From VLSM.Lib Require Import Itauto.[Loading ML file ring_plugin.cmxs (using legacy method) ... done]
[Loading ML file zify_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_plugin.cmxs (using legacy method) ... done]
[Loading ML file btauto_plugin.cmxs (using legacy method) ... done]
[Loading ML file coq-itauto.plugin ... done]
From stdpp Require Import prelude finite.
From Coq Require Import Streams FunctionalExtensionality Eqdep_dec.
From VLSM.Lib Require Import Preamble ListExtras.
From VLSM.Core Require Import VLSM Plans VLSMProjections.
From VLSM.Core Require Import PreloadedVLSM ConstrainedVLSM.

Core: VLSM Composition

This module provides Coq definitions for composite VLSMs and their projections to components.

Section sec_VLSM_composition.

Let us fix a type for messages, and an index type for the VLSM components such that equality on index is decidable and let IM be a family of VLSMs indexed by index. Note that all VLSMs share the same type of messages.

Context
  {message : Type}
  `{EqDecision index}
  (IM : index -> VLSM message)
  .

Free VLSM composition

(*
  A [composite_state] is an indexed family of [state]s, yielding for each
  index <<n>> a [state] of [type] <<IT n>>, the [VLSMType] corresponding to
  machine <<n>>.

  Note that the [composite_state] type is the dependent product type of the
  family of [state] types corresponding to each index.
*)
Definition composite_state : Type :=
  forall n : index, state (IM n).

A composite_label is a pair between an index N and a label of IT n.

Note that the composite_label type is the dependent sum of the family of types [label (IT n) | n <- index].

Definition composite_label : Type :=
  {n : index & label (IM n)}.

(*
  Declaring this a "canonical structure" will make type checking
  guess that a VLSMType should be composite_type instead of just
  failing, if it has to compare composite_state with state or
  state of an unsolved VLSMType or VLSM.
*)
Canonical Structure composite_type : VLSMType message :=
{|
  state := composite_state;
  label := composite_label;
|}.

A composite_state has the initial_state_property if all of its component states have the initial_state_property in the corresponding component signature.

Definition composite_initial_state_prop (s : composite_state) : Prop :=
  forall n : index, initial_state_prop (IM n) (s n).

Definition composite_initial_state : Type :=
  {s : composite_state | composite_initial_state_prop s}.

Program Definition composite_s0 : composite_initial_state :=
  exist _ (fun (n : index) => `(vs0 (IM n))) _.
Next Obligation.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
(λ s : composite_state, composite_initial_state_prop s)
  (λ n : index, `(vs0 (IM n)))
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
(λ s : composite_state, composite_initial_state_prop s)
  (λ n : index, `(vs0 (IM n))) by intros i; destruct (vs0 (IM i)). Defined.

#[export] Instance composite_initial_state_inh : Inhabited composite_initial_state :=
  populate composite_s0.

A message has the initial_message_property in the composite iff it has the initial_message_property in any of the components.

Definition composite_initial_message_prop (m : message) : Prop :=
  exists (n : index) (mi : initial_message (IM n)), proj1_sig mi = m.

A very useful operation on composite_states is updating the state corresponding to a component.

Definition state_update
  (s : composite_state) (i : index) (si : state (IM i)) (j : index) : state (IM j) :=
  match decide (j = i) with
  | left e => eq_rect_r (fun i => state (IM i)) si e
  | _ => s j
  end.

The transition function for the composite_vlsm takes a transition in the component selected by the index in the given composite_label with the contained label, and returns the produced message together with the state updated on that component.

Definition composite_transition
  (l : composite_label) (som : composite_state * option message)
  : composite_state * option message :=
  let (s, om) := som in
  let (i, li) := l in
  let (si', om') := transition (IM i) li (s i, om) in
    (state_update s i si',  om').

Given a composite_label (i, li) and a composite_state-message pair (s, om), composite_validity is defined as validity in the ith component IM i.

Definition composite_valid
  (l : composite_label) (som : composite_state * option message) : Prop :=
  let (s, om) := som in
  let (i, li) := l in
    valid (IM i) li (s i, om).

Definition free_composite_vlsm_machine : VLSMMachine composite_type :=
{|
  initial_state_prop := composite_initial_state_prop;
  initial_message_prop := composite_initial_message_prop;
  transition := composite_transition;
  valid := composite_valid;
|}.

Definition free_composite_vlsm : VLSM message :=
  mk_vlsm free_composite_vlsm_machine.

Composite versions for transition_item, option_initial_message_prop and things related to plans and plan items.

Definition composite_transition_item : Type := transition_item composite_type.

Definition option_composite_initial_message_prop : option message -> Prop :=
  from_option composite_initial_message_prop True.

Definition composite_plan_item : Type := plan_item composite_type.

Definition composite_plan : Type := list composite_plan_item.

Definition composite_apply_plan := (@_apply_plan _ composite_type composite_transition).

Definition composite_apply_plan_app
  (start : composite_state)
  (a a' : list plan_item)
  : composite_apply_plan start (a ++ a') =
    let (aitems, afinal) := composite_apply_plan start a in
    let (a'items, a'final) := composite_apply_plan afinal a' in
     (aitems ++ a'items, a'final)
  := (@_apply_plan_app _ composite_type composite_transition start a a').

Definition composite_apply_plan_last
  (start : composite_state)
  (a : list plan_item)
  (after_a := composite_apply_plan start a)
  : finite_trace_last start (fst after_a) = snd after_a
  := (@_apply_plan_last _ composite_type composite_transition start a).

Definition composite_trace_to_plan := (@_trace_to_plan _ composite_type).

Constrained VLSM composition

A constrained VLSM composition is a free composition which is further constrained with an additional validity constraint.

Definition composite_vlsm
  (constraint : composite_label -> composite_state * option message -> Prop) : VLSM message :=
    constrained_vlsm free_composite_vlsm constraint.

free_constraint is the constraint that is always true.

Definition free_constraint : composite_label -> composite_state * option message -> Prop :=
  fun _ _ => True.

free_composite_vlsm is equivalent to a composite_vlsm with a free constraint.

Lemma free_composite_vlsm_spec :
  VLSM_eq free_composite_vlsm (composite_vlsm free_constraint).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_eq free_composite_vlsm
  (composite_vlsm free_constraint)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_eq free_composite_vlsm
  (composite_vlsm free_constraint)
  split.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_incl
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := free_composite_vlsm
  |}
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := composite_vlsm free_constraint
  |}
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_incl
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := composite_vlsm free_constraint
  |}
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := free_composite_vlsm
  |}
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_incl
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := free_composite_vlsm
  |}
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := composite_vlsm free_constraint
  |} apply (VLSM_incl_embedding_iff); cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_embedding
  {|
    vlsm_type := composite_type;
    vlsm_machine := free_composite_vlsm_machine
  |}
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      constrained_vlsm_machine free_composite_vlsm
        free_constraint
  |} id id
    by apply basic_VLSM_strong_embedding; red; cbn.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_incl
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := composite_vlsm free_constraint
  |}
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := free_composite_vlsm
  |} apply (VLSM_incl_embedding_iff); cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_embedding
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      constrained_vlsm_machine free_composite_vlsm
        free_constraint
  |}
  {|
    vlsm_type := composite_type;
    vlsm_machine := free_composite_vlsm_machine
  |} id id
    apply basic_VLSM_strong_embedding; red; cbn; [| done..].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (l : composite_label) (s : composite_state) (om : 
                                               option
                                                 message),
  (let (i, li) := l in valid li (s i, om))
  ∧ free_constraint l (s, om)
  → let (i, li) := l in valid li (s i, om)
    by itauto.
Qed.

free_composite_vlsm is equivalent to composite_vlsm with free constraint also when preloaded with messages.

Lemma preloaded_free_composite_vlsm_spec :
  forall (initial : message -> Prop),
    VLSM_eq
      (preloaded_vlsm free_composite_vlsm initial)
      (preloaded_vlsm (composite_vlsm free_constraint) initial).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ initial : message → Prop,
  VLSM_eq (preloaded_vlsm free_composite_vlsm initial)
    (preloaded_vlsm (composite_vlsm free_constraint)
       initial)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ initial : message → Prop,
  VLSM_eq (preloaded_vlsm free_composite_vlsm initial)
    (preloaded_vlsm (composite_vlsm free_constraint)
       initial)
  split.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
initial: message → Prop
VLSM_incl
  {|
    vlsm_type :=
      preloaded_vlsm free_composite_vlsm initial;
    vlsm_machine :=
      preloaded_vlsm free_composite_vlsm initial
  |}
  {|
    vlsm_type :=
      preloaded_vlsm free_composite_vlsm initial;
    vlsm_machine :=
      preloaded_vlsm (composite_vlsm free_constraint)
        initial
  |}
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
initial: message → Prop
VLSM_incl
  {|
    vlsm_type :=
      preloaded_vlsm free_composite_vlsm initial;
    vlsm_machine :=
      preloaded_vlsm (composite_vlsm free_constraint)
        initial
  |}
  {|
    vlsm_type :=
      preloaded_vlsm free_composite_vlsm initial;
    vlsm_machine :=
      preloaded_vlsm free_composite_vlsm initial
  |}
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
initial: message → Prop
VLSM_incl
  {|
    vlsm_type :=
      preloaded_vlsm free_composite_vlsm initial;
    vlsm_machine :=
      preloaded_vlsm free_composite_vlsm initial
  |}
  {|
    vlsm_type :=
      preloaded_vlsm free_composite_vlsm initial;
    vlsm_machine :=
      preloaded_vlsm (composite_vlsm free_constraint)
        initial
  |} apply (VLSM_incl_embedding_iff); cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
initial: message → Prop
VLSM_embedding
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      preloaded_vlsm_machine free_composite_vlsm
        initial
  |}
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      preloaded_vlsm_machine
        (composite_vlsm free_constraint) initial
  |} id id
    by apply basic_VLSM_strong_embedding; red; cbn.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
initial: message → Prop
VLSM_incl
  {|
    vlsm_type :=
      preloaded_vlsm free_composite_vlsm initial;
    vlsm_machine :=
      preloaded_vlsm (composite_vlsm free_constraint)
        initial
  |}
  {|
    vlsm_type :=
      preloaded_vlsm free_composite_vlsm initial;
    vlsm_machine :=
      preloaded_vlsm free_composite_vlsm initial
  |} apply (VLSM_incl_embedding_iff); cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
initial: message → Prop
VLSM_embedding
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      preloaded_vlsm_machine
        (composite_vlsm free_constraint) initial
  |}
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      preloaded_vlsm_machine free_composite_vlsm
        initial
  |} id id
    apply basic_VLSM_strong_embedding; red; cbn; [| done..].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
initial: message → Prop
∀ (l : composite_label) (s : composite_state) (om : 
                                               option
                                                 message),
  (let (i, li) := l in valid li (s i, om))
  ∧ free_constraint l (s, om)
  → let (i, li) := l in valid li (s i, om)
    by itauto.
Qed.

Lemma preloaded_with_all_messages_free_composite_vlsm_spec :
  VLSM_eq
    (preloaded_with_all_messages_vlsm free_composite_vlsm)
    (preloaded_with_all_messages_vlsm (composite_vlsm free_constraint)).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_eq
  (preloaded_with_all_messages_vlsm
     free_composite_vlsm)
  (preloaded_with_all_messages_vlsm
     (composite_vlsm free_constraint))
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_eq
  (preloaded_with_all_messages_vlsm
     free_composite_vlsm)
  (preloaded_with_all_messages_vlsm
     (composite_vlsm free_constraint))
  split.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_incl
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm
  |}
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm free_constraint)
  |}
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_incl
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm free_constraint)
  |}
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm
  |}
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_incl
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm
  |}
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm free_constraint)
  |} apply (VLSM_incl_embedding_iff); cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_embedding
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      preloaded_vlsm_machine free_composite_vlsm
        (λ _ : message, True)
  |}
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      preloaded_vlsm_machine
        (composite_vlsm free_constraint)
        (λ _ : message, True)
  |} id id
    by apply basic_VLSM_strong_embedding; red; cbn.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_incl
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm free_constraint)
  |}
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        free_composite_vlsm
  |} apply (VLSM_incl_embedding_iff); cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
VLSM_embedding
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      preloaded_vlsm_machine
        (composite_vlsm free_constraint)
        (λ _ : message, True)
  |}
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      preloaded_vlsm_machine free_composite_vlsm
        (λ _ : message, True)
  |} id id
    apply basic_VLSM_strong_embedding; red; cbn; [| done..].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (l : composite_label) (s : composite_state) (om : 
                                               option
                                                 message),
  (let (i, li) := l in valid li (s i, om))
  ∧ free_constraint l (s, om)
  → let (i, li) := l in valid li (s i, om)
    by itauto.
Qed.

Lemmas about state_update

The next few results describe several properties of the state_update operation.

Lemma state_update_neq :
  forall (s : composite_state) (i : index) (si : state (IM i)) (j : index) (Hneq : j <> i),
    state_update s i si j = s j.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i : index) (si : state (IM i)) 
  (j : index), j ≠ i → state_update s i si j = s j
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i : index) (si : state (IM i)) 
  (j : index), j ≠ i → state_update s i si j = s j
  by intros; unfold state_update; case_decide.
Qed.

Lemma state_update_eq :
  forall (s : composite_state) (i : index) (si : state (IM i)),
    state_update s i si i = si.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i : index) (si : state (IM i)),
  state_update s i si i = si
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i : index) (si : state (IM i)),
  state_update s i si i = si
  unfold state_update.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i : index) (si : state (IM i)),
  match decide (i = i) with
  | left e =>
      eq_rect_r (λ i0 : index, state (IM i0)) si e
  | right _ => s i
  end = si
  intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si: state (IM i)
match decide (i = i) with
| left e => eq_rect_r (λ i : index, state (IM i)) si e
| right _ => s i
end = si
  case_decide; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si: state (IM i)
H: i = i
eq_rect_r (λ i : index, state (IM i)) si H = si
  by replace H with (eq_refl i) by (apply K_dec_type; done).
Qed.

Lemma state_update_id :
  forall (s : composite_state) (i : index) (si : state (IM i)) (Heq : s i = si),
    state_update s i si = s.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i : index) (si : state (IM i)),
  s i = si → state_update s i si = s
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i : index) (si : state (IM i)),
  s i = si → state_update s i si = s
  intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si: state (IM i)
Heq: s i = si
state_update s i si = s
  apply functional_extensionality_dep_good.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si: state (IM i)
Heq: s i = si
∀ x : index, state_update s i si x = s x
  intro j.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si: state (IM i)
Heq: s i = si
j: index
state_update s i si j = s j
  destruct (decide (j = i)); subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
state_update s i (s i) i = s i
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i, j: index
n: j ≠ i
state_update s i (s i) j = s j
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
state_update s i (s i) i = s i by apply state_update_eq.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i, j: index
n: j ≠ i
state_update s i (s i) j = s j by apply state_update_neq.
Qed.

Lemma state_update_twice :
  forall (s : composite_state) (i : index) (si si' : state (IM i)),
    state_update (state_update s i si) i si' = state_update s i si'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i : index) (si
                                     si' : state
                                             (IM i)),
  state_update (state_update s i si) i si' =
  state_update s i si'
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i : index) (si
                                     si' : state
                                             (IM i)),
  state_update (state_update s i si) i si' =
  state_update s i si'
  intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si, si': state (IM i)
state_update (state_update s i si) i si' =
state_update s i si'
  apply functional_extensionality_dep_good.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si, si': state (IM i)
∀ x : index,
  state_update (state_update s i si) i si' x =
  state_update s i si' x
  intro j.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si, si': state (IM i)
j: index
state_update (state_update s i si) i si' j =
state_update s i si' j
  destruct (decide (j = i)).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si, si': state (IM i)
j: index
e: j = i
state_update (state_update s i si) i si' j =
state_update s i si' j
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si, si': state (IM i)
j: index
n: j ≠ i
state_update (state_update s i si) i si' j =
state_update s i si' j
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si, si': state (IM i)
j: index
e: j = i
state_update (state_update s i si) i si' j =
state_update s i si' j by subst; rewrite state_update_eq; symmetry; apply state_update_eq.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i: index
si, si': state (IM i)
j: index
n: j ≠ i
state_update (state_update s i si) i si' j =
state_update s i si' j by rewrite !state_update_neq.
Qed.

Lemma state_update_twice_neq :
  forall (s : composite_state) (i j : index) (si : state (IM i)) (sj : state (IM j)) (Hij : j <> i),
    state_update (state_update s i si) j sj = state_update (state_update s j sj) i si.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i j : index) (si : state
                                              (IM i)) 
  (sj : state (IM j)),
  j ≠ i
  → state_update (state_update s i si) j sj =
    state_update (state_update s j sj) i si
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (s : composite_state) (i j : index) (si : state
                                              (IM i)) 
  (sj : state (IM j)),
  j ≠ i
  → state_update (state_update s i si) j sj =
    state_update (state_update s j sj) i si
  intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i, j: index
si: state (IM i)
sj: state (IM j)
Hij: j ≠ i
state_update (state_update s i si) j sj =
state_update (state_update s j sj) i si
  apply functional_extensionality_dep_good.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i, j: index
si: state (IM i)
sj: state (IM j)
Hij: j ≠ i
∀ x : index,
  state_update (state_update s i si) j sj x =
  state_update (state_update s j sj) i si x
  intro k.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i, j: index
si: state (IM i)
sj: state (IM j)
Hij: j ≠ i
k: index
state_update (state_update s i si) j sj k =
state_update (state_update s j sj) i si k
  destruct (decide (k = j)); destruct (decide (k = i)); subst
  ; repeat (rewrite state_update_eq ; try (rewrite state_update_neq; try done))
  ; try done.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
i, j: index
si: state (IM i)
sj: state (IM j)
Hij: j ≠ i
k: index
n: k ≠ j
n0: k ≠ i
state_update (state_update s i si) j sj k =
state_update (state_update s j sj) i si k
  by rewrite !state_update_neq.
Qed.

Lemma composite_transition_state_neq
  (l : composite_label)
  (s s' : composite_state)
  (om om' : option message)
  (Ht : composite_transition l (s, om) = (s', om'))
  (i : index)
  (Hi : i <> projT1 l)
  : s' i = s i.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
l: composite_label
s, s': composite_state
om, om': option message
Ht: composite_transition l (s, om) = (s', om')
i: index
Hi: i ≠ projT1 l
s' i = s i
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
l: composite_label
s, s': composite_state
om, om': option message
Ht: composite_transition l (s, om) = (s', om')
i: index
Hi: i ≠ projT1 l
s' i = s i
  destruct l; cbn in Ht; destruct (transition _ _ _).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
x: index
l: label (IM x)
s, s': composite_state
om, om': option message
s0: state (IM x)
o: option message
Ht: (state_update s x s0, o) = (s', om')
i: index
Hi: i ≠ projT1 (existT x l)
s' i = s i
  by inversion Ht; apply state_update_neq.
Qed.

Lemma composite_transition_state_eq
  (i : index)
  (li : label (IM i))
  (s s' : composite_state)
  (om om' : option message)
  (Ht : composite_transition (existT i li) (s, om) = (s', om'))
  : s' i = fst (transition (IM i) li (s i, om)).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
li: label (IM i)
s, s': composite_state
om, om': option message
Ht: composite_transition (existT i li) (s, om) =
(s', om')
s' i = (transition li (s i, om)).1
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
li: label (IM i)
s, s': composite_state
om, om': option message
Ht: composite_transition (existT i li) (s, om) =
(s', om')
s' i = (transition li (s i, om)).1
  by cbn in Ht; destruct (transition _ _ _); inversion Ht; apply state_update_eq.
Qed.

Updating a composite initial state with a component initial state yields a composite initial state.

Lemma composite_update_initial_state_with_initial
  (s : composite_state)
  (Hs : composite_initial_state_prop s)
  (i : index)
  (si : state (IM i))
  (Hsi : initial_state_prop (IM i) si)
  : composite_initial_state_prop (state_update s i si).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
Hs: composite_initial_state_prop s
i: index
si: state (IM i)
Hsi: initial_state_prop si
composite_initial_state_prop (state_update s i si)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
Hs: composite_initial_state_prop s
i: index
si: state (IM i)
Hsi: initial_state_prop si
composite_initial_state_prop (state_update s i si)
  intro j.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
Hs: composite_initial_state_prop s
i: index
si: state (IM i)
Hsi: initial_state_prop si
j: index
initial_state_prop (state_update s i si j) destruct (decide (j = i)); subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
Hs: composite_initial_state_prop s
i: index
si: state (IM i)
Hsi: initial_state_prop si
initial_state_prop (state_update s i si i)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
Hs: composite_initial_state_prop s
i: index
si: state (IM i)
Hsi: initial_state_prop si
j: index
n: j ≠ i
initial_state_prop (state_update s i si j)
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
Hs: composite_initial_state_prop s
i: index
si: state (IM i)
Hsi: initial_state_prop si
initial_state_prop (state_update s i si i) by rewrite state_update_eq.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state
Hs: composite_initial_state_prop s
i: index
si: state (IM i)
Hsi: initial_state_prop si
j: index
n: j ≠ i
initial_state_prop (state_update s i si j) by rewrite state_update_neq.
Qed.

Lifting functions

This section contains definitions of functions which lift labels, states, etc. from a single component to the composition, and lemmas about these functions.

We can always "lift" state sj from component j to a composite state by updating an given composite state to sj on component j.

Definition lift_to_composite_state
  (s : composite_state) (j : index) (sj : state (IM j)) : composite_state :=
    state_update s j sj.

Definition lift_to_composite_label (j : index) (lj : label (IM j)) : composite_label :=
  existT j lj.

Definition lift_to_composite_transition_item
  (s : composite_state) (j : index) : transition_item (IM j) -> composite_transition_item :=
    pre_VLSM_embedding_transition_item_project (IM j) composite_type
      (lift_to_composite_label j) (lift_to_composite_state s j).

A specialized version of lift_to_composite_state using the initial composite state as the base for lifting.

Definition lift_to_composite_state' : forall j : index, state (IM j) -> composite_state :=
  lift_to_composite_state (proj1_sig composite_s0).

Definition lift_to_composite_transition_item' :
  forall j : index, transition_item -> composite_transition_item :=
    lift_to_composite_transition_item (proj1_sig composite_s0).

Definition lift_to_composite_plan_item
  (i : index) (a : plan_item (IM i)) : composite_plan_item.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
a: plan_item
composite_plan_item
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
a: plan_item
composite_plan_item
  destruct a.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
label_a: label (IM i)
input_a: option message
composite_plan_item
  split.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
label_a: label (IM i)
input_a: option message
label composite_type
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
label_a: label (IM i)
input_a: option message
option message
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
label_a: label (IM i)
input_a: option message
label composite_type exact (existT i label_a).
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
label_a: label (IM i)
input_a: option message
option message exact input_a.
Defined.

Lemma composite_initial_state_prop_lift :
  forall (j : index) (sj : state (IM j)) (Hinitj : initial_state_prop (IM j) sj),
    composite_initial_state_prop (lift_to_composite_state' j sj).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (j : index) (sj : state (IM j)),
  initial_state_prop sj
  → composite_initial_state_prop
      (lift_to_composite_state' j sj)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (j : index) (sj : state (IM j)),
  initial_state_prop sj
  → composite_initial_state_prop
      (lift_to_composite_state' j sj)
  intros j sj Hinitj i.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
sj: state (IM j)
Hinitj: initial_state_prop sj
i: index
initial_state_prop (lift_to_composite_state' j sj i)
  unfold lift_to_composite_state'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
sj: state (IM j)
Hinitj: initial_state_prop sj
i: index
initial_state_prop
  (lift_to_composite_state (`composite_s0) j sj i)
  destruct (decide (i = j)); subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
sj: state (IM j)
Hinitj: initial_state_prop sj
initial_state_prop
  (lift_to_composite_state (`composite_s0) j sj j)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
sj: state (IM j)
Hinitj: initial_state_prop sj
i: index
n: i ≠ j
initial_state_prop
  (lift_to_composite_state (`composite_s0) j sj i)
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
sj: state (IM j)
Hinitj: initial_state_prop sj
initial_state_prop
  (lift_to_composite_state (`composite_s0) j sj j) by rewrite state_update_eq.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
sj: state (IM j)
Hinitj: initial_state_prop sj
i: index
n: i ≠ j
initial_state_prop
  (lift_to_composite_state (`composite_s0) j sj i) rewrite state_update_neq; cbn; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
sj: state (IM j)
Hinitj: initial_state_prop sj
i: index
n: i ≠ j
initial_state_prop (`(vs0 (IM i)))
    by destruct (vs0 _) as [s Hs].
Qed.

Lemma lift_to_composite_VLSM_embedding j :
  VLSM_embedding (IM j) free_composite_vlsm
    (lift_to_composite_label j) (lift_to_composite_state' j).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
VLSM_embedding (IM j) free_composite_vlsm
  (lift_to_composite_label j)
  (lift_to_composite_state' j)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
VLSM_embedding (IM j) free_composite_vlsm
  (lift_to_composite_label j)
  (lift_to_composite_state' j)
  apply basic_VLSM_strong_embedding; intro; intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
H: valid l (s, om)
valid (lift_to_composite_label j l)
  (lift_to_composite_state' j s, om)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
transition (lift_to_composite_label j l)
  (lift_to_composite_state' j s, om) =
(lift_to_composite_state' j s', om')
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
s: state (IM j)
H: initial_state_prop s
initial_state_prop (lift_to_composite_state' j s)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
m: message
H: initial_message_prop m
initial_message_prop m
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
H: valid l (s, om)
valid (lift_to_composite_label j l)
  (lift_to_composite_state' j s, om) cbn; unfold lift_to_composite_state'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
H: valid l (s, om)
valid l
  (lift_to_composite_state (`composite_s0) j s j, om)
    by rewrite state_update_eq.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
transition (lift_to_composite_label j l)
  (lift_to_composite_state' j s, om) =
(lift_to_composite_state' j s', om') cbn; unfold lift_to_composite_state' at 1.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(let (si', om') :=
   transition l
     (lift_to_composite_state (`composite_s0) j s j,
      om) in
 (state_update (lift_to_composite_state' j s) j si',
  om')) = (lift_to_composite_state' j s', om')
    rewrite state_update_eq.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(let (si', om') := transition l (s, om) in
 (state_update (lift_to_composite_state' j s) j si',
  om')) = (lift_to_composite_state' j s', om')
    replace (transition _ _ _) with (s', om').message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(state_update (lift_to_composite_state' j s) j s', om') =
(lift_to_composite_state' j s', om')
    unfold lift_to_composite_state'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(state_update
   (lift_to_composite_state (`composite_s0) j s) j s',
 om') =
(lift_to_composite_state (`composite_s0) j s', om')
    by rewrite state_update_twice.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
s: state (IM j)
H: initial_state_prop s
initial_state_prop (lift_to_composite_state' j s) by cbn; apply composite_initial_state_prop_lift.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
m: message
H: initial_message_prop m
initial_message_prop m by exists j, (exist _ _ H).
Qed.

Definition lift_to_composite_finite_trace
  (j : index) : list (transition_item (IM j)) -> list composite_transition_item :=
    VLSM_embedding_finite_trace_project (lift_to_composite_VLSM_embedding j).

Definition lift_to_composite_finite_trace_last (j : index) :=
  VLSM_embedding_finite_trace_last (lift_to_composite_VLSM_embedding j).

Lemma lift_to_composite_generalized_preloaded_VLSM_embedding
  (P Q : message -> Prop)
  (PimpliesQ : forall m, P m -> Q m)
  (j : index)
  : VLSM_embedding
      (preloaded_vlsm (IM j) P) (preloaded_vlsm free_composite_vlsm Q)
      (lift_to_composite_label j) (lift_to_composite_state' j).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
VLSM_embedding (preloaded_vlsm (IM j) P)
  (preloaded_vlsm free_composite_vlsm Q)
  (lift_to_composite_label j)
  (lift_to_composite_state' j)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
VLSM_embedding (preloaded_vlsm (IM j) P)
  (preloaded_vlsm free_composite_vlsm Q)
  (lift_to_composite_label j)
  (lift_to_composite_state' j)
  apply basic_VLSM_embedding_preloaded_with; intro; intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
m: message
H: P m
Q m
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
l: label (IM j)
s: state (IM j)
om: option message
H: valid l (s, om)
valid (lift_to_composite_label j l)
  (lift_to_composite_state' j s, om)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
transition (lift_to_composite_label j l)
  (lift_to_composite_state' j s, om) =
(lift_to_composite_state' j s', om')
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
s: state (IM j)
H: initial_state_prop s
initial_state_prop (lift_to_composite_state' j s)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
m: message
H: initial_message_prop m
initial_message_prop m
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
m: message
H: P m
Q m by apply PimpliesQ.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
l: label (IM j)
s: state (IM j)
om: option message
H: valid l (s, om)
valid (lift_to_composite_label j l)
  (lift_to_composite_state' j s, om) by cbn; unfold lift_to_composite_state'; rewrite state_update_eq.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
transition (lift_to_composite_label j l)
  (lift_to_composite_state' j s, om) =
(lift_to_composite_state' j s', om') cbn; unfold lift_to_composite_state' at 1.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(let (si', om') :=
   transition l
     (lift_to_composite_state (`composite_s0) j s j,
      om) in
 (state_update (lift_to_composite_state' j s) j si',
  om')) = (lift_to_composite_state' j s', om')
    rewrite state_update_eq.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(let (si', om') := transition l (s, om) in
 (state_update (lift_to_composite_state' j s) j si',
  om')) = (lift_to_composite_state' j s', om')
    replace (transition (IM j) l _) with (s', om').message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(state_update (lift_to_composite_state' j s) j s', om') =
(lift_to_composite_state' j s', om')
    unfold lift_to_composite_state'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(state_update
   (lift_to_composite_state (`composite_s0) j s) j s',
 om') =
(lift_to_composite_state (`composite_s0) j s', om')
    by rewrite state_update_twice.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
s: state (IM j)
H: initial_state_prop s
initial_state_prop (lift_to_composite_state' j s) by cbn; apply composite_initial_state_prop_lift.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
m: message
H: initial_message_prop m
initial_message_prop m by exists j, (exist _ _ H).
Qed.

Lemma lift_to_composite_preloaded_VLSM_embedding (j : index) :
  VLSM_embedding
    (preloaded_with_all_messages_vlsm (IM j))
    (preloaded_with_all_messages_vlsm free_composite_vlsm)
    (lift_to_composite_label j)
    (lift_to_composite_state' j).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
VLSM_embedding
  (preloaded_with_all_messages_vlsm (IM j))
  (preloaded_with_all_messages_vlsm
     free_composite_vlsm) (lift_to_composite_label j)
  (lift_to_composite_state' j)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
VLSM_embedding
  (preloaded_with_all_messages_vlsm (IM j))
  (preloaded_with_all_messages_vlsm
     free_composite_vlsm) (lift_to_composite_label j)
  (lift_to_composite_state' j)
  apply basic_VLSM_embedding_preloaded.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
strong_embedding_valid_preservation (IM j)
  free_composite_vlsm (lift_to_composite_label j)
  (lift_to_composite_state' j)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
strong_embedding_transition_preservation 
  (IM j) free_composite_vlsm
  (lift_to_composite_label j)
  (lift_to_composite_state' j)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
strong_projection_initial_state_preservation 
  (IM j) free_composite_vlsm
  (lift_to_composite_state' j)
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
strong_embedding_valid_preservation (IM j)
  free_composite_vlsm (lift_to_composite_label j)
  (lift_to_composite_state' j) intro; intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
H: valid l (s, om)
valid (lift_to_composite_label j l)
  (lift_to_composite_state' j s, om)
    cbn; unfold lift_to_composite_state'; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
H: valid l (s, om)
valid l
  (lift_to_composite_state
     (λ n : index, `(vs0 (IM n))) j s j, om)
    by rewrite state_update_eq.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
strong_embedding_transition_preservation (IM j)
  free_composite_vlsm (lift_to_composite_label j)
  (lift_to_composite_state' j) intro; intros; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(let (si', om') :=
   transition l (lift_to_composite_state' j s j, om) in
 (state_update (lift_to_composite_state' j s) j si',
  om')) = (lift_to_composite_state' j s', om')
    cbn; unfold lift_to_composite_state' at 1.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(let (si', om') :=
   transition l
     (lift_to_composite_state (`composite_s0) j s j,
      om) in
 (state_update (lift_to_composite_state' j s) j si',
  om')) = (lift_to_composite_state' j s', om')
    rewrite state_update_eq.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(let (si', om') := transition l (s, om) in
 (state_update (lift_to_composite_state' j s) j si',
  om')) = (lift_to_composite_state' j s', om')
    replace (transition l _) with (s', om').message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(state_update (lift_to_composite_state' j s) j s', om') =
(lift_to_composite_state' j s', om')
    unfold lift_to_composite_state'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
H: transition l (s, om) = (s', om')
(state_update
   (lift_to_composite_state (`composite_s0) j s) j s',
 om') =
(lift_to_composite_state (`composite_s0) j s', om')
    by rewrite state_update_twice.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
strong_projection_initial_state_preservation (IM j)
  free_composite_vlsm (lift_to_composite_state' j) by  intros s H; cbn; apply composite_initial_state_prop_lift.
Qed.

If all messages described by a predicate P are valid for the free composition preloaded with messages described by a predicate Q, then any message which can be emitted by a component preloaded with P can also be emitted by the free composition preloaded with Q.

Lemma valid_preloaded_lifts_can_be_emitted
  (P Q : message -> Prop)
  (HPvalid : forall dm, P dm -> valid_message_prop (preloaded_vlsm free_composite_vlsm Q) dm)
  : forall j m, can_emit (preloaded_vlsm (IM j) P) m ->
    can_emit (preloaded_vlsm free_composite_vlsm Q) m.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm Q)
      dm
∀ (j : index) (m : message),
  can_emit (preloaded_vlsm (IM j) P) m
  → can_emit (preloaded_vlsm free_composite_vlsm Q) m
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm Q)
      dm
∀ (j : index) (m : message),
  can_emit (preloaded_vlsm (IM j) P) m
  → can_emit (preloaded_vlsm free_composite_vlsm Q) m
  intros j m Hm.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm Q)
      dm
j: index
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
can_emit (preloaded_vlsm free_composite_vlsm Q) m
  eapply VLSM_incl_can_emit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm Q)
      dm
j: index
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
VLSM_incl_part ?MX
  (preloaded_vlsm_machine free_composite_vlsm Q)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm Q)
      dm
j: index
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
can_emit
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := ?MX
  |} m
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm Q)
      dm
j: index
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
VLSM_incl_part ?MX
  (preloaded_vlsm_machine free_composite_vlsm Q) apply (preloaded_vlsm_incl_relaxed _ (fun m => Q m \/ P m)).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm Q)
      dm
j: index
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
∀ m : message,
  Q m ∨ P m
  → Q m
    ∨ valid_message_prop
        (preloaded_vlsm free_composite_vlsm Q) m
    by itauto.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm Q)
      dm
j: index
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
can_emit
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine :=
      preloaded_vlsm free_composite_vlsm
        (λ m : message, Q m ∨ P m)
  |} m eapply VLSM_embedding_can_emit; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm Q)
      dm
j: index
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
VLSM_embedding (preloaded_vlsm (IM j) P)
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine :=
      preloaded_vlsm free_composite_vlsm
        (λ m : message, Q m ∨ P m)
  |} ?label_project ?state_project
    apply lift_to_composite_generalized_preloaded_VLSM_embedding.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm Q)
      dm
j: index
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
∀ m : message, P m → Q m ∨ P m
    by itauto.
Qed.

As a specialization of valid_preloaded_lifts_can_be_emitted, if all messages described by a predicate P are valid for the free composition, then any message which can be emitted by a component preloaded with P can also be emitted by the free composition.

Lemma free_valid_preloaded_lifts_can_be_emitted
  (P : message -> Prop)
  (Hdeps : forall dm, P dm -> valid_message_prop free_composite_vlsm dm)
  : forall i m, can_emit (preloaded_vlsm (IM i) P) m ->
    can_emit free_composite_vlsm m.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
∀ (i : index) (m : message),
  can_emit (preloaded_vlsm (IM i) P) m
  → can_emit free_composite_vlsm m
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
∀ (i : index) (m : message),
  can_emit (preloaded_vlsm (IM i) P) m
  → can_emit free_composite_vlsm m
  intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
can_emit free_composite_vlsm m
  eapply VLSM_incl_can_emit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
VLSM_incl_part ?MX free_composite_vlsm_machine
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
can_emit
  {|
    vlsm_type := composite_type; vlsm_machine := ?MX
  |} m
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
VLSM_incl_part ?MX free_composite_vlsm_machine by eapply (vlsm_is_preloaded_with_False free_composite_vlsm).
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
can_emit
  {|
    vlsm_type := composite_type;
    vlsm_machine :=
      {|
        vlsm_type := free_composite_vlsm;
        vlsm_machine :=
          preloaded_vlsm free_composite_vlsm
            (λ _ : message, False)
      |}
  |} m eapply valid_preloaded_lifts_can_be_emitted; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm free_composite_vlsm
         (λ _ : message, False)) dm
    intros dm Hdm.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
dm: message
Hdm: P dm
valid_message_prop
  (preloaded_vlsm free_composite_vlsm
     (λ _ : message, False)) dm
    eapply VLSM_incl_valid_message.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
dm: message
Hdm: P dm
VLSM_incl_part ?MX
  (preloaded_vlsm_machine free_composite_vlsm
     (λ _ : message, False))
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
dm: message
Hdm: P dm
strong_incl_initial_message_preservation 
  ?MX
  (preloaded_vlsm_machine free_composite_vlsm
     (λ _ : message, False))
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
dm: message
Hdm: P dm
valid_message_prop
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := ?MX
  |} dm
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
dm: message
Hdm: P dm
VLSM_incl_part ?MX
  (preloaded_vlsm_machine free_composite_vlsm
     (λ _ : message, False)) by apply (vlsm_is_preloaded_with_False free_composite_vlsm).
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
dm: message
Hdm: P dm
strong_incl_initial_message_preservation
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine := free_composite_vlsm
  |}
  (preloaded_vlsm_machine free_composite_vlsm
     (λ _ : message, False)) by cbv; itauto.
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
Hdeps: ∀ dm : message,
  P dm
  → valid_message_prop free_composite_vlsm dm
i: index
m: message
H: can_emit (preloaded_vlsm (IM i) P) m
dm: message
Hdm: P dm
valid_message_prop
  {|
    vlsm_type := free_composite_vlsm;
    vlsm_machine :=
      {|
        vlsm_type := free_composite_vlsm;
        vlsm_machine := free_composite_vlsm
      |}
  |} dm by apply Hdeps.
Qed.

Lemma valid_state_preloaded_composite_free_lift
  (j : index)
  (sj : state (IM j))
  (Hp : constrained_state_prop (IM j) sj)
  : constrained_state_prop free_composite_vlsm (lift_to_composite_state' j sj).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
sj: state (IM j)
Hp: constrained_state_prop (IM j) sj
constrained_state_prop free_composite_vlsm
  (lift_to_composite_state' j sj)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
j: index
sj: state (IM j)
Hp: constrained_state_prop (IM j) sj
constrained_state_prop free_composite_vlsm
  (lift_to_composite_state' j sj)
  by apply (VLSM_embedding_valid_state (lift_to_composite_preloaded_VLSM_embedding j)).
Qed.

Lemma can_emit_composite_free_lift
  (P Q : message -> Prop)
  (PimpliesQ : forall m, P m -> Q m)
  (j : index)
  (m : message)
  (Htrj : can_emit (preloaded_vlsm (IM j) P) m)
  : can_emit (preloaded_vlsm free_composite_vlsm Q) m.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
m: message
Htrj: can_emit (preloaded_vlsm (IM j) P) m
can_emit (preloaded_vlsm free_composite_vlsm Q) m
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
m: message
Htrj: can_emit (preloaded_vlsm (IM j) P) m
can_emit (preloaded_vlsm free_composite_vlsm Q) m
  eapply VLSM_embedding_can_emit; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
j: index
m: message
Htrj: can_emit (preloaded_vlsm (IM j) P) m
VLSM_embedding (preloaded_vlsm (IM j) P)
  (preloaded_vlsm free_composite_vlsm Q)
  ?label_project ?state_project
  by apply lift_to_composite_generalized_preloaded_VLSM_embedding.
Qed.

Updating a composite valid_state for the free composition with a component initial state yields a composite valid_state.

Lemma pre_composite_free_update_state_with_initial
  (P : message -> Prop)
  (s : composite_state)
  (Hs : valid_state_prop (preloaded_vlsm free_composite_vlsm P) s)
  (i : index)
  (si : state (IM i))
  (Hsi : initial_state_prop (IM i) si)
  : valid_state_prop (preloaded_vlsm free_composite_vlsm P) (state_update s i si).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s: composite_state
Hs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
i: index
si: state (IM i)
Hsi: initial_state_prop si
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s: composite_state
Hs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
i: index
si: state (IM i)
Hsi: initial_state_prop si
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
  induction Hs using valid_state_prop_ind.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s: state (preloaded_vlsm free_composite_vlsm P)
Hs: initial_state_prop s
i: index
si: state (IM i)
Hsi: initial_state_prop si
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
l: label (preloaded_vlsm free_composite_vlsm P)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Ht: input_valid_transition
  (preloaded_vlsm free_composite_vlsm P) l
  (s, om) (s', om')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s' i si)
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s: state (preloaded_vlsm free_composite_vlsm P)
Hs: initial_state_prop s
i: index
si: state (IM i)
Hsi: initial_state_prop si
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si) apply initial_state_is_valid; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s: state (preloaded_vlsm free_composite_vlsm P)
Hs: initial_state_prop s
i: index
si: state (IM i)
Hsi: initial_state_prop si
composite_initial_state_prop (state_update s i si)
    by apply composite_update_initial_state_with_initial.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
l: label (preloaded_vlsm free_composite_vlsm P)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Ht: input_valid_transition
  (preloaded_vlsm free_composite_vlsm P) l
  (s, om) (s', om')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s' i si) destruct Ht as [[Hps [Hom Hv]] Ht]; cbn in Ht, Hv.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
l: label (preloaded_vlsm free_composite_vlsm P)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Hps: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
Hom: option_valid_message_prop
  (preloaded_vlsm free_composite_vlsm P) om
Hv: let (i, li) := l in valid li (s i, om)
Ht: (let (i, li) := l in
 let (si', om') := transition li (s i, om) in
 (state_update s i si', om')) = (
s', om')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s' i si)
    destruct l as [j lj].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
j: index
lj: label (IM j)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Hps: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
Hom: option_valid_message_prop
  (preloaded_vlsm free_composite_vlsm P) om
Hv: valid lj (s j, om)
Ht: (let (si', om') := transition lj (s j, om) in
 (state_update s j si', om')) = (
s', om')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s' i si)
    destruct (transition _ _ _) as [sj' omj'] eqn: Htj.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
j: index
lj: label (IM j)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Hps: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
Hom: option_valid_message_prop
  (preloaded_vlsm free_composite_vlsm P) om
Hv: valid lj (s j, om)
sj': state (IM j)
omj': option message
Htj: transition lj (s j, om) = (sj', omj')
Ht: (state_update s j sj', omj') = (s', om')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s' i si)
    inversion_clear Ht.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
j: index
lj: label (IM j)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Hps: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
Hom: option_valid_message_prop
  (preloaded_vlsm free_composite_vlsm P) om
Hv: valid lj (s j, om)
sj': state (IM j)
omj': option message
Htj: transition lj (s j, om) = (sj', omj')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update (state_update s j sj') i si)
    destruct (decide (i = j)).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
j: index
lj: label (IM j)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Hps: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
Hom: option_valid_message_prop
  (preloaded_vlsm free_composite_vlsm P) om
Hv: valid lj (s j, om)
sj': state (IM j)
omj': option message
Htj: transition lj (s j, om) = (sj', omj')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
e: i = j
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update (state_update s j sj') i si)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
j: index
lj: label (IM j)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Hps: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
Hom: option_valid_message_prop
  (preloaded_vlsm free_composite_vlsm P) om
Hv: valid lj (s j, om)
sj': state (IM j)
omj': option message
Htj: transition lj (s j, om) = (sj', omj')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
n: i ≠ j
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update (state_update s j sj') i si)
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
j: index
lj: label (IM j)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Hps: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
Hom: option_valid_message_prop
  (preloaded_vlsm free_composite_vlsm P) om
Hv: valid lj (s j, om)
sj': state (IM j)
omj': option message
Htj: transition lj (s j, om) = (sj', omj')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
e: i = j
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update (state_update s j sj') i si) by subst; rewrite state_update_twice.
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
j: index
lj: label (IM j)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Hps: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
Hom: option_valid_message_prop
  (preloaded_vlsm free_composite_vlsm P) om
Hv: valid lj (s j, om)
sj': state (IM j)
omj': option message
Htj: transition lj (s j, om) = (sj', omj')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
n: i ≠ j
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update (state_update s j sj') i si) rewrite state_update_twice_neq by done.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
j: index
lj: label (IM j)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Hps: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
Hom: option_valid_message_prop
  (preloaded_vlsm free_composite_vlsm P) om
Hv: valid lj (s j, om)
sj': state (IM j)
omj': option message
Htj: transition lj (s j, om) = (sj', omj')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
n: i ≠ j
valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update (state_update s i si) j sj')
      apply input_valid_transition_destination with (existT j lj) (state_update s i si) om omj'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
P: message → Prop
s': state (preloaded_vlsm free_composite_vlsm P)
j: index
lj: label (IM j)
om, om': option message
s: state (preloaded_vlsm free_composite_vlsm P)
Hps: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) s
Hom: option_valid_message_prop
  (preloaded_vlsm free_composite_vlsm P) om
Hv: valid lj (s j, om)
sj': state (IM j)
omj': option message
Htj: transition lj (s j, om) = (sj', omj')
i: index
si: state (IM i)
Hsi: initial_state_prop si
IHHs: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P)
  (state_update s i si)
n: i ≠ j
input_valid_transition
  (preloaded_vlsm free_composite_vlsm P) (existT j lj)
  (state_update s i si, om)
  (state_update (state_update s i si) j sj', omj')
      by repeat split; [done | done | ..]; cbn; rewrite state_update_neq;
        [.. | rewrite Htj |].
Qed.

Lemma lift_to_composite_valid_preservation :
  forall (i : index) (cs : composite_state),
  forall l s om, valid (IM i) l (s, om) ->
    composite_valid (lift_to_composite_label i l)
      (lift_to_composite_state cs i s, om).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (cs : composite_state) (l : label (IM i)) 
  (s : state (IM i)) (om : option message),
  valid l (s, om)
  → composite_valid (lift_to_composite_label i l)
      (lift_to_composite_state cs i s, om)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (cs : composite_state) (l : label (IM i)) 
  (s : state (IM i)) (om : option message),
  valid l (s, om)
  → composite_valid (lift_to_composite_label i l)
      (lift_to_composite_state cs i s, om) by intros; cbn; rewrite state_update_eq. Qed.

Lemma lift_to_composite_transition_preservation :
  forall (i : index) (cs : composite_state),
  forall l s om s' om', transition (IM i) l (s, om) = (s', om') ->
    composite_transition (lift_to_composite_label i l)
      (lift_to_composite_state cs i s, om)
        =
      (lift_to_composite_state cs i s', om').message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (cs : composite_state) (l : label (IM i)) 
  (s : state (IM i)) (om : option message) (s' : state
                                                 (IM i)) 
  (om' : option message),
  transition l (s, om) = (s', om')
  → composite_transition (lift_to_composite_label i l)
      (lift_to_composite_state cs i s, om) =
    (lift_to_composite_state cs i s', om')
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (cs : composite_state) (l : label (IM i)) 
  (s : state (IM i)) (om : option message) (s' : state
                                                 (IM i)) 
  (om' : option message),
  transition l (s, om) = (s', om')
  → composite_transition (lift_to_composite_label i l)
      (lift_to_composite_state cs i s, om) =
    (lift_to_composite_state cs i s', om')
  intros; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
l: label (IM i)
s: state (IM i)
om: option message
s': state (IM i)
om': option message
H: transition l (s, om) = (s', om')
(let (si', om') :=
   transition l (lift_to_composite_state cs i s i, om) in
 (state_update (lift_to_composite_state cs i s) i si',
  om')) = (lift_to_composite_state cs i s', om')
  unfold lift_to_composite_state; rewrite state_update_eq.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
l: label (IM i)
s: state (IM i)
om: option message
s': state (IM i)
om': option message
H: transition l (s, om) = (s', om')
(let (si', om') := transition l (s, om) in
 (state_update (state_update cs i s) i si', om')) =
(state_update cs i s', om')
  by replace (transition _ _ _) with (s', om'); rewrite state_update_twice.
Qed.

Lemma lift_to_composite_initial_message_preservation :
  forall (i : index),
      forall m, initial_message_prop (IM i) m ->
      composite_initial_message_prop m.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (m : message),
  initial_message_prop m
  → composite_initial_message_prop m
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (m : message),
  initial_message_prop m
  → composite_initial_message_prop m by intros i m Hm; exists i, (exist _ _ Hm). Qed.

Lemma pre_lift_to_free_weak_embedding :
  forall (i : index) (cs : composite_state) (P : message -> Prop),
    valid_state_prop (preloaded_vlsm free_composite_vlsm P) cs ->
    VLSM_weak_embedding
      (preloaded_vlsm (IM i) P) (preloaded_vlsm free_composite_vlsm P)
      (lift_to_composite_label i) (lift_to_composite_state cs i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (cs : composite_state) (P : message
                                          → Prop),
  valid_state_prop
    (preloaded_vlsm free_composite_vlsm P) cs
  → VLSM_weak_embedding (preloaded_vlsm (IM i) P)
      (preloaded_vlsm free_composite_vlsm P)
      (lift_to_composite_label i)
      (lift_to_composite_state cs i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (cs : composite_state) (P : message
                                          → Prop),
  valid_state_prop
    (preloaded_vlsm free_composite_vlsm P) cs
  → VLSM_weak_embedding (preloaded_vlsm (IM i) P)
      (preloaded_vlsm free_composite_vlsm P)
      (lift_to_composite_label i)
      (lift_to_composite_state cs i)
  intros i cs P Hvsp.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
VLSM_weak_embedding (preloaded_vlsm (IM i) P)
  (preloaded_vlsm free_composite_vlsm P)
  (lift_to_composite_label i)
  (lift_to_composite_state cs i)
  apply basic_VLSM_weak_embedding.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
weak_embedding_valid_preservation
  (preloaded_vlsm (IM i) P)
  (preloaded_vlsm free_composite_vlsm P)
  (lift_to_composite_label i)
  (lift_to_composite_state cs i)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
weak_embedding_transition_preservation
  (preloaded_vlsm (IM i) P)
  (preloaded_vlsm free_composite_vlsm P)
  (lift_to_composite_label i)
  (lift_to_composite_state cs i)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
weak_projection_initial_state_preservation
  (preloaded_vlsm (IM i) P)
  (preloaded_vlsm free_composite_vlsm P)
  (lift_to_composite_state cs i)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
weak_embedding_initial_message_preservation
  (preloaded_vlsm (IM i) P)
  (preloaded_vlsm free_composite_vlsm P)
  (lift_to_composite_state cs i)
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
weak_embedding_valid_preservation
  (preloaded_vlsm (IM i) P)
  (preloaded_vlsm free_composite_vlsm P)
  (lift_to_composite_label i)
  (lift_to_composite_state cs i) intros l s om (_ & _ & Hv) _ _.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
l: label (preloaded_vlsm (IM i) P)
s: state (preloaded_vlsm (IM i) P)
om: option message
Hv: valid l (s, om)
valid (lift_to_composite_label i l)
  (lift_to_composite_state cs i s, om)
    by cbn; apply lift_to_composite_valid_preservation.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
weak_embedding_transition_preservation
  (preloaded_vlsm (IM i) P)
  (preloaded_vlsm free_composite_vlsm P)
  (lift_to_composite_label i)
  (lift_to_composite_state cs i) by inversion 1; cbn; apply lift_to_composite_transition_preservation.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
weak_projection_initial_state_preservation
  (preloaded_vlsm (IM i) P)
  (preloaded_vlsm free_composite_vlsm P)
  (lift_to_composite_state cs i) by intros s Hs; apply pre_composite_free_update_state_with_initial.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
weak_embedding_initial_message_preservation
  (preloaded_vlsm (IM i) P)
  (preloaded_vlsm free_composite_vlsm P)
  (lift_to_composite_state cs i) intros _ _ m _ _ [Hm | Hp]; apply initial_message_is_valid; [left | by right].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
P: message → Prop
Hvsp: valid_state_prop
  (preloaded_vlsm free_composite_vlsm P) cs
m: message
Hm: initial_message_prop m
initial_message_prop m
    by cbn; eapply lift_to_composite_initial_message_preservation.
Qed.

Lemma lift_to_free_weak_embedding :
  forall (i : index) (cs : composite_state),
      valid_state_prop free_composite_vlsm cs ->
      VLSM_weak_embedding (IM i) free_composite_vlsm
        (lift_to_composite_label i) (lift_to_composite_state cs i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (cs : composite_state),
  valid_state_prop free_composite_vlsm cs
  → VLSM_weak_embedding (IM i) free_composite_vlsm
      (lift_to_composite_label i)
      (lift_to_composite_state cs i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (cs : composite_state),
  valid_state_prop free_composite_vlsm cs
  → VLSM_weak_embedding (IM i) free_composite_vlsm
      (lift_to_composite_label i)
      (lift_to_composite_state cs i)
  constructor; intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
H: valid_state_prop free_composite_vlsm cs
sX: state (IM i)
trX: list transition_item
H0: finite_valid_trace_from (IM i) sX trX
finite_valid_trace_from free_composite_vlsm
  (lift_to_composite_state cs i sX)
  (pre_VLSM_embedding_finite_trace_project (IM i)
     free_composite_vlsm (lift_to_composite_label i)
     (lift_to_composite_state cs i) trX)
  apply (VLSM_eq_finite_valid_trace_from (vlsm_is_preloaded_with_False free_composite_vlsm)),
    pre_lift_to_free_weak_embedding.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
H: valid_state_prop free_composite_vlsm cs
sX: state (IM i)
trX: list transition_item
H0: finite_valid_trace_from (IM i) sX trX
valid_state_prop
  (preloaded_vlsm free_composite_vlsm
     (λ _ : message, False)) cs
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
H: valid_state_prop free_composite_vlsm cs
sX: state (IM i)
trX: list transition_item
H0: finite_valid_trace_from (IM i) sX trX
finite_valid_trace_from
  (preloaded_vlsm (IM i) (λ _ : message, False)) sX
  trX
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
H: valid_state_prop free_composite_vlsm cs
sX: state (IM i)
trX: list transition_item
H0: finite_valid_trace_from (IM i) sX trX
valid_state_prop
  (preloaded_vlsm free_composite_vlsm
     (λ _ : message, False)) cs by apply (VLSM_eq_valid_state (vlsm_is_preloaded_with_False free_composite_vlsm)).
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
H: valid_state_prop free_composite_vlsm cs
sX: state (IM i)
trX: list transition_item
H0: finite_valid_trace_from (IM i) sX trX
finite_valid_trace_from
  (preloaded_vlsm (IM i) (λ _ : message, False)) sX
  trX apply (VLSM_eq_finite_valid_trace_from (vlsm_is_preloaded_with_False (IM i))).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
H: valid_state_prop free_composite_vlsm cs
sX: state (IM i)
trX: list transition_item
H0: finite_valid_trace_from (IM i) sX trX
finite_valid_trace_from
  {| vlsm_type := IM i; vlsm_machine := IM i |} sX trX
    by destruct (IM i).
Qed.

Lemma lift_to_preloaded_free_weak_embedding :
  forall (i : index) (cs : composite_state),
    constrained_state_prop free_composite_vlsm cs ->
    VLSM_weak_embedding
      (preloaded_with_all_messages_vlsm (IM i))
      (preloaded_with_all_messages_vlsm free_composite_vlsm)
      (lift_to_composite_label i)
      (lift_to_composite_state cs i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (cs : composite_state),
  constrained_state_prop free_composite_vlsm cs
  → VLSM_weak_embedding
      (preloaded_with_all_messages_vlsm (IM i))
      (preloaded_with_all_messages_vlsm
         free_composite_vlsm)
      (lift_to_composite_label i)
      (lift_to_composite_state cs i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (i : index) (cs : composite_state),
  constrained_state_prop free_composite_vlsm cs
  → VLSM_weak_embedding
      (preloaded_with_all_messages_vlsm (IM i))
      (preloaded_with_all_messages_vlsm
         free_composite_vlsm)
      (lift_to_composite_label i)
      (lift_to_composite_state cs i)
  constructor; intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
H: constrained_state_prop free_composite_vlsm cs
sX: state (preloaded_with_all_messages_vlsm (IM i))
trX: list transition_item
H0: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm (IM i)) sX
  trX
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm
     free_composite_vlsm)
  (lift_to_composite_state cs i sX)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm (IM i))
     (preloaded_with_all_messages_vlsm
        free_composite_vlsm)
     (lift_to_composite_label i)
     (lift_to_composite_state cs i) trX)
  apply pre_lift_to_free_weak_embedding; [done |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
cs: composite_state
H: constrained_state_prop free_composite_vlsm cs
sX: state (preloaded_with_all_messages_vlsm (IM i))
trX: list transition_item
H0: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm (IM i)) sX
  trX
finite_valid_trace_from
  (preloaded_vlsm (IM i) (λ _ : message, True)) sX trX
  by destruct (IM i).
Qed.

End sec_VLSM_composition.

A tactic for working with the state_update function

Hint database and tactic for dealing with updates and lifting via state_update.

Create HintDb state_update.

#[export] Hint Rewrite @state_update_neq using done : state_update.
#[export] Hint Rewrite @state_update_id using done : state_update.
#[export] Hint Rewrite @state_update_eq : state_update.

#[export] Hint Unfold lift_to_composite_state : state_update.
#[export] Hint Unfold lift_to_composite_state' : state_update.

Ltac state_update_simpl :=
  autounfold with state_update in *; autorewrite with state_update in *.

Basic projection lemmas

These basic projection lemmas relate the valid_state_prop and input_valid_transition of a composite VLSM back to those conditions holding over projections to individual components of the state.

Because the composition may have validly produced messages that are not valid for an individual component (by interaction between components), We cannot just use properties valid_state_message_prop (IM i) or input_valid_transition (IM i). For simplicity these lemmas use preloaded_with_all_messages_vlsm (IM i).

This does not precisely reflect the set of messages and transitions that can actually be seen in projections of transitions of the composite VLSM, but seems to be the best we can do with a result type that doesn't mention the other components or the composition constraint of the composite.

Later in this file a composite_constrained_projection_vlsm is defined that shares the states of IM i which is more precise.

We call a composite_state constrained if it is constrained for the free_composite_vlsm.

Definition composite_constrained_state_prop
  {message : Type} `{EqDecision index}
  (IM : index -> VLSM message) (s : composite_state IM) : Prop :=
    constrained_state_prop (free_composite_vlsm IM) s.

If a composite state is constrained, so are all of its component states.

Lemma composite_constrained_state_project
  {message : Type} `{EqDecision index} (IM : index -> VLSM message)
  (s : composite_state IM) i :
    composite_constrained_state_prop IM s ->
    constrained_state_prop (IM i) (s i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state IM
i: index
composite_constrained_state_prop IM s
→ constrained_state_prop (IM i) (s i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state IM
i: index
composite_constrained_state_prop IM s
→ constrained_state_prop (IM i) (s i)
  intros [om Hproto].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
s: composite_state IM
i: index
om: option message
Hproto: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s om
constrained_state_prop (IM i) (s i)
  induction Hproto; [by apply initial_state_is_valid; cbn |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
_om: option message
Hproto1: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s _om
_s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om: option message
Hproto2: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) _s om
l: label
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
Hv: valid l (s, om)
s': state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om': option message
Ht: transition l (s, om) = (s', om')
IHHproto1: constrained_state_prop (IM i) (s i)
IHHproto2: constrained_state_prop (IM i) (_s i)
constrained_state_prop (IM i) (s' i)
  destruct l as [j lj]; cbn in Ht, Hv.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
_om: option message
Hproto1: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s _om
_s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om: option message
Hproto2: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) _s om
j: index
lj: label (IM j)
Hv: valid lj (s j, om)
s': state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om': option message
Ht: (let (si', om') := transition lj (s j, om) in
 (state_update IM s j si', om')) = (
s', om')
IHHproto1: constrained_state_prop (IM i) (s i)
IHHproto2: constrained_state_prop (IM i) (_s i)
constrained_state_prop (IM i) (s' i)
  destruct (transition lj (s j, om)) eqn: Heq.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
_om: option message
Hproto1: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s _om
_s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om: option message
Hproto2: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) _s om
j: index
lj: label (IM j)
Hv: valid lj (s j, om)
s': state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om': option message
s0: state (IM j)
o: option message
Heq: transition lj (s j, om) = (s0, o)
Ht: (state_update IM s j s0, o) = (s', om')
IHHproto1: constrained_state_prop (IM i) (s i)
IHHproto2: constrained_state_prop (IM i) (_s i)
constrained_state_prop (IM i) (s' i)
  inversion Ht; subst; clear Ht.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
_om: option message
Hproto1: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s _om
_s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om: option message
Hproto2: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) _s om
j: index
lj: label (IM j)
Hv: valid lj (s j, om)
om': option message
s0: state (IM j)
Heq: transition lj (s j, om) = (s0, om')
IHHproto1: constrained_state_prop (IM i) (s i)
IHHproto2: constrained_state_prop (IM i) (_s i)
constrained_state_prop (IM i)
  (state_update IM s j s0 i)
  destruct (decide (j = i)); subst; state_update_simpl; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
_om: option message
Hproto1: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s _om
_s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om: option message
Hproto2: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) _s om
lj: label (IM i)
Hv: valid lj (s i, om)
om': option message
s0: state (IM i)
Heq: transition lj (s i, om) = (s0, om')
IHHproto1: constrained_state_prop (IM i) (s i)
IHHproto2: constrained_state_prop (IM i) (_s i)
constrained_state_prop (IM i) s0
  destruct IHHproto1 as [om'' Hovmp].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
_om: option message
Hproto1: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s _om
_s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om: option message
Hproto2: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) _s om
lj: label (IM i)
Hv: valid lj (s i, om)
om': option message
s0: state (IM i)
Heq: transition lj (s i, om) = (s0, om')
om'': option message
Hovmp: valid_state_message_prop
  (preloaded_with_all_messages_vlsm (IM i))
  (s i) om''
IHHproto2: constrained_state_prop (IM i) (_s i)
constrained_state_prop (IM i) s0
  exists om'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
_om: option message
Hproto1: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s _om
_s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om: option message
Hproto2: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) _s om
lj: label (IM i)
Hv: valid lj (s i, om)
om': option message
s0: state (IM i)
Heq: transition lj (s i, om) = (s0, om')
om'': option message
Hovmp: valid_state_message_prop
  (preloaded_with_all_messages_vlsm (IM i))
  (s i) om''
IHHproto2: constrained_state_prop (IM i) (_s i)
valid_state_message_prop
  (preloaded_with_all_messages_vlsm (IM i)) s0 om'
  eapply input_valid_transition_outputs_valid_state_message.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
_om: option message
Hproto1: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s _om
_s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om: option message
Hproto2: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) _s om
lj: label (IM i)
Hv: valid lj (s i, om)
om': option message
s0: state (IM i)
Heq: transition lj (s i, om) = (s0, om')
om'': option message
Hovmp: valid_state_message_prop
  (preloaded_with_all_messages_vlsm (IM i))
  (s i) om''
IHHproto2: constrained_state_prop (IM i) (_s i)
input_valid_transition
  (preloaded_with_all_messages_vlsm (IM i)) ?l
  (?s, ?om) (s0, om')
  repeat split; [by exists om'' | | done..].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
i: index
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
_om: option message
Hproto1: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s _om
_s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
om: option message
Hproto2: valid_state_message_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) _s om
lj: label (IM i)
Hv: valid lj (s i, om)
om': option message
s0: state (IM i)
Heq: transition lj (s i, om) = (s0, om')
om'': option message
Hovmp: valid_state_message_prop
  (preloaded_with_all_messages_vlsm (IM i))
  (s i) om''
IHHproto2: constrained_state_prop (IM i) (_s i)
option_valid_message_prop
  (preloaded_with_all_messages_vlsm (IM i)) om
  by apply any_message_is_valid_in_preloaded.
Qed.

Lemma valid_state_project_preloaded_to_preloaded
  message `{EqDecision index} (IM : index -> VLSM message) constraint
  (X := composite_vlsm IM constraint)
  (s : state (preloaded_with_all_messages_vlsm X)) i :
  constrained_state_prop X s ->
  constrained_state_prop (IM i) (s i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
s: state (preloaded_with_all_messages_vlsm X)
i: index
constrained_state_prop X s
→ constrained_state_prop (IM i) (s i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
s: state (preloaded_with_all_messages_vlsm X)
i: index
constrained_state_prop X s
→ constrained_state_prop (IM i) (s i)
  intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
s: state (preloaded_with_all_messages_vlsm X)
i: index
H: constrained_state_prop X s
constrained_state_prop (IM i) (s i)
  eapply composite_constrained_state_project.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
s: state (preloaded_with_all_messages_vlsm X)
i: index
H: constrained_state_prop X s
composite_constrained_state_prop IM s
  apply VLSM_incl_valid_state; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
s: state (preloaded_with_all_messages_vlsm X)
i: index
H: constrained_state_prop X s
VLSM_incl_part
  (preloaded_vlsm_machine X (λ _ : message, True))
  (preloaded_vlsm_machine (free_composite_vlsm IM)
     (λ _ : message, True))
  by apply constrained_preloaded_vlsm_incl_preloaded_with_all_messages.
Qed.

Lemma valid_state_project_preloaded
      message `{EqDecision index} (IM : index -> VLSM message) constraint
      (X := composite_vlsm IM constraint)
      (s : state X) i :
  valid_state_prop X s ->
  constrained_state_prop (IM i) (s i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
s: state X
i: index
valid_state_prop X s
→ constrained_state_prop (IM i) (s i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
s: state X
i: index
valid_state_prop X s
→ constrained_state_prop (IM i) (s i)
  by intros; apply valid_state_project_preloaded_to_preloaded,
    preloaded_with_all_messages_valid_state_prop.
Qed.

Lemma composite_transition_project_active
  message `{EqDecision index} (IM : index -> VLSM message) :
  forall (l : composite_label IM) (s : composite_state IM) (im : option message)
    (s' : composite_state IM) (om : option message),
      composite_transition IM l (s, im) = (s', om) ->
      transition (IM (projT1 l)) (projT2 l) (s (projT1 l), im) = (s' (projT1 l), om).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (l : composite_label IM) (s : composite_state IM) 
  (im : option message) (s' : composite_state IM) 
  (om : option message),
  composite_transition IM l (s, im) = (s', om)
  → transition (projT2 l) (s (projT1 l), im) =
    (s' (projT1 l), om)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
∀ (l : composite_label IM) (s : composite_state IM) 
  (im : option message) (s' : composite_state IM) 
  (om : option message),
  composite_transition IM l (s, im) = (s', om)
  → transition (projT2 l) (s (projT1 l), im) =
    (s' (projT1 l), om)
  intros [x l]; cbn; intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
x: index
l: label (IM x)
s: composite_state IM
im: option message
s': composite_state IM
om: option message
H: (let (si', om') := transition l (s x, im) in
 (state_update IM s x si', om')) = (
s', om)
transition l (s x, im) = (s' x, om)
  destruct (transition (IM x) l (s x, im)).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
x: index
l: label (IM x)
s: composite_state IM
im: option message
s': composite_state IM
om: option message
s0: state (IM x)
o: option message
H: (state_update IM s x s0, o) = (s', om)
(s0, o) = (s' x, om)
  inversion H.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
x: index
l: label (IM x)
s: composite_state IM
im: option message
s': composite_state IM
om: option message
s0: state (IM x)
o: option message
H: (state_update IM s x s0, o) = (s', om)
H1: state_update IM s x s0 = s'
H2: o = om
(s0, om) = (state_update IM s x s0 x, om)
  f_equal.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
x: index
l: label (IM x)
s: composite_state IM
im: option message
s': composite_state IM
om: option message
s0: state (IM x)
o: option message
H: (state_update IM s x s0, o) = (s', om)
H1: state_update IM s x s0 = s'
H2: o = om
s0 = state_update IM s x s0 x
  by state_update_simpl.
Qed.

Lemma input_valid_transition_preloaded_project_active_free
  {message} `{EqDecision V} {IM : V -> VLSM message}
  (X := free_composite_vlsm IM)
  l s im s' om :
  input_constrained_transition X l (s, im) (s', om) ->
  input_constrained_transition (IM (projT1 l)) (projT2 l)
    (s (projT1 l), im) (s' (projT1 l), om).message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
input_constrained_transition X l (s, im) (s', om)
→ input_constrained_transition (IM (projT1 l))
    (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
Proof.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
input_constrained_transition X l (s, im) (s', om)
→ input_constrained_transition (IM (projT1 l))
    (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
  intro Hptrans.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X l (
  s, im) (s', om)
input_constrained_transition (IM (projT1 l))
  (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
  destruct Hptrans as [[Hproto_s [_ Hcvalid]] Htrans].message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hproto_s: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
Hcvalid: valid l (s, im)
Htrans: transition l (s, im) = (s', om)
input_constrained_transition (IM (projT1 l))
  (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
  split; [| by eapply composite_transition_project_active].message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hproto_s: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
Hcvalid: valid l (s, im)
Htrans: transition l (s, im) = (s', om)
input_valid
  (preloaded_with_all_messages_vlsm (IM (projT1 l)))
  (projT2 l) (s (projT1 l), im)
  split; [| split].message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hproto_s: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
Hcvalid: valid l (s, im)
Htrans: transition l (s, im) = (s', om)
valid_state_prop
  (preloaded_with_all_messages_vlsm (IM (projT1 l)))
  (s (projT1 l))
message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hproto_s: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
Hcvalid: valid l (s, im)
Htrans: transition l (s, im) = (s', om)
option_valid_message_prop
  (preloaded_with_all_messages_vlsm (IM (projT1 l)))
  im
message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hproto_s: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
Hcvalid: valid l (s, im)
Htrans: transition l (s, im) = (s', om)
valid (projT2 l) (s (projT1 l), im)
  -message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hproto_s: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
Hcvalid: valid l (s, im)
Htrans: transition l (s, im) = (s', om)
valid_state_prop
  (preloaded_with_all_messages_vlsm (IM (projT1 l)))
  (s (projT1 l)) by eapply composite_constrained_state_project.
  -message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hproto_s: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
Hcvalid: valid l (s, im)
Htrans: transition l (s, im) = (s', om)
option_valid_message_prop
  (preloaded_with_all_messages_vlsm (IM (projT1 l)))
  im by apply any_message_is_valid_in_preloaded.
  -message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hproto_s: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
Hcvalid: valid l (s, im)
Htrans: transition l (s, im) = (s', om)
valid (projT2 l) (s (projT1 l), im) by destruct l; apply Hcvalid.
Qed.

Lemma input_valid_transition_preloaded_project_active
  {message} `{EqDecision V} {IM : V -> VLSM message} {constraint}
  (X := composite_vlsm IM constraint)
  l s im s' om :
  input_constrained_transition X l (s, im) (s', om) ->
  input_constrained_transition (IM (projT1 l)) (projT2 l)
    (s (projT1 l), im) (s' (projT1 l), om).message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
input_constrained_transition X l (s, im) (s', om)
→ input_constrained_transition (IM (projT1 l))
    (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
Proof.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
input_constrained_transition X l (s, im) (s', om)
→ input_constrained_transition (IM (projT1 l))
    (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
  intros.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
H: input_constrained_transition X l (s, im) (s', om)
input_constrained_transition (IM (projT1 l))
  (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
  apply input_valid_transition_preloaded_project_active_free.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
H: input_constrained_transition X l (s, im) (s', om)
input_constrained_transition (free_composite_vlsm IM)
  l (s, im) (s', om)
  apply (@VLSM_incl_input_valid_transition _ _ (preloaded_with_all_messages_vlsm X)); [| done].message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label (preloaded_with_all_messages_vlsm X)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
H: input_constrained_transition X l (s, im) (s', om)
VLSM_incl_part (preloaded_with_all_messages_vlsm X)
  (preloaded_vlsm_machine (free_composite_vlsm IM)
     (λ _ : message, True))
  by apply constrained_preloaded_vlsm_incl_preloaded_with_all_messages.
Qed.

Lemma input_valid_transition_project_active
  {message} `{EqDecision V} {IM : V -> VLSM message} {constraint}
  (X := composite_vlsm IM constraint)
  l s im s' om :
  input_valid_transition X l (s, im) (s', om) ->
  input_constrained_transition (IM (projT1 l)) (projT2 l)
    (s (projT1 l), im) (s' (projT1 l), om).message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state X
im: option message
s': state X
om: option message
input_valid_transition X l (s, im) (s', om)
→ input_constrained_transition (IM (projT1 l))
    (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
Proof.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state X
im: option message
s': state X
om: option message
input_valid_transition X l (s, im) (s', om)
→ input_constrained_transition (IM (projT1 l))
    (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
  intro Hptrans.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state X
im: option message
s': state X
om: option message
Hptrans: input_valid_transition X l (s, im) (s', om)
input_constrained_transition (IM (projT1 l))
  (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
  apply preloaded_weaken_input_valid_transition in Hptrans.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state X
im: option message
s': state X
om: option message
Hptrans: input_constrained_transition X l (
  s, im) (s', om)
input_constrained_transition (IM (projT1 l))
  (projT2 l) (s (projT1 l), im) (s' (projT1 l), om)
  by revert Hptrans; apply input_valid_transition_preloaded_project_active.
Qed.

Lemma input_valid_transition_preloaded_project_any_free
  {V : Type} (i : V)
  {message : Type} `{EqDecision V} {IM : V -> VLSM message}
  (X := free_composite_vlsm IM)
  (l : label X) s im s' om :
  input_constrained_transition X l (s, im) (s', om) ->
    s i = s' i \/
    exists li : label (IM i),
      l = existT i li /\
     input_constrained_transition (IM i) li (s i, im) (s' i, om).V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label X
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
input_constrained_transition X l (s, im) (s', om)
→ s i = s' i
  ∨ (∃ li : label (IM i),
       l = existT i li
       ∧ input_constrained_transition (IM i) li
           (s i, im) (s' i, om))
Proof.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label X
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
input_constrained_transition X l (s, im) (s', om)
→ s i = s' i
  ∨ (∃ li : label (IM i),
       l = existT i li
       ∧ input_constrained_transition (IM i) li
           (s i, im) (s' i, om))
  intro Hptrans.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
l: label X
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X l (
  s, im) (s', om)
s i = s' i
∨ (∃ li : label (IM i),
     l = existT i li
     ∧ input_constrained_transition (IM i) li
         (s i, im) (s' i, om))
  destruct l as [j lj].V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X 
  (existT j lj) (s, im) (
  s', om)
s i = s' i
∨ (∃ li : label (IM i),
     existT j lj = existT i li
     ∧ input_constrained_transition (IM i) li
         (s i, im) (s' i, om))
  destruct (decide (i = j)); subst.V, message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X 
  (existT j lj) (s, im) (
  s', om)
s j = s' j
∨ (∃ li : label (IM j),
     existT j lj = existT j li
     ∧ input_constrained_transition (IM j) li
         (s j, im) (s' j, om))
V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X 
  (existT j lj) (s, im) (
  s', om)
n: i ≠ j
s i = s' i
∨ (∃ li : label (IM i),
     existT j lj = existT i li
     ∧ input_constrained_transition 
         (IM i) li (s i, im) (
         s' i, om))
  -V, message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X 
  (existT j lj) (s, im) (
  s', om)
s j = s' j
∨ (∃ li : label (IM j),
     existT j lj = existT j li
     ∧ input_constrained_transition (IM j) li
         (s j, im) (s' j, om)) right.V, message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X 
  (existT j lj) (s, im) (
  s', om)
∃ li : label (IM j),
  existT j lj = existT j li
  ∧ input_constrained_transition (IM j) li (s j, im)
      (s' j, om)
    exists lj.V, message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X 
  (existT j lj) (s, im) (
  s', om)
existT j lj = existT j lj
∧ input_constrained_transition (IM j) lj (s j, im)
    (s' j, om)
    split; [done |].V, message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X 
  (existT j lj) (s, im) (
  s', om)
input_constrained_transition (IM j) lj (s j, im)
  (s' j, om)
    by revert Hptrans; apply input_valid_transition_preloaded_project_active_free.
  -V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X 
  (existT j lj) (s, im) (
  s', om)
n: i ≠ j
s i = s' i
∨ (∃ li : label (IM i),
     existT j lj = existT i li
     ∧ input_constrained_transition (IM i) li
         (s i, im) (s' i, om)) left.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hptrans: input_constrained_transition X 
  (existT j lj) (s, im) (
  s', om)
n: i ≠ j
s i = s' i
    destruct Hptrans as [Hpvalid Htrans]; cbn in Htrans.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hpvalid: input_valid
  (preloaded_with_all_messages_vlsm X)
  (existT j lj) (s, im)
Htrans: (let (si', om') := transition lj (s j, im) in
 (state_update IM s j si', om')) = (
s', om)
n: i ≠ j
s i = s' i
    destruct (transition (IM j) lj (s j, im)); inversion_clear Htrans.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
j: V
lj: label (IM j)
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
Hpvalid: input_valid
  (preloaded_with_all_messages_vlsm X)
  (existT j lj) (s, im)
s0: state (IM j)
o: option message
n: i ≠ j
s i = state_update IM s j s0 i
    by state_update_simpl.
Qed.

Lemma input_valid_transition_preloaded_project_any
  {V : Type} (i : V)
  {message : Type} `{EqDecision V} {IM : V -> VLSM message} {constraint}
  (X := composite_vlsm IM constraint)
  (l : label X) s im s' om :
  input_constrained_transition X l (s, im) (s', om) ->
    s i = s' i \/
    exists li : label (IM i),
      l = existT i li /\
      input_constrained_transition (IM i) li (s i, im) (s' i, om).V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
input_constrained_transition X l (s, im) (s', om)
→ s i = s' i
  ∨ (∃ li : label (IM i),
       l = existT i li
       ∧ input_constrained_transition (IM i) li
           (s i, im) (s' i, om))
Proof.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
input_constrained_transition X l (s, im) (s', om)
→ s i = s' i
  ∨ (∃ li : label (IM i),
       l = existT i li
       ∧ input_constrained_transition (IM i) li
           (s i, im) (s' i, om))
  intros.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
H: input_constrained_transition X l (s, im) (s', om)
s i = s' i
∨ (∃ li : label (IM i),
     l = existT i li
     ∧ input_constrained_transition (IM i) li
         (s i, im) (s' i, om))
  apply input_valid_transition_preloaded_project_any_free.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
H: input_constrained_transition X l (s, im) (s', om)
input_constrained_transition (free_composite_vlsm IM)
  l (s, im) (s', om)
  apply (@VLSM_incl_input_valid_transition _ _ (preloaded_with_all_messages_vlsm X)); [| done].V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state (preloaded_with_all_messages_vlsm X)
im: option message
s': state (preloaded_with_all_messages_vlsm X)
om: option message
H: input_constrained_transition X l (s, im) (s', om)
VLSM_incl_part (preloaded_with_all_messages_vlsm X)
  (preloaded_vlsm_machine (free_composite_vlsm IM)
     (λ _ : message, True))
  by apply constrained_preloaded_vlsm_incl_preloaded_with_all_messages.
Qed.

Lemma input_valid_transition_project_any
  {V : Type} (i : V)
  {message : Type} `{EqDecision V} {IM : V -> VLSM message} {constraint}
  (X := composite_vlsm IM constraint)
  (l : label X) s im s' om :
  input_valid_transition X l (s, im) (s', om) ->
    s i = s' i \/
    exists li : label (IM i),
      l = existT i li /\
      input_constrained_transition (IM i) li (s i, im) (s' i, om).V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state X
im: option message
s': state X
om: option message
input_valid_transition X l (s, im) (s', om)
→ s i = s' i
  ∨ (∃ li : label (IM i),
       l = existT i li
       ∧ input_constrained_transition (IM i) li
           (s i, im) (s' i, om))
Proof.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state X
im: option message
s': state X
om: option message
input_valid_transition X l (s, im) (s', om)
→ s i = s' i
  ∨ (∃ li : label (IM i),
       l = existT i li
       ∧ input_constrained_transition (IM i) li
           (s i, im) (s' i, om))
  intro Hproto.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state X
im: option message
s': state X
om: option message
Hproto: input_valid_transition X l (s, im) (s', om)
s i = s' i
∨ (∃ li : label (IM i),
     l = existT i li
     ∧ input_constrained_transition (IM i) li
         (s i, im) (s' i, om))
  apply preloaded_weaken_input_valid_transition in Hproto.V: Type
i: V
message: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label X
s: state X
im: option message
s': state X
om: option message
Hproto: input_constrained_transition X l (
  s, im) (s', om)
s i = s' i
∨ (∃ li : label (IM i),
     l = existT i li
     ∧ input_constrained_transition (IM i) li
         (s i, im) (s' i, om))
  by revert Hproto; apply input_valid_transition_preloaded_project_any.
Qed.

If a message can be emitted by a composition, then it can be emitted by one of the components.

Lemma can_emit_free_composite_project
  {message : Type} `{EqDecision V} {IM : V -> VLSM message}
  (X := free_composite_vlsm IM)
  (m : message)
  (Hemit : can_emit (preloaded_with_all_messages_vlsm X) m) :
    exists (j : V), can_emit (preloaded_with_all_messages_vlsm (IM j)) m.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
m: message
Hemit: can_emit (preloaded_with_all_messages_vlsm X)
  m
∃ j : V,
  can_emit (preloaded_with_all_messages_vlsm (IM j)) m
Proof.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
m: message
Hemit: can_emit (preloaded_with_all_messages_vlsm X)
  m
∃ j : V,
  can_emit (preloaded_with_all_messages_vlsm (IM j)) m
  apply can_emit_iff in Hemit as (s2 & [s1 oim] & l & Ht).message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
m: message
s2, s1: state (preloaded_with_all_messages_vlsm X)
oim: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s1, oim) (s2, Some m)
∃ j : V,
  can_emit (preloaded_with_all_messages_vlsm (IM j)) m
  exists (projT1 l).message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
m: message
s2, s1: state (preloaded_with_all_messages_vlsm X)
oim: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s1, oim) (s2, Some m)
can_emit
  (preloaded_with_all_messages_vlsm (IM (projT1 l))) m
  apply can_emit_iff.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
m: message
s2, s1: state (preloaded_with_all_messages_vlsm X)
oim: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s1, oim) (s2, Some m)
∃ s : state
        (preloaded_with_all_messages_vlsm
           (IM (projT1 l))),
  can_produce
    (preloaded_with_all_messages_vlsm (IM (projT1 l)))
    s m
  exists (s2 (projT1 l)), (s1 (projT1 l), oim), (projT2 l).message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
X:= free_composite_vlsm IM: VLSM message
m: message
s2, s1: state (preloaded_with_all_messages_vlsm X)
oim: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s1, oim) (s2, Some m)
input_valid_transition
  (preloaded_with_all_messages_vlsm (IM (projT1 l)))
  (projT2 l) (s1 (projT1 l), oim)
  (s2 (projT1 l), Some m)
  by eapply input_valid_transition_preloaded_project_active_free.
Qed.

Lemma can_emit_composite_project
  {message : Type} `{EqDecision V} {IM : V -> VLSM message} {constraint}
  (X := composite_vlsm IM constraint)
  (m : message)
  (Hemit : can_emit (preloaded_with_all_messages_vlsm X) m) :
    exists (j : V), can_emit (preloaded_with_all_messages_vlsm (IM j)) m.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
m: message
Hemit: can_emit (preloaded_with_all_messages_vlsm X)
  m
∃ j : V,
  can_emit (preloaded_with_all_messages_vlsm (IM j)) m
Proof.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
m: message
Hemit: can_emit (preloaded_with_all_messages_vlsm X)
  m
∃ j : V,
  can_emit (preloaded_with_all_messages_vlsm (IM j)) m
  apply can_emit_free_composite_project.message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
m: message
Hemit: can_emit (preloaded_with_all_messages_vlsm X)
  m
can_emit
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) m
  eapply VLSM_incl_can_emit; [| done].message, V: Type
EqDecision0: EqDecision V
IM: V → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
m: message
Hemit: can_emit (preloaded_with_all_messages_vlsm X)
  m
VLSM_incl_part
  (preloaded_vlsm_machine X (λ _ : message, True))
  (preloaded_vlsm_machine (free_composite_vlsm IM)
     (λ _ : message, True))
  by apply constrained_preloaded_vlsm_incl_preloaded_with_all_messages.
Qed.

Binary free composition

This serves an example of how composition can be built, but is also being used in defining the byzantine_trace_properties.

This instantiates the regular composition using the bool type as an index.

Section sec_binary_free_composition.

Context
  {message : Type}
  (M1 M2 : VLSM message)
  .

Definition binary_index : Set := bool.

Definition first : binary_index := true.
Definition second : binary_index := false.

#[export] Instance binary_index_dec :  EqDecision binary_index := _.
#[export] Instance binary_index_inhabited : Inhabited binary_index := populate first.

Definition binary_IM
  (i : binary_index)
  : VLSM message
  :=
  match i with
  | true => M1
  | false => M2
  end.

Definition binary_free_composition : VLSM message :=
  composite_vlsm binary_IM (free_constraint binary_IM).

End sec_binary_free_composition.

Composite decidable initial message

Here we show that if the initial_message_property is decidable for every component, then it is decidable for a finite composition as well.

Section sec_composite_decidable_initial_message.

Context
  {message : Type}
  `{finite.Finite index}
  (IM : index -> VLSM message)
  (constraint : composite_label IM -> composite_state IM * option message -> Prop)
  .

Lemma composite_decidable_initial_message
  (Hdec_init : forall i, decidable_initial_messages_prop (IM i))
  : decidable_initial_messages_prop (composite_vlsm IM constraint).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
decidable_initial_messages_prop
  (composite_vlsm IM constraint)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
decidable_initial_messages_prop
  (composite_vlsm IM constraint)
  intro m.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
Decision (initial_message_prop m) simpl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
Decision (composite_initial_message_prop IM m) unfold composite_initial_message_prop.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
Decision
  (∃ (n : index) (mi : initial_message (IM n)),
     `mi = m)
  apply
    (Decision_iff
      (P := List.Exists (fun i => initial_message_prop (IM i) m) (enum index))).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
List.Exists (λ i : index, initial_message_prop m)
  (enum index)
↔ (∃ (n : index) (mi : initial_message (IM n)),
     `mi = m)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
Decision
  (List.Exists (λ i : index, initial_message_prop m)
     (enum index))
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
List.Exists (λ i : index, initial_message_prop m)
  (enum index)
↔ (∃ (n : index) (mi : initial_message (IM n)),
     `mi = m) rewrite Exists_finite.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
(∃ x : index, initial_message_prop m)
↔ (∃ (n : index) (mi : initial_message (IM n)),
     `mi = m)
    split; intros [i Hm]; exists i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
i: index
Hm: initial_message_prop m
∃ mi : initial_message (IM i), `mi = m
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
i: index
Hm: ∃ mi : initial_message (IM i), `mi = m
initial_message_prop m
    +message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
i: index
Hm: initial_message_prop m
∃ mi : initial_message (IM i), `mi = m by exists (exist _ _ Hm).
    +message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
i: index
Hm: ∃ mi : initial_message (IM i), `mi = m
initial_message_prop m by destruct Hm as [[im Hinit] [= ->]].
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hdec_init: ∀ i : index,
  decidable_initial_messages_prop (IM i)
m: message
Decision
  (List.Exists (λ i : index, initial_message_prop m)
     (enum index)) by apply @Exists_dec; intro i; apply Hdec_init.
Qed.

End sec_composite_decidable_initial_message.

Composite plan properties

The following results concern facts about applying a plan Free P to a state Free s', knowing its effects on a different state Free s which shares some relevant features with s'.

Section sec_composite_plan_properties.

Context
  {message : Type}
  {index : Type}
  `{EqDecision index}
  (IM : index -> VLSM message)
  (Free := free_composite_vlsm IM)
  .

(* A transition on component <<i>> is [input_valid] from <<s'>> if it is
   [input_valid] from <<s>> and their <<i>>'th components are equal. *)

Lemma relevant_component_transition_free
  (s s' : state Free)
  (l : label Free)
  (input : option message)
  (i := projT1 l)
  (Heq : (s i) = (s' i))
  (Hprs : valid_state_prop Free s')
  (Hiv : input_valid Free l (s, input)) :
  input_valid Free l (s', input).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
l: label Free
input: option message
i:= projT1 l: index
Heq: s i = s' i
Hprs: valid_state_prop Free s'
Hiv: input_valid Free l (s, input)
input_valid Free l (s', input)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
l: label Free
input: option message
i:= projT1 l: index
Heq: s i = s' i
Hprs: valid_state_prop Free s'
Hiv: input_valid Free l (s, input)
input_valid Free l (s', input)
  split_and!; [done | by apply Hiv |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
l: label Free
input: option message
i:= projT1 l: index
Heq: s i = s' i
Hprs: valid_state_prop Free s'
Hiv: input_valid Free l (s, input)
valid l (s', input)
  cbn in Hiv |- *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
l: label Free
input: option message
i:= projT1 l: index
Heq: s i = s' i
Hprs: valid_state_prop Free s'
Hiv: valid_state_prop Free s
∧ option_valid_message_prop Free input
  ∧ (let (i, li) := l in valid li (s i, input))
let (i, li) := l in valid li (s' i, input)
  destruct l.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
x: index
l: label (IM x)
input: option message
i:= projT1 (existT x l): index
Heq: s i = s' i
Hprs: valid_state_prop Free s'
Hiv: valid_state_prop Free s
∧ option_valid_message_prop Free input
  ∧ valid l (s x, input)
valid l (s' x, input)
  simpl in i.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
x: index
l: label (IM x)
input: option message
i:= x: index
Heq: s i = s' i
Hprs: valid_state_prop Free s'
Hiv: valid_state_prop Free s
∧ option_valid_message_prop Free input
  ∧ valid l (s x, input)
valid l (s' x, input)
  unfold i in Heq.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
x: index
l: label (IM x)
input: option message
i:= x: index
Heq: s x = s' x
Hprs: valid_state_prop Free s'
Hiv: valid_state_prop Free s
∧ option_valid_message_prop Free input
  ∧ valid l (s x, input)
valid l (s' x, input)
  rewrite <- Heq.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
x: index
l: label (IM x)
input: option message
i:= x: index
Heq: s x = s' x
Hprs: valid_state_prop Free s'
Hiv: valid_state_prop Free s
∧ option_valid_message_prop Free input
  ∧ valid l (s x, input)
valid l (s x, input)
  by itauto.
Qed.

(* The effect of the transition is also the same. *)

Lemma relevant_component_transition2_free
  (s s' : state Free)
  (l : label Free)
  (input : option message)
  (i := projT1 l)
  (Heq : (s i) = (s' i))
  (Hprs : valid_state_prop Free s') :
  let (dest, output) := transition Free l (s, input) in
  let (dest', output') := transition Free l (s', input) in
  output = output' /\ (dest i) = (dest' i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
l: label Free
input: option message
i:= projT1 l: index
Heq: s i = s' i
Hprs: valid_state_prop Free s'
let (dest, output) := transition l (s, input) in
let (dest', output') := transition l (s', input) in
output = output' ∧ dest i = dest' i
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
l: label Free
input: option message
i:= projT1 l: index
Heq: s i = s' i
Hprs: valid_state_prop Free s'
let (dest, output) := transition l (s, input) in
let (dest', output') := transition l (s', input) in
output = output' ∧ dest i = dest' i
  destruct l as [x l]; simpl in i |- *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
x: index
l: label (IM x)
input: option message
i:= x: index
Heq: s i = s' i
Hprs: valid_state_prop Free s'
let (dest, output) :=
  let (si', om') := transition l (s x, input) in
  (state_update IM s x si', om') in
let (dest', output') :=
  let (si', om') := transition l (s' x, input) in
  (state_update IM s' x si', om') in
output = output' ∧ dest i = dest' i
  unfold i in Heq; rewrite Heq.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
x: index
l: label (IM x)
input: option message
i:= x: index
Heq: s x = s' x
Hprs: valid_state_prop Free s'
let (dest, output) :=
  let (si', om') := transition l (s' x, input) in
  (state_update IM s x si', om') in
let (dest', output') :=
  let (si', om') := transition l (s' x, input) in
  (state_update IM s' x si', om') in
output = output' ∧ dest i = dest' i
  destruct (transition (IM x) l (s' x, input)).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
x: index
l: label (IM x)
input: option message
i:= x: index
Heq: s x = s' x
Hprs: valid_state_prop Free s'
s0: state (IM x)
o: option message
o = o
∧ state_update IM s x s0 i = state_update IM s' x s0 i
  by state_update_simpl.
Qed.

Lemma relevant_components_one_free
  (s s' : state Free)
  (Hprs' : valid_state_prop Free s')
  (ai : plan_item Free)
  (i := projT1 (label_a ai))
  (Heq : (s i) = (s' i))
  (Hpr : finite_valid_plan_from Free s [ai]) :
  let res' := snd (apply_plan Free s' [ai]) in
  let res := snd (apply_plan Free s [ai]) in
  finite_valid_plan_from Free s' [ai] /\
  (res' i) = res i.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
Hprs': valid_state_prop Free s'
ai: plan_item
i:= projT1 (label_a ai): index
Heq: s i = s' i
Hpr: finite_valid_plan_from Free s [ai]
let res' := (apply_plan Free s' [ai]).2 in
let res := (apply_plan Free s [ai]).2 in
finite_valid_plan_from Free s' [ai] ∧ res' i = res i
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
Hprs': valid_state_prop Free s'
ai: plan_item
i:= projT1 (label_a ai): index
Heq: s i = s' i
Hpr: finite_valid_plan_from Free s [ai]
let res' := (apply_plan Free s' [ai]).2 in
let res := (apply_plan Free s [ai]).2 in
finite_valid_plan_from Free s' [ai] ∧ res' i = res i
  simpl.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
Hprs': valid_state_prop Free s'
ai: plan_item
i:= projT1 (label_a ai): index
Heq: s i = s' i
Hpr: finite_valid_plan_from Free s [ai]
finite_valid_plan_from Free s' [ai]
∧ (apply_plan Free s' [ai]).2 i =
  (apply_plan Free s [ai]).2 i
  unfold finite_valid_plan_from, apply_plan, _apply_plan in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
Hprs': valid_state_prop Free s'
ai: plan_item
i:= projT1 (label_a ai): index
Heq: s i = s' i
Hpr: finite_valid_trace_from Free s
  (let (final, items) :=
     foldr _apply_plan_folder (s, []) (rev [ai]) in
   (rev items, final)).1
finite_valid_trace_from Free s'
  (let (final, items) :=
     foldr _apply_plan_folder (s', []) (rev [ai]) in
   (rev items, final)).1
∧ (let (final, items) :=
     foldr _apply_plan_folder (s', []) (rev [ai]) in
   (rev items, final)).2 i =
  (let (final, items) :=
     foldr _apply_plan_folder (s, []) (rev [ai]) in
   (rev items, final)).2 i
  destruct ai; simpl in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
Hpr: finite_valid_trace_from Free s
  (let (final, items) :=
     let (dest, out) :=
       let (i, li) := label_a in
       let (si', om') :=
         transition li (s i, input_a) in
       (state_update IM s i si', om') in
     (dest,
      [{|
         l := label_a;
         input := input_a;
         destination := dest;
         output := out
       |}]) in
   (rev items, final)).1
finite_valid_trace_from Free s'
  (let (final, items) :=
     let (dest, out) :=
       let (i, li) := label_a in
       let (si', om') :=
         transition li (s' i, input_a) in
       (state_update IM s' i si', om') in
     (dest,
      [{|
         l := label_a;
         input := input_a;
         destination := dest;
         output := out
       |}]) in
   (rev items, final)).1
∧ (let (final, items) :=
     let (dest, out) :=
       let (i, li) := label_a in
       let (si', om') :=
         transition li (s' i, input_a) in
       (state_update IM s' i si', om') in
     (dest,
      [{|
         l := label_a;
         input := input_a;
         destination := dest;
         output := out
       |}]) in
   (rev items, final)).2 i =
  (let (final, items) :=
     let (dest, out) :=
       let (i, li) := label_a in
       let (si', om') :=
         transition li (s i, input_a) in
       (state_update IM s i si', om') in
     (dest,
      [{|
         l := label_a;
         input := input_a;
         destination := dest;
         output := out
       |}]) in
   (rev items, final)).2 i
  match goal with
  |- context [let (_, _) := let (_, _) := ?t in _ in _] =>
    destruct t eqn: eq_trans'
  end.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
Hpr: finite_valid_trace_from Free s
  (let (final, items) :=
     let (dest, out) :=
       let (i, li) := label_a in
       let (si', om') :=
         transition li (s i, input_a) in
       (state_update IM s i si', om') in
     (dest,
      [{|
         l := label_a;
         input := input_a;
         destination := dest;
         output := out
       |}]) in
   (rev items, final)).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
finite_valid_trace_from Free s'
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c;
        output := o
      |}], c).1
∧ (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c;
        output := o
      |}], c).2 i =
  (let (final, items) :=
     let (dest, out) :=
       let (i, li) := label_a in
       let (si', om') :=
         transition li (s i, input_a) in
       (state_update IM s i si', om') in
     (dest,
      [{|
         l := label_a;
         input := input_a;
         destination := dest;
         output := out
       |}]) in
   (rev items, final)).2 i
  match goal with
  |- context [let (_, _) := let (_, _) := ?t in _ in _] =>
    destruct t eqn: eq_trans
  end.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
finite_valid_trace_from Free s'
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c;
        output := o
      |}], c).1
∧ (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c;
        output := o
      |}], c).2 i =
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).2 i
  inversion Hpr; subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
finite_valid_trace_from Free s'
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c;
        output := o
      |}], c).1
∧ (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c;
        output := o
      |}], c).2 i =
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).2 i
  split.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
finite_valid_trace_from Free s'
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c;
        output := o
      |}], c).1
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
(rev
   [{|
      l := label_a;
      input := input_a;
      destination := c;
      output := o
    |}], c).2 i =
(rev
   [{|
      l := label_a;
      input := input_a;
      destination := c0;
      output := o0
    |}], c0).2 i
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
finite_valid_trace_from Free s'
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c;
        output := o
      |}], c).1 assert (Ht' : input_valid_transition Free label_a (s', input_a) (c, o)).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
input_valid_transition Free label_a (s', input_a)
  (c, o)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
Ht': input_valid_transition Free label_a
  (s', input_a) (c, o)
finite_valid_trace_from Free s'
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c;
        output := o
      |}], c).1
    {message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
input_valid_transition Free label_a (s', input_a)
  (c, o)
      unfold input_valid_transition in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid Free label_a (s, input_a)
∧ transition label_a (s, input_a) = (c0, o0)
input_valid Free label_a (s', input_a)
∧ transition label_a (s', input_a) = (c, o)
      destruct Ht as [Hpr_valid Htrans].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Hpr_valid: input_valid Free label_a (s, input_a)
Htrans: transition label_a (s, input_a) = (c0, o0)
input_valid Free label_a (s', input_a)
∧ transition label_a (s', input_a) = (c, o)
      by apply relevant_component_transition_free with (s' := s') in Hpr_valid; itauto.
    }message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
Ht': input_valid_transition Free label_a
  (s', input_a) (c, o)
finite_valid_trace_from Free s'
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c;
        output := o
      |}], c).1
    apply finite_valid_trace_from_extend; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
Ht': input_valid_transition Free label_a
  (s', input_a) (c, o)
finite_valid_trace_from Free c []
    apply finite_valid_trace_from_empty.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
Ht': input_valid_transition Free label_a
  (s', input_a) (c, o)
valid_state_prop Free c
    by apply input_valid_transition_destination in Ht'.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
(rev
   [{|
      l := label_a;
      input := input_a;
      destination := c;
      output := o
    |}], c).2 i =
(rev
   [{|
      l := label_a;
      input := input_a;
      destination := c0;
      output := o0
    |}], c0).2 i specialize (relevant_component_transition2_free s s' label_a input_a Heq Hprs') as Hrel.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  (rev
     [{|
        l := label_a;
        input := input_a;
        destination := c0;
        output := o0
      |}], c0).1
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
Hrel: let (dest, output) :=
  transition label_a (s, input_a) in
let (dest', output') :=
  transition label_a (s', input_a) in
output = output'
∧ dest (projT1 label_a) =
  dest' (projT1 label_a)
(rev
   [{|
      l := label_a;
      input := input_a;
      destination := c;
      output := o
    |}], c).2 i =
(rev
   [{|
      l := label_a;
      input := input_a;
      destination := c0;
      output := o0
    |}], c0).2 i
    cbn in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
i:= projT1 label_a: index
Heq: s i = s' i
c0: composite_state IM
o0: option message
eq_trans: (let (i, li) := label_a in
 let (si', om') :=
   transition li (s i, input_a) in
 (state_update IM s i si', om')) = (
c0, o0)
Hpr: finite_valid_trace_from Free s
  [{|
     l := label_a;
     input := input_a;
     destination := c0;
     output := o0
   |}]
c: composite_state IM
o: option message
eq_trans': (let (i, li) := label_a in
 let (si', om') :=
   transition li (s' i, input_a) in
 (state_update IM s' i si', om')) = (
c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free label_a (
  s, input_a) (c0, o0)
Hrel: let (dest, output) :=
  let (i, li) := label_a in
  let (si', om') :=
    transition li (s i, input_a) in
  (state_update IM s i si', om') in
let (dest', output') :=
  let (i, li) := label_a in
  let (si', om') :=
    transition li (s' i, input_a) in
  (state_update IM s' i si', om') in
output = output'
∧ dest (projT1 label_a) =
  dest' (projT1 label_a)
c i = c0 i
    repeat case_match.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
x: index
l: label (IM x)
H1: label_a = existT x l
i:= projT1 (existT x l): index
Heq: s i = s' i
c0: composite_state IM
o0: option message
c1: composite_state IM
o1: option message
s1: state (IM x)
o4: option message
H3: transition l (s x, input_a) = (s1, o4)
H: (state_update IM s x s1, o4) = (c1, o1)
eq_trans: (c1, o1) = (c0, o0)
Hpr: finite_valid_trace_from Free s
  [{|
     l := existT x l;
     input := input_a;
     destination := c0;
     output := o0
   |}]
c: composite_state IM
o: option message
c2: composite_state IM
o2: option message
s0: state (IM x)
o3: option message
H2: transition l (s' x, input_a) = (s0, o3)
H0: (state_update IM s' x s0, o3) = (c2, o2)
eq_trans': (c2, o2) = (c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free 
  (existT x l) (s, input_a) (
  c0, o0)
Hrel: o1 = o2
∧ c1 (projT1 (existT x l)) =
  c2 (projT1 (existT x l))
c i = c0 i
    unfold i; cbn in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
label_a: composite_label IM
input_a: option message
x: index
l: label (IM x)
H1: label_a = existT x l
i:= x: index
Heq: s x = s' x
c0: composite_state IM
o0: option message
c1: composite_state IM
o1: option message
s1: state (IM x)
o4: option message
H3: transition l (s x, input_a) = (s1, o4)
H: (state_update IM s x s1, o4) = (c1, o1)
eq_trans: (c1, o1) = (c0, o0)
Hpr: finite_valid_trace_from Free s
  [{|
     l := existT x l;
     input := input_a;
     destination := c0;
     output := o0
   |}]
c: composite_state IM
o: option message
c2: composite_state IM
o2: option message
s0: state (IM x)
o3: option message
H2: transition l (s' x, input_a) = (s0, o3)
H0: (state_update IM s' x s0, o3) = (c2, o2)
eq_trans': (c2, o2) = (c, o)
Htl: finite_valid_trace_from Free c0 []
Ht: input_valid_transition Free 
  (existT x l) (s, input_a) (
  c0, o0)
Hrel: o1 = o2 ∧ c1 x = c2 x
c x = c0 x
    by itauto congruence.
Qed.

Transitioning on some index different from i does not affect component i.

Lemma irrelevant_components_one
  (s : state (composite_type IM))
  (ai : composite_plan_item IM)
  (i : index)
  (Hdif : i <> projT1 (label_a ai)) :
  let res := snd (composite_apply_plan IM s [ai]) in
  (res i) = (s i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
ai: composite_plan_item IM
i: index
Hdif: i ≠ projT1 (label_a ai)
let res := (composite_apply_plan IM s [ai]).2 in
res i = s i
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
ai: composite_plan_item IM
i: index
Hdif: i ≠ projT1 (label_a ai)
let res := (composite_apply_plan IM s [ai]).2 in
res i = s i
  unfold composite_apply_plan, apply_plan, _apply_plan; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
ai: composite_plan_item IM
i: index
Hdif: i ≠ projT1 (label_a ai)
(let (final, items) :=
   match ai with
   | {| label_a := l'; input_a := input' |} =>
       let (dest, out) :=
         let (i, li) := l' in
         let (si', om') :=
           transition li (s i, input') in
         (state_update IM s i si', om') in
       (dest,
        [{|
           l := l';
           input := input';
           destination := dest;
           output := out
         |}])
   end in
 (rev items, final)).2 i = s i
  repeat case_match; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
ai: composite_plan_item IM
i: index
label_a: label (composite_type IM)
input_a: option message
x: index
l0: label (IM x)
H2: label_a = existT x l0
H0: ai =
{| label_a := existT x l0; input_a := input_a |}
Hdif: i
≠ projT1
    (Plans.label_a
       {|
         label_a := existT x l0;
         input_a := input_a
       |})
c: composite_state IM
l: list transition_item
c0: composite_state IM
o: option message
s0: state (IM x)
o0: option message
H3: transition l0 (s x, input_a) = (s0, o0)
H1: (state_update IM s x s0, o0) = (c0, o)
H: (c0,
 [{|
    l := existT x l0;
    input := input_a;
    destination := c0;
    output := o
  |}]) = (c, l)
c i = s i
  inversion H; inversion H1; subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
i: index
input_a: option message
x: index
l0: label (IM x)
Hdif: i
≠ projT1
    (label_a
       {|
         label_a := existT x l0;
         input_a := input_a
       |})
o: option message
s0: state (IM x)
H1: (state_update IM s x s0, o) =
(state_update IM s x s0, o)
H3: transition l0 (s x, input_a) = (s0, o)
H: (state_update IM s x s0,
 [{|
    l := existT x l0;
    input := input_a;
    destination := state_update IM s x s0;
    output := o
  |}]) =
(state_update IM s x s0,
 [{|
    l := existT x l0;
    input := input_a;
    destination := state_update IM s x s0;
    output := o
  |}])
state_update IM s x s0 i = s i
  by state_update_simpl.
Qed.

Same as irrelevant_components_one, but for multiple transitions.

Lemma irrelevant_components
  (s : state (composite_type IM))
  (a : composite_plan IM)
  (a_indices := List.map (@projT1 _ _) (List.map (@label_a _ _) a))
  (i : index)
  (Hdif : i ∉ a_indices) :
  let res := snd (composite_apply_plan IM s a) in
  (res i) = (s i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
a: composite_plan IM
a_indices:= List.map projT1 (List.map label_a a): list index
i: index
Hdif: i ∉ a_indices
let res := (composite_apply_plan IM s a).2 in
res i = s i
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
a: composite_plan IM
a_indices:= List.map projT1 (List.map label_a a): list index
i: index
Hdif: i ∉ a_indices
let res := (composite_apply_plan IM s a).2 in
res i = s i
  induction a using rev_ind.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
a_indices:= List.map projT1 (List.map label_a []): list index
i: index
Hdif: i ∉ a_indices
let res := (composite_apply_plan IM s []).2 in
res i = s i
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i ∉ a_indices
IHa: let a_indices :=
  List.map projT1 (List.map label_a a) in
i ∉ a_indices
→ let res := (composite_apply_plan IM s a).2 in
  res i = s i
let res := (composite_apply_plan IM s (a ++ [x])).2 in
res i = s i
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
a_indices:= List.map projT1 (List.map label_a []): list index
i: index
Hdif: i ∉ a_indices
let res := (composite_apply_plan IM s []).2 in
res i = s i by simpl; itauto.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: state (composite_type IM)
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i ∉ a_indices
IHa: let a_indices :=
  List.map projT1 (List.map label_a a) in
i ∉ a_indices
→ let res := (composite_apply_plan IM s a).2 in
  res i = s i
let res := (composite_apply_plan IM s (a ++ [x])).2 in
res i = s i simpl in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i ∉ a_indices
IHa: i ∉ List.map projT1 (List.map label_a a)
→ (composite_apply_plan IM s a).2 i = s i
(composite_apply_plan IM s (a ++ [x])).2 i = s i
    rewrite (composite_apply_plan_app IM).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i ∉ a_indices
IHa: i ∉ List.map projT1 (List.map label_a a)
→ (composite_apply_plan IM s a).2 i = s i
(let (aitems, afinal) :=
   composite_apply_plan IM s a in
 let (a'items, a'final) :=
   composite_apply_plan IM afinal [x] in
 (aitems ++ a'items, a'final)).2 i = s i
    destruct (composite_apply_plan IM s a) as (tra, sa) eqn: eq_a; simpl in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i ∉ a_indices
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
IHa: i ∉ List.map projT1 (List.map label_a a)
→ sa i = s i
(let (a'items, a'final) :=
   composite_apply_plan IM sa [x] in
 (tra ++ a'items, a'final)).2 i = s i
    destruct (composite_apply_plan IM sa [x]) as (trx, sx) eqn: eq_x; simpl in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i ∉ a_indices
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
IHa: i ∉ List.map projT1 (List.map label_a a)
→ sa i = s i
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
sx i = s i

    unfold a_indices in Hdif.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a (a ++ [x]))
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
IHa: i ∉ List.map projT1 (List.map label_a a)
→ sa i = s i
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
sx i = s i
    rewrite map_app in Hdif.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1
    (List.map label_a a ++ List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
IHa: i ∉ List.map projT1 (List.map label_a a)
→ sa i = s i
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
sx i = s i
    rewrite map_app in Hdif.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
IHa: i ∉ List.map projT1 (List.map label_a a)
→ sa i = s i
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
sx i = s i

    spec IHa.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
IHa: i ∉ List.map projT1 (List.map label_a a)
→ sa i = s i
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
i ∉ List.map projT1 (List.map label_a a)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
IHa: sa i = s i
sx i = s i {message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
IHa: i ∉ List.map projT1 (List.map label_a a)
→ sa i = s i
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
i ∉ List.map projT1 (List.map label_a a)
      intro Hin.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
IHa: i ∉ List.map projT1 (List.map label_a a)
→ sa i = s i
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
Hin: i ∈ List.map projT1 (List.map label_a a)
False
      contradict Hdif.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
IHa: i ∉ List.map projT1 (List.map label_a a)
→ sa i = s i
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
Hin: i ∈ List.map projT1 (List.map label_a a)
i
∈ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
      apply elem_of_app.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
IHa: i ∉ List.map projT1 (List.map label_a a)
→ sa i = s i
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
Hin: i ∈ List.map projT1 (List.map label_a a)
i ∈ List.map projT1 (List.map label_a a)
∨ i ∈ List.map projT1 (List.map label_a [x])
      by left.
    }message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
IHa: sa i = s i
sx i = s i

    rewrite <- IHa.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
IHa: sa i = s i
sx i = sa i
    replace sx with (snd (composite_apply_plan IM sa [x])) by (rewrite eq_x; done).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
IHa: sa i = s i
(composite_apply_plan IM sa [x]).2 i = sa i
    apply irrelevant_components_one.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
IHa: sa i = s i
i ≠ projT1 (label_a x)
    intros contra.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: i
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
IHa: sa i = s i
contra: i = projT1 (label_a x)
False
    rewrite contra in Hdif.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: projT1 (label_a x)
∉ List.map projT1 (List.map label_a a) ++
  List.map projT1 (List.map label_a [x])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
IHa: sa i = s i
contra: i = projT1 (label_a x)
False

    rewrite elem_of_app in Hdif; simpl in Hdif.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
Hdif: ¬ (projT1 (label_a x)
   ∈ List.map projT1 (List.map label_a a)
   ∨ projT1 (label_a x) ∈ [projT1 (label_a x)])
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
IHa: sa i = s i
contra: i = projT1 (label_a x)
False
    contradict Hdif.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
i: index
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
IHa: sa i = s i
contra: i = projT1 (label_a x)
projT1 (label_a x)
∈ List.map projT1 (List.map label_a a)
∨ projT1 (label_a x) ∈ [projT1 (label_a x)]
    subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s: composite_state IM
x: composite_plan_item IM
a: list (composite_plan_item IM)
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
tra: list transition_item
sa: composite_state IM
eq_a: composite_apply_plan IM s a = (tra, sa)
trx: list transition_item
sx: composite_state IM
eq_x: composite_apply_plan IM sa [x] = (trx, sx)
IHa: sa (projT1 (label_a x)) = s (projT1 (label_a x))
projT1 (label_a x)
∈ List.map projT1 (List.map label_a a)
∨ projT1 (label_a x) ∈ [projT1 (label_a x)]
    by right; left.
Qed.

(* Same as relevant_components_one but for multiple transitions. *)

Lemma relevant_components_free
  (s s' : state Free)
  (Hprs' : valid_state_prop Free s')
  (a : plan Free)
  (a_indices := List.map (@projT1 _ _) (List.map (@label_a _ _) a))
  (li : list index)
  (Heq : forall (i : index), i ∈ li -> (s' i) = (s i))
  (Hincl : a_indices ⊆ li)
  (Hpr : finite_valid_plan_from Free s a) :
  let res' := snd (apply_plan Free s' a) in
  let res := snd (apply_plan Free s a) in
  finite_valid_plan_from Free s' a /\
  (forall (i : index), i ∈ li -> (res' i) = res i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
Hprs': valid_state_prop Free s'
a: plan Free
a_indices:= List.map projT1 (List.map label_a a): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hpr: finite_valid_plan_from Free s a
let res' := (apply_plan Free s' a).2 in
let res := (apply_plan Free s a).2 in
finite_valid_plan_from Free s' a
∧ (∀ i : index, i ∈ li → res' i = res i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': state Free
Hprs': valid_state_prop Free s'
a: plan Free
a_indices:= List.map projT1 (List.map label_a a): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hpr: finite_valid_plan_from Free s a
let res' := (apply_plan Free s' a).2 in
let res := (apply_plan Free s a).2 in
finite_valid_plan_from Free s' a
∧ (∀ i : index, i ∈ li → res' i = res i)
  induction a using rev_ind; cbn in *; [by split; [constructor |] |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hpr: finite_valid_plan_from Free s (a ++ [x])
IHa: List.map projT1 (List.map label_a a) ⊆ li
→ finite_valid_plan_from Free s a
  → finite_valid_plan_from Free s' a
    ∧ (∀ i : index,
         i ∈ li
         → (apply_plan Free s' a).2 i =
           (apply_plan Free s a).2 i)
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  apply finite_valid_plan_from_app_iff in Hpr as [Hrem Hsingle].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: List.map projT1 (List.map label_a a) ⊆ li
→ finite_valid_plan_from Free s a
  → finite_valid_plan_from Free s' a
    ∧ (∀ i : index,
         i ∈ li
         → (apply_plan Free s' a).2 i =
           (apply_plan Free s a).2 i)
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  spec IHa.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: List.map projT1 (List.map label_a a) ⊆ li
→ finite_valid_plan_from Free s a
  → finite_valid_plan_from Free s' a
    ∧ (∀ i : index,
         i ∈ li
         → (apply_plan Free s' a).2 i =
           (apply_plan Free s a).2 i)
List.map projT1 (List.map label_a a) ⊆ li
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: finite_valid_plan_from Free s a
→ finite_valid_plan_from Free s' a
  ∧ (∀ i : index,
       i ∈ li
       → (apply_plan Free s' a).2 i =
         (apply_plan Free s a).2 i)
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  {message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: List.map projT1 (List.map label_a a) ⊆ li
→ finite_valid_plan_from Free s a
  → finite_valid_plan_from Free s' a
    ∧ (∀ i : index,
         i ∈ li
         → (apply_plan Free s' a).2 i =
           (apply_plan Free s a).2 i)
List.map projT1 (List.map label_a a) ⊆ li
    remember (List.map (@projT1 _ (fun n : index => label (IM n))) (List.map label_a a)) as small.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: List.map projT1 (List.map label_a a) ⊆ li
→ finite_valid_plan_from Free s a
  → finite_valid_plan_from Free s' a
    ∧ (∀ i : index,
         i ∈ li
         → (apply_plan Free s' a).2 i =
           (apply_plan Free s a).2 i)
small: list index
Heqsmall: small =
List.map projT1 (List.map label_a a)
List.map projT1 (List.map label_a a) ⊆ li
    transitivity a_indices; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: List.map projT1 (List.map label_a a) ⊆ li
→ finite_valid_plan_from Free s a
  → finite_valid_plan_from Free s' a
    ∧ (∀ i : index,
         i ∈ li
         → (apply_plan Free s' a).2 i =
           (apply_plan Free s a).2 i)
small: list index
Heqsmall: small =
List.map projT1 (List.map label_a a)
List.map projT1 (List.map label_a a) ⊆ a_indices
    unfold a_indices.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: List.map projT1 (List.map label_a a) ⊆ li
→ finite_valid_plan_from Free s a
  → finite_valid_plan_from Free s' a
    ∧ (∀ i : index,
         i ∈ li
         → (apply_plan Free s' a).2 i =
           (apply_plan Free s a).2 i)
small: list index
Heqsmall: small =
List.map projT1 (List.map label_a a)
List.map projT1 (List.map label_a a)
⊆ List.map projT1 (List.map label_a (a ++ [x]))
    intros e H; simpl.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: List.map projT1 (List.map label_a a) ⊆ li
→ finite_valid_plan_from Free s a
  → finite_valid_plan_from Free s' a
    ∧ (∀ i : index,
         i ∈ li
         → (apply_plan Free s' a).2 i =
           (apply_plan Free s a).2 i)
small: list index
Heqsmall: small =
List.map projT1 (List.map label_a a)
e: index
H: e ∈ List.map projT1 (List.map label_a a)
e ∈ List.map projT1 (List.map label_a (a ++ [x]))
    rewrite 2 map_app, elem_of_app.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: List.map projT1 (List.map label_a a) ⊆ li
→ finite_valid_plan_from Free s a
  → finite_valid_plan_from Free s' a
    ∧ (∀ i : index,
         i ∈ li
         → (apply_plan Free s' a).2 i =
           (apply_plan Free s a).2 i)
small: list index
Heqsmall: small =
List.map projT1 (List.map label_a a)
e: index
H: e ∈ List.map projT1 (List.map label_a a)
e ∈ List.map projT1 (List.map label_a a)
∨ e ∈ List.map projT1 (List.map label_a [x])
    by itauto.
  }message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: finite_valid_plan_from Free s a
→ finite_valid_plan_from Free s' a
  ∧ (∀ i : index,
       i ∈ li
       → (apply_plan Free s' a).2 i =
         (apply_plan Free s a).2 i)
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  spec IHa; [done |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHa: finite_valid_plan_from Free s' a
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' a).2 i =
       (apply_plan Free s a).2 i)
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  destruct IHa as [IHapr IHaind].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  specialize (relevant_components_one_free (snd (apply_plan Free s a))
    (snd (apply_plan Free s' a))) as Hrel.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrel: valid_state_prop Free (apply_plan Free s' a).2
→ ∀ ai : plan_item,
    let i := projT1 (label_a ai) in
    (apply_plan Free s a).2 i =
    (apply_plan Free s' a).2 i
    → finite_valid_plan_from Free
        (apply_plan Free s a).2 [ai]
      → let res' :=
          (apply_plan Free
             (apply_plan Free s' a).2 [ai]).2
          in
        let res :=
          (apply_plan Free
             (apply_plan Free s a).2 [ai]).2 in
        finite_valid_plan_from Free
          (apply_plan Free s' a).2 [ai]
        ∧ res' i = res i
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  spec Hrel; [by apply apply_plan_last_valid; itauto |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrel: ∀ ai : plan_item,
  let i := projT1 (label_a ai) in
  (apply_plan Free s a).2 i =
  (apply_plan Free s' a).2 i
  → finite_valid_plan_from Free
      (apply_plan Free s a).2 [ai]
    → let res' :=
        (apply_plan Free
           (apply_plan Free s' a).2 [ai]).2 in
      let res :=
        (apply_plan Free
           (apply_plan Free s a).2 [ai]).2 in
      finite_valid_plan_from Free
        (apply_plan Free s' a).2 [ai]
      ∧ res' i = res i
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  specialize (Hrel x); simpl in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrel: (apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
→ finite_valid_plan_from Free
    (apply_plan Free s a).2 [x]
  → finite_valid_plan_from Free
      (apply_plan Free s' a).2 [x]
    ∧ (apply_plan Free 
         (apply_plan Free s' a).2 [x]).2
        (projT1 (label_a x)) =
      (apply_plan Free 
         (apply_plan Free s a).2 [x]).2
        (projT1 (label_a x))
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  spec Hrel.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrel: (apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
→ finite_valid_plan_from Free
    (apply_plan Free s a).2 [x]
  → finite_valid_plan_from Free
      (apply_plan Free s' a).2 [x]
    ∧ (apply_plan Free 
         (apply_plan Free s' a).2 [x]).2
        (projT1 (label_a x)) =
      (apply_plan Free 
         (apply_plan Free s a).2 [x]).2
        (projT1 (label_a x))
(apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrel: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
→ finite_valid_plan_from Free
    (apply_plan Free s' a).2 [x]
  ∧ (apply_plan Free (apply_plan Free s' a).2
       [x]).2 (projT1 (label_a x)) =
    (apply_plan Free (apply_plan Free s a).2
       [x]).2 (projT1 (label_a x))
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  {message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrel: (apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
→ finite_valid_plan_from Free
    (apply_plan Free s a).2 [x]
  → finite_valid_plan_from Free
      (apply_plan Free s' a).2 [x]
    ∧ (apply_plan Free 
         (apply_plan Free s' a).2 [x]).2
        (projT1 (label_a x)) =
      (apply_plan Free 
         (apply_plan Free s a).2 [x]).2
        (projT1 (label_a x))
(apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
    specialize (IHaind (projT1 (label_a x))).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: projT1 (label_a x) ∈ li
→ (apply_plan Free s' a).2
    (projT1 (label_a x)) =
  (apply_plan Free s a).2
    (projT1 (label_a x))
Hrel: (apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
→ finite_valid_plan_from Free
    (apply_plan Free s a).2 [x]
  → finite_valid_plan_from Free
      (apply_plan Free s' a).2 [x]
    ∧ (apply_plan Free 
         (apply_plan Free s' a).2 [x]).2
        (projT1 (label_a x)) =
      (apply_plan Free 
         (apply_plan Free s a).2 [x]).2
        (projT1 (label_a x))
(apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
    symmetry.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: projT1 (label_a x) ∈ li
→ (apply_plan Free s' a).2
    (projT1 (label_a x)) =
  (apply_plan Free s a).2
    (projT1 (label_a x))
Hrel: (apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
→ finite_valid_plan_from Free
    (apply_plan Free s a).2 [x]
  → finite_valid_plan_from Free
      (apply_plan Free s' a).2 [x]
    ∧ (apply_plan Free 
         (apply_plan Free s' a).2 [x]).2
        (projT1 (label_a x)) =
      (apply_plan Free 
         (apply_plan Free s a).2 [x]).2
        (projT1 (label_a x))
(apply_plan Free s' a).2 (projT1 (label_a x)) =
(apply_plan Free s a).2 (projT1 (label_a x))
    apply IHaind.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: projT1 (label_a x) ∈ li
→ (apply_plan Free s' a).2
    (projT1 (label_a x)) =
  (apply_plan Free s a).2
    (projT1 (label_a x))
Hrel: (apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
→ finite_valid_plan_from Free
    (apply_plan Free s a).2 [x]
  → finite_valid_plan_from Free
      (apply_plan Free s' a).2 [x]
    ∧ (apply_plan Free 
         (apply_plan Free s' a).2 [x]).2
        (projT1 (label_a x)) =
      (apply_plan Free 
         (apply_plan Free s a).2 [x]).2
        (projT1 (label_a x))
projT1 (label_a x) ∈ li
    specialize (Hincl (projT1 (label_a x))).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: projT1 (label_a x) ∈ a_indices
→ projT1 (label_a x) ∈ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: projT1 (label_a x) ∈ li
→ (apply_plan Free s' a).2
    (projT1 (label_a x)) =
  (apply_plan Free s a).2
    (projT1 (label_a x))
Hrel: (apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
→ finite_valid_plan_from Free
    (apply_plan Free s a).2 [x]
  → finite_valid_plan_from Free
      (apply_plan Free s' a).2 [x]
    ∧ (apply_plan Free 
         (apply_plan Free s' a).2 [x]).2
        (projT1 (label_a x)) =
      (apply_plan Free 
         (apply_plan Free s a).2 [x]).2
        (projT1 (label_a x))
projT1 (label_a x) ∈ li
    apply Hincl.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: projT1 (label_a x) ∈ a_indices
→ projT1 (label_a x) ∈ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: projT1 (label_a x) ∈ li
→ (apply_plan Free s' a).2
    (projT1 (label_a x)) =
  (apply_plan Free s a).2
    (projT1 (label_a x))
Hrel: (apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
→ finite_valid_plan_from Free
    (apply_plan Free s a).2 [x]
  → finite_valid_plan_from Free
      (apply_plan Free s' a).2 [x]
    ∧ (apply_plan Free 
         (apply_plan Free s' a).2 [x]).2
        (projT1 (label_a x)) =
      (apply_plan Free 
         (apply_plan Free s a).2 [x]).2
        (projT1 (label_a x))
projT1 (label_a x) ∈ a_indices
    unfold a_indices.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: projT1 (label_a x) ∈ a_indices
→ projT1 (label_a x) ∈ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: projT1 (label_a x) ∈ li
→ (apply_plan Free s' a).2
    (projT1 (label_a x)) =
  (apply_plan Free s a).2
    (projT1 (label_a x))
Hrel: (apply_plan Free s a).2 (projT1 (label_a x)) =
(apply_plan Free s' a).2 (projT1 (label_a x))
→ finite_valid_plan_from Free
    (apply_plan Free s a).2 [x]
  → finite_valid_plan_from Free
      (apply_plan Free s' a).2 [x]
    ∧ (apply_plan Free 
         (apply_plan Free s' a).2 [x]).2
        (projT1 (label_a x)) =
      (apply_plan Free 
         (apply_plan Free s a).2 [x]).2
        (projT1 (label_a x))
projT1 (label_a x)
∈ List.map projT1 (List.map label_a (a ++ [x]))
    by rewrite 2 map_app, elem_of_app; right; left.
  }message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrel: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
→ finite_valid_plan_from Free
    (apply_plan Free s' a).2 [x]
  ∧ (apply_plan Free (apply_plan Free s' a).2
       [x]).2 (projT1 (label_a x)) =
    (apply_plan Free (apply_plan Free s a).2
       [x]).2 (projT1 (label_a x))
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  specialize (Hrel Hsingle).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrel: finite_valid_plan_from Free
  (apply_plan Free s' a).2 [x]
∧ (apply_plan Free (apply_plan Free s' a).2 [x]).2
    (projT1 (label_a x)) =
  (apply_plan Free (apply_plan Free s a).2 [x]).2
    (projT1 (label_a x))
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  destruct Hrel as [Hrelpr Hrelind].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrelpr: finite_valid_plan_from Free
  (apply_plan Free s' a).2 [x]
Hrelind: (apply_plan Free (apply_plan Free s' a).2
   [x]).2 (projT1 (label_a x)) =
(apply_plan Free (apply_plan Free s a).2 [x]).2
  (projT1 (label_a x))
finite_valid_plan_from Free s' (a ++ [x])
∧ (∀ i : index,
     i ∈ li
     → (apply_plan Free s' (a ++ [x])).2 i =
       (apply_plan Free s (a ++ [x])).2 i)
  split; [by apply finite_valid_plan_from_app_iff; split |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrelpr: finite_valid_plan_from Free
  (apply_plan Free s' a).2 [x]
Hrelind: (apply_plan Free (apply_plan Free s' a).2
   [x]).2 (projT1 (label_a x)) =
(apply_plan Free (apply_plan Free s a).2 [x]).2
  (projT1 (label_a x))
∀ i : index,
  i ∈ li
  → (apply_plan Free s' (a ++ [x])).2 i =
    (apply_plan Free s (a ++ [x])).2 i
  intros i Hi.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrelpr: finite_valid_plan_from Free
  (apply_plan Free s' a).2 [x]
Hrelind: (apply_plan Free (apply_plan Free s' a).2
   [x]).2 (projT1 (label_a x)) =
(apply_plan Free (apply_plan Free s a).2 [x]).2
  (projT1 (label_a x))
i: index
Hi: i ∈ li
(apply_plan Free s' (a ++ [x])).2 i =
(apply_plan Free s (a ++ [x])).2 i
  rewrite !apply_plan_app.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
IHaind: ∀ i : index,
  i ∈ li
  → (apply_plan Free s' a).2 i =
    (apply_plan Free s a).2 i
Hrelpr: finite_valid_plan_from Free
  (apply_plan Free s' a).2 [x]
Hrelind: (apply_plan Free (apply_plan Free s' a).2
   [x]).2 (projT1 (label_a x)) =
(apply_plan Free (apply_plan Free s a).2 [x]).2
  (projT1 (label_a x))
i: index
Hi: i ∈ li
(let (aitems, afinal) := apply_plan Free s' a in
 let (a'items, a'final) :=
   apply_plan Free afinal [x] in
 (aitems ++ a'items, a'final)).2 i =
(let (aitems, afinal) := apply_plan Free s a in
 let (a'items, a'final) :=
   apply_plan Free afinal [x] in
 (aitems ++ a'items, a'final)).2 i
  destruct (apply_plan Free s' a) as [tra' sa'] eqn: eq_as'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
Hsingle: finite_valid_plan_from Free
  (apply_plan Free s a).2 [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': state Free
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index,
  i ∈ li
  → (tra', sa').2 i =
    (apply_plan Free s a).2 i
Hrelpr: finite_valid_plan_from Free (tra', sa').2 [x]
Hrelind: (apply_plan Free (tra', sa').2 [x]).2
  (projT1 (label_a x)) =
(apply_plan Free (apply_plan Free s a).2 [x]).2
  (projT1 (label_a x))
i: index
Hi: i ∈ li
(let (a'items, a'final) := apply_plan Free sa' [x] in
 (tra' ++ a'items, a'final)).2 i =
(let (aitems, afinal) := apply_plan Free s a in
 let (a'items, a'final) :=
   apply_plan Free afinal [x] in
 (aitems ++ a'items, a'final)).2 i
  destruct (apply_plan Free s a) as [tra sa] eqn: eq_as.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: state Free
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free (tra, sa).2 [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': state Free
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index,
  i ∈ li → (tra', sa').2 i = (tra, sa).2 i
Hrelpr: finite_valid_plan_from Free (tra', sa').2 [x]
Hrelind: (apply_plan Free (tra', sa').2 [x]).2
  (projT1 (label_a x)) =
(apply_plan Free (tra, sa).2 [x]).2
  (projT1 (label_a x))
i: index
Hi: i ∈ li
(let (a'items, a'final) := apply_plan Free sa' [x] in
 (tra' ++ a'items, a'final)).2 i =
(let (a'items, a'final) := apply_plan Free sa [x] in
 (tra ++ a'items, a'final)).2 i
  simpl in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
Hrelind: (apply_plan Free sa' [x]).2
  (projT1 (label_a x)) =
(apply_plan Free sa [x]).2
  (projT1 (label_a x))
i: index
Hi: i ∈ li
(let (a'items, a'final) := apply_plan Free sa' [x] in
 (tra' ++ a'items, a'final)).2 i =
(let (a'items, a'final) := apply_plan Free sa [x] in
 (tra ++ a'items, a'final)).2 i
  destruct (apply_plan Free sa [x]) as [trx sx] eqn: eq_xsa.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: state Free
eq_xsa: apply_plan Free sa [x] = (trx, sx)
Hrelind: (apply_plan Free sa' [x]).2
  (projT1 (label_a x)) =
(trx, sx).2 (projT1 (label_a x))
i: index
Hi: i ∈ li
(let (a'items, a'final) := apply_plan Free sa' [x] in
 (tra' ++ a'items, a'final)).2 i =
(tra ++ trx, sx).2 i
  destruct (apply_plan Free sa' [x]) as [trx' sx'] eqn: eq_xsa'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: state Free
eq_xsa: apply_plan Free sa [x] = (trx, sx)
trx': list transition_item
sx': state Free
eq_xsa': apply_plan Free sa' [x] = (trx', sx')
Hrelind: (trx', sx').2 (projT1 (label_a x)) =
(trx, sx).2 (projT1 (label_a x))
i: index
Hi: i ∈ li
(tra' ++ trx', sx').2 i = (tra ++ trx, sx).2 i
  simpl in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: composite_state IM
eq_xsa: apply_plan Free sa [x] = (trx, sx)
trx': list transition_item
sx': composite_state IM
eq_xsa': apply_plan Free sa' [x] = (trx', sx')
Hrelind: sx' (projT1 (label_a x)) =
sx (projT1 (label_a x))
i: index
Hi: i ∈ li
sx' i = sx i
  destruct (decide (i = (projT1 (label_a x)))); [by rewrite e |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: composite_state IM
eq_xsa: apply_plan Free sa [x] = (trx, sx)
trx': list transition_item
sx': composite_state IM
eq_xsa': apply_plan Free sa' [x] = (trx', sx')
Hrelind: sx' (projT1 (label_a x)) =
sx (projT1 (label_a x))
i: index
Hi: i ∈ li
n: i ≠ projT1 (label_a x)
sx' i = sx i
  apply (f_equal snd) in eq_xsa, eq_xsa'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: composite_state IM
eq_xsa: (apply_plan Free sa [x]).2 = (trx, sx).2
trx': list transition_item
sx': composite_state IM
eq_xsa': (apply_plan Free sa' [x]).2 = (trx', sx').2
Hrelind: sx' (projT1 (label_a x)) =
sx (projT1 (label_a x))
i: index
Hi: i ∈ li
n: i ≠ projT1 (label_a x)
sx' i = sx i
  replace sx' with (snd (composite_apply_plan IM sa' [x])).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: composite_state IM
eq_xsa: (apply_plan Free sa [x]).2 = (trx, sx).2
trx': list transition_item
sx': composite_state IM
eq_xsa': (apply_plan Free sa' [x]).2 = (trx', sx').2
Hrelind: sx' (projT1 (label_a x)) =
sx (projT1 (label_a x))
i: index
Hi: i ∈ li
n: i ≠ projT1 (label_a x)
(composite_apply_plan IM sa' [x]).2 i = sx i
  replace sx with (snd (composite_apply_plan IM sa [x])).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: composite_state IM
eq_xsa: (apply_plan Free sa [x]).2 = (trx, sx).2
trx': list transition_item
sx': composite_state IM
eq_xsa': (apply_plan Free sa' [x]).2 = (trx', sx').2
Hrelind: sx' (projT1 (label_a x)) =
sx (projT1 (label_a x))
i: index
Hi: i ∈ li
n: i ≠ projT1 (label_a x)
(composite_apply_plan IM sa' [x]).2 i =
(composite_apply_plan IM sa [x]).2 i
  specialize (irrelevant_components_one sa x i n) as Hdiff.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: composite_state IM
eq_xsa: (apply_plan Free sa [x]).2 = (trx, sx).2
trx': list transition_item
sx': composite_state IM
eq_xsa': (apply_plan Free sa' [x]).2 = (trx', sx').2
Hrelind: sx' (projT1 (label_a x)) =
sx (projT1 (label_a x))
i: index
Hi: i ∈ li
n: i ≠ projT1 (label_a x)
Hdiff: let res := (composite_apply_plan IM sa [x]).2
  in
res i = sa i
(composite_apply_plan IM sa' [x]).2 i =
(composite_apply_plan IM sa [x]).2 i
  specialize (irrelevant_components_one sa' x i n) as Hdiff0.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: composite_state IM
eq_xsa: (apply_plan Free sa [x]).2 = (trx, sx).2
trx': list transition_item
sx': composite_state IM
eq_xsa': (apply_plan Free sa' [x]).2 = (trx', sx').2
Hrelind: sx' (projT1 (label_a x)) =
sx (projT1 (label_a x))
i: index
Hi: i ∈ li
n: i ≠ projT1 (label_a x)
Hdiff: let res := (composite_apply_plan IM sa [x]).2
  in
res i = sa i
Hdiff0: let res :=
  (composite_apply_plan IM sa' [x]).2 in
res i = sa' i
(composite_apply_plan IM sa' [x]).2 i =
(composite_apply_plan IM sa [x]).2 i
  setoid_rewrite Hdiff.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: composite_state IM
eq_xsa: (apply_plan Free sa [x]).2 = (trx, sx).2
trx': list transition_item
sx': composite_state IM
eq_xsa': (apply_plan Free sa' [x]).2 = (trx', sx').2
Hrelind: sx' (projT1 (label_a x)) =
sx (projT1 (label_a x))
i: index
Hi: i ∈ li
n: i ≠ projT1 (label_a x)
Hdiff: let res := (composite_apply_plan IM sa [x]).2
  in
res i = sa i
Hdiff0: let res :=
  (composite_apply_plan IM sa' [x]).2 in
res i = sa' i
(composite_apply_plan IM sa' [x]).2 i = sa i
  setoid_rewrite Hdiff0.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s, s': composite_state IM
Hprs': valid_state_prop Free s'
x: plan_item
a: list plan_item
a_indices:= List.map projT1
  (List.map label_a (a ++ [x])): list index
li: list index
Heq: ∀ i : index, i ∈ li → s' i = s i
Hincl: a_indices ⊆ li
Hrem: finite_valid_plan_from Free s a
tra: list transition_item
sa: composite_state IM
eq_as: apply_plan Free s a = (tra, sa)
Hsingle: finite_valid_plan_from Free sa [x]
IHapr: finite_valid_plan_from Free s' a
tra': list transition_item
sa': composite_state IM
eq_as': apply_plan Free s' a = (tra', sa')
IHaind: ∀ i : index, i ∈ li → sa' i = sa i
Hrelpr: finite_valid_plan_from Free sa' [x]
trx: list transition_item
sx: composite_state IM
eq_xsa: (apply_plan Free sa [x]).2 = (trx, sx).2
trx': list transition_item
sx': composite_state IM
eq_xsa': (apply_plan Free sa' [x]).2 = (trx', sx').2
Hrelind: sx' (projT1 (label_a x)) =
sx (projT1 (label_a x))
i: index
Hi: i ∈ li
n: i ≠ projT1 (label_a x)
Hdiff: let res := (composite_apply_plan IM sa [x]).2
  in
res i = sa i
Hdiff0: let res :=
  (composite_apply_plan IM sa' [x]).2 in
res i = sa' i
sa' i = sa i
  by apply IHaind.
Qed.

End sec_composite_plan_properties.

Properties of the empty composition

Section sec_empty_composition_properties.

Context
  {message : Type}
  `{finite.Finite index}
  (IM : index -> VLSM message)
  (constraint : composite_label IM -> composite_state IM * option message -> Prop)
  (X := composite_vlsm IM constraint)
  (Hempty_index : enum index = [])
  .

Lemma empty_composition_no_index
  (i : index)
  : False.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
i: index
False
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
i: index
False
  by specialize (elem_of_enum i); rewrite Hempty_index; apply not_elem_of_nil.
Qed.

Lemma empty_composition_single_state
  (s : composite_state IM)
  : s = (proj1_sig (composite_s0 IM)).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
s: composite_state IM
s = `(composite_s0 IM)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
s: composite_state IM
s = `(composite_s0 IM)
  by extensionality i; elim (empty_composition_no_index i).
Qed.

Lemma empty_composition_no_label
  (l : composite_label IM)
  : False.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
l: composite_label IM
False
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
l: composite_label IM
False
  by destruct l as [i _]; elim (empty_composition_no_index i).
Qed.

Lemma empty_composition_no_initial_message
  : forall m, ~ composite_initial_message_prop IM m.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
∀ m : message, ¬ composite_initial_message_prop IM m
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
∀ m : message, ¬ composite_initial_message_prop IM m
  by intros m [i _]; elim (empty_composition_no_index i).
Qed.

Lemma empty_composition_no_emit
  : forall m, ~ can_emit X m.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
∀ m : message, ¬ can_emit X m
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
∀ m : message, ¬ can_emit X m
  by intros m [s' [l _]]; elim (empty_composition_no_label l).
Qed.

Lemma empty_composition_no_valid_message
  : forall m, ~ valid_message_prop X m.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
∀ m : message, ¬ valid_message_prop X m
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
∀ m : message, ¬ valid_message_prop X m
  intros m Hm.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
m: message
Hm: valid_message_prop X m
False
  apply emitted_messages_are_valid_iff in Hm as [Hinit | Hemit].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
m: message
Hinit: initial_message_prop m
False
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
m: message
Hemit: can_emit X m
False
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
m: message
Hinit: initial_message_prop m
False by elim (empty_composition_no_initial_message _ Hinit).
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
m: message
Hemit: can_emit X m
False by elim (empty_composition_no_emit _ Hemit).
Qed.

Lemma preloaded_empty_composition_no_emit
  (seed : message -> Prop)
  (PreX := preloaded_vlsm X seed)
  : forall m, ~ can_emit PreX m.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
seed: message → Prop
PreX:= preloaded_vlsm X seed: VLSM message
∀ m : message, ¬ can_emit PreX m
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
seed: message → Prop
PreX:= preloaded_vlsm X seed: VLSM message
∀ m : message, ¬ can_emit PreX m
  by intros m [s' [l _]]; elim (empty_composition_no_label l).
Qed.

Lemma preloaded_empty_free_composition_no_emit
  (seed : message -> Prop)
  (PreX := preloaded_vlsm (free_composite_vlsm IM) seed)
  : forall m, ~ can_emit PreX m.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
seed: message → Prop
PreX:= preloaded_vlsm (free_composite_vlsm IM) seed: VLSM message
∀ m : message, ¬ can_emit PreX m
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
seed: message → Prop
PreX:= preloaded_vlsm (free_composite_vlsm IM) seed: VLSM message
∀ m : message, ¬ can_emit PreX m
  by intros m [s' [l _]]; elim (empty_composition_no_label l).
Qed.

Lemma preloaded_with_all_empty_composition_no_emit
  : forall m, ~ can_emit (preloaded_with_all_messages_vlsm X) m.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
∀ m : message,
  ¬ can_emit (preloaded_with_all_messages_vlsm X) m
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
Hempty_index: enum index = []
∀ m : message,
  ¬ can_emit (preloaded_with_all_messages_vlsm X) m
  by intros m [s' [l _]]; elim (empty_composition_no_label l).
Qed.

End sec_empty_composition_properties.

Properties of extensionally-equal indexed compositions

If two indexed sets of VLSMs are extensionally-equal, then we can establish a VLSM_embedding between their compositions with subsumable constraints (and preloaded with the same set of messages).

Section sec_same_IM_embedding.

Context
  {message : Type}
  `{EqDecision index}
  (IM1 IM2 : index -> VLSM message)
  (Heq : forall i, IM1 i = IM2 i)
  .

Definition same_IM_label_rew
  (l1 : composite_label IM1)
  : composite_label IM2 :=
  existT (projT1 l1) (same_VLSM_label_rew (Heq (projT1 l1)) (projT2 l1)).

Definition same_IM_state_rew
  (s1 : composite_state IM1)
  : composite_state IM2 :=
  fun i => same_VLSM_state_rew (Heq i) (s1 i).

Section sec_preloaded_constrained.

Context
  (constraint1 : composite_label IM1 -> composite_state IM1 * option message -> Prop)
  (constraint2 : composite_label IM2 -> composite_state IM2 * option message -> Prop)
  (constraint_projection
    : forall s1, constrained_state_prop (free_composite_vlsm IM1) s1 ->
      forall l1 om, constraint1 l1 (s1, om) ->
    constraint2 (same_IM_label_rew l1) (same_IM_state_rew s1, om))
  (seed : message -> Prop)
  .

Lemma same_IM_embedding
  : VLSM_embedding
    (preloaded_vlsm (composite_vlsm IM1 constraint1) seed)
    (preloaded_vlsm (composite_vlsm IM2 constraint2) seed)
    same_IM_label_rew
    same_IM_state_rew.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
VLSM_embedding
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
  (preloaded_vlsm (composite_vlsm IM2 constraint2)
     seed) same_IM_label_rew same_IM_state_rew
Proof.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
VLSM_embedding
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
  (preloaded_vlsm (composite_vlsm IM2 constraint2)
     seed) same_IM_label_rew same_IM_state_rew
  apply basic_VLSM_embedding; intros l **.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, om)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
valid (same_IM_label_rew l) (same_IM_state_rew s, om)
message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
s': state
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed)
om': option message
H: input_valid_transition
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed) l (s, om) (s', om')
transition (same_IM_label_rew l)
  (same_IM_state_rew s, om) =
(same_IM_state_rew s', om')
message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
H: initial_state_prop l
initial_state_prop (same_IM_state_rew l)
message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HmX: initial_message_prop m
valid_message_prop
  (preloaded_vlsm (composite_vlsm IM2 constraint2)
     seed) m
  -message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, om)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
valid (same_IM_label_rew l) (same_IM_state_rew s, om) destruct Hv as [Hs [Hom [Hv Hc]]].message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
Hv: valid l (s, om)
Hc: constraint1 l (s, om)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
valid (same_IM_label_rew l) (same_IM_state_rew s, om)
    apply constraint_projection in Hc; cycle 1.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
Hv: valid l (s, om)
Hc: constraint1 l (s, om)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
constrained_state_prop (free_composite_vlsm IM1) s
message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
Hv: valid l (s, om)
Hc: constraint2 (same_IM_label_rew l)
  (same_IM_state_rew s, om)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
valid (same_IM_label_rew l) (same_IM_state_rew s, om)
    +message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
Hv: valid l (s, om)
Hc: constraint1 l (s, om)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
constrained_state_prop (free_composite_vlsm IM1) s apply VLSM_incl_valid_state; [| done].message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
Hv: valid l (s, om)
Hc: constraint1 l (s, om)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
VLSM_incl_part
  (preloaded_vlsm_machine
     (composite_vlsm IM1 constraint1) seed)
  (preloaded_vlsm_machine (free_composite_vlsm IM1)
     (λ _ : message, True))
      by apply constrained_preloaded_vlsm_incl_preloaded_with_all_messages.
    +message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
Hv: valid l (s, om)
Hc: constraint2 (same_IM_label_rew l)
  (same_IM_state_rew s, om)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
valid (same_IM_label_rew l) (same_IM_state_rew s, om) split; [| done].message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
Hv: valid l (s, om)
Hc: constraint2 (same_IM_label_rew l)
  (same_IM_state_rew s, om)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
valid (same_IM_label_rew l) (same_IM_state_rew s, om)
      clear Hc.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
Hv: valid l (s, om)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
valid (same_IM_label_rew l) (same_IM_state_rew s, om) revert Hv.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
valid l (s, om)
→ valid (same_IM_label_rew l)
    (same_IM_state_rew s, om) destruct l as (i, li).message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
valid (existT i li) (s, om)
→ valid (same_IM_label_rew (existT i li))
    (same_IM_state_rew s, om) cbn.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
Hs: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) s
Hom: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) om
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HomY: option_valid_message_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed) om
valid li (s i, om)
→ valid (same_VLSM_label_rew (Heq i) li)
    (same_IM_state_rew s i, om)
      by apply same_VLSM_valid_preservation.
  -message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
s': state
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed)
om': option message
H: input_valid_transition
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed) l (s, om) (s', om')
transition (same_IM_label_rew l)
  (same_IM_state_rew s, om) =
(same_IM_state_rew s', om') apply proj2 in H.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
s': state
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed)
om': option message
H: transition l (s, om) = (s', om')
transition (same_IM_label_rew l)
  (same_IM_state_rew s, om) =
(same_IM_state_rew s', om') revert H.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
s': state
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed)
om': option message
transition l (s, om) = (s', om')
→ transition (same_IM_label_rew l)
    (same_IM_state_rew s, om) =
  (same_IM_state_rew s', om') destruct l as (i, li).message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
s': state
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed)
om': option message
transition (existT i li) (s, om) = (s', om')
→ transition (same_IM_label_rew (existT i li))
    (same_IM_state_rew s, om) =
  (same_IM_state_rew s', om') cbn.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
s': state
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed)
om': option message
(let (si', om') := transition li (s i, om) in
 (state_update IM1 s i si', om')) = (s', om')
→ (let (si', om') :=
     transition (same_VLSM_label_rew (Heq i) li)
       (same_IM_state_rew s i, om) in
   (state_update IM2 (same_IM_state_rew s) i si', om')) =
  (same_IM_state_rew s', om')
    destruct (transition (IM1 i) _ _) as (si'1, _om') eqn: Ht1.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
s': state
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed)
om': option message
si'1: state (IM1 i)
_om': option message
Ht1: transition li (s i, om) = (si'1, _om')
(state_update IM1 s i si'1, _om') = (s', om')
→ (let (si', om') :=
     transition (same_VLSM_label_rew (Heq i) li)
       (same_IM_state_rew s i, om) in
   (state_update IM2 (same_IM_state_rew s) i si', om')) =
  (same_IM_state_rew s', om')
    unfold same_IM_state_rew at 1.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
s': state
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed)
om': option message
si'1: state (IM1 i)
_om': option message
Ht1: transition li (s i, om) = (si'1, _om')
(state_update IM1 s i si'1, _om') = (s', om')
→ (let (si', om') :=
     transition (same_VLSM_label_rew (Heq i) li)
       (same_VLSM_state_rew (Heq i) (s i), om) in
   (state_update IM2 (same_IM_state_rew s) i si', om')) =
  (same_IM_state_rew s', om')
    erewrite same_VLSM_transition_preservation; [| done].message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om: option message
s': state
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed)
om': option message
si'1: state (IM1 i)
_om': option message
Ht1: transition li (s i, om) = (si'1, _om')
(state_update IM1 s i si'1, _om') = (s', om')
→ (state_update IM2 (same_IM_state_rew s) i
     (same_VLSM_state_rew (Heq i) si'1), _om') =
  (same_IM_state_rew s', om')
    inversion 1; subst; clear H.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om, om': option message
si'1: state (IM1 i)
Ht1: transition li (s i, om) = (si'1, om')
(state_update IM2 (same_IM_state_rew s) i
   (same_VLSM_state_rew (Heq i) si'1), om') =
(same_IM_state_rew (state_update IM1 s i si'1), om')
    f_equal.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om, om': option message
si'1: state (IM1 i)
Ht1: transition li (s i, om) = (si'1, om')
state_update IM2 (same_IM_state_rew s) i
  (same_VLSM_state_rew (Heq i) si'1) =
same_IM_state_rew (state_update IM1 s i si'1) extensionality j.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om, om': option message
si'1: state (IM1 i)
Ht1: transition li (s i, om) = (si'1, om')
j: index
state_update IM2 (same_IM_state_rew s) i
  (same_VLSM_state_rew (Heq i) si'1) j =
same_IM_state_rew (state_update IM1 s i si'1) j
    unfold same_IM_state_rew at 2.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
i: index
li: label (IM1 i)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
om, om': option message
si'1: state (IM1 i)
Ht1: transition li (s i, om) = (si'1, om')
j: index
state_update IM2 (same_IM_state_rew s) i
  (same_VLSM_state_rew (Heq i) si'1) j =
same_VLSM_state_rew (Heq j)
  (state_update IM1 s i si'1 j)
    by destruct (decide (i = j)); subst; state_update_simpl.
  -message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
H: initial_state_prop l
initial_state_prop (same_IM_state_rew l) by intros i; apply same_VLSM_initial_state_preservation, H.
  -message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HmX: initial_message_prop m
valid_message_prop
  (preloaded_vlsm (composite_vlsm IM2 constraint2)
     seed) m apply initial_message_is_valid.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
HmX: initial_message_prop m
initial_message_prop m
    destruct HmX as [[i [[im Him] Hi]] | Hseed]; [| by right].message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
i: index
im: message
Him: initial_message_prop im
Hi: `(im ↾ Him) = m
initial_message_prop m
    simpl in Hi.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
i: index
im: message
Him: initial_message_prop im
Hi: im = m
initial_message_prop m subst im.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
i: index
Him: initial_message_prop m
initial_message_prop m
    cbn.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
i: index
Him: initial_message_prop m
composite_initial_message_prop IM2 m ∨ seed m unfold composite_initial_message_prop.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
i: index
Him: initial_message_prop m
(∃ (n : index) (mi : initial_message (IM2 n)), `mi = m)
∨ seed m
    left; exists i.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
i: index
Him: initial_message_prop m
∃ mi : initial_message (IM2 i), `mi = m
    unshelve esplit.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
i: index
Him: initial_message_prop m
initial_message (IM2 i)
message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
i: index
Him: initial_message_prop m
`?mi = m
    +message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
i: index
Him: initial_message_prop m
initial_message (IM2 i) by exists m; eapply same_VLSM_initial_message_preservation; eauto.
    +message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
constraint1: composite_label IM1
→ composite_state IM1 * option message
  → Prop
constraint2: composite_label IM2
→ composite_state IM2 * option message
  → Prop
constraint_projection: ∀ s1 : state
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm
               IM1)),
  constrained_state_prop
    (free_composite_vlsm IM1)
    s1
  → ∀ (l1 : composite_label
              IM1) (om : 
                    option
                      message),
      constraint1 l1 (s1, om)
      → constraint2
          (same_IM_label_rew
             l1)
          (same_IM_state_rew
             s1, om)
seed: message → Prop
l: label
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
s: state
  (preloaded_vlsm (composite_vlsm IM1 constraint1)
     seed)
m: message
Hv: input_valid
  (preloaded_vlsm
     (composite_vlsm IM1 constraint1) seed) l
  (s, Some m)
HsY: valid_state_prop
  (preloaded_vlsm
     (composite_vlsm IM2 constraint2) seed)
  (same_IM_state_rew s)
i: index
Him: initial_message_prop m
`(m
  ↾ same_VLSM_initial_message_preservation (IM1 i)
      (IM2 i) (Heq i) m Him) = m done.
Qed.

End sec_preloaded_constrained.

Lemma same_IM_preloaded_free_embedding :
  VLSM_embedding
    (preloaded_with_all_messages_vlsm (free_composite_vlsm IM1))
    (preloaded_with_all_messages_vlsm (free_composite_vlsm IM2))
    same_IM_label_rew
    same_IM_state_rew.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
VLSM_embedding
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM1))
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM2)) same_IM_label_rew
  same_IM_state_rew
Proof.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
VLSM_embedding
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM1))
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM2)) same_IM_label_rew
  same_IM_state_rew
  constructor.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
∀ (sX : state
          (preloaded_with_all_messages_vlsm
             (free_composite_vlsm IM1))) (trX : list
                                                 transition_item),
  finite_valid_trace
    (preloaded_with_all_messages_vlsm
       (free_composite_vlsm IM1)) sX trX
  → finite_valid_trace
      (preloaded_with_all_messages_vlsm
         (free_composite_vlsm IM2))
      (same_IM_state_rew sX)
      (pre_VLSM_embedding_finite_trace_project
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm IM1))
         (preloaded_with_all_messages_vlsm
            (free_composite_vlsm IM2))
         same_IM_label_rew same_IM_state_rew trX)
  intros s1 tr1 Htr1.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
s1: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM1))
tr1: list transition_item
Htr1: finite_valid_trace
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM1)) s1 tr1
finite_valid_trace
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM2)) (same_IM_state_rew s1)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM1))
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM2)) same_IM_label_rew
     same_IM_state_rew tr1)
  eapply VLSM_incl_finite_valid_trace in Htr1; [| by apply preloaded_free_composite_vlsm_spec].message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
s1: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM1))
tr1: list transition_item
Htr1: finite_valid_trace
  {|
    vlsm_type := free_composite_vlsm IM1;
    vlsm_machine :=
      {|
        vlsm_type :=
          preloaded_vlsm
            (free_composite_vlsm IM1)
            (λ _ : message, True);
        vlsm_machine :=
          preloaded_vlsm
            (composite_vlsm IM1
               (free_constraint IM1))
            (λ _ : message, True)
      |}
  |} s1 tr1
finite_valid_trace
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM2)) (same_IM_state_rew s1)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM1))
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM2)) same_IM_label_rew
     same_IM_state_rew tr1)
  pose proof (Hproj := same_IM_embedding (free_constraint IM1) (free_constraint IM2)
    ltac:(done) (fun _ => True)).message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
s1: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM1))
tr1: list transition_item
Htr1: finite_valid_trace
  {|
    vlsm_type := free_composite_vlsm IM1;
    vlsm_machine :=
      {|
        vlsm_type :=
          preloaded_vlsm
            (free_composite_vlsm IM1)
            (λ _ : message, True);
        vlsm_machine :=
          preloaded_vlsm
            (composite_vlsm IM1
               (free_constraint IM1))
            (λ _ : message, True)
      |}
  |} s1 tr1
Hproj: VLSM_embedding
  (preloaded_vlsm
     (composite_vlsm IM1 (free_constraint IM1))
     (λ _ : message, True))
  (preloaded_vlsm
     (composite_vlsm IM2 (free_constraint IM2))
     (λ _ : message, True)) same_IM_label_rew
  same_IM_state_rew
finite_valid_trace
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM2)) (same_IM_state_rew s1)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM1))
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM2)) same_IM_label_rew
     same_IM_state_rew tr1)
  apply (VLSM_embedding_finite_valid_trace Hproj) in Htr1.message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
s1: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM1))
tr1: list transition_item
Hproj: VLSM_embedding
  (preloaded_vlsm
     (composite_vlsm IM1 (free_constraint IM1))
     (λ _ : message, True))
  (preloaded_vlsm
     (composite_vlsm IM2 (free_constraint IM2))
     (λ _ : message, True)) same_IM_label_rew
  same_IM_state_rew
Htr1: finite_valid_trace
  (preloaded_vlsm
     (composite_vlsm IM2 (free_constraint IM2))
     (λ _ : message, True))
  (same_IM_state_rew s1)
  (VLSM_embedding_finite_trace_project Hproj
     tr1)
finite_valid_trace
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM2)) (same_IM_state_rew s1)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM1))
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM2)) same_IM_label_rew
     same_IM_state_rew tr1)
  eapply VLSM_incl_finite_valid_trace in Htr1; [done |].message, index: Type
EqDecision0: EqDecision index
IM1, IM2: index → VLSM message
Heq: ∀ i : index, IM1 i = IM2 i
s1: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM1))
tr1: list transition_item
Hproj: VLSM_embedding
  (preloaded_vlsm
     (composite_vlsm IM1 (free_constraint IM1))
     (λ _ : message, True))
  (preloaded_vlsm
     (composite_vlsm IM2 (free_constraint IM2))
     (λ _ : message, True)) same_IM_label_rew
  same_IM_state_rew
Htr1: finite_valid_trace
  (preloaded_vlsm
     (composite_vlsm IM2 (free_constraint IM2))
     (λ _ : message, True))
  (same_IM_state_rew s1)
  (VLSM_embedding_finite_trace_project Hproj
     tr1)
VLSM_incl_part
  (preloaded_vlsm_machine
     (composite_vlsm IM2 (free_constraint IM2))
     (λ _ : message, True))
  (preloaded_vlsm_machine (free_composite_vlsm IM2)
     (λ _ : message, True))
  by apply preloaded_free_composite_vlsm_spec.
Qed.

End sec_same_IM_embedding.

Arguments same_IM_label_rew {_ _ _ _} _ _ : assert.
Arguments same_IM_state_rew {_ _ _ _} _ _ _ : assert.

Valid transitions in a composition

Section sec_composite_valid_transition.

Context
  {message : Type}
  `{EqDecision index}
  (IM : index -> VLSM message)
  (Free := free_composite_vlsm IM)
  .

Definition composite_valid_transition l s1 iom s2 oom : Prop :=
  valid_transition Free l s1 iom s2 oom.

Definition composite_valid_transition_item
  (s : composite_state IM) (item : composite_transition_item IM) : Prop :=
  composite_valid_transition (l item) s (input item) (destination item) (output item).

Lemma composite_valid_transition_reachable_iff l s1 iom s2 oom :
  composite_valid_transition l s1 iom s2 oom
    <->
  valid_transition (preloaded_with_all_messages_vlsm Free) l s1 iom s2 oom.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
l: label Free
s1: state Free
iom: option message
s2: state Free
oom: option message
composite_valid_transition l s1 iom s2 oom
↔ valid_transition
    (preloaded_with_all_messages_vlsm Free) l s1 iom
    s2 oom
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
l: label Free
s1: state Free
iom: option message
s2: state Free
oom: option message
composite_valid_transition l s1 iom s2 oom
↔ valid_transition
    (preloaded_with_all_messages_vlsm Free) l s1 iom
    s2 oom
  by split; intros []; constructor.
Qed.

Definition composite_valid_transition_next s1 s2 : Prop :=
  valid_transition_next Free s1 s2.

Definition composite_valid_transition_future : relation (composite_state IM) :=
  tc composite_valid_transition_next.

Lemma composite_valid_transition_next_reachable_iff s1 s2 :
  composite_valid_transition_next s1 s2
    <->
  valid_transition_next (preloaded_with_all_messages_vlsm Free) s1 s2.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s1, s2: state Free
composite_valid_transition_next s1 s2
↔ valid_transition_next
    (preloaded_with_all_messages_vlsm Free) s1 s2
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
s1, s2: state Free
composite_valid_transition_next s1 s2
↔ valid_transition_next
    (preloaded_with_all_messages_vlsm Free) s1 s2
  by split; intros []; econstructor; apply composite_valid_transition_reachable_iff.
Qed.

Lemma composite_valid_transition_projection :
  forall l s1 iom s2 oom,
    composite_valid_transition l s1 iom s2 oom ->
    valid_transition (IM (projT1 l)) (projT2 l) (s1 (projT1 l)) iom (s2 (projT1 l)) oom /\
    s2 = state_update IM s1 (projT1 l) (s2 (projT1 l)).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
∀ (l : label Free) (s1 : state Free) (iom : option
                                              message) 
  (s2 : state Free) (oom : option message),
  composite_valid_transition l s1 iom s2 oom
  → valid_transition (IM (projT1 l)) (projT2 l)
      (s1 (projT1 l)) iom (s2 (projT1 l)) oom
    ∧ s2 =
      state_update IM s1 (projT1 l) (s2 (projT1 l))
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
∀ (l : label Free) (s1 : state Free) (iom : option
                                              message) 
  (s2 : state Free) (oom : option message),
  composite_valid_transition l s1 iom s2 oom
  → valid_transition (IM (projT1 l)) (projT2 l)
      (s1 (projT1 l)) iom (s2 (projT1 l)) oom
    ∧ s2 =
      state_update IM s1 (projT1 l) (s2 (projT1 l))
  intros [i li] * [Hv Ht]; cbn in Ht; destruct (transition _ _ _) eqn: Hti.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
i: index
li: label (IM i)
s1: state Free
iom: option message
s2: state Free
oom: option message
Hv: valid (existT i li) (s1, iom)
s: state (IM i)
o: option message
Hti: transition li (s1 i, iom) = (s, o)
Ht: (state_update IM s1 i s, o) = (s2, oom)
valid_transition (IM (projT1 (existT i li)))
  (projT2 (existT i li)) (s1 (projT1 (existT i li)))
  iom (s2 (projT1 (existT i li))) oom
∧ s2 =
  state_update IM s1 (projT1 (existT i li))
    (s2 (projT1 (existT i li)))
  by inversion Ht; subst; cbn; state_update_simpl.
Qed.

Lemma composite_valid_transition_projection_inv :
  forall i li si1 iom si2 oom,
    valid_transition (IM i) li si1 iom si2 oom ->
    forall s1, s1 i = si1 -> forall s2, s2 = state_update IM s1 i si2 ->
    composite_valid_transition (existT i li) s1 iom s2 oom.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
∀ (i : index) (li : label (IM i)) (si1 : state (IM i)) 
  (iom : option message) (si2 : state (IM i)) (oom : 
                                               option
                                                 message),
  valid_transition (IM i) li si1 iom si2 oom
  → ∀ s1 : ∀ x : index, state (IM x),
      s1 i = si1
      → ∀ s2 : ∀ j : index, state (IM j),
          s2 = state_update IM s1 i si2
          → composite_valid_transition (existT i li)
              s1 iom s2 oom
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
∀ (i : index) (li : label (IM i)) (si1 : state (IM i)) 
  (iom : option message) (si2 : state (IM i)) (oom : 
                                               option
                                                 message),
  valid_transition (IM i) li si1 iom si2 oom
  → ∀ s1 : ∀ x : index, state (IM x),
      s1 i = si1
      → ∀ s2 : ∀ j : index, state (IM j),
          s2 = state_update IM s1 i si2
          → composite_valid_transition (existT i li)
              s1 iom s2 oom
  intros * [Hv Ht] s1 <- s2 ->; split; [done |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
i: index
li: label (IM i)
iom: option message
si2: state (IM i)
oom: option message
s1: ∀ x : index, state (IM x)
Ht: transition li (s1 i, iom) = (si2, oom)
Hv: valid li (s1 i, iom)
transition (existT i li) (s1, iom) =
(state_update IM s1 i si2, oom)
  by cbn; replace (transition _ _ _) with (si2, oom).
Qed.

Inductive composite_valid_transitions_from_to
  : composite_state IM -> composite_state IM -> list (composite_transition_item IM) -> Prop :=
| cvtft_empty : forall s, composite_valid_transitions_from_to s s []
| cvtft_cons : forall s s' tr item,
    composite_valid_transitions_from_to s s' tr ->
    composite_valid_transition_item s' item ->
    composite_valid_transitions_from_to s (destination item) (tr ++ [item]).

Lemma composite_valid_transitions_from_to_trace : forall s s' tr,
  finite_constrained_trace_from_to Free s s' tr ->
  composite_valid_transitions_from_to s s' tr.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
∀ (s
   s' : state (preloaded_with_all_messages_vlsm Free)) 
  (tr : list transition_item),
  finite_constrained_trace_from_to Free s s' tr
  → composite_valid_transitions_from_to s s' tr
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
∀ (s
   s' : state (preloaded_with_all_messages_vlsm Free)) 
  (tr : list transition_item),
  finite_constrained_trace_from_to Free s s' tr
  → composite_valid_transitions_from_to s s' tr
  induction 1 using finite_valid_trace_from_to_rev_ind; [by constructor |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
si, s: state (preloaded_with_all_messages_vlsm Free)
tr: list transition_item
H: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm Free) si s tr
sf: state (preloaded_with_all_messages_vlsm Free)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm Free)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm Free) l
  (s, iom) (sf, oom)
IHfinite_valid_trace_from_to: composite_valid_transitions_from_to
  si s tr
composite_valid_transitions_from_to si sf
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := sf;
      output := oom
    |}])
  remember {| destination := sf |} as item.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
si, s: state (preloaded_with_all_messages_vlsm Free)
tr: list transition_item
H: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm Free) si s tr
sf: state (preloaded_with_all_messages_vlsm Free)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm Free)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm Free) l
  (s, iom) (sf, oom)
IHfinite_valid_trace_from_to: composite_valid_transitions_from_to
  si s tr
item: transition_item
Heqitem: item =
{|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}
composite_valid_transitions_from_to si sf
  (tr ++ [item])
  replace sf with (destination item) by (subst; done).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
si, s: state (preloaded_with_all_messages_vlsm Free)
tr: list transition_item
H: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm Free) si s tr
sf: state (preloaded_with_all_messages_vlsm Free)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm Free)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm Free) l
  (s, iom) (sf, oom)
IHfinite_valid_trace_from_to: composite_valid_transitions_from_to
  si s tr
item: transition_item
Heqitem: item =
{|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}
composite_valid_transitions_from_to si
  (destination item) (tr ++ [item])
  econstructor; [done |]; subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
Free:= free_composite_vlsm IM: VLSM message
si, s: state (preloaded_with_all_messages_vlsm Free)
tr: list transition_item
H: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm Free) si s tr
sf: state (preloaded_with_all_messages_vlsm Free)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm Free)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm Free) l
  (s, iom) (sf, oom)
IHfinite_valid_trace_from_to: composite_valid_transitions_from_to
  si s tr
composite_valid_transition_item s
  {|
    l := l;
    input := iom;
    destination := sf;
    output := oom
  |}
  by apply composite_valid_transition_reachable_iff, input_valid_transition_forget_input.
Qed.

End sec_composite_valid_transition.

Valid composite states properties

Section sec_composite_state.

Context
  `{EqDecision index}
  `[IM : index -> VLSM message]
  [constraint : composite_label IM -> composite_state IM * option message -> Prop]
  (X := composite_vlsm IM constraint)
  .

Given a valid state for the free composition and a constrained trace in one of the components receiving only valid messages of the free composition, the trace can be replayed on top of the given state to yield a valid trace segment for the free composition.

Lemma pre_free_lift_to_free_weak_embedding :
  forall (i : index) (cs : composite_state IM),
    valid_state_prop (free_composite_vlsm IM) cs ->
    VLSM_weak_embedding
      (preloaded_vlsm (IM i) (valid_message_prop (free_composite_vlsm IM)))
      (free_composite_vlsm IM) (lift_to_composite_label IM i) (lift_to_composite_state IM cs i).index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
∀ (i : index) (cs : composite_state IM),
  valid_state_prop (free_composite_vlsm IM) cs
  → VLSM_weak_embedding
      (preloaded_vlsm (IM i)
         (valid_message_prop (free_composite_vlsm IM)))
      (free_composite_vlsm IM)
      (lift_to_composite_label IM i)
      (lift_to_composite_state IM cs i)
Proof.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
∀ (i : index) (cs : composite_state IM),
  valid_state_prop (free_composite_vlsm IM) cs
  → VLSM_weak_embedding
      (preloaded_vlsm (IM i)
         (valid_message_prop (free_composite_vlsm IM)))
      (free_composite_vlsm IM)
      (lift_to_composite_label IM i)
      (lift_to_composite_state IM cs i)
  intros i cs Hvsp; constructor; intros s tr Htr.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
cs: composite_state IM
Hvsp: valid_state_prop (free_composite_vlsm IM) cs
s: state
  (preloaded_vlsm (IM i)
     (valid_message_prop (free_composite_vlsm IM)))
tr: list transition_item
Htr: finite_valid_trace_from
  (preloaded_vlsm (IM i)
     (valid_message_prop
        (free_composite_vlsm IM))) s tr
finite_valid_trace_from (free_composite_vlsm IM)
  (lift_to_composite_state IM cs i s)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm (IM i)
        (valid_message_prop (free_composite_vlsm IM)))
     (free_composite_vlsm IM)
     (lift_to_composite_label IM i)
     (lift_to_composite_state IM cs i) tr)
  pose proof (Heq := vlsm_is_preloaded_with_valid (free_composite_vlsm IM)).index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
cs: composite_state IM
Hvsp: valid_state_prop (free_composite_vlsm IM) cs
s: state
  (preloaded_vlsm (IM i)
     (valid_message_prop (free_composite_vlsm IM)))
tr: list transition_item
Htr: finite_valid_trace_from
  (preloaded_vlsm (IM i)
     (valid_message_prop
        (free_composite_vlsm IM))) s tr
Heq: VLSM_eq (free_composite_vlsm IM)
  (preloaded_vlsm (free_composite_vlsm IM)
     (valid_message_prop
        (free_composite_vlsm IM)))
finite_valid_trace_from (free_composite_vlsm IM)
  (lift_to_composite_state IM cs i s)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm (IM i)
        (valid_message_prop (free_composite_vlsm IM)))
     (free_composite_vlsm IM)
     (lift_to_composite_label IM i)
     (lift_to_composite_state IM cs i) tr)
  apply (VLSM_eq_valid_state Heq) in Hvsp.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
cs: composite_state IM
Hvsp: valid_state_prop
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      preloaded_vlsm (free_composite_vlsm IM)
        (valid_message_prop
           (free_composite_vlsm IM))
  |} cs
s: state
  (preloaded_vlsm (IM i)
     (valid_message_prop (free_composite_vlsm IM)))
tr: list transition_item
Htr: finite_valid_trace_from
  (preloaded_vlsm (IM i)
     (valid_message_prop
        (free_composite_vlsm IM))) s tr
Heq: VLSM_eq (free_composite_vlsm IM)
  (preloaded_vlsm (free_composite_vlsm IM)
     (valid_message_prop
        (free_composite_vlsm IM)))
finite_valid_trace_from (free_composite_vlsm IM)
  (lift_to_composite_state IM cs i s)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm (IM i)
        (valid_message_prop (free_composite_vlsm IM)))
     (free_composite_vlsm IM)
     (lift_to_composite_label IM i)
     (lift_to_composite_state IM cs i) tr)
  apply (VLSM_eq_finite_valid_trace_from Heq).index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
cs: composite_state IM
Hvsp: valid_state_prop
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      preloaded_vlsm (free_composite_vlsm IM)
        (valid_message_prop
           (free_composite_vlsm IM))
  |} cs
s: state
  (preloaded_vlsm (IM i)
     (valid_message_prop (free_composite_vlsm IM)))
tr: list transition_item
Htr: finite_valid_trace_from
  (preloaded_vlsm (IM i)
     (valid_message_prop
        (free_composite_vlsm IM))) s tr
Heq: VLSM_eq (free_composite_vlsm IM)
  (preloaded_vlsm (free_composite_vlsm IM)
     (valid_message_prop
        (free_composite_vlsm IM)))
finite_valid_trace_from
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      preloaded_vlsm (free_composite_vlsm IM)
        (valid_message_prop (free_composite_vlsm IM))
  |} (lift_to_composite_state IM cs i s)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm (IM i)
        (valid_message_prop (free_composite_vlsm IM)))
     (free_composite_vlsm IM)
     (lift_to_composite_label IM i)
     (lift_to_composite_state IM cs i) tr)
  by unshelve eapply VLSM_weak_embedding_finite_valid_trace_from in Htr; cycle 3;
    [apply pre_lift_to_free_weak_embedding | ..].
Qed.

Definition lift_to_composite_plan [i : index] : plan (IM i) -> composite_plan IM :=
  List.map (lift_to_composite_plan_item IM i).

A component state for the final state of a valid trace of the composition is either initial, or there is a witness in the trace when a transition in that component led to the current component state.

Lemma final_state_component_initial_or_transition :
  forall (i : index) (is f : composite_state IM) (tr : list (composite_transition_item IM)),
    finite_valid_trace_init_to X is f tr ->
    initial_state_prop (IM i) (f i)
      \/
    exists (item : composite_transition_item IM),
      item ∈ tr /\ destination item i = f i /\ projT1 (l item) = i.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
∀ (i : index) (is f : composite_state IM) (tr : list
                                                 (composite_transition_item
                                                 IM)),
  finite_valid_trace_init_to X is f tr
  → initial_state_prop (f i)
    ∨ (∃ item : composite_transition_item IM,
         item ∈ tr
         ∧ destination item i = f i
           ∧ projT1 (l item) = i)
Proof.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
∀ (i : index) (is f : composite_state IM) (tr : list
                                                 (composite_transition_item
                                                 IM)),
  finite_valid_trace_init_to X is f tr
  → initial_state_prop (f i)
    ∨ (∃ item : composite_transition_item IM,
         item ∈ tr
         ∧ destination item i = f i
           ∧ projT1 (l item) = i)
  intros * Htr; induction Htr using finite_valid_trace_init_to_rev_ind; [by left |].index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
si, s: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X si s tr
sf: state X
iom, oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr: initial_state_prop (s i)
∨ (∃ item : composite_transition_item IM,
     item ∈ tr
     ∧ destination item i = s i
       ∧ projT1 (VLSM.l item) = i)
initial_state_prop (sf i)
∨ (∃ item : composite_transition_item IM,
     item
     ∈ tr ++
       [{|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}]
     ∧ destination item i = sf i
       ∧ projT1 (VLSM.l item) = i)
  destruct l as [j lj], (decide (i = j)) as [<- |]; cbn.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
si, s: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X si s tr
sf: state X
iom, oom: option message
lj: label (IM i)
Ht: input_valid_transition X 
  (existT i lj) (s, iom) (
  sf, oom)
IHHtr: initial_state_prop (s i)
∨ (∃ item : composite_transition_item IM,
     item ∈ tr
     ∧ destination item i = s i
       ∧ projT1 (l item) = i)
initial_state_prop (sf i)
∨ (∃ item : composite_transition_item IM,
     item
     ∈ tr ++
       [{|
          l := existT i lj;
          input := iom;
          destination := sf;
          output := oom
        |}]
     ∧ destination item i = sf i ∧ projT1 (l item) = i)
index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
si, s: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X si s tr
sf: state X
iom, oom: option message
j: index
lj: label (IM j)
Ht: input_valid_transition X 
  (existT j lj) (s, iom) (
  sf, oom)
IHHtr: initial_state_prop (s i)
∨ (∃ item : composite_transition_item IM,
     item ∈ tr
     ∧ destination item i = s i
       ∧ projT1 (l item) = i)
n: i ≠ j
initial_state_prop (sf i)
∨ (∃ item : composite_transition_item IM,
     item
     ∈ tr ++
       [{|
          l := existT j lj;
          input := iom;
          destination := sf;
          output := oom
        |}]
     ∧ destination item i = sf i ∧ projT1 (l item) = i)
  -index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
si, s: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X si s tr
sf: state X
iom, oom: option message
lj: label (IM i)
Ht: input_valid_transition X 
  (existT i lj) (s, iom) (
  sf, oom)
IHHtr: initial_state_prop (s i)
∨ (∃ item : composite_transition_item IM,
     item ∈ tr
     ∧ destination item i = s i
       ∧ projT1 (l item) = i)
initial_state_prop (sf i)
∨ (∃ item : composite_transition_item IM,
     item
     ∈ tr ++
       [{|
          l := existT i lj;
          input := iom;
          destination := sf;
          output := oom
        |}]
     ∧ destination item i = sf i ∧ projT1 (l item) = i) by right; eexists; split; [rewrite elem_of_app, elem_of_list_singleton; right |].
  -index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
si, s: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X si s tr
sf: state X
iom, oom: option message
j: index
lj: label (IM j)
Ht: input_valid_transition X 
  (existT j lj) (s, iom) (
  sf, oom)
IHHtr: initial_state_prop (s i)
∨ (∃ item : composite_transition_item IM,
     item ∈ tr
     ∧ destination item i = s i
       ∧ projT1 (l item) = i)
n: i ≠ j
initial_state_prop (sf i)
∨ (∃ item : composite_transition_item IM,
     item
     ∈ tr ++
       [{|
          l := existT j lj;
          input := iom;
          destination := sf;
          output := oom
        |}]
     ∧ destination item i = sf i ∧ projT1 (l item) = i) destruct Ht as [_ Ht]; cbn in Ht.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
si, s: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X si s tr
sf: state X
iom, oom: option message
j: index
lj: label (IM j)
Ht: (let (si', om') := transition lj (s j, iom) in
 (state_update IM s j si', om')) = (
sf, oom)
IHHtr: initial_state_prop (s i)
∨ (∃ item : composite_transition_item IM,
     item ∈ tr
     ∧ destination item i = s i
       ∧ projT1 (l item) = i)
n: i ≠ j
initial_state_prop (sf i)
∨ (∃ item : composite_transition_item IM,
     item
     ∈ tr ++
       [{|
          l := existT j lj;
          input := iom;
          destination := sf;
          output := oom
        |}]
     ∧ destination item i = sf i ∧ projT1 (l item) = i)
    destruct (transition lj (s j, iom)) as [si' om']; inversion Ht; subst; clear Ht.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
si, s: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X si s tr
iom, oom: option message
j: index
lj: label (IM j)
si': state (IM j)
IHHtr: initial_state_prop (s i)
∨ (∃ item : composite_transition_item IM,
     item ∈ tr
     ∧ destination item i = s i
       ∧ projT1 (l item) = i)
n: i ≠ j
initial_state_prop (state_update IM s j si' i)
∨ (∃ item : composite_transition_item IM,
     item
     ∈ tr ++
       [{|
          l := existT j lj;
          input := iom;
          destination := state_update IM s j si';
          output := oom
        |}]
     ∧ destination item i = state_update IM s j si' i
       ∧ projT1 (l item) = i)
    state_update_simpl.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
si, s: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X si s tr
iom, oom: option message
j: index
lj: label (IM j)
si': state (IM j)
IHHtr: initial_state_prop (s i)
∨ (∃ item : composite_transition_item IM,
     item ∈ tr
     ∧ destination item i = s i
       ∧ projT1 (l item) = i)
n: i ≠ j
initial_state_prop (s i)
∨ (∃ item : composite_transition_item IM,
     item
     ∈ tr ++
       [{|
          l := existT j lj;
          input := iom;
          destination := state_update IM s j si';
          output := oom
        |}]
     ∧ destination item i = s i ∧ projT1 (l item) = i)
    destruct IHHtr as [| (? & ? & ?)]; [by left |].index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
si, s: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X si s tr
iom, oom: option message
j: index
lj: label (IM j)
si': state (IM j)
x: composite_transition_item IM
H: x ∈ tr
H0: destination x i = s i ∧ projT1 (l x) = i
n: i ≠ j
initial_state_prop (s i)
∨ (∃ item : composite_transition_item IM,
     item
     ∈ tr ++
       [{|
          l := existT j lj;
          input := iom;
          destination := state_update IM s j si';
          output := oom
        |}]
     ∧ destination item i = s i ∧ projT1 (l item) = i)
    by right; eexists; split; [rewrite elem_of_app; left |].
Qed.

A reformulation of final_state_component_initial_or_transition in terms of valid_state_prop and in_futures.

A component state from a valid state for a composition is either initial or there exists a valid transition in the composition from whose destination the given state is validly reachable and which corresponds to a transition in the component leading to the current component state.

Lemma valid_state_component_initial_or_transition :
  forall (i : index) (f : composite_state IM),
    valid_state_prop X f ->
    initial_state_prop (IM i) (f i)
      \/
    exists (s1 s2 : composite_state IM) (li : label (IM i)) (om om' : option message),
      in_futures X s2 f /\ s2 i = f i /\
      input_valid_transition X (existT i li) (s1, om) (s2, om').index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
∀ (i : index) (f : composite_state IM),
  valid_state_prop X f
  → initial_state_prop (f i)
    ∨ (∃ (s1 s2 : composite_state IM) (li : label
                                              (IM i)) 
         (om om' : option message),
         in_futures X s2 f
         ∧ s2 i = f i
           ∧ input_valid_transition X (existT i li)
               (s1, om) (s2, om'))
Proof.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
∀ (i : index) (f : composite_state IM),
  valid_state_prop X f
  → initial_state_prop (f i)
    ∨ (∃ (s1 s2 : composite_state IM) (li : label
                                              (IM i)) 
         (om om' : option message),
         in_futures X s2 f
         ∧ s2 i = f i
           ∧ input_valid_transition X (existT i li)
               (s1, om) (s2, om'))
  intros i f Hf.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
f: composite_state IM
Hf: valid_state_prop X f
initial_state_prop (f i)
∨ (∃ (s1 s2 : composite_state IM) (li : label (IM i)) 
     (om om' : option message),
     in_futures X s2 f
     ∧ s2 i = f i
       ∧ input_valid_transition X (existT i li)
           (s1, om) (s2, om'))
  apply valid_state_has_trace in Hf as (is & tr & Htr).index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
f: composite_state IM
is: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X is f tr
initial_state_prop (f i)
∨ (∃ (s1 s2 : composite_state IM) (li : label (IM i)) 
     (om om' : option message),
     in_futures X s2 f
     ∧ s2 i = f i
       ∧ input_valid_transition X (existT i li)
           (s1, om) (s2, om'))
  apply (final_state_component_initial_or_transition i) in Htr as Hitem.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
f: composite_state IM
is: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X is f tr
Hitem: initial_state_prop (f i)
∨ (∃ item : composite_transition_item IM,
     item ∈ tr
     ∧ destination item i = f i
       ∧ projT1 (l item) = i)
initial_state_prop (f i)
∨ (∃ (s1 s2 : composite_state IM) (li : label (IM i)) 
     (om om' : option message),
     in_futures X s2 f
     ∧ s2 i = f i
       ∧ input_valid_transition X (existT i li)
           (s1, om) (s2, om'))
  destruct Hitem as [| (item & Hitem & Hdest & Hl)]; [by left |].index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
f: composite_state IM
is: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X is f tr
item: composite_transition_item IM
Hitem: item ∈ tr
Hdest: destination item i = f i
Hl: projT1 (l item) = i
initial_state_prop (f i)
∨ (∃ (s1 s2 : composite_state IM) (li : label (IM i)) 
     (om om' : option message),
     in_futures X s2 f
     ∧ s2 i = f i
       ∧ input_valid_transition X (existT i li)
           (s1, om) (s2, om'))
  apply elem_of_list_split in Hitem as (pre & suf & ->).index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
f: composite_state IM
is: state X
item: composite_transition_item IM
pre, suf: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to X is f
  (pre ++ item :: suf)
Hdest: destination item i = f i
Hl: projT1 (l item) = i
initial_state_prop (f i)
∨ (∃ (s1 s2 : composite_state IM) (li : label (IM i)) 
     (om om' : option message),
     in_futures X s2 f
     ∧ s2 i = f i
       ∧ input_valid_transition X (existT i li)
           (s1, om) (s2, om'))
  destruct Htr as [Htr Hinit].index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
f: composite_state IM
is: state X
item: composite_transition_item IM
pre, suf: list (composite_transition_item IM)
Htr: finite_valid_trace_from_to X is f
  (pre ++ item :: suf)
Hinit: initial_state_prop is
Hdest: destination item i = f i
Hl: projT1 (l item) = i
initial_state_prop (f i)
∨ (∃ (s1 s2 : composite_state IM) (li : label (IM i)) 
     (om om' : option message),
     in_futures X s2 f
     ∧ s2 i = f i
       ∧ input_valid_transition X (existT i li)
           (s1, om) (s2, om'))
  apply finite_valid_trace_from_to_app_split in Htr as [_ Htr].index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
f: composite_state IM
is: state X
item: composite_transition_item IM
pre, suf: list (composite_transition_item IM)
Htr: finite_valid_trace_from_to X
  (finite_trace_last is pre) f 
  (item :: suf)
Hinit: initial_state_prop is
Hdest: destination item i = f i
Hl: projT1 (l item) = i
initial_state_prop (f i)
∨ (∃ (s1 s2 : composite_state IM) (li : label (IM i)) 
     (om om' : option message),
     in_futures X s2 f
     ∧ s2 i = f i
       ∧ input_valid_transition X (existT i li)
           (s1, om) (s2, om'))
  inversion Htr; subst; destruct l as [i li]; cbn in *.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
f, is: composite_state IM
pre, suf: list (composite_transition_item IM)
s: composite_state IM
iom, oom: option message
i: index
li: label (IM i)
Htr: finite_valid_trace_from_to X
  (finite_trace_last is pre) f
  ({|
     l := existT i li;
     input := iom;
     destination := s;
     output := oom
   |} :: suf)
Hinit: composite_initial_state_prop IM is
Hdest: s i = f i
Htl: finite_valid_trace_from_to X s f suf
Ht: input_valid_transition X 
  (existT i li) (finite_trace_last is pre, iom)
  (s, oom)
initial_state_prop (f i)
∨ (∃ (s1 s2 : composite_state IM) (li : label (IM i)) 
     (om om' : option message),
     in_futures X s2 f
     ∧ s2 i = f i
       ∧ input_valid_transition X (existT i li)
           (s1, om) (s2, om'))
  right; exists (finite_trace_last is pre), s, li, iom, oom.index: Type
EqDecision0: EqDecision index
message: Type
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
f, is: composite_state IM
pre, suf: list (composite_transition_item IM)
s: composite_state IM
iom, oom: option message
i: index
li: label (IM i)
Htr: finite_valid_trace_from_to X
  (finite_trace_last is pre) f
  ({|
     l := existT i li;
     input := iom;
     destination := s;
     output := oom
   |} :: suf)
Hinit: composite_initial_state_prop IM is
Hdest: s i = f i
Htl: finite_valid_trace_from_to X s f suf
Ht: input_valid_transition X 
  (existT i li) (finite_trace_last is pre, iom)
  (s, oom)
in_futures X s f
∧ s i = f i
  ∧ input_valid_transition X (existT i li)
      (finite_trace_last is pre, iom) (s, oom)
  by split; [eexists |].
Qed.

End sec_composite_state.