forked from runtime-monitoring/whymon
-
Notifications
You must be signed in to change notification settings - Fork 0
/
checker.ml
1933 lines (1769 loc) · 89.4 KB
/
checker.ml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
module Checker : sig
type nat
val integer_of_nat : nat -> Z.t
type 'a set = Set of 'a list | Coset of 'a list
type ('a, 'b) trm = Var of 'a | Const of 'b
type event_data = EInt of Z.t | EString of string
type 'a trace
type ('a, 'b) sum = Inl of 'a | Inr of 'b
type enat = Enat of nat | Infinity_enat
type i
type ('b, 'a) part
type ('a, 'b, 'c) pdt = Leaf of 'b | Node of 'c * ('a, ('a, 'b, 'c) pdt) part
type ('a, 'b) formula = TT | FF | Eq_Const of 'a * 'b |
Pred of 'a * ('a, 'b) trm list | Neg of ('a, 'b) formula |
Or of ('a, 'b) formula * ('a, 'b) formula |
And of ('a, 'b) formula * ('a, 'b) formula |
Imp of ('a, 'b) formula * ('a, 'b) formula |
Iff of ('a, 'b) formula * ('a, 'b) formula | Exists of 'a * ('a, 'b) formula
| Forall of 'a * ('a, 'b) formula | Prev of i * ('a, 'b) formula |
Next of i * ('a, 'b) formula | Once of i * ('a, 'b) formula |
Historically of i * ('a, 'b) formula | Eventually of i * ('a, 'b) formula |
Always of i * ('a, 'b) formula |
Since of ('a, 'b) formula * i * ('a, 'b) formula |
Until of ('a, 'b) formula * i * ('a, 'b) formula
type ('a, 'b) sproof = STT of nat | SPred of nat * 'a * ('a, 'b) trm list |
SEq_Const of nat * 'a * 'b | SNeg of ('a, 'b) vproof |
SOrL of ('a, 'b) sproof | SOrR of ('a, 'b) sproof |
SAnd of ('a, 'b) sproof * ('a, 'b) sproof | SImpL of ('a, 'b) vproof |
SImpR of ('a, 'b) sproof | SIffSS of ('a, 'b) sproof * ('a, 'b) sproof |
SIffVV of ('a, 'b) vproof * ('a, 'b) vproof |
SExists of 'a * 'b * ('a, 'b) sproof |
SForall of 'a * ('b, ('a, 'b) sproof) part | SPrev of ('a, 'b) sproof |
SNext of ('a, 'b) sproof | SOnce of nat * ('a, 'b) sproof |
SEventually of nat * ('a, 'b) sproof |
SHistorically of nat * nat * ('a, 'b) sproof list | SHistoricallyOut of nat
| SAlways of nat * nat * ('a, 'b) sproof list |
SSince of ('a, 'b) sproof * ('a, 'b) sproof list |
SUntil of ('a, 'b) sproof list * ('a, 'b) sproof
and ('a, 'b) vproof = VFF of nat | VPred of nat * 'a * ('a, 'b) trm list |
VEq_Const of nat * 'a * 'b | VNeg of ('a, 'b) sproof |
VOr of ('a, 'b) vproof * ('a, 'b) vproof | VAndL of ('a, 'b) vproof |
VAndR of ('a, 'b) vproof | VImp of ('a, 'b) sproof * ('a, 'b) vproof |
VIffSV of ('a, 'b) sproof * ('a, 'b) vproof |
VIffVS of ('a, 'b) vproof * ('a, 'b) sproof |
VExists of 'a * ('b, ('a, 'b) vproof) part |
VForall of 'a * 'b * ('a, 'b) vproof | VPrev of ('a, 'b) vproof | VPrevZ |
VPrevOutL of nat | VPrevOutR of nat | VNext of ('a, 'b) vproof |
VNextOutL of nat | VNextOutR of nat | VOnceOut of nat |
VOnce of nat * nat * ('a, 'b) vproof list |
VEventually of nat * nat * ('a, 'b) vproof list |
VHistorically of nat * ('a, 'b) vproof | VAlways of nat * ('a, 'b) vproof |
VSinceOut of nat | VSince of nat * ('a, 'b) vproof * ('a, 'b) vproof list |
VSinceInf of nat * nat * ('a, 'b) vproof list |
VUntil of nat * ('a, 'b) vproof list * ('a, 'b) vproof |
VUntilInf of nat * nat * ('a, 'b) vproof list
val part_hd : ('a, 'b) part -> 'b
val subsvals : ('a, 'b) part -> ('a set * 'b) list
val interval : nat -> enat -> i
val check :
(string * event_data list) trace ->
(string, event_data) formula ->
(event_data,
((string, event_data) sproof, (string, event_data) vproof) sum,
string)
pdt ->
bool
val ed_set : event_data list -> event_data set
val sub_nat : nat -> nat -> nat
val sum_nat : nat -> nat -> nat
val abs_part : (event_data set * 'a) list -> (event_data, 'a) part
val ed_valuation :
(string * event_data) list -> (string -> event_data) -> string -> event_data
val nat_of_integer : Z.t -> nat
val specialized_set :
(string * event_data list) list -> (string * event_data list) set
val p_check_specialized :
(string * event_data list) trace ->
(string -> event_data) ->
(string, event_data) formula ->
((string, event_data) sproof, (string, event_data) vproof) sum -> bool
val collect_paths_specialized :
(string * event_data list) trace ->
(string, event_data) formula ->
(event_data,
((string, event_data) sproof, (string, event_data) vproof) sum,
string)
pdt ->
(event_data set list) set option
val trace_of_list_specialized :
((string * event_data list) set * nat) list ->
(string * event_data list) trace
end = struct
type nat = Nat of Z.t;;
let rec integer_of_nat (Nat x) = x;;
let rec equal_nata m n = Z.equal (integer_of_nat m) (integer_of_nat n);;
type 'a equal = {equal : 'a -> 'a -> bool};;
let equal _A = _A.equal;;
let equal_nat = ({equal = equal_nata} : nat equal);;
let rec less_eq_nat m n = Z.leq (integer_of_nat m) (integer_of_nat n);;
type 'a ord = {less_eq : 'a -> 'a -> bool; less : 'a -> 'a -> bool};;
let less_eq _A = _A.less_eq;;
let less _A = _A.less;;
let rec less_nat m n = Z.lt (integer_of_nat m) (integer_of_nat n);;
let ord_nat = ({less_eq = less_eq_nat; less = less_nat} : nat ord);;
type 'a preorder = {ord_preorder : 'a ord};;
type 'a order = {preorder_order : 'a preorder};;
let preorder_nat = ({ord_preorder = ord_nat} : nat preorder);;
let order_nat = ({preorder_order = preorder_nat} : nat order);;
type 'a linorder = {order_linorder : 'a order};;
let linorder_nat = ({order_linorder = order_nat} : nat linorder);;
type 'a universe = {universe : ('a list) option};;
let universe _A = _A.universe;;
let rec list_all p x1 = match p, x1 with p, [] -> true
| p, x :: xs -> p x && list_all p xs;;
type 'a set = Set of 'a list | Coset of 'a list;;
let rec eq _A a b = equal _A a b;;
let rec membera _A x0 y = match x0, y with [], y -> false
| x :: xs, y -> eq _A x y || membera _A xs y;;
let rec member _A
x xa1 = match x, xa1 with x, Coset xs -> not (membera _A xs x)
| x, Set xs -> membera _A xs x;;
let rec less_eq_set (_A1, _A2)
a b = match a, b with
Coset xs, Set ys ->
(match universe _A1 with None -> false
| Some a -> list_all (fun z -> membera _A2 xs z || membera _A2 ys z) a)
| a, Coset ys -> list_all (fun y -> not (member _A2 y a)) ys
| Set xs, b -> list_all (fun x -> member _A2 x b) xs;;
let rec equal_seta (_A1, _A2)
a b = less_eq_set (_A1, _A2) a b && less_eq_set (_A1, _A2) b a;;
let rec equal_set (_A1, _A2) =
({equal = equal_seta (_A1, _A2)} : 'a set equal);;
let rec equal_lista _A
x0 x1 = match x0, x1 with [], x21 :: x22 -> false
| x21 :: x22, [] -> false
| x21 :: x22, y21 :: y22 -> eq _A x21 y21 && equal_lista _A x22 y22
| [], [] -> true;;
let rec equal_list _A = ({equal = equal_lista _A} : ('a list) equal);;
let universe_lista : (('a list) list) option = None;;
let universe_list = ({universe = universe_lista} : ('a list) universe);;
type ('a, 'b) trm = Var of 'a | Const of 'b;;
let rec equal_trma _A _B x0 x1 = match x0, x1 with Var x1, Const x2 -> false
| Const x2, Var x1 -> false
| Const x2, Const y2 -> eq _B x2 y2
| Var x1, Var y1 -> eq _A x1 y1;;
let rec equal_trm _A _B = ({equal = equal_trma _A _B} : ('a, 'b) trm equal);;
let rec equal_proda _A _B (x1, x2) (y1, y2) = eq _A x1 y1 && eq _B x2 y2;;
let rec equal_prod _A _B = ({equal = equal_proda _A _B} : ('a * 'b) equal);;
let rec map f x1 = match f, x1 with f, [] -> []
| f, x21 :: x22 -> f x21 :: map f x22;;
let rec product x0 uu = match x0, uu with [], uu -> []
| x :: xs, ys -> map (fun a -> (x, a)) ys @ product xs ys;;
let rec universe_proda _A _B
= (match (universe _A, universe _B) with (None, _) -> None
| (Some _, None) -> None | (Some xs, Some ys) -> Some (product xs ys));;
let rec universe_prod _A _B =
({universe = universe_proda _A _B} : ('a * 'b) universe);;
let equal_string8 = ({equal = Stdlib.(=)} : string equal);;
let universe_string8a : (string list) option = None;;
let universe_string8 = ({universe = universe_string8a} : string universe);;
let ord_integer = ({less_eq = Z.leq; less = Z.lt} : Z.t ord);;
type event_data = EInt of Z.t | EString of string;;
let rec equal_event_dataa
x0 x1 = match x0, x1 with EInt x1, EString x2 -> false
| EString x2, EInt x1 -> false
| EString x2, EString y2 -> Stdlib.(=) x2 y2
| EInt x1, EInt y1 -> Z.equal x1 y1;;
let equal_event_data = ({equal = equal_event_dataa} : event_data equal);;
let default_event_dataa : event_data = EInt Z.zero;;
type 'a default = {default : 'a};;
let default _A = _A.default;;
let default_event_data =
({default = default_event_dataa} : event_data default);;
let rec less_eq_event_data
x0 x1 = match x0, x1 with EInt x, EInt y -> Z.leq x y
| EString x, EString y -> Stdlib.(<=) x y
| EInt uu, EString uv -> true
| EString v, EInt va -> false;;
let rec less_event_data
x y = less_eq_event_data x y && not (less_eq_event_data y x);;
let ord_event_data =
({less_eq = less_eq_event_data; less = less_event_data} : event_data ord);;
let preorder_event_data =
({ord_preorder = ord_event_data} : event_data preorder);;
let order_event_data =
({preorder_order = preorder_event_data} : event_data order);;
let linorder_event_data =
({order_linorder = order_event_data} : event_data linorder);;
let universe_event_dataa : (event_data list) option = None;;
let universe_event_data =
({universe = universe_event_dataa} : event_data universe);;
type num = One | Bit0 of num | Bit1 of num;;
type ('a, 'b) mapping = Mapping of ('a * 'b) list;;
type 'a trace_mapping =
Abs_trace_mapping of (nat * (nat * (nat, ('a set * nat)) mapping));;
type 'a trace = Trace_Mapping of 'a trace_mapping;;
type ('a, 'b) sum = Inl of 'a | Inr of 'b;;
type enat = Enat of nat | Infinity_enat;;
type i = Abs_I of (nat * enat);;
type ('b, 'a) part = Abs_part of ('b set * 'a) list;;
type ('a, 'b, 'c) pdt = Leaf of 'b | Node of 'c * ('a, ('a, 'b, 'c) pdt) part;;
type ('a, 'b) formula = TT | FF | Eq_Const of 'a * 'b |
Pred of 'a * ('a, 'b) trm list | Neg of ('a, 'b) formula |
Or of ('a, 'b) formula * ('a, 'b) formula |
And of ('a, 'b) formula * ('a, 'b) formula |
Imp of ('a, 'b) formula * ('a, 'b) formula |
Iff of ('a, 'b) formula * ('a, 'b) formula | Exists of 'a * ('a, 'b) formula |
Forall of 'a * ('a, 'b) formula | Prev of i * ('a, 'b) formula |
Next of i * ('a, 'b) formula | Once of i * ('a, 'b) formula |
Historically of i * ('a, 'b) formula | Eventually of i * ('a, 'b) formula |
Always of i * ('a, 'b) formula |
Since of ('a, 'b) formula * i * ('a, 'b) formula |
Until of ('a, 'b) formula * i * ('a, 'b) formula;;
type ('a, 'b) sproof = STT of nat | SPred of nat * 'a * ('a, 'b) trm list |
SEq_Const of nat * 'a * 'b | SNeg of ('a, 'b) vproof | SOrL of ('a, 'b) sproof
| SOrR of ('a, 'b) sproof | SAnd of ('a, 'b) sproof * ('a, 'b) sproof |
SImpL of ('a, 'b) vproof | SImpR of ('a, 'b) sproof |
SIffSS of ('a, 'b) sproof * ('a, 'b) sproof |
SIffVV of ('a, 'b) vproof * ('a, 'b) vproof |
SExists of 'a * 'b * ('a, 'b) sproof |
SForall of 'a * ('b, ('a, 'b) sproof) part | SPrev of ('a, 'b) sproof |
SNext of ('a, 'b) sproof | SOnce of nat * ('a, 'b) sproof |
SEventually of nat * ('a, 'b) sproof |
SHistorically of nat * nat * ('a, 'b) sproof list | SHistoricallyOut of nat |
SAlways of nat * nat * ('a, 'b) sproof list |
SSince of ('a, 'b) sproof * ('a, 'b) sproof list |
SUntil of ('a, 'b) sproof list * ('a, 'b) sproof
and ('a, 'b) vproof = VFF of nat | VPred of nat * 'a * ('a, 'b) trm list |
VEq_Const of nat * 'a * 'b | VNeg of ('a, 'b) sproof |
VOr of ('a, 'b) vproof * ('a, 'b) vproof | VAndL of ('a, 'b) vproof |
VAndR of ('a, 'b) vproof | VImp of ('a, 'b) sproof * ('a, 'b) vproof |
VIffSV of ('a, 'b) sproof * ('a, 'b) vproof |
VIffVS of ('a, 'b) vproof * ('a, 'b) sproof |
VExists of 'a * ('b, ('a, 'b) vproof) part |
VForall of 'a * 'b * ('a, 'b) vproof | VPrev of ('a, 'b) vproof | VPrevZ |
VPrevOutL of nat | VPrevOutR of nat | VNext of ('a, 'b) vproof |
VNextOutL of nat | VNextOutR of nat | VOnceOut of nat |
VOnce of nat * nat * ('a, 'b) vproof list |
VEventually of nat * nat * ('a, 'b) vproof list |
VHistorically of nat * ('a, 'b) vproof | VAlways of nat * ('a, 'b) vproof |
VSinceOut of nat | VSince of nat * ('a, 'b) vproof * ('a, 'b) vproof list |
VSinceInf of nat * nat * ('a, 'b) vproof list |
VUntil of nat * ('a, 'b) vproof list * ('a, 'b) vproof |
VUntilInf of nat * nat * ('a, 'b) vproof list;;
let rec plus_nat m n = Nat (Z.add (integer_of_nat m) (integer_of_nat n));;
let one_nat : nat = Nat (Z.of_int 1);;
let rec suc n = plus_nat n one_nat;;
let rec max _A a b = (if less_eq _A a b then b else a);;
let rec minus_nat
m n = Nat (max ord_integer Z.zero
(Z.sub (integer_of_nat m) (integer_of_nat n)));;
let zero_nat : nat = Nat Z.zero;;
let rec nth
(x :: xs) n =
(if equal_nata n zero_nat then x else nth xs (minus_nat n one_nat));;
let rec fold f x1 s = match f, x1, s with f, x :: xs, s -> fold f xs (f x s)
| f, [], s -> s;;
let rec rev xs = fold (fun a b -> a :: b) xs [];;
let rec upt i j = (if less_nat i j then i :: upt (suc i) j else []);;
let rec ball (Set xs) p = list_all p xs;;
let rec null = function [] -> true
| x :: xs -> false;;
let rec last (x :: xs) = (if null xs then x else last xs);;
let rec maps f x1 = match f, x1 with f, [] -> []
| f, x :: xs -> f x @ maps f xs;;
let rec image f (Set xs) = Set (map f xs);;
let rec rep_trace_mapping (Abs_trace_mapping x) = x;;
let bot_set : 'a set = Set [];;
let rec the (Some x2) = x2;;
let rec map_of _A
x0 k = match x0, k with
(l, v) :: ps, k -> (if eq _A l k then Some v else map_of _A ps k)
| [], k -> None;;
let rec lookup _A (Mapping xs) = map_of _A xs;;
let rec trace_mapping_nth
xa = (let (n, (m, t)) = rep_trace_mapping xa in
(fun i ->
(if less_nat i n then the (lookup equal_nat t i)
else (bot_set, plus_nat (minus_nat i n) m))));;
let rec snd (x1, x2) = x2;;
let rec tau (Trace_Mapping t) i = snd (trace_mapping_nth t i);;
let rec lTP_rec
sigma t i =
(if less_eq_nat (tau sigma (suc i)) t
then lTP_rec sigma t (plus_nat i one_nat) else i);;
let rec ltp
sigma t =
(if less_nat t (tau sigma zero_nat)
then failwith "LTP: undefined" (fun _ -> ltp sigma t)
else lTP_rec sigma t zero_nat);;
let rec removeAll _A
x xa1 = match x, xa1 with x, [] -> []
| x, y :: xs ->
(if eq _A x y then removeAll _A x xs else y :: removeAll _A x xs);;
let rec inserta _A x xs = (if membera _A xs x then xs else x :: xs);;
let rec insert _A
x xa1 = match x, xa1 with x, Coset xs -> Coset (removeAll _A x xs)
| x, Set xs -> Set (inserta _A x xs);;
let rec remove _A
x xa1 = match x, xa1 with x, Coset xs -> Coset (inserta _A x xs)
| x, Set xs -> Set (removeAll _A x xs);;
let rec fun_upd _A f a b = (fun x -> (if eq _A x a then b else f x));;
let rec filter
p x1 = match p, x1 with p, [] -> []
| p, x :: xs -> (if p x then x :: filter p xs else filter p xs);;
let rec hd (x21 :: x22) = x21;;
let rec list_ex p x1 = match p, x1 with p, [] -> false
| p, x :: xs -> p x || list_ex p xs;;
let rec rep_I (Abs_I x) = x;;
let rec fst (x1, x2) = x1;;
let rec left x = fst (rep_I x);;
let rec distinct _A = function [] -> true
| x :: xs -> not (membera _A xs x) && distinct _A xs;;
let top_set : 'a set = Coset [];;
let rec inf_set _A
a x1 = match a, x1 with a, Coset xs -> fold (remove _A) xs a
| a, Set xs -> Set (filter (fun x -> member _A x a) xs);;
let rec producta
(Set xs) (Set ys) = Set (maps (fun x -> map (fun a -> (x, a)) ys) xs);;
let rec set_Cons _A
a xs =
image (fun (aa, b) -> aa :: b)
(producta (inf_set _A (image (fun x -> x) a) top_set)
(inf_set (equal_list _A) top_set (image (fun xsa -> xsa) xs)));;
let empty : ('a, 'b) mapping = Mapping [];;
let rec right x = snd (rep_I x);;
let rec partition
p x1 = match p, x1 with p, [] -> ([], [])
| p, x :: xs ->
(let (yes, no) = partition p xs in
(if p x then (x :: yes, no) else (yes, x :: no)));;
let rec is_none = function Some x -> false
| None -> true;;
let rec gamma (Trace_Mapping t) i = fst (trace_mapping_nth t i);;
let rec less_eq_enat q x1 = match q, x1 with Infinity_enat, Enat n -> false
| q, Infinity_enat -> true
| Enat m, Enat n -> less_eq_nat m n;;
let rec less_enat x0 q = match x0, q with Infinity_enat, q -> false
| Enat m, Infinity_enat -> true
| Enat m, Enat n -> less_nat m n;;
let rec equal_option _A x0 x1 = match x0, x1 with None, Some x2 -> false
| Some x2, None -> false
| Some x2, Some y2 -> eq _A x2 y2
| None, None -> true;;
let rec check_values _A _B
uu uv uw x3 = match uu, uv, uw, x3 with uu, uv, uw, None -> None
| vs, Const c :: ts, u :: us, Some v ->
(if eq _B c u then check_values _A _B vs ts us (Some v) else None)
| vs, Var x :: ts, u :: us, Some v ->
(if member _B u (vs x) &&
(equal_option _B (v x) (Some u) || is_none (v x))
then check_values _A _B vs ts us (Some (fun_upd _A v x (Some u)))
else None)
| vs, [], [], Some v -> Some v
| ux, [], va :: vb, Some v -> None
| ux, Var vc :: vb, [], Some v -> None
| ux, va :: vb, [], Some v -> None;;
let rec mk_values_subset_Compl _A (_B1, _B2, _B3)
sigma r vs ts i =
ball (gamma sigma i)
(fun (q, us) ->
not (eq _A q r) ||
is_none (check_values _A _B2 vs ts us (Some (fun _ -> None))));;
let rec gen_length n x1 = match n, x1 with n, x :: xs -> gen_length (suc n) xs
| n, [] -> n;;
let rec size_list x = gen_length zero_nat x;;
let rec check_upt_LTP_p
sigma ia li xs i =
(match xs
with [] ->
(if equal_nata (left ia) zero_nat then less_nat i li
else (if not (less_eq_nat li i) && equal_nata (left ia) zero_nat
then less_nat zero_nat (minus_nat (tau sigma li) (tau sigma i))
else less_nat (minus_nat (tau sigma i) (tau sigma li))
(left ia)))
| _ :: _ ->
equal_lista equal_nat xs (upt li (plus_nat li (size_list xs))) &&
(if equal_nata (left ia) zero_nat
then equal_nata (minus_nat (plus_nat li (size_list xs)) one_nat) i
else less_eq_nat (minus_nat (plus_nat li (size_list xs)) one_nat)
i &&
(less_eq_nat (left ia)
(minus_nat (tau sigma i)
(tau sigma
(minus_nat (plus_nat li (size_list xs)) one_nat))) &&
less_nat
(minus_nat (tau sigma i)
(tau sigma (plus_nat li (size_list xs))))
(left ia))));;
let rec check_upt_ETP_f
sigma ia i xs hi =
(let j = minus_nat (suc hi) (size_list xs) in
(match xs
with [] ->
(if equal_nata (left ia) zero_nat then less_eq_nat (suc hi) i
else less_nat (minus_nat (tau sigma hi) (tau sigma i)) (left ia))
| _ :: _ ->
equal_lista equal_nat xs (upt j (suc hi)) &&
((if equal_nata (left ia) zero_nat then less_eq_nat j i
else (if equal_nata j zero_nat then true
else less_nat
(minus_nat (tau sigma (minus_nat j one_nat))
(tau sigma i))
(left ia))) &&
(less_eq_nat i j &&
less_eq_nat (left ia)
(minus_nat (tau sigma j) (tau sigma i))))));;
let rec maxa _A
(Set (x :: xs)) =
fold (max _A.order_linorder.preorder_order.ord_preorder) xs x;;
let rec finite _A
= function Coset xs -> (match universe _A with None -> false | Some _ -> true)
| Set xs -> true;;
let rec positions _A
xa0 x = match xa0, x with [], x -> []
| y :: ys, x ->
(if eq _A x y then zero_nat :: map suc (positions _A ys x)
else map suc (positions _A ys x));;
let rec mk_values _A (_B1, _B2, _B3) _C
= function [] -> insert (equal_list _C) [] bot_set
| t :: ts ->
(match t
with (Var xa, x) ->
(let terms = map fst ts in
(if membera (equal_trm _A _B2) terms (Var xa)
then (let fst_pos =
hd (positions (equal_trm _A _B2) terms (Var xa)) in
image (fun xs -> nth xs fst_pos :: xs)
(mk_values _A (_B1, _B2, _B3) _C ts))
else set_Cons _C x (mk_values _A (_B1, _B2, _B3) _C ts)))
| (Const _, x) ->
set_Cons _C x (mk_values _A (_B1, _B2, _B3) _C ts));;
let rec mk_values_subset (_A1, _A2) _B (_C1, _C2, _C3) (_D1, _D2)
p tXs x =
(let (fintXs, inftXs) = partition (fun tX -> finite _D1 (snd tX)) tXs in
(if null inftXs
then less_eq_set
((universe_prod _A1 universe_list),
(equal_prod _A2 (equal_list _D2)))
(producta (insert _A2 p bot_set)
(mk_values _B (_C1, _C2, _C3) _D2 tXs))
x
else (let inf_dups =
filter
(fun tX ->
membera (equal_trm _B _C2) (map fst fintXs) (fst tX))
inftXs
in
(if null inf_dups
then (if finite (universe_prod _A1 universe_list) x then false
else failwith "subset on infinite subset"
(fun _ ->
less_eq_set
((universe_prod _A1 universe_list),
(equal_prod _A2 (equal_list _D2)))
(producta (insert _A2 p bot_set)
(mk_values _B (_C1, _C2, _C3) _D2 tXs))
x))
else (if list_all
(fun tX ->
less_nat
(maxa linorder_nat
(Set (positions
(equal_prod (equal_trm _B _C2) (equal_set (_D1, _D2))) tXs tX)))
(maxa linorder_nat
(Set (positions (equal_trm _B _C2)
(map fst tXs) (fst tX)))))
inf_dups
then less_eq_set
((universe_prod _A1 universe_list),
(equal_prod _A2 (equal_list _D2)))
(producta (insert _A2 p bot_set)
(mk_values _B (_C1, _C2, _C3) _D2 tXs))
x
else (if finite (universe_prod _A1 universe_list) x
then false
else failwith "subset on infinite subset"
(fun _ ->
less_eq_set
((universe_prod _A1 universe_list), (equal_prod _A2 (equal_list _D2)))
(producta (insert _A2 p bot_set) (mk_values _B (_C1, _C2, _C3) _D2 tXs))
x)))))));;
let rec eval_trm_set _B vs x1 = match vs, x1 with vs, Var x -> (Var x, vs x)
| vs, Const x -> (Const x, insert _B x bot_set);;
let rec eval_trms_set _B vs ts = map (eval_trm_set _B vs) ts;;
let rec rep_part (Abs_part x) = x;;
let rec subsVals xa = Set (rep_part xa);;
let rec part_hd xa = snd (hd (rep_part xa));;
let rec v_at = function VFF i -> i
| VPred (i, vk, vl) -> i
| VEq_Const (i, vm, vn) -> i
| VNeg sp -> s_at sp
| VOr (vp1, vo) -> v_at vp1
| VAndL vp1 -> v_at vp1
| VAndR vp2 -> v_at vp2
| VImp (sp1, vq) -> s_at sp1
| VIffSV (sp1, vr) -> s_at sp1
| VIffVS (vp1, vs) -> v_at vp1
| VExists (vt, part) -> v_at (part_hd part)
| VForall (vu, vv, vp1) -> v_at vp1
| VPrev vp -> plus_nat (v_at vp) one_nat
| VPrevZ -> zero_nat
| VPrevOutL i -> i
| VPrevOutR i -> i
| VNext vp -> minus_nat (v_at vp) one_nat
| VNextOutL i -> i
| VNextOutR i -> i
| VOnceOut i -> i
| VOnce (i, vw, vx) -> i
| VEventually (i, vy, vz) -> i
| VHistorically (i, wa) -> i
| VAlways (i, wb) -> i
| VSinceOut i -> i
| VSince (i, wc, wd) -> i
| VSinceInf (i, we, wf) -> i
| VUntil (i, wg, wh) -> i
| VUntilInf (i, wi, wj) -> i
and s_at
= function STT i -> i
| SPred (i, uu, uv) -> i
| SEq_Const (i, uw, ux) -> i
| SNeg vp -> v_at vp
| SOrL sp1 -> s_at sp1
| SOrR sp2 -> s_at sp2
| SAnd (sp1, uy) -> s_at sp1
| SImpL vp1 -> v_at vp1
| SImpR sp2 -> s_at sp2
| SIffSS (sp1, uz) -> s_at sp1
| SIffVV (vp1, va) -> v_at vp1
| SExists (vb, vc, sp) -> s_at sp
| SForall (vd, part) -> s_at (part_hd part)
| SPrev sp -> plus_nat (s_at sp) one_nat
| SNext sp -> minus_nat (s_at sp) one_nat
| SOnce (i, ve) -> i
| SEventually (i, vf) -> i
| SHistorically (i, vg, vh) -> i
| SHistoricallyOut i -> i
| SAlways (i, vi, vj) -> i
| SSince (sp2, sp1s) ->
(match sp1s with [] -> s_at sp2 | _ :: _ -> s_at (last sp1s))
| SUntil (sp1s, sp2) ->
(match sp1s with [] -> s_at sp2 | sp1 :: _ -> s_at sp1);;
let rec v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4)
sigma vs x2 vp = match sigma, vs, x2, vp with
sigma, vs, Until (phi, i, psi), vp ->
(match vp with VFF _ -> false | VPred (_, _, _) -> false
| VEq_Const (_, _, _) -> false | VNeg _ -> false | VOr (_, _) -> false
| VAndL _ -> false | VAndR _ -> false | VImp (_, _) -> false
| VIffSV (_, _) -> false | VIffVS (_, _) -> false
| VExists (_, _) -> false | VForall (_, _, _) -> false
| VPrev _ -> false | VPrevZ -> false | VPrevOutL _ -> false
| VPrevOutR _ -> false | VNext _ -> false | VNextOutL _ -> false
| VNextOutR _ -> false | VOnceOut _ -> false | VOnce (_, _, _) -> false
| VEventually (_, _, _) -> false | VHistorically (_, _) -> false
| VAlways (_, _) -> false | VSinceOut _ -> false
| VSince (_, _, _) -> false | VSinceInf (_, _, _) -> false
| VUntil (ia, vp2s, vp1) ->
(let j = v_at vp1 in
(match right i
with Enat b -> less_nat j (ltp sigma (plus_nat (tau sigma ia) b))
| Infinity_enat -> true) &&
(less_eq_nat ia j &&
(check_upt_ETP_f sigma i ia (map v_at vp2s) j &&
(v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs phi
vp1 &&
list_all
(v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs
psi)
vp2s))))
| VUntilInf (ia, hi, vp2s) ->
(match right i
with Enat b ->
less_eq_nat (minus_nat (tau sigma hi) (tau sigma ia)) b &&
less_nat b (minus_nat (tau sigma (suc hi)) (tau sigma ia))
| Infinity_enat -> false) &&
(check_upt_ETP_f sigma i ia (map v_at vp2s) hi &&
list_all
(v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs psi)
vp2s))
| sigma, vs, Eventually (i, phi), vp ->
(match vp with VFF _ -> false | VPred (_, _, _) -> false
| VEq_Const (_, _, _) -> false | VNeg _ -> false | VOr (_, _) -> false
| VAndL _ -> false | VAndR _ -> false | VImp (_, _) -> false
| VIffSV (_, _) -> false | VIffVS (_, _) -> false
| VExists (_, _) -> false | VForall (_, _, _) -> false
| VPrev _ -> false | VPrevZ -> false | VPrevOutL _ -> false
| VPrevOutR _ -> false | VNext _ -> false | VNextOutL _ -> false
| VNextOutR _ -> false | VOnceOut _ -> false
| VOnce (_, _, _) -> false
| VEventually (ia, hi, vps) ->
(match right i
with Enat b ->
less_eq_nat (minus_nat (tau sigma hi) (tau sigma ia)) b &&
less_nat b (minus_nat (tau sigma (suc hi)) (tau sigma ia))
| Infinity_enat -> false) &&
(check_upt_ETP_f sigma i ia (map v_at vps) hi &&
list_all
(v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs phi)
vps)
| VHistorically (_, _) -> false | VAlways (_, _) -> false
| VSinceOut _ -> false | VSince (_, _, _) -> false
| VSinceInf (_, _, _) -> false | VUntil (_, _, _) -> false
| VUntilInf (_, _, _) -> false)
| sigma, vs, Since (phi, i, psi), vp ->
(match vp with VFF _ -> false | VPred (_, _, _) -> false
| VEq_Const (_, _, _) -> false | VNeg _ -> false | VOr (_, _) -> false
| VAndL _ -> false | VAndR _ -> false | VImp (_, _) -> false
| VIffSV (_, _) -> false | VIffVS (_, _) -> false
| VExists (_, _) -> false | VForall (_, _, _) -> false
| VPrev _ -> false | VPrevZ -> false | VPrevOutL _ -> false
| VPrevOutR _ -> false | VNext _ -> false | VNextOutL _ -> false
| VNextOutR _ -> false | VOnceOut _ -> false
| VOnce (_, _, _) -> false | VEventually (_, _, _) -> false
| VHistorically (_, _) -> false | VAlways (_, _) -> false
| VSinceOut ia ->
less_nat (tau sigma ia) (plus_nat (tau sigma zero_nat) (left i))
| VSince (ia, vp1, vp2s) ->
(let j = v_at vp1 in
(match right i
with Enat a ->
less_eq_nat (minus_nat (tau sigma ia) (tau sigma j)) a
| Infinity_enat -> true) &&
(less_eq_nat j ia &&
(less_eq_nat (plus_nat (tau sigma zero_nat) (left i))
(tau sigma ia) &&
(check_upt_LTP_p sigma i j (map v_at vp2s) ia &&
(v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs phi
vp1 &&
list_all
(v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs
psi)
vp2s)))))
| VSinceInf (ia, li, vp2s) ->
(match right i
with Enat b ->
(equal_nata li zero_nat ||
less_nat b
(minus_nat (tau sigma ia)
(tau sigma (minus_nat li one_nat)))) &&
less_eq_nat (minus_nat (tau sigma ia) (tau sigma li)) b
| Infinity_enat -> equal_nata li zero_nat) &&
(less_eq_nat (plus_nat (tau sigma zero_nat) (left i))
(tau sigma ia) &&
(check_upt_LTP_p sigma i li (map v_at vp2s) ia &&
list_all
(v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs psi)
vp2s))
| VUntil (_, _, _) -> false | VUntilInf (_, _, _) -> false)
| sigma, vs, Once (i, phi), vp ->
(match vp with VFF _ -> false | VPred (_, _, _) -> false
| VEq_Const (_, _, _) -> false | VNeg _ -> false | VOr (_, _) -> false
| VAndL _ -> false | VAndR _ -> false | VImp (_, _) -> false
| VIffSV (_, _) -> false | VIffVS (_, _) -> false
| VExists (_, _) -> false | VForall (_, _, _) -> false
| VPrev _ -> false | VPrevZ -> false | VPrevOutL _ -> false
| VPrevOutR _ -> false | VNext _ -> false | VNextOutL _ -> false
| VNextOutR _ -> false
| VOnceOut ia ->
less_nat (tau sigma ia) (plus_nat (tau sigma zero_nat) (left i))
| VOnce (ia, li, vps) ->
(match right i
with Enat b ->
(equal_nata li zero_nat ||
less_nat b
(minus_nat (tau sigma ia)
(tau sigma (minus_nat li one_nat)))) &&
less_eq_nat (minus_nat (tau sigma ia) (tau sigma li)) b
| Infinity_enat -> equal_nata li zero_nat) &&
(less_eq_nat (plus_nat (tau sigma zero_nat) (left i))
(tau sigma ia) &&
(check_upt_LTP_p sigma i li (map v_at vps) ia &&
list_all
(v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs phi)
vps))
| VEventually (_, _, _) -> false | VHistorically (_, _) -> false
| VAlways (_, _) -> false | VSinceOut _ -> false
| VSince (_, _, _) -> false | VSinceInf (_, _, _) -> false
| VUntil (_, _, _) -> false | VUntilInf (_, _, _) -> false)
| sigma, vs, Always (xc, xaa), VUntilInf (xb, xa, x) -> false
| sigma, vs, Always (xc, xaa), VUntil (xb, xa, x) -> false
| sigma, vs, Always (xc, xaa), VSinceInf (xb, xa, x) -> false
| sigma, vs, Always (xc, xaa), VSince (xb, xa, x) -> false
| sigma, vs, Always (xa, xaa), VSinceOut x -> false
| sigma, vs, Always (xb, xaa), VAlways (xa, x) ->
(let j = v_at x in
less_eq_nat xa j &&
(less_eq_nat (left xb) (minus_nat (tau sigma j) (tau sigma xa)) &&
less_eq_enat (Enat (minus_nat (tau sigma j) (tau sigma xa)))
(right xb) &&
v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs xaa x))
| sigma, vs, Always (xb, xaa), VHistorically (xa, x) -> false
| sigma, vs, Always (xc, xaa), VEventually (xb, xa, x) -> false
| sigma, vs, Always (xc, xaa), VOnce (xb, xa, x) -> false
| sigma, vs, Always (xa, xaa), VOnceOut x -> false
| sigma, vs, Always (xa, xaa), VNextOutR x -> false
| sigma, vs, Always (xa, xaa), VNextOutL x -> false
| sigma, vs, Always (xa, xaa), VNext x -> false
| sigma, vs, Always (xa, xaa), VPrevOutR x -> false
| sigma, vs, Always (xa, xaa), VPrevOutL x -> false
| sigma, vs, Always (x, xa), VPrevZ -> false
| sigma, vs, Always (xa, xaa), VPrev x -> false
| sigma, vs, Always (xc, xaa), VForall (xb, xa, x) -> false
| sigma, vs, Always (xb, xaa), VExists (xa, x) -> false
| sigma, vs, Always (xb, xaa), VIffVS (xa, x) -> false
| sigma, vs, Always (xb, xaa), VIffSV (xa, x) -> false
| sigma, vs, Always (xb, xaa), VImp (xa, x) -> false
| sigma, vs, Always (xa, xaa), VAndR x -> false
| sigma, vs, Always (xa, xaa), VAndL x -> false
| sigma, vs, Always (xb, xaa), VOr (xa, x) -> false
| sigma, vs, Always (xa, xaa), VNeg x -> false
| sigma, vs, Always (xc, xaa), VEq_Const (xb, xa, x) -> false
| sigma, vs, Always (xc, xaa), VPred (xb, xa, x) -> false
| sigma, vs, Always (xa, xaa), VFF x -> false
| sigma, vs, Historically (xc, xaa), VUntilInf (xb, xa, x) -> false
| sigma, vs, Historically (xc, xaa), VUntil (xb, xa, x) -> false
| sigma, vs, Historically (xc, xaa), VSinceInf (xb, xa, x) -> false
| sigma, vs, Historically (xc, xaa), VSince (xb, xa, x) -> false
| sigma, vs, Historically (xa, xaa), VSinceOut x -> false
| sigma, vs, Historically (xb, xaa), VAlways (xa, x) -> false
| sigma, vs, Historically (xb, xaa), VHistorically (xa, x) ->
(let j = v_at x in
less_eq_nat j xa &&
(less_eq_nat (left xb) (minus_nat (tau sigma xa) (tau sigma j)) &&
less_eq_enat (Enat (minus_nat (tau sigma xa) (tau sigma j)))
(right xb) &&
v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs xaa x))
| sigma, vs, Historically (xc, xaa), VEventually (xb, xa, x) -> false
| sigma, vs, Historically (xc, xaa), VOnce (xb, xa, x) -> false
| sigma, vs, Historically (xa, xaa), VOnceOut x -> false
| sigma, vs, Historically (xa, xaa), VNextOutR x -> false
| sigma, vs, Historically (xa, xaa), VNextOutL x -> false
| sigma, vs, Historically (xa, xaa), VNext x -> false
| sigma, vs, Historically (xa, xaa), VPrevOutR x -> false
| sigma, vs, Historically (xa, xaa), VPrevOutL x -> false
| sigma, vs, Historically (x, xa), VPrevZ -> false
| sigma, vs, Historically (xa, xaa), VPrev x -> false
| sigma, vs, Historically (xc, xaa), VForall (xb, xa, x) -> false
| sigma, vs, Historically (xb, xaa), VExists (xa, x) -> false
| sigma, vs, Historically (xb, xaa), VIffVS (xa, x) -> false
| sigma, vs, Historically (xb, xaa), VIffSV (xa, x) -> false
| sigma, vs, Historically (xb, xaa), VImp (xa, x) -> false
| sigma, vs, Historically (xa, xaa), VAndR x -> false
| sigma, vs, Historically (xa, xaa), VAndL x -> false
| sigma, vs, Historically (xb, xaa), VOr (xa, x) -> false
| sigma, vs, Historically (xa, xaa), VNeg x -> false
| sigma, vs, Historically (xc, xaa), VEq_Const (xb, xa, x) -> false
| sigma, vs, Historically (xc, xaa), VPred (xb, xa, x) -> false
| sigma, vs, Historically (xa, xaa), VFF x -> false
| sigma, vs, Next (xc, xaa), VUntilInf (xb, xa, x) -> false
| sigma, vs, Next (xc, xaa), VUntil (xb, xa, x) -> false
| sigma, vs, Next (xc, xaa), VSinceInf (xb, xa, x) -> false
| sigma, vs, Next (xc, xaa), VSince (xb, xa, x) -> false
| sigma, vs, Next (xa, xaa), VSinceOut x -> false
| sigma, vs, Next (xb, xaa), VAlways (xa, x) -> false
| sigma, vs, Next (xb, xaa), VHistorically (xa, x) -> false
| sigma, vs, Next (xc, xaa), VEventually (xb, xa, x) -> false
| sigma, vs, Next (xc, xaa), VOnce (xb, xa, x) -> false
| sigma, vs, Next (xa, xaa), VOnceOut x -> false
| sigma, vs, Next (xa, xaa), VNextOutR x ->
less_enat (right xa)
(Enat (minus_nat (tau sigma (plus_nat x one_nat))
(tau sigma (minus_nat (plus_nat x one_nat) one_nat))))
| sigma, vs, Next (xa, xaa), VNextOutL x ->
less_nat
(minus_nat (tau sigma (plus_nat x one_nat))
(tau sigma (minus_nat (plus_nat x one_nat) one_nat)))
(left xa)
| sigma, vs, Next (xa, xaa), VNext x ->
(let j = v_at x in
let i = v_at (VNext x) in
equal_nata j (plus_nat i one_nat) &&
v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs xaa x)
| sigma, vs, Next (xa, xaa), VPrevOutR x -> false
| sigma, vs, Next (xa, xaa), VPrevOutL x -> false
| sigma, vs, Next (x, xa), VPrevZ -> false
| sigma, vs, Next (xa, xaa), VPrev x -> false
| sigma, vs, Next (xc, xaa), VForall (xb, xa, x) -> false
| sigma, vs, Next (xb, xaa), VExists (xa, x) -> false
| sigma, vs, Next (xb, xaa), VIffVS (xa, x) -> false
| sigma, vs, Next (xb, xaa), VIffSV (xa, x) -> false
| sigma, vs, Next (xb, xaa), VImp (xa, x) -> false
| sigma, vs, Next (xa, xaa), VAndR x -> false
| sigma, vs, Next (xa, xaa), VAndL x -> false
| sigma, vs, Next (xb, xaa), VOr (xa, x) -> false
| sigma, vs, Next (xa, xaa), VNeg x -> false
| sigma, vs, Next (xc, xaa), VEq_Const (xb, xa, x) -> false
| sigma, vs, Next (xc, xaa), VPred (xb, xa, x) -> false
| sigma, vs, Next (xa, xaa), VFF x -> false
| sigma, vs, Prev (xc, xaa), VUntilInf (xb, xa, x) -> false
| sigma, vs, Prev (xc, xaa), VUntil (xb, xa, x) -> false
| sigma, vs, Prev (xc, xaa), VSinceInf (xb, xa, x) -> false
| sigma, vs, Prev (xc, xaa), VSince (xb, xa, x) -> false
| sigma, vs, Prev (xa, xaa), VSinceOut x -> false
| sigma, vs, Prev (xb, xaa), VAlways (xa, x) -> false
| sigma, vs, Prev (xb, xaa), VHistorically (xa, x) -> false
| sigma, vs, Prev (xc, xaa), VEventually (xb, xa, x) -> false
| sigma, vs, Prev (xc, xaa), VOnce (xb, xa, x) -> false
| sigma, vs, Prev (xa, xaa), VOnceOut x -> false
| sigma, vs, Prev (xa, xaa), VNextOutR x -> false
| sigma, vs, Prev (xa, xaa), VNextOutL x -> false
| sigma, vs, Prev (xa, xaa), VNext x -> false
| sigma, vs, Prev (xa, xaa), VPrevOutR x ->
less_nat zero_nat x &&
less_enat (right xa)
(Enat (minus_nat (tau sigma x) (tau sigma (minus_nat x one_nat))))
| sigma, vs, Prev (xa, xaa), VPrevOutL x ->
less_nat zero_nat x &&
less_nat (minus_nat (tau sigma x) (tau sigma (minus_nat x one_nat)))
(left xa)
| sigma, vs, Prev (x, xa), VPrevZ -> true
| sigma, vs, Prev (xa, xaa), VPrev x ->
(let j = v_at x in
let i = v_at (VPrev x) in
equal_nata i (plus_nat j one_nat) &&
v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma vs xaa x)
| sigma, vs, Prev (xc, xaa), VForall (xb, xa, x) -> false
| sigma, vs, Prev (xb, xaa), VExists (xa, x) -> false
| sigma, vs, Prev (xb, xaa), VIffVS (xa, x) -> false
| sigma, vs, Prev (xb, xaa), VIffSV (xa, x) -> false
| sigma, vs, Prev (xb, xaa), VImp (xa, x) -> false
| sigma, vs, Prev (xa, xaa), VAndR x -> false
| sigma, vs, Prev (xa, xaa), VAndL x -> false
| sigma, vs, Prev (xb, xaa), VOr (xa, x) -> false
| sigma, vs, Prev (xa, xaa), VNeg x -> false
| sigma, vs, Prev (xc, xaa), VEq_Const (xb, xa, x) -> false
| sigma, vs, Prev (xc, xaa), VPred (xb, xa, x) -> false
| sigma, vs, Prev (xa, xaa), VFF x -> false
| sigma, vs, Forall (xc, xaa), VUntilInf (xb, xa, x) -> false
| sigma, vs, Forall (xc, xaa), VUntil (xb, xa, x) -> false
| sigma, vs, Forall (xc, xaa), VSinceInf (xb, xa, x) -> false
| sigma, vs, Forall (xc, xaa), VSince (xb, xa, x) -> false
| sigma, vs, Forall (xa, xaa), VSinceOut x -> false
| sigma, vs, Forall (xb, xaa), VAlways (xa, x) -> false
| sigma, vs, Forall (xb, xaa), VHistorically (xa, x) -> false
| sigma, vs, Forall (xc, xaa), VEventually (xb, xa, x) -> false
| sigma, vs, Forall (xc, xaa), VOnce (xb, xa, x) -> false
| sigma, vs, Forall (xa, xaa), VOnceOut x -> false
| sigma, vs, Forall (xa, xaa), VNextOutR x -> false
| sigma, vs, Forall (xa, xaa), VNextOutL x -> false
| sigma, vs, Forall (xa, xaa), VNext x -> false
| sigma, vs, Forall (xa, xaa), VPrevOutR x -> false
| sigma, vs, Forall (xa, xaa), VPrevOutL x -> false
| sigma, vs, Forall (x, xa), VPrevZ -> false
| sigma, vs, Forall (xa, xaa), VPrev x -> false
| sigma, vs, Forall (xc, xaa), VForall (xb, xa, x) ->
eq _A2 xc xb &&
v_check_exec (_A1, _A2) (_B1, _B2, _B3, _B4) sigma
(fun_upd _A2 vs xc (insert _B3 xa bot_set)) xaa x
| sigma, vs, Forall (xb, xaa), VExists (xa, x) -> false
| sigma, vs, Forall (xb, xaa), VIffVS (xa, x) -> false
| sigma, vs, Forall (xb, xaa), VIffSV (xa, x) -> false
| sigma, vs, Forall (xb, xaa), VImp (xa, x) -> false
| sigma, vs, Forall (xa, xaa), VAndR x -> false
| sigma, vs, Forall (xa, xaa), VAndL x -> false
| sigma, vs, Forall (xb, xaa), VOr (xa, x) -> false
| sigma, vs, Forall (xa, xaa), VNeg x -> false
| sigma, vs, Forall (xc, xaa), VEq_Const (xb, xa, x) -> false
| sigma, vs, Forall (xc, xaa), VPred (xb, xa, x) -> false
| sigma, vs, Forall (xa, xaa), VFF x -> false
| sigma, vs, Exists (xc, xaa), VUntilInf (xb, xa, x) -> false
| sigma, vs, Exists (xc, xaa), VUntil (xb, xa, x) -> false
| sigma, vs, Exists (xc, xaa), VSinceInf (xb, xa, x) -> false
| sigma, vs, Exists (xc, xaa), VSince (xb, xa, x) -> false
| sigma, vs, Exists (xa, xaa), VSinceOut x -> false
| sigma, vs, Exists (xb, xaa), VAlways (xa, x) -> false
| sigma, vs, Exists (xb, xaa), VHistorically (xa, x) -> false
| sigma, vs, Exists (xc, xaa), VEventually (xb, xa, x) -> false