = g ) assume that A11: f . 0 = init v and A12: for n being Nat holds f . (n + 1) = H1(n,f . n) and A13: g . 0 = init v and A14: for n being Nat holds g . (n + 1) = H1(n,g . n) ; ::_thesis: f = g defpred S1[ Nat] means f . $1 = g . $1; A15: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) assume S1[k] ; ::_thesis: S1[k + 1] then f . (k + 1) = H1(k,g . k) by A12 .= g . (k + 1) by A14 ; hence S1[k + 1] ; ::_thesis: verum end; A16: S1[ 0 ] by A11, A13; for k being Element of NAT holds S1[k] from NAT_1:sch_1(A16, A15); then A17: for x being set st x in dom f holds f . x = g . x ; ( dom f = NAT & dom g = NAT ) by FUNCT_2:def_1; hence f = g by A17, FUNCT_1:2; ::_thesis: verum end; for f, g being Function of NAT,(LTLStates v) st f . 0 = init v & ( for n being Nat holds f . (n + 1) = H2(n,f . n) ) & g . 0 = init v & ( for n being Nat holds g . (n + 1) = H2(n,g . n) ) holds f = g proof let f, g be Function of NAT,(LTLStates v); ::_thesis: ( f . 0 = init v & ( for n being Nat holds f . (n + 1) = H2(n,f . n) ) & g . 0 = init v & ( for n being Nat holds g . (n + 1) = H2(n,g . n) ) implies f = g ) assume that A18: f . 0 = init v and A19: for n being Nat holds f . (n + 1) = H2(n,f . n) and A20: g . 0 = init v and A21: for n being Nat holds g . (n + 1) = H2(n,g . n) ; ::_thesis: f = g A22: for n being Nat holds g . (n + 1) = H1(n,g . n) proof let n be Nat; ::_thesis: g . (n + 1) = H1(n,g . n) g . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((g . n),v))) by A21; hence g . (n + 1) = H1(n,g . n) by MODELC_2:def_1; ::_thesis: verum end; for n being Nat holds f . (n + 1) = H1(n,f . n) proof let n be Nat; ::_thesis: f . (n + 1) = H1(n,f . n) f . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((f . n),v))) by A19; hence f . (n + 1) = H1(n,f . n) by MODELC_2:def_1; ::_thesis: verum end; hence f = g by A10, A18, A20, A22; ::_thesis: verum end; hence for b1, b2 being sequence of (LTLStates v) st b1 . 0 = init v & ( for n being Nat holds b1 . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((b1 . n),v))) ) & b2 . 0 = init v & ( for n being Nat holds b2 . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((b2 . n),v))) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def50 defines chosen_run MODELC_3:def_50_:_ for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula for U being Choice_Function of BOOL (Subformulae v) for b4 being sequence of (LTLStates v) holds ( b4 = chosen_run (w,v,U) iff ( b4 . 0 = init v & ( for n being Nat holds b4 . (n + 1) = chosen_next ((Shift (w,n)),v,U,(CastNode ((b4 . n),v))) ) ) ); Lm34: for v being neg-inner-most LTL-formula holds 'X' (CastLTL ({} v)) = {} proof let v be neg-inner-most LTL-formula; ::_thesis: 'X' (CastLTL ({} v)) = {} now__::_thesis:_not_'X'_(CastLTL_({}_v))_<>_{} assume 'X' (CastLTL ({} v)) <> {} ; ::_thesis: contradiction then consider y being set such that A1: y in 'X' (CastLTL ({} v)) by XBOOLE_0:def_1; ex x being LTL-formula st ( y = x & ex u being LTL-formula st ( u in CastLTL ({} v) & x = 'X' u ) ) by A1; hence contradiction ; ::_thesis: verum end; hence 'X' (CastLTL ({} v)) = {} ; ::_thesis: verum end; theorem Th70: :: MODELC_3:70 for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula for N being strict LTLnode over v st w |= * N holds Shift (w,1) |= * ('X' N) proof let w be Element of Inf_seq AtomicFamily; ::_thesis: for v being neg-inner-most LTL-formula for N being strict LTLnode over v st w |= * N holds Shift (w,1) |= * ('X' N) let v be neg-inner-most LTL-formula; ::_thesis: for N being strict LTLnode over v st w |= * N holds Shift (w,1) |= * ('X' N) let N be strict LTLnode over v; ::_thesis: ( w |= * N implies Shift (w,1) |= * ('X' N) ) set XN = 'X' N; assume A1: w |= * N ; ::_thesis: Shift (w,1) |= * ('X' N) for H being LTL-formula st H in 'X' (CastLTL the LTLnext of N) holds w |= H proof let H be LTL-formula; ::_thesis: ( H in 'X' (CastLTL the LTLnext of N) implies w |= H ) assume H in 'X' (CastLTL the LTLnext of N) ; ::_thesis: w |= H then H in * N by Lm1; hence w |= H by A1, MODELC_2:def_64; ::_thesis: verum end; then A2: w |= 'X' (CastLTL the LTLnext of N) by MODELC_2:def_64; * ('X' N) = CastLTL the LTLnext of N by Lm34; hence Shift (w,1) |= * ('X' N) by A2, MODELC_2:77; ::_thesis: verum end; theorem :: MODELC_3:71 for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula st w |= 'X' v holds w |= * (init v) proof let w be Element of Inf_seq AtomicFamily; ::_thesis: for v being neg-inner-most LTL-formula st w |= 'X' v holds w |= * (init v) let v be neg-inner-most LTL-formula; ::_thesis: ( w |= 'X' v implies w |= * (init v) ) assume A1: w |= 'X' v ; ::_thesis: w |= * (init v) for H being LTL-formula st H in 'X' (CastLTL (Seed v)) holds w |= H proof let H be LTL-formula; ::_thesis: ( H in 'X' (CastLTL (Seed v)) implies w |= H ) assume H in 'X' (CastLTL (Seed v)) ; ::_thesis: w |= H then ex x being LTL-formula st ( H = x & ex u being LTL-formula st ( u in CastLTL (Seed v) & x = 'X' u ) ) ; hence w |= H by A1, TARSKI:def_1; ::_thesis: verum end; hence w |= * (init v) by MODELC_2:def_64; ::_thesis: verum end; theorem Th72: :: MODELC_3:72 for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula holds ( w |= v iff w |= * ('X' (init v)) ) proof let w be Element of Inf_seq AtomicFamily; ::_thesis: for v being neg-inner-most LTL-formula holds ( w |= v iff w |= * ('X' (init v)) ) let v be neg-inner-most LTL-formula; ::_thesis: ( w |= v iff w |= * ('X' (init v)) ) set N = init v; set M = 'X' (init v); A1: * ('X' (init v)) = {v} by Lm34; A2: ( w |= * ('X' (init v)) implies w |= v ) proof assume A3: w |= * ('X' (init v)) ; ::_thesis: w |= v v in * ('X' (init v)) by A1, TARSKI:def_1; hence w |= v by A3, MODELC_2:def_64; ::_thesis: verum end; ( w |= v implies w |= * ('X' (init v)) ) proof assume w |= v ; ::_thesis: w |= * ('X' (init v)) then for H being LTL-formula st H in * ('X' (init v)) holds w |= H by A1, TARSKI:def_1; hence w |= * ('X' (init v)) by MODELC_2:def_64; ::_thesis: verum end; hence ( w |= v iff w |= * ('X' (init v)) ) by A2; ::_thesis: verum end; theorem Th73: :: MODELC_3:73 for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula for U being Choice_Function of BOOL (Subformulae v) st w |= v holds for n being Nat holds ( CastNode (((chosen_run (w,v,U)) . (n + 1)),v) is_next_of CastNode (((chosen_run (w,v,U)) . n),v) & Shift (w,n) |= * ('X' (CastNode (((chosen_run (w,v,U)) . n),v))) ) proof let w be Element of Inf_seq AtomicFamily; ::_thesis: for v being neg-inner-most LTL-formula for U being Choice_Function of BOOL (Subformulae v) st w |= v holds for n being Nat holds ( CastNode (((chosen_run (w,v,U)) . (n + 1)),v) is_next_of CastNode (((chosen_run (w,v,U)) . n),v) & Shift (w,n) |= * ('X' (CastNode (((chosen_run (w,v,U)) . n),v))) ) let v be neg-inner-most LTL-formula; ::_thesis: for U being Choice_Function of BOOL (Subformulae v) st w |= v holds for n being Nat holds ( CastNode (((chosen_run (w,v,U)) . (n + 1)),v) is_next_of CastNode (((chosen_run (w,v,U)) . n),v) & Shift (w,n) |= * ('X' (CastNode (((chosen_run (w,v,U)) . n),v))) ) let U be Choice_Function of BOOL (Subformulae v); ::_thesis: ( w |= v implies for n being Nat holds ( CastNode (((chosen_run (w,v,U)) . (n + 1)),v) is_next_of CastNode (((chosen_run (w,v,U)) . n),v) & Shift (w,n) |= * ('X' (CastNode (((chosen_run (w,v,U)) . n),v))) ) ) set s = init v; deffunc H1( Nat) -> strict LTLnode over v = CastNode (((chosen_run (w,v,U)) . $1),v); defpred S1[ Nat] means ( H1($1 + 1) is_next_of H1($1) & Shift (w,$1) |= * ('X' H1($1)) ); assume w |= v ; ::_thesis: for n being Nat holds ( CastNode (((chosen_run (w,v,U)) . (n + 1)),v) is_next_of CastNode (((chosen_run (w,v,U)) . n),v) & Shift (w,n) |= * ('X' (CastNode (((chosen_run (w,v,U)) . n),v))) ) then A1: w |= * ('X' (init v)) by Th72; A2: CastNode (((chosen_run (w,v,U)) . 0),v) = CastNode ((init v),v) by Def50 .= init v by Def16 ; A3: for n being Nat st S1[n] holds S1[n + 1] proof let n be Nat; ::_thesis: ( S1[n] implies S1[n + 1] ) set s1 = H1(n); H1(n) is strict elementary LTLnode over v proof now__::_thesis:_H1(n)_is_strict_elementary_LTLnode_over_v percases ( n = 0 or 0 < n ) ; suppose n = 0 ; ::_thesis: H1(n) is strict elementary LTLnode over v then H1(n) = CastNode ((init v),v) by Def50 .= init v by Def16 ; hence H1(n) is strict elementary LTLnode over v ; ::_thesis: verum end; supposeA4: 0 < n ; ::_thesis: H1(n) is strict elementary LTLnode over v set m = n - 1; reconsider m = n - 1 as Nat by A4, NAT_1:20; n = m + 1 ; then H1(n) = CastNode ((chosen_next ((Shift (w,m)),v,U,(CastNode (((chosen_run (w,v,U)) . m),v)))),v) by Def50 .= chosen_next ((Shift (w,m)),v,U,(CastNode (((chosen_run (w,v,U)) . m),v))) by Def16 ; hence H1(n) is strict elementary LTLnode over v ; ::_thesis: verum end; end; end; hence H1(n) is strict elementary LTLnode over v ; ::_thesis: verum end; then reconsider s1 = H1(n) as strict elementary LTLnode over v ; set n1 = n + 1; set w1 = Shift (w,n); set w2 = Shift (w,(n + 1)); set s2 = H1(n + 1); set s3 = H1((n + 1) + 1); A5: H1(n + 1) = CastNode ((chosen_next ((Shift (w,n)),v,U,(CastNode (((chosen_run (w,v,U)) . n),v)))),v) by Def50 .= chosen_next ((Shift (w,n)),v,U,s1) by Def16 ; then reconsider s2 = H1(n + 1) as strict elementary LTLnode over v ; A6: H1((n + 1) + 1) = CastNode ((chosen_next ((Shift (w,(n + 1))),v,U,(CastNode (((chosen_run (w,v,U)) . (n + 1)),v)))),v) by Def50 .= chosen_next ((Shift (w,(n + 1))),v,U,s2) by Def16 ; assume S1[n] ; ::_thesis: S1[n + 1] then ( Shift (w,(n + 1)) = Shift ((Shift (w,n)),1) & Shift (w,n) |= * (chosen_next ((Shift (w,n)),v,U,s1)) ) by Th69, MODELC_2:80; then Shift (w,(n + 1)) |= * ('X' s2) by A5, Th70; hence S1[n + 1] by A6, Th69; ::_thesis: verum end; H1(0 + 1) = CastNode ((chosen_next ((Shift (w,0)),v,U,(CastNode (((chosen_run (w,v,U)) . 0),v)))),v) by Def50 .= CastNode ((chosen_next (w,v,U,(init v))),v) by A2, MODELC_2:79 .= chosen_next (w,v,U,(init v)) by Def16 ; then A7: S1[ 0 ] by A1, A2, Th69, MODELC_2:79; for n being Nat holds S1[n] from NAT_1:sch_2(A7, A3); hence for n being Nat holds ( CastNode (((chosen_run (w,v,U)) . (n + 1)),v) is_next_of CastNode (((chosen_run (w,v,U)) . n),v) & Shift (w,n) |= * ('X' (CastNode (((chosen_run (w,v,U)) . n),v))) ) ; ::_thesis: verum end; theorem Th74: :: MODELC_3:74 for H being LTL-formula for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula for U being Choice_Function of BOOL (Subformulae v) st w |= v holds for i being Nat st H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) & H is Until & Shift (w,i) |= the_right_argument_of H holds the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) proof let H be LTL-formula; ::_thesis: for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula for U being Choice_Function of BOOL (Subformulae v) st w |= v holds for i being Nat st H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) & H is Until & Shift (w,i) |= the_right_argument_of H holds the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) let w be Element of Inf_seq AtomicFamily; ::_thesis: for v being neg-inner-most LTL-formula for U being Choice_Function of BOOL (Subformulae v) st w |= v holds for i being Nat st H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) & H is Until & Shift (w,i) |= the_right_argument_of H holds the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) let v be neg-inner-most LTL-formula; ::_thesis: for U being Choice_Function of BOOL (Subformulae v) st w |= v holds for i being Nat st H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) & H is Until & Shift (w,i) |= the_right_argument_of H holds the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) let U be Choice_Function of BOOL (Subformulae v); ::_thesis: ( w |= v implies for i being Nat st H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) & H is Until & Shift (w,i) |= the_right_argument_of H holds the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) ) assume A1: w |= v ; ::_thesis: for i being Nat st H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) & H is Until & Shift (w,i) |= the_right_argument_of H holds the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) for j being Nat st H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) & H is Until & Shift (w,j) |= the_right_argument_of H holds the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) proof set LN = LTLNodes v; let j be Nat; ::_thesis: ( H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) & H is Until & Shift (w,j) |= the_right_argument_of H implies the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) ) set s = CastNode (((chosen_run (w,v,U)) . j),v); set s1 = CastNode (((chosen_run (w,v,U)) . (j + 1)),v); set w0 = Shift (w,j); set N = 'X' (CastNode (((chosen_run (w,v,U)) . j),v)); set f = choice_succ_func ((Shift (w,j)),v,U); set n = chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))); set nextnode = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v); A2: Shift (w,j) |= * ('X' (CastNode (((chosen_run (w,v,U)) . j),v))) by A1, Th73; A3: 'X' (CastNode (((chosen_run (w,v,U)) . j),v)) in LTLNodes v by Def30; now__::_thesis:_(_H_in_the_LTLold_of_(CastNode_(((chosen_run_(w,v,U))_._(j_+_1)),v))_&_H_is_Until_&_Shift_(w,j)_|=_the_right_argument_of_H_implies_the_right_argument_of_H_in_the_LTLold_of_(CastNode_(((chosen_run_(w,v,U))_._(j_+_1)),v))_) percases ( not 'X' (CastNode (((chosen_run (w,v,U)) . j),v)) is elementary or 'X' (CastNode (((chosen_run (w,v,U)) . j),v)) is elementary ) ; supposeA4: not 'X' (CastNode (((chosen_run (w,v,U)) . j),v)) is elementary ; ::_thesis: ( H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) & H is Until & Shift (w,j) |= the_right_argument_of H implies the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) ) deffunc H1( set ) -> strict LTLnode over v = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat ((CastNat $1) - 1))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v); set n1 = (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1; ex L being FinSequence st ( len L = (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1 & ( for k being Nat st k in dom L holds L . k = H1(k) ) ) from FINSEQ_1:sch_2(); then consider L being FinSequence such that A5: len L = (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1 and A6: for k being Nat st k in dom L holds L . k = H1(k) ; A7: Seg ((chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1) = dom L by A5, FINSEQ_1:def_3; A8: for k being Nat st 1 <= k & k <= (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1 holds L . k = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat (k - 1))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) proof let k be Nat; ::_thesis: ( 1 <= k & k <= (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1 implies L . k = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat (k - 1))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) ) assume ( 1 <= k & k <= (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1 ) ; ::_thesis: L . k = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat (k - 1))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) then k in Seg ((chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1) by FINSEQ_1:1; then L . k = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat ((CastNat k) - 1))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by A6, A7; hence L . k = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat (k - 1))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by MODELC_2:def_1; ::_thesis: verum end; A9: for k being Nat st 1 <= k & k < len L holds ex N1, M1 being strict LTLnode over v st ( N1 = L . k & M1 = L . (k + 1) & M1 is_succ_of N1 ) proof let k be Nat; ::_thesis: ( 1 <= k & k < len L implies ex N1, M1 being strict LTLnode over v st ( N1 = L . k & M1 = L . (k + 1) & M1 is_succ_of N1 ) ) assume that A10: 1 <= k and A11: k < len L ; ::_thesis: ex N1, M1 being strict LTLnode over v st ( N1 = L . k & M1 = L . (k + 1) & M1 is_succ_of N1 ) set k1 = k - 1; reconsider k1 = k - 1 as Nat by A10, NAT_1:21; set M1 = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (k1 + 1)) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v); set kp = k + 1; ( 1 <= k + 1 & k + 1 <= (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1 ) by A5, A10, A11, NAT_1:13; then A12: L . (k + 1) = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat ((k + 1) - 1))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by A8 .= CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (k1 + 1)) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by MODELC_2:def_1 ; set N1 = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** k1) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v); k - 1 < ((chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1) - 1 by A5, A11, XREAL_1:14; then A13: CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (k1 + 1)) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) is_succ_of CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** k1) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by A2, A4, Def48; L . k = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat k1)) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by A5, A8, A10, A11 .= CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** k1) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by MODELC_2:def_1 ; hence ex N1, M1 being strict LTLnode over v st ( N1 = L . k & M1 = L . (k + 1) & M1 is_succ_of N1 ) by A13, A12; ::_thesis: verum end; then A14: L is_Finseq_for v by Def19; 1 <= (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1 by NAT_1:11; then A15: L . 1 = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat (1 - 1))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by A8 .= CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** 0) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by MODELC_2:def_1 .= CastNode (((id (LTLNodes v)) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by FUNCT_7:84 .= CastNode (('X' (CastNode (((chosen_run (w,v,U)) . j),v))),v) by A3, FUNCT_1:18 .= 'X' (CastNode (((chosen_run (w,v,U)) . j),v)) by Def16 ; 1 <= (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1 by NAT_1:11; then A16: L . (len L) = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat (((chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1) - 1))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by A5, A8 .= CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by MODELC_2:def_1 ; A17: CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) is elementary by A2, A4, Def48; 1 <= len L by A5, NAT_1:11; then A18: len L > 1 by A4, A15, A16, A17, XXREAL_0:1; A19: ( H in the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) & H is Until & Shift (w,j) |= the_right_argument_of H implies the_right_argument_of H in the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) ) proof set H2 = the_right_argument_of H; assume that A20: H in the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) and A21: H is Until and A22: Shift (w,j) |= the_right_argument_of H ; ::_thesis: the_right_argument_of H in the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) ( the LTLold of (CastNode ((L . 1),v)) = {} v & the LTLold of (CastNode ((L . (len L)),v)) = the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) ) by A15, A16, Def16; then consider m being Nat such that A23: 1 <= m and A24: m < (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1 and A25: ( not H in the LTLold of (CastNode ((L . m),v)) & H in the LTLold of (CastNode ((L . (m + 1)),v)) ) by A5, A14, A18, A20, Th27; set mm1 = m - 1; reconsider mm1 = m - 1 as Nat by A23, NAT_1:21; set Nm1 = ((choice_succ_func ((Shift (w,j)),v,U)) |** mm1) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v))); set m1 = m + 1; A26: ((choice_succ_func ((Shift (w,j)),v,U)) |** mm1) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v))) in LTLNodes v by A3, FUNCT_2:5; consider N1, N2 being strict LTLnode over v such that A27: N1 = L . m and A28: N2 = L . (m + 1) and A29: N2 is_succ_of N1 by A5, A9, A23, A24; A30: N1 = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat mm1)) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by A8, A23, A24, A27 .= CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** mm1) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by MODELC_2:def_1 ; A31: ( 1 <= m + 1 & m + 1 <= (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1 ) by A23, A24, NAT_1:13; then A32: N2 = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (CastNat ((m + 1) - 1))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by A8, A28 .= CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (mm1 + 1)) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by MODELC_2:def_1 .= CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) * ((choice_succ_func ((Shift (w,j)),v,U)) |** mm1)) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by FUNCT_7:71 .= CastNode (((choice_succ_func ((Shift (w,j)),v,U)) . (((choice_succ_func ((Shift (w,j)),v,U)) |** mm1) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v))))),v) by A3, FUNCT_2:15 .= CastNode ((chosen_succ ((Shift (w,j)),v,U,(CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** mm1) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)))),v) by A26, Def36 .= chosen_succ ((Shift (w,j)),v,U,N1) by A30, Def16 ; m - 1 < ((chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v))))) + 1) - 1 by A24, XREAL_1:14; then A33: not N1 is elementary by A2, A4, A30, Def48; chosen_formula (U,N1) = H proof set G = chosen_formula (U,N1); set M2 = the LTLold of N2; set M1 = the LTLold of N1; set M0 = the LTLnew of N1; A34: chosen_formula (U,N1) in the LTLnew of N1 by A33, Th58; A35: the LTLold of N2 = the LTLold of N1 \/ {(chosen_formula (U,N1))} proof now__::_thesis:_the_LTLold_of_N2_=_the_LTLold_of_N1_\/_{(chosen_formula_(U,N1))} percases ( ( not chosen_formula (U,N1) is Until & Shift (w,j) |= * (SuccNode1 ((chosen_formula (U,N1)),N1)) ) or ( chosen_formula (U,N1) is Until & Shift (w,j) |/= the_right_argument_of (chosen_formula (U,N1)) ) or ( not ( not chosen_formula (U,N1) is Until & Shift (w,j) |= * (SuccNode1 ((chosen_formula (U,N1)),N1)) ) & not ( chosen_formula (U,N1) is Until & Shift (w,j) |/= the_right_argument_of (chosen_formula (U,N1)) ) ) ) ; suppose ( ( not chosen_formula (U,N1) is Until & Shift (w,j) |= * (SuccNode1 ((chosen_formula (U,N1)),N1)) ) or ( chosen_formula (U,N1) is Until & Shift (w,j) |/= the_right_argument_of (chosen_formula (U,N1)) ) ) ; ::_thesis: the LTLold of N2 = the LTLold of N1 \/ {(chosen_formula (U,N1))} then chosen_succ ((Shift (w,j)),v,U,N1) = SuccNode1 ((chosen_formula (U,N1)),N1) by Def35; hence the LTLold of N2 = the LTLold of N1 \/ {(chosen_formula (U,N1))} by A32, A34, Def4; ::_thesis: verum end; supposeA36: ( not ( not chosen_formula (U,N1) is Until & Shift (w,j) |= * (SuccNode1 ((chosen_formula (U,N1)),N1)) ) & not ( chosen_formula (U,N1) is Until & Shift (w,j) |/= the_right_argument_of (chosen_formula (U,N1)) ) ) ; ::_thesis: the LTLold of N2 = the LTLold of N1 \/ {(chosen_formula (U,N1))} N2 = SuccNode2 ((chosen_formula (U,N1)),N1) by A32, A36, Def35; hence the LTLold of N2 = the LTLold of N1 \/ {(chosen_formula (U,N1))} by A34, Def5; ::_thesis: verum end; end; end; hence the LTLold of N2 = the LTLold of N1 \/ {(chosen_formula (U,N1))} ; ::_thesis: verum end; A37: ( not H in the LTLold of N1 & H in the LTLold of N2 ) by A25, A27, A28, Def16; now__::_thesis:_not_H_<>_chosen_formula_(U,N1) assume H <> chosen_formula (U,N1) ; ::_thesis: contradiction then not H in {(chosen_formula (U,N1))} by TARSKI:def_1; hence contradiction by A37, A35, XBOOLE_0:def_3; ::_thesis: verum end; hence chosen_formula (U,N1) = H ; ::_thesis: verum end; then A38: N2 = SuccNode2 (H,N1) by A21, A22, A32, Def35; A39: CastNode ((L . (len L)),v) = CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by A16, Def16; ( N1 = CastNode ((L . m),v) & N2 = CastNode ((L . (m + 1)),v) ) by A27, A28, Def16; then N2 is_succ_of N1,H by A25, A29, Th28; then A40: H in the LTLnew of N1 by Def6; the LTLnew of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) = {} by A17, Def11; then the LTLnew of (CastNode ((L . (m + 1)),v)) c= the LTLold of (CastNode ((L . (len L)),v)) by A5, A14, A31, A39, Th34; then A41: the LTLnew of N2 c= the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) by A28, A39, Def16; the LTLold of (CastNode ((L . m),v)) c= the LTLold of (CastNode ((L . (len L)),v)) by A5, A14, A23, A24, Th31; then A42: the LTLold of N1 c= the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) by A27, A39, Def16; LTLNew2 H = {(the_right_argument_of H)} by A21, Def2; then A43: the LTLnew of N2 = ( the LTLnew of N1 \ {H}) \/ ({(the_right_argument_of H)} \ the LTLold of N1) by A38, A40, Def5; now__::_thesis:_the_right_argument_of_H_in_the_LTLold_of_(CastNode_((((choice_succ_func_((Shift_(w,j)),v,U))_|**_(chosen_succ_end_num_((Shift_(w,j)),v,U,('X'_(CastNode_(((chosen_run_(w,v,U))_._j),v))))))_._('X'_(CastNode_(((chosen_run_(w,v,U))_._j),v)))),v)) percases ( the_right_argument_of H in the LTLold of N1 or not the_right_argument_of H in the LTLold of N1 ) ; suppose the_right_argument_of H in the LTLold of N1 ; ::_thesis: the_right_argument_of H in the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) hence the_right_argument_of H in the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) by A42; ::_thesis: verum end; supposeA44: not the_right_argument_of H in the LTLold of N1 ; ::_thesis: the_right_argument_of H in the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) the_right_argument_of H in {(the_right_argument_of H)} by TARSKI:def_1; then the_right_argument_of H in {(the_right_argument_of H)} \ the LTLold of N1 by A44, XBOOLE_0:def_5; then the_right_argument_of H in the LTLnew of N2 by A43, XBOOLE_0:def_3; hence the_right_argument_of H in the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) by A41; ::_thesis: verum end; end; end; hence the_right_argument_of H in the LTLold of (CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v)) ; ::_thesis: verum end; (chosen_run (w,v,U)) . (j + 1) = chosen_next ((Shift (w,j)),v,U,(CastNode (((chosen_run (w,v,U)) . j),v))) by Def50 .= CastNode ((((choice_succ_func ((Shift (w,j)),v,U)) |** (chosen_succ_end_num ((Shift (w,j)),v,U,('X' (CastNode (((chosen_run (w,v,U)) . j),v)))))) . ('X' (CastNode (((chosen_run (w,v,U)) . j),v)))),v) by A2, A4, Def49 ; hence ( H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) & H is Until & Shift (w,j) |= the_right_argument_of H implies the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) ) by A19, Def16; ::_thesis: verum end; suppose 'X' (CastNode (((chosen_run (w,v,U)) . j),v)) is elementary ; ::_thesis: ( H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) & H is Until & Shift (w,j) |= the_right_argument_of H implies the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) ) then the LTLnew of ('X' (CastNode (((chosen_run (w,v,U)) . j),v))) = the LTLnew of (FinalNode v) by Def11; then chosen_next ((Shift (w,j)),v,U,(CastNode (((chosen_run (w,v,U)) . j),v))) = 'X' (CastNode (((chosen_run (w,v,U)) . j),v)) by A2, Def49; then CastNode (((chosen_run (w,v,U)) . (j + 1)),v) = CastNode (('X' (CastNode (((chosen_run (w,v,U)) . j),v))),v) by Def50 .= 'X' (CastNode (((chosen_run (w,v,U)) . j),v)) by Def16 ; hence ( H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) & H is Until & Shift (w,j) |= the_right_argument_of H implies the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) ) ; ::_thesis: verum end; end; end; hence ( H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) & H is Until & Shift (w,j) |= the_right_argument_of H implies the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (j + 1)),v)) ) ; ::_thesis: verum end; hence for i being Nat st H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) & H is Until & Shift (w,i) |= the_right_argument_of H holds the_right_argument_of H in the LTLold of (CastNode (((chosen_run (w,v,U)) . (i + 1)),v)) ; ::_thesis: verum end; theorem Th75: :: MODELC_3:75 for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula st w |= v holds w is-accepted-by BAutomaton v proof let w be Element of Inf_seq AtomicFamily; ::_thesis: for v being neg-inner-most LTL-formula st w |= v holds w is-accepted-by BAutomaton v let v be neg-inner-most LTL-formula; ::_thesis: ( w |= v implies w is-accepted-by BAutomaton v ) set LS = LTLStates v; set LT = Tran_LTL v; set IS = InitS_LTL v; set FS = FinalS_LTL v; assume A1: w |= v ; ::_thesis: w is-accepted-by BAutomaton v ex run being sequence of (LTLStates v) st ( run . 0 in InitS_LTL v & ( for n being Nat holds ( [[(run . n),((CastSeq (w,AtomicFamily)) . n)],(run . (n + 1))] in Tran_LTL v & ( for FSet being set st FSet in FinalS_LTL v holds { k where k is Element of NAT : run . k in FSet } is infinite set ) ) ) ) proof set chf = the Choice_Function of BOOL (Subformulae v); deffunc H1( set ) -> Element of LTLStates v = (chosen_run (w,v, the Choice_Function of BOOL (Subformulae v))) . (k_nat $1); A2: for x being set st x in NAT holds H1(x) in LTLStates v ; ex run being Function of NAT,(LTLStates v) st for x being set st x in NAT holds run . x = H1(x) from FUNCT_2:sch_2(A2); then consider run being sequence of (LTLStates v) such that A3: for x being set st x in NAT holds run . x = H1(x) ; deffunc H2( Nat) -> strict LTLnode over v = CastNode ((run . $1),v); A4: for n being Nat holds ( run . n is strict elementary LTLnode over v & H2(n) is strict elementary LTLnode over v ) proof let n be Nat; ::_thesis: ( run . n is strict elementary LTLnode over v & H2(n) is strict elementary LTLnode over v ) reconsider n = n as Element of NAT by ORDINAL1:def_12; set Rn = H2(n); run . n in LTLStates v ; then consider N being Element of LTLNodes v such that A5: N = run . n and A6: N is strict elementary LTLnode over v ; reconsider N = N as strict elementary LTLnode over v by A6; the LTLnew of H2(n) = the LTLnew of N by A5, Def16 .= {} by Def11 ; hence ( run . n is strict elementary LTLnode over v & H2(n) is strict elementary LTLnode over v ) by A5, A6, Def11; ::_thesis: verum end; A7: for n being Nat holds run . n = (chosen_run (w,v, the Choice_Function of BOOL (Subformulae v))) . n proof let n be Nat; ::_thesis: run . n = (chosen_run (w,v, the Choice_Function of BOOL (Subformulae v))) . n reconsider n = n as Element of NAT by ORDINAL1:def_12; run . n = H1(n) by A3; hence run . n = (chosen_run (w,v, the Choice_Function of BOOL (Subformulae v))) . n by MODELC_1:def_2; ::_thesis: verum end; A8: for n being Nat holds ( H2(n + 1) is_next_of H2(n) & Shift (w,n) |= * H2(n + 1) ) proof let n be Nat; ::_thesis: ( H2(n + 1) is_next_of H2(n) & Shift (w,n) |= * H2(n + 1) ) set Rn = H2(n); reconsider Rn = H2(n) as strict elementary LTLnode over v by A4; set n1 = n + 1; set w1 = Shift (w,n); A9: run . n = (chosen_run (w,v, the Choice_Function of BOOL (Subformulae v))) . n by A7; H2(n) = CastNode (((chosen_run (w,v, the Choice_Function of BOOL (Subformulae v))) . n),v) by A7; then A10: Shift (w,n) |= * ('X' Rn) by A1, Th73; run . (n + 1) = (chosen_run (w,v, the Choice_Function of BOOL (Subformulae v))) . (n + 1) by A7 .= chosen_next ((Shift (w,n)),v, the Choice_Function of BOOL (Subformulae v),Rn) by A9, Def50 ; then H2(n + 1) = chosen_next ((Shift (w,n)),v, the Choice_Function of BOOL (Subformulae v),Rn) by Def16; hence ( H2(n + 1) is_next_of H2(n) & Shift (w,n) |= * H2(n + 1) ) by A10, Th69; ::_thesis: verum end; A11: for n being Nat holds (CastSeq (w,AtomicFamily)) . n in Label_ H2(n + 1) proof let n be Nat; ::_thesis: (CastSeq (w,AtomicFamily)) . n in Label_ H2(n + 1) reconsider n = n as Element of NAT by ORDINAL1:def_12; set Rn1 = H2(n + 1); set w1 = Shift (w,n); set X = (CastSeq (w,AtomicFamily)) . n; reconsider X = (CastSeq (w,AtomicFamily)) . n as Subset of atomic_LTL ; CastSeq ((Shift (w,n)),AtomicFamily) = (CastSeq (w,AtomicFamily)) ^\ n by MODELC_2:81; then A12: (CastSeq ((Shift (w,n)),AtomicFamily)) . 0 = (CastSeq (w,AtomicFamily)) . (0 + n) by NAT_1:def_3; A13: Shift (w,n) |= * H2(n + 1) by A8; A14: now__::_thesis:_Neg_atomic_LTL_H2(n_+_1)_misses_X assume not Neg_atomic_LTL H2(n + 1) misses X ; ::_thesis: contradiction then (Neg_atomic_LTL H2(n + 1)) /\ X <> {} by XBOOLE_0:def_7; then consider a being set such that A15: a in (Neg_atomic_LTL H2(n + 1)) /\ X by XBOOLE_0:def_1; a in Neg_atomic_LTL H2(n + 1) by A15, XBOOLE_0:def_4; then consider x being LTL-formula such that A16: ( x = a & x is atomic ) and A17: 'not' x in the LTLold of H2(n + 1) ; 'not' x in * H2(n + 1) by A17, Lm1; then Shift (w,n) |= 'not' x by A13, MODELC_2:def_64; then A18: Shift (w,n) |/= x by MODELC_2:64; a in X by A15, XBOOLE_0:def_4; hence contradiction by A12, A16, A18, MODELC_2:63; ::_thesis: verum end; atomic_LTL H2(n + 1) c= X proof let a be set ; :: according to TARSKI:def_3 ::_thesis: ( not a in atomic_LTL H2(n + 1) or a in X ) assume a in atomic_LTL H2(n + 1) ; ::_thesis: a in X then consider x being LTL-formula such that A19: ( x = a & x is atomic ) and A20: x in the LTLold of H2(n + 1) ; x in * H2(n + 1) by A20, Lm1; then Shift (w,n) |= x by A13, MODELC_2:def_64; hence a in X by A12, A19, MODELC_2:63; ::_thesis: verum end; hence (CastSeq (w,AtomicFamily)) . n in Label_ H2(n + 1) by A14; ::_thesis: verum end; A21: for n being Nat holds [[(run . n),((CastSeq (w,AtomicFamily)) . n)],(run . (n + 1))] in Tran_LTL v proof let n be Nat; ::_thesis: [[(run . n),((CastSeq (w,AtomicFamily)) . n)],(run . (n + 1))] in Tran_LTL v reconsider n = n as Element of NAT by ORDINAL1:def_12; set R = H2(n); reconsider R = H2(n) as strict elementary LTLnode over v by A4; set n1 = n + 1; set r = run . n; set r1 = run . (n + 1); set R1 = H2(n + 1); set gA = (CastSeq (w,AtomicFamily)) . n; set y = [[(run . n),((CastSeq (w,AtomicFamily)) . n)],(run . (n + 1))]; reconsider R1 = H2(n + 1) as strict elementary LTLnode over v by A4; [(run . n),((CastSeq (w,AtomicFamily)) . n)] in [:(LTLStates v),AtomicFamily:] by ZFMISC_1:87; then [[(run . n),((CastSeq (w,AtomicFamily)) . n)],(run . (n + 1))] in [:[:(LTLStates v),AtomicFamily:],(LTLStates v):] by ZFMISC_1:87; then A22: [[(run . n),((CastSeq (w,AtomicFamily)) . n)],(run . (n + 1))] is Element of [:(LTLStates v),AtomicFamily,(LTLStates v):] by ZFMISC_1:def_3; reconsider r1 = run . (n + 1) as strict elementary LTLnode over v by A4; reconsider r = run . n as strict elementary LTLnode over v by A4; A23: ( R1 is_next_of R & (CastSeq (w,AtomicFamily)) . n in Label_ R1 ) by A8, A11; ( R = r & R1 = r1 ) by Def16; hence [[(run . n),((CastSeq (w,AtomicFamily)) . n)],(run . (n + 1))] in Tran_LTL v by A22, A23; ::_thesis: verum end; A24: for n being Nat for H being LTL-formula st H in the LTLold of H2(n + 1) & H is Until & Shift (w,n) |= the_right_argument_of H holds the_right_argument_of H in the LTLold of H2(n + 1) proof let n be Nat; ::_thesis: for H being LTL-formula st H in the LTLold of H2(n + 1) & H is Until & Shift (w,n) |= the_right_argument_of H holds the_right_argument_of H in the LTLold of H2(n + 1) let H be LTL-formula; ::_thesis: ( H in the LTLold of H2(n + 1) & H is Until & Shift (w,n) |= the_right_argument_of H implies the_right_argument_of H in the LTLold of H2(n + 1) ) set n1 = n + 1; H2(n + 1) = CastNode (((chosen_run (w,v, the Choice_Function of BOOL (Subformulae v))) . (n + 1)),v) by A7; hence ( H in the LTLold of H2(n + 1) & H is Until & Shift (w,n) |= the_right_argument_of H implies the_right_argument_of H in the LTLold of H2(n + 1) ) by A1, Th74; ::_thesis: verum end; A25: for FSet being set st FSet in FinalS_LTL v holds { k where k is Element of NAT : run . k in FSet } is infinite set proof let FSet be set ; ::_thesis: ( FSet in FinalS_LTL v implies { k where k is Element of NAT : run . k in FSet } is infinite set ) set FK = { k where k is Element of NAT : run . k in FSet } ; assume FSet in FinalS_LTL v ; ::_thesis: { k where k is Element of NAT : run . k in FSet } is infinite set then consider x being Element of bool (LTLStates v) such that A26: FSet = x and A27: ex F being LTL-formula st ( F is_subformula_of v & F is Until & x = FinalS_LTL (F,v) ) ; consider F being LTL-formula such that F is_subformula_of v and A28: F is Until and A29: x = FinalS_LTL (F,v) by A27; set F2 = the_right_argument_of F; set F1 = the_left_argument_of F; A30: F = (the_left_argument_of F) 'U' (the_right_argument_of F) by A28, MODELC_2:8; now__::_thesis:__{__k_where_k_is_Element_of_NAT_:_run_._k_in_FSet__}__is_infinite_set assume { k where k is Element of NAT : run . k in FSet } is not infinite set ; ::_thesis: contradiction then consider L being FinSequence such that A31: { k where k is Element of NAT : run . k in FSet } = rng L by FINSEQ_1:52; ex m being Nat st for k being Nat st m <= k holds not k in { k where k is Element of NAT : run . k in FSet } proof A32: ( len L = 0 or 0 < 0 + (len L) ) ; now__::_thesis:_ex_m_being_Nat_st_ for_k_being_Nat_st_m_<=_k_holds_ not_k_in__{__k_where_k_is_Element_of_NAT_:_run_._k_in_FSet__}_ percases ( 1 <= len L or len L = 0 ) by A32, NAT_1:19; supposeA33: 1 <= len L ; ::_thesis: ex m being Nat st for k being Nat st m <= k holds not k in { k where k is Element of NAT : run . k in FSet } set LEN = len L; { k where k is Element of NAT : run . k in FSet } c= REAL proof let a be set ; :: according to TARSKI:def_3 ::_thesis: ( not a in { k where k is Element of NAT : run . k in FSet } or a in REAL ) assume a in { k where k is Element of NAT : run . k in FSet } ; ::_thesis: a in REAL then ex k being Element of NAT st ( a = k & run . k in FSet ) ; hence a in REAL ; ::_thesis: verum end; then reconsider L = L as FinSequence of REAL by A31, FINSEQ_1:def_4; set realMAX = max L; set iMAX = [/(max L)\]; set natMAX = [/(max L)\] + 1; 0 <= max L proof set b = L . (len L); len L in Seg (len L) by A33, FINSEQ_1:1; then len L in dom L by FINSEQ_1:def_3; then L . (len L) in rng L by FUNCT_1:3; then ex k being Element of NAT st ( k = L . (len L) & run . k in FSet ) by A31; hence 0 <= max L by A33, RFINSEQ2:1; ::_thesis: verum end; then reconsider iMAX = [/(max L)\] as Nat by INT_1:53; iMAX + 1 is Nat ; then reconsider natMAX = [/(max L)\] + 1 as Nat ; for k being Nat st natMAX <= k holds not k in { k where k is Element of NAT : run . k in FSet } proof let k be Nat; ::_thesis: ( natMAX <= k implies not k in { k where k is Element of NAT : run . k in FSet } ) assume A34: natMAX <= k ; ::_thesis: not k in { k where k is Element of NAT : run . k in FSet } now__::_thesis:_not_k_in__{__k_where_k_is_Element_of_NAT_:_run_._k_in_FSet__}_ assume k in { k where k is Element of NAT : run . k in FSet } ; ::_thesis: contradiction then consider i1 being set such that A35: i1 in dom L and A36: k = L . i1 by A31, FUNCT_1:def_3; reconsider i1 = i1 as Element of NAT by A35; i1 in Seg (len L) by A35, FINSEQ_1:def_3; then ( 1 <= i1 & i1 <= len L ) by FINSEQ_1:1; then k <= max L by A36, RFINSEQ2:1; hence contradiction by A34, INT_1:32, XXREAL_0:2; ::_thesis: verum end; hence not k in { k where k is Element of NAT : run . k in FSet } ; ::_thesis: verum end; hence ex m being Nat st for k being Nat st m <= k holds not k in { k where k is Element of NAT : run . k in FSet } ; ::_thesis: verum end; suppose len L = 0 ; ::_thesis: ex m being Nat st for k being Nat st m <= k holds not k in { k where k is Element of NAT : run . k in FSet } then L = {} ; then for k being Nat st 0 <= k holds not k in { k where k is Element of NAT : run . k in FSet } by A31; hence ex m being Nat st for k being Nat st m <= k holds not k in { k where k is Element of NAT : run . k in FSet } ; ::_thesis: verum end; end; end; hence ex m being Nat st for k being Nat st m <= k holds not k in { k where k is Element of NAT : run . k in FSet } ; ::_thesis: verum end; then consider m being Nat such that A37: for k being Nat st m <= k holds not k in { k where k is Element of NAT : run . k in FSet } ; A38: for k being Nat st m <= k holds ( F in the LTLold of H2(k) & not the_right_argument_of F in the LTLold of H2(k) ) proof let k be Nat; ::_thesis: ( m <= k implies ( F in the LTLold of H2(k) & not the_right_argument_of F in the LTLold of H2(k) ) ) assume m <= k ; ::_thesis: ( F in the LTLold of H2(k) & not the_right_argument_of F in the LTLold of H2(k) ) then A39: not k in { k where k is Element of NAT : run . k in FSet } by A37; reconsider k = k as Element of NAT by ORDINAL1:def_12; set r = run . k; reconsider r = run . k as strict elementary LTLnode over v by A4; now__::_thesis:_(_F_in_the_LTLold_of_(CastNode_(r,v))_&_not_the_right_argument_of_F_in_the_LTLold_of_(CastNode_(r,v))_) assume ( not F in the LTLold of (CastNode (r,v)) or the_right_argument_of F in the LTLold of (CastNode (r,v)) ) ; ::_thesis: contradiction then r in FSet by A26, A29; hence contradiction by A39; ::_thesis: verum end; hence ( F in the LTLold of H2(k) & not the_right_argument_of F in the LTLold of H2(k) ) ; ::_thesis: verum end; set w1 = Shift (w,m); set m1 = m + 1; A40: Shift (w,m) |= * H2(m + 1) by A8; m <= m + 1 by NAT_1:11; then F in the LTLold of H2(m + 1) by A38; then F in * H2(m + 1) by Lm1; then Shift (w,m) |= F by A40, MODELC_2:def_64; then consider h being Nat such that for j being Nat st j < h holds Shift ((Shift (w,m)),j) |= the_left_argument_of F and A41: Shift ((Shift (w,m)),h) |= the_right_argument_of F by A30, MODELC_2:68; set m2 = m + h; set m3 = (m + h) + 1; (m + h) + 1 = m + (h + 1) ; then m <= (m + h) + 1 by NAT_1:11; then A42: ( F in the LTLold of H2((m + h) + 1) & not the_right_argument_of F in the LTLold of H2((m + h) + 1) ) by A38; Shift (w,(m + h)) |= the_right_argument_of F by A41, MODELC_2:80; hence contradiction by A24, A28, A42; ::_thesis: verum end; hence { k where k is Element of NAT : run . k in FSet } is infinite set ; ::_thesis: verum end; run . 0 = (chosen_run (w,v, the Choice_Function of BOOL (Subformulae v))) . 0 by A7 .= init v by Def50 ; then run . 0 in InitS_LTL v by TARSKI:def_1; hence ex run being sequence of (LTLStates v) st ( run . 0 in InitS_LTL v & ( for n being Nat holds ( [[(run . n),((CastSeq (w,AtomicFamily)) . n)],(run . (n + 1))] in Tran_LTL v & ( for FSet being set st FSet in FinalS_LTL v holds { k where k is Element of NAT : run . k in FSet } is infinite set ) ) ) ) by A21, A25; ::_thesis: verum end; hence w is-accepted-by BAutomaton v by Def39; ::_thesis: verum end; theorem :: MODELC_3:76 for w being Element of Inf_seq AtomicFamily for v being neg-inner-most LTL-formula holds ( w is-accepted-by BAutomaton v iff w |= v ) by Th68, Th75;