From VLSM.Lib Require Import Itauto.[Loading ML file ring_plugin.cmxs (using legacy method) ... done]
[Loading ML file zify_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_plugin.cmxs (using legacy method) ... done]
[Loading ML file btauto_plugin.cmxs (using legacy method) ... done]
[Loading ML file coq-itauto.plugin ... done]
From stdpp Require Import prelude.
From VLSM.Lib Require Import Preamble ListExtras.
From VLSM.Core Require Import VLSM VLSMProjections.

Core: Preloaded VLSMs

Given a VLSM X, we can preload it with some messages, i.e. construct an identical VLSM, except that these messages are now considered initial. In particular, we can preload X with all messages, i.e. make a copy of X in which all messages are initial. The high degree of freedom allowed by the preloaded version lets it experience everything experienced by X but also other kinds of behavior, including Byzantine behavior, which makes it a useful concept in Byzantine fault tolerance analysis.

Definition preloaded_vlsm_machine
  `(X : VLSM message) (initial : message -> Prop) : VLSMMachine X :=
{|
  initial_state_prop := @initial_state_prop _ _ X;
  initial_message_prop := fun m => @initial_message_prop _ _ X  m \/ initial m;
  s0 := @s0 _ _ X;
  transition := @transition _ _ X;
  valid := @valid _ _ X;
|}.

Definition preloaded_vlsm `(X : VLSM message) (initial : message -> Prop) : VLSM message :=
  mk_vlsm (preloaded_vlsm_machine X initial).

Definition preloaded_with_all_messages_vlsm `(X : VLSM message) : VLSM message :=
  preloaded_vlsm X (fun _ => True).

Constrained traces, states and messages

We will use the word "constrained" to denote concepts which correspond to validity in the VLSM preloaded with all messages.

Section sec_constrained_defs.

Context
  `(X : VLSM message)
  .

Definition input_constrained :=
  input_valid (preloaded_with_all_messages_vlsm X).

Definition input_constrained_transition :=
  input_valid_transition (preloaded_with_all_messages_vlsm X).

Definition input_constrained_transition_to :=
  input_valid_transition_to (preloaded_with_all_messages_vlsm X).

Definition input_constrained_transition_item :=
  input_valid_transition_item (preloaded_with_all_messages_vlsm X).

Definition finite_constrained_trace_from_to :=
  finite_valid_trace_from_to (preloaded_with_all_messages_vlsm X).

Definition finite_constrained_trace_from :=
  finite_valid_trace_from (preloaded_with_all_messages_vlsm X).

Definition finite_constrained_trace_init_to :=
  finite_valid_trace_init_to (preloaded_with_all_messages_vlsm X).

Definition finite_constrained_trace :=
  finite_valid_trace (preloaded_with_all_messages_vlsm X).

Definition constrained_trace_from_prop :=
  valid_trace_from_prop (preloaded_with_all_messages_vlsm X).

Definition constrained_trace_prop :=
  valid_trace_prop (preloaded_with_all_messages_vlsm X).

Definition constrained_state_prop :=
  valid_state_prop (preloaded_with_all_messages_vlsm X).

Definition constrained_message_prop :=
  can_emit (preloaded_with_all_messages_vlsm X).

Definition constrained_state_message_prop :=
  valid_state_message_prop (preloaded_with_all_messages_vlsm X).

End sec_constrained_defs.

Basic properties of preloaded VLSMs

Section sec_preloaded_with_all_messages_vlsm.

Context
  `(X : VLSM message)
  .

A message which can be emitted during a protocol run of the preloaded_with_all_messages_vlsm is called a byzantine_message, because as shown by byzantine_preloaded_with_all_messages and preloaded_with_all_messages_alt_eq, byzantine traces for a VLSM are precisely the valid traces of the preloaded_with_all_messages_vlsm, hence a byzantine message is any message which a byzantine trace can_emit.

Definition byzantine_message_prop (m : message) : Prop :=
  can_emit (preloaded_with_all_messages_vlsm X) m.

Definition byzantine_message : Type :=
  {m : message | byzantine_message_prop m}.

Lemma preloaded_with_all_messages_message_valid_initial_state_message :
  forall (om : option message),
    constrained_state_message_prop X (proj1_sig (vs0 X)) om.message: Type
X: VLSM message
∀ om : option message,
  constrained_state_message_prop X (`(vs0 X)) om
Proof.message: Type
X: VLSM message
∀ om : option message,
  constrained_state_message_prop X (`(vs0 X)) om
  by intros; apply valid_initial_state_message;
    [apply proj2_sig | destruct om]; cbn; [right |].
Qed.

Lemma preloaded_with_all_messages_valid_state_message_preservation :
  forall (s : state X) (om : option message),
    valid_state_message_prop X s om ->
    constrained_state_message_prop X s om.message: Type
X: VLSM message
∀ (s : state X) (om : option message),
  valid_state_message_prop X s om
  → constrained_state_message_prop X s om
Proof.message: Type
X: VLSM message
∀ (s : state X) (om : option message),
  valid_state_message_prop X s om
  → constrained_state_message_prop X s om
  induction 1.message: Type
X: VLSM message
s: state X
Hs: initial_state_prop s
om: option message
Hom: option_initial_message_prop X om
constrained_state_message_prop X s om
message: Type
X: VLSM message
s: state X
_om: option message
H: valid_state_message_prop X s _om
_s: state X
om: option message
H0: valid_state_message_prop X _s om
l: label X
Hv: valid l (s, om)
s': state X
om': option message
Ht: transition l (s, om) = (s', om')
IHvalid_state_message_prop1: constrained_state_message_prop
  X s _om
IHvalid_state_message_prop2: constrained_state_message_prop
  X _s om
constrained_state_message_prop X s' om'
  -message: Type
X: VLSM message
s: state X
Hs: initial_state_prop s
om: option message
Hom: option_initial_message_prop X om
constrained_state_message_prop X s om apply valid_initial_state_message; cbn; [done |].message: Type
X: VLSM message
s: state X
Hs: initial_state_prop s
om: option message
Hom: option_initial_message_prop X om
option_initial_message_prop
  (preloaded_vlsm_machine X (λ _ : message, True)) om
    by destruct om; cbn; [right |].
  -message: Type
X: VLSM message
s: state X
_om: option message
H: valid_state_message_prop X s _om
_s: state X
om: option message
H0: valid_state_message_prop X _s om
l: label X
Hv: valid l (s, om)
s': state X
om': option message
Ht: transition l (s, om) = (s', om')
IHvalid_state_message_prop1: constrained_state_message_prop
  X s _om
IHvalid_state_message_prop2: constrained_state_message_prop
  X _s om
constrained_state_message_prop X s' om' by eapply valid_generated_state_message; cycle 2.
Qed.

Lemma preloaded_with_all_messages_valid_state_prop :
  forall (s : state X),
    valid_state_prop X s ->
    constrained_state_prop X s.message: Type
X: VLSM message
∀ s : state X,
  valid_state_prop X s → constrained_state_prop X s
Proof.message: Type
X: VLSM message
∀ s : state X,
  valid_state_prop X s → constrained_state_prop X s
  intros s [om Hvsp].message: Type
X: VLSM message
s: state X
om: option message
Hvsp: valid_state_message_prop X s om
constrained_state_prop X s
  exists om.message: Type
X: VLSM message
s: state X
om: option message
Hvsp: valid_state_message_prop X s om
valid_state_message_prop
  (preloaded_with_all_messages_vlsm X) s om
  by apply preloaded_with_all_messages_valid_state_message_preservation.
Qed.

Lemma any_message_is_valid_in_preloaded :
  forall (om : option message),
    option_valid_message_prop (preloaded_with_all_messages_vlsm X) om.message: Type
X: VLSM message
∀ om : option message,
  option_valid_message_prop
    (preloaded_with_all_messages_vlsm X) om
Proof.message: Type
X: VLSM message
∀ om : option message,
  option_valid_message_prop
    (preloaded_with_all_messages_vlsm X) om
  by eexists; apply preloaded_with_all_messages_message_valid_initial_state_message.
Qed.

Lemma preloaded_weaken_valid_state_message_prop :
  forall (s : state X) (om : option message),
    valid_state_message_prop X s om ->
    constrained_state_message_prop X s om.message: Type
X: VLSM message
∀ (s : state X) (om : option message),
  valid_state_message_prop X s om
  → constrained_state_message_prop X s om
Proof.message: Type
X: VLSM message
∀ (s : state X) (om : option message),
  valid_state_message_prop X s om
  → constrained_state_message_prop X s om
  induction 1.message: Type
X: VLSM message
s: state X
Hs: initial_state_prop s
om: option message
Hom: option_initial_message_prop X om
constrained_state_message_prop X s om
message: Type
X: VLSM message
s: state X
_om: option message
H: valid_state_message_prop X s _om
_s: state X
om: option message
H0: valid_state_message_prop X _s om
l: label X
Hv: valid l (s, om)
s': state X
om': option message
Ht: transition l (s, om) = (s', om')
IHvalid_state_message_prop1: constrained_state_message_prop
  X s _om
IHvalid_state_message_prop2: constrained_state_message_prop
  X _s om
constrained_state_message_prop X s' om'
  -message: Type
X: VLSM message
s: state X
Hs: initial_state_prop s
om: option message
Hom: option_initial_message_prop X om
constrained_state_message_prop X s om apply valid_initial_state_message; [done |].message: Type
X: VLSM message
s: state X
Hs: initial_state_prop s
om: option message
Hom: option_initial_message_prop X om
option_initial_message_prop
  (preloaded_with_all_messages_vlsm X) om
    by destruct om; cbn; [right |].
  -message: Type
X: VLSM message
s: state X
_om: option message
H: valid_state_message_prop X s _om
_s: state X
om: option message
H0: valid_state_message_prop X _s om
l: label X
Hv: valid l (s, om)
s': state X
om': option message
Ht: transition l (s, om) = (s', om')
IHvalid_state_message_prop1: constrained_state_message_prop
  X s _om
IHvalid_state_message_prop2: constrained_state_message_prop
  X _s om
constrained_state_message_prop X s' om' by eapply valid_generated_state_message; cycle 2.
Qed.

Lemma preloaded_weaken_input_valid_transition :
  forall (l : label X) (s : state X) (om : option message) (s' : state X) (om' : option message),
    input_valid_transition X l (s, om) (s', om') ->
    input_constrained_transition X l (s, om) (s', om').message: Type
X: VLSM message
∀ (l : label X) (s : state X) (om : option message) 
  (s' : state X) (om' : option message),
  input_valid_transition X l (s, om) (s', om')
  → input_constrained_transition X l (s, om) (s', om')
Proof.message: Type
X: VLSM message
∀ (l : label X) (s : state X) (om : option message) 
  (s' : state X) (om' : option message),
  input_valid_transition X l (s, om) (s', om')
  → input_constrained_transition X l (s, om) (s', om')
  unfold input_constrained_transition, input_valid_transition; cbn.message: Type
X: VLSM message
∀ (l : label X) (s : state X) (om : option message) 
  (s' : state X) (om' : option message),
  (valid_state_prop X s
   ∧ option_valid_message_prop X om ∧ valid l (s, om))
  ∧ transition l (s, om) = (s', om')
  → (valid_state_prop
       (preloaded_with_all_messages_vlsm X) s
     ∧ option_valid_message_prop
         (preloaded_with_all_messages_vlsm X) om
       ∧ valid l (s, om))
    ∧ transition l (s, om) = (s', om')
  intros * [[[_om valid_s] [_ Hvalid]] Htrans].message: Type
X: VLSM message
l: label X
s: state X
om: option message
s': state X
om', _om: option message
valid_s: valid_state_message_prop X s _om
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
(valid_state_prop (preloaded_with_all_messages_vlsm X)
   s
 ∧ option_valid_message_prop
     (preloaded_with_all_messages_vlsm X) om
   ∧ valid l (s, om))
∧ transition l (s, om) = (s', om')
  split_and!; [| | done..].message: Type
X: VLSM message
l: label X
s: state X
om: option message
s': state X
om', _om: option message
valid_s: valid_state_message_prop X s _om
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
valid_state_prop (preloaded_with_all_messages_vlsm X)
  s
message: Type
X: VLSM message
l: label X
s: state X
om: option message
s': state X
om', _om: option message
valid_s: valid_state_message_prop X s _om
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
option_valid_message_prop
  (preloaded_with_all_messages_vlsm X) om
  -message: Type
X: VLSM message
l: label X
s: state X
om: option message
s': state X
om', _om: option message
valid_s: valid_state_message_prop X s _om
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
valid_state_prop (preloaded_with_all_messages_vlsm X)
  s by exists _om; apply preloaded_weaken_valid_state_message_prop.
  -message: Type
X: VLSM message
l: label X
s: state X
om: option message
s': state X
om', _om: option message
valid_s: valid_state_message_prop X s _om
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
option_valid_message_prop
  (preloaded_with_all_messages_vlsm X) om by apply any_message_is_valid_in_preloaded.
Qed.

Lemma preloaded_weaken_valid_trace_from :
  forall (s : state X) (tr : list (transition_item X)),
    finite_valid_trace_from X s tr ->
    finite_constrained_trace_from X s tr.message: Type
X: VLSM message
∀ (s : state X) (tr : list transition_item),
  finite_valid_trace_from X s tr
  → finite_constrained_trace_from X s tr
Proof.message: Type
X: VLSM message
∀ (s : state X) (tr : list transition_item),
  finite_valid_trace_from X s tr
  → finite_constrained_trace_from X s tr
  induction 1 using finite_valid_trace_from_rev_ind.message: Type
X: VLSM message
s: state X
H: valid_state_prop X s
finite_constrained_trace_from X s []
message: Type
X: VLSM message
s: state X
tr: list transition_item
H: finite_valid_trace_from X s tr
sf: state X
iom, oom: option message
l: label X
Hx: input_valid_transition X l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHfinite_valid_trace_from: finite_constrained_trace_from
  X s tr
finite_constrained_trace_from X s (tr ++ [x])
  -message: Type
X: VLSM message
s: state X
H: valid_state_prop X s
finite_constrained_trace_from X s [] apply (finite_valid_trace_from_empty (preloaded_with_all_messages_vlsm X)).message: Type
X: VLSM message
s: state X
H: valid_state_prop X s
valid_state_prop (preloaded_with_all_messages_vlsm X)
  s
    destruct H as [om H].message: Type
X: VLSM message
s: state X
om: option message
H: valid_state_message_prop X s om
valid_state_prop (preloaded_with_all_messages_vlsm X)
  s
    exists om.message: Type
X: VLSM message
s: state X
om: option message
H: valid_state_message_prop X s om
valid_state_message_prop
  (preloaded_with_all_messages_vlsm X) s om
    by apply preloaded_weaken_valid_state_message_prop.
  -message: Type
X: VLSM message
s: state X
tr: list transition_item
H: finite_valid_trace_from X s tr
sf: state X
iom, oom: option message
l: label X
Hx: input_valid_transition X l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHfinite_valid_trace_from: finite_constrained_trace_from
  X s tr
finite_constrained_trace_from X s (tr ++ [x]) apply (finite_valid_trace_from_app_iff (preloaded_with_all_messages_vlsm X)).message: Type
X: VLSM message
s: state X
tr: list transition_item
H: finite_valid_trace_from X s tr
sf: state X
iom, oom: option message
l: label X
Hx: input_valid_transition X l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHfinite_valid_trace_from: finite_constrained_trace_from
  X s tr
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm X) s tr
∧ finite_valid_trace_from
    (preloaded_with_all_messages_vlsm X)
    (finite_trace_last s tr) [x]
    split; [done |].message: Type
X: VLSM message
s: state X
tr: list transition_item
H: finite_valid_trace_from X s tr
sf: state X
iom, oom: option message
l: label X
Hx: input_valid_transition X l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHfinite_valid_trace_from: finite_constrained_trace_from
  X s tr
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm X)
  (finite_trace_last s tr) [x]
    apply (finite_valid_trace_singleton (preloaded_with_all_messages_vlsm X)).message: Type
X: VLSM message
s: state X
tr: list transition_item
H: finite_valid_trace_from X s tr
sf: state X
iom, oom: option message
l: label X
Hx: input_valid_transition X l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHfinite_valid_trace_from: finite_constrained_trace_from
  X s tr
input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last s tr, iom) (sf, oom)
    by apply preloaded_weaken_input_valid_transition.
Qed.

Lemma pre_trace_segments_with_valid_inputs_are_valid :
  forall (s f : state (preloaded_with_all_messages_vlsm X)) (tr : list transition_item),
    finite_constrained_trace_from_to X s f tr ->
    valid_state_prop X s ->
    Forall (fun item => option_valid_message_prop X (input item)) tr ->
    finite_valid_trace_from_to X s f tr.message: Type
X: VLSM message
∀ (s f : state (preloaded_with_all_messages_vlsm X)) 
  (tr : list transition_item),
  finite_constrained_trace_from_to X s f tr
  → valid_state_prop X s
    → Forall
        (λ item : transition_item,
           option_valid_message_prop X (input item))
        tr → finite_valid_trace_from_to X s f tr
Proof.message: Type
X: VLSM message
∀ (s f : state (preloaded_with_all_messages_vlsm X)) 
  (tr : list transition_item),
  finite_constrained_trace_from_to X s f tr
  → valid_state_prop X s
    → Forall
        (λ item : transition_item,
           option_valid_message_prop X (input item))
        tr → finite_valid_trace_from_to X s f tr
  intros * Htr Hs Hobs; revert Hs Hobs.message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
Htr: finite_constrained_trace_from_to X s f tr
valid_state_prop X s
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X (input item)) tr
  → finite_valid_trace_from_to X s f tr
  induction Htr using finite_valid_trace_from_to_ind;
    [by intros; apply (finite_valid_trace_from_to_empty X) |].message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s', iom) (s, oom)
IHHtr: valid_state_prop X s
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X
         (input item)) tl
  → finite_valid_trace_from_to X s f tl
valid_state_prop X s'
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X (input item))
    ({|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |} :: tl)
  → finite_valid_trace_from_to X s' f
      ({|
         l := l;
         input := iom;
         destination := s;
         output := oom
       |} :: tl)
  rewrite Forall_cons; intros ? [].message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s', iom) (s, oom)
IHHtr: valid_state_prop X s
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X
         (input item)) tl
  → finite_valid_trace_from_to X s f tl
Hs: valid_state_prop X s'
H: option_valid_message_prop X
  (input
     {|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |})
H0: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item)) tl
finite_valid_trace_from_to X s' f
  ({|
     l := l;
     input := iom;
     destination := s;
     output := oom
   |} :: tl)
  cut (input_valid_transition X l (s', iom) (s, oom)).message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s', iom) (s, oom)
IHHtr: valid_state_prop X s
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X
         (input item)) tl
  → finite_valid_trace_from_to X s f tl
Hs: valid_state_prop X s'
H: option_valid_message_prop X
  (input
     {|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |})
H0: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item)) tl
input_valid_transition X l (s', iom) (s, oom)
→ finite_valid_trace_from_to X s' f
    ({|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |} :: tl)
message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s', iom) (s, oom)
IHHtr: valid_state_prop X s
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X
         (input item)) tl
  → finite_valid_trace_from_to X s f tl
Hs: valid_state_prop X s'
H: option_valid_message_prop X
  (input
     {|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |})
H0: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item)) tl
input_valid_transition X l (s', iom) (s, oom)
  {message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s', iom) (s, oom)
IHHtr: valid_state_prop X s
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X
         (input item)) tl
  → finite_valid_trace_from_to X s f tl
Hs: valid_state_prop X s'
H: option_valid_message_prop X
  (input
     {|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |})
H0: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item)) tl
input_valid_transition X l (s', iom) (s, oom)
→ finite_valid_trace_from_to X s' f
    ({|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |} :: tl)
    intros; apply (finite_valid_trace_from_to_extend X); [| done].message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s', iom) (s, oom)
IHHtr: valid_state_prop X s
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X
         (input item)) tl
  → finite_valid_trace_from_to X s f tl
Hs: valid_state_prop X s'
H: option_valid_message_prop X
  (input
     {|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |})
H0: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item)) tl
H1: input_valid_transition X l (s', iom) (s, oom)
finite_valid_trace_from_to X s f tl
    by apply IHHtr; [eapply input_valid_transition_destination |].
  }message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s', iom) (s, oom)
IHHtr: valid_state_prop X s
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X
         (input item)) tl
  → finite_valid_trace_from_to X s f tl
Hs: valid_state_prop X s'
H: option_valid_message_prop X
  (input
     {|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |})
H0: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item)) tl
input_valid_transition X l (s', iom) (s, oom)
  destruct Ht as [(_ & _ & Hv) Ht].message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (s', iom)
Ht: transition l (s', iom) = (s, oom)
IHHtr: valid_state_prop X s
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X
         (input item)) tl
  → finite_valid_trace_from_to X s f tl
Hs: valid_state_prop X s'
H: option_valid_message_prop X
  (input
     {|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |})
H0: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item)) tl
input_valid_transition X l (s', iom) (s, oom)
  repeat split; [done | | done..].message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (s', iom)
Ht: transition l (s', iom) = (s, oom)
IHHtr: valid_state_prop X s
→ Forall
    (λ item : transition_item,
       option_valid_message_prop X
         (input item)) tl
  → finite_valid_trace_from_to X s f tl
Hs: valid_state_prop X s'
H: option_valid_message_prop X
  (input
     {|
       l := l;
       input := iom;
       destination := s;
       output := oom
     |})
H0: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item)) tl
option_valid_message_prop X iom
  by destruct iom; [| apply option_valid_message_None].
Qed.

Lemma pre_traces_with_valid_inputs_are_valid :
  forall (s f : state (preloaded_with_all_messages_vlsm X)) (tr : list transition_item),
    finite_constrained_trace_init_to X s f tr ->
    Forall (fun item => option_valid_message_prop X (input item)) tr ->
    finite_valid_trace_init_to X s f tr.message: Type
X: VLSM message
∀ (s f : state (preloaded_with_all_messages_vlsm X)) 
  (tr : list transition_item),
  finite_constrained_trace_init_to X s f tr
  → Forall
      (λ item : transition_item,
         option_valid_message_prop X (input item)) tr
    → finite_valid_trace_init_to X s f tr
Proof.message: Type
X: VLSM message
∀ (s f : state (preloaded_with_all_messages_vlsm X)) 
  (tr : list transition_item),
  finite_constrained_trace_init_to X s f tr
  → Forall
      (λ item : transition_item,
         option_valid_message_prop X (input item)) tr
    → finite_valid_trace_init_to X s f tr
  intros s f tr [Htr Hinit] Hobs.message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tr
Hinit: initial_state_prop s
Hobs: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item))
  tr
finite_valid_trace_init_to X s f tr
  split; [| done].message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tr
Hinit: initial_state_prop s
Hobs: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item))
  tr
finite_valid_trace_from_to X s f tr
  apply pre_trace_segments_with_valid_inputs_are_valid; [done | | done].message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tr
Hinit: initial_state_prop s
Hobs: Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item))
  tr
valid_state_prop X s
  by apply initial_state_is_valid.
Qed.

End sec_preloaded_with_all_messages_vlsm.

Section sec_preloaded_valid_transition.

Context
  `(X : VLSM message)
  .

Lemma valid_transition_preloaded_iff :
  forall (l : label X) (s1 : state X) (iom : option message) (s2 : state X) (oom : option message),
    valid_transition X l s1 iom s2 oom
      <->
    valid_transition (preloaded_with_all_messages_vlsm X) l s1 iom s2 oom.message: Type
X: VLSM message
∀ (l : label X) (s1 : state X) (iom : option message) 
  (s2 : state X) (oom : option message),
  valid_transition X l s1 iom s2 oom
  ↔ valid_transition
      (preloaded_with_all_messages_vlsm X) l s1 iom s2
      oom
Proof.message: Type
X: VLSM message
∀ (l : label X) (s1 : state X) (iom : option message) 
  (s2 : state X) (oom : option message),
  valid_transition X l s1 iom s2 oom
  ↔ valid_transition
      (preloaded_with_all_messages_vlsm X) l s1 iom s2
      oom by firstorder. Qed.

Lemma valid_transition_next_preloaded_iff :
  forall (s1 s2 : state X),
    valid_transition_next X s1 s2
      <->
    valid_transition_next (preloaded_with_all_messages_vlsm X) s1 s2.message: Type
X: VLSM message
∀ s1 s2 : state X,
  valid_transition_next X s1 s2
  ↔ valid_transition_next
      (preloaded_with_all_messages_vlsm X) s1 s2
Proof.message: Type
X: VLSM message
∀ s1 s2 : state X,
  valid_transition_next X s1 s2
  ↔ valid_transition_next
      (preloaded_with_all_messages_vlsm X) s1 s2
  by split; intros []; econstructor; apply valid_transition_preloaded_iff.
Qed.

End sec_preloaded_valid_transition.

Section sec_preloaded_vlsm_total_projection.

Context
  {message : Type}
  (X Y : VLSM message)
  (P Q : message -> Prop)
  (label_project : label X -> option (label Y))
  (state_project : state X -> state Y)
  (Hvalid : strong_projection_valid_preservation X Y label_project state_project)
  (Htransition_Some : strong_projection_transition_preservation_Some X Y label_project state_project)
  (Htransition_None : strong_projection_transition_consistency_None _ _ label_project state_project)
  (Hstate : strong_projection_initial_state_preservation X Y state_project)
  (Hmessage : weak_projection_valid_message_preservation
    (preloaded_vlsm X P) (preloaded_vlsm Y Q) label_project state_project)
  .

Lemma basic_VLSM_projection_type_preloaded :
  VLSM_projection_type (preloaded_with_all_messages_vlsm X) Y label_project state_project.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y label_project
  state_project
Proof.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y label_project
  state_project
  constructor.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
∀ (sX : state (preloaded_with_all_messages_vlsm X)) 
  (trX : list transition_item),
  finite_valid_trace_from
    (preloaded_with_all_messages_vlsm X) sX trX
  → state_project (finite_trace_last sX trX) =
    finite_trace_last (state_project sX)
      (pre_VLSM_projection_finite_trace_project
         (preloaded_with_all_messages_vlsm X) Y
         label_project state_project trX)
  intros is tr Htr.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
is: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
Htr: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm X) is tr
state_project (finite_trace_last is tr) =
finite_trace_last (state_project is)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X) Y
     label_project state_project tr)
  induction Htr using finite_valid_trace_from_rev_ind; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
s: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
Htr: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm X) s tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: state_project (finite_trace_last s tr) =
finite_trace_last (state_project s)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X) Y
     label_project state_project tr)
state_project (finite_trace_last s (tr ++ [x])) =
finite_trace_last (state_project s)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X) Y
     label_project state_project (tr ++ [x]))
  rewrite pre_VLSM_projection_finite_trace_project_app, finite_trace_last_is_last,
    finite_trace_last_app, <- IHHtr; cbn.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
s: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
Htr: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm X) s tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: state_project (finite_trace_last s tr) =
finite_trace_last (state_project s)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X) Y
     label_project state_project tr)
state_project sf =
List.last
  (map destination
     match
       pre_VLSM_projection_transition_item_project X Y
         label_project state_project x
     with
     | Some y => [y]
     | None => []
     end) (state_project (finite_trace_last s tr))
  unfold pre_VLSM_projection_transition_item_project.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
s: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
Htr: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm X) s tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: state_project (finite_trace_last s tr) =
finite_trace_last (state_project s)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X) Y
     label_project state_project tr)
state_project sf =
List.last
  (map destination
     match
       match label_project (VLSM.l x) with
       | Some lY =>
           Some
             {|
               l := lY;
               input := input x;
               destination :=
                 state_project (destination x);
               output := output x
             |}
       | None => None
       end
     with
     | Some y => [y]
     | None => []
     end) (state_project (finite_trace_last s tr))
  destruct (label_project _) as [lY |] eqn: Hl; cbn; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
s: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
Htr: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm X) s tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: state_project (finite_trace_last s tr) =
finite_trace_last (state_project s)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X) Y
     label_project state_project tr)
Hl: label_project (VLSM.l x) = None
state_project sf =
state_project (finite_trace_last s tr)
  by rewrite Htransition_None; [.. | apply Hx].
Qed.

Lemma basic_VLSM_projection_preloaded :
  VLSM_projection
    (preloaded_with_all_messages_vlsm X)
    (preloaded_with_all_messages_vlsm Y)
    label_project state_project.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
VLSM_projection (preloaded_with_all_messages_vlsm X)
  (preloaded_with_all_messages_vlsm Y) label_project
  state_project
Proof.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
VLSM_projection (preloaded_with_all_messages_vlsm X)
  (preloaded_with_all_messages_vlsm Y) label_project
  state_project
  pose proof (Htype := basic_VLSM_projection_type_preloaded).message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
VLSM_projection (preloaded_with_all_messages_vlsm X)
  (preloaded_with_all_messages_vlsm Y) label_project
  state_project
  constructor; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
∀ (sX : state (preloaded_with_all_messages_vlsm X)) 
  (trX : list transition_item),
  finite_valid_trace
    (preloaded_with_all_messages_vlsm X) sX trX
  → finite_valid_trace
      (preloaded_with_all_messages_vlsm Y)
      (state_project sX)
      (pre_VLSM_projection_finite_trace_project
         (preloaded_with_all_messages_vlsm X)
         (preloaded_with_all_messages_vlsm Y)
         label_project state_project trX)
  intros sX trX HtrX.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
sX: state (preloaded_with_all_messages_vlsm X)
trX: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) sX trX
finite_valid_trace
  (preloaded_with_all_messages_vlsm Y)
  (state_project sX)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project trX)
  split; [| by apply Hstate; apply HtrX].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
sX: state (preloaded_with_all_messages_vlsm X)
trX: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) sX trX
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project sX)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project trX)
  induction HtrX using finite_valid_trace_rev_ind;
    [by constructor; apply initial_state_is_valid, Hstate |].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project (tr ++ [x]))
  rewrite pre_VLSM_projection_finite_trace_project_app.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr ++
   pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project [x])
  apply finite_valid_trace_from_app_iff.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
∧ finite_valid_trace_from
    (preloaded_with_all_messages_vlsm Y)
    (finite_trace_last (state_project si)
       (pre_VLSM_projection_finite_trace_project
          (preloaded_with_all_messages_vlsm X)
          (preloaded_with_all_messages_vlsm Y)
          label_project state_project tr))
    (pre_VLSM_projection_finite_trace_project
       (preloaded_with_all_messages_vlsm X)
       (preloaded_with_all_messages_vlsm Y)
       label_project state_project [x])
  split; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (finite_trace_last (state_project si)
     (pre_VLSM_projection_finite_trace_project
        (preloaded_with_all_messages_vlsm X)
        (preloaded_with_all_messages_vlsm Y)
        label_project state_project tr))
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project [x])
  apply finite_valid_trace_last_pstate in IHHtrX.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (finite_trace_last (state_project si)
     (pre_VLSM_projection_finite_trace_project
        (preloaded_with_all_messages_vlsm X)
        (preloaded_with_all_messages_vlsm Y)
        label_project state_project tr))
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (finite_trace_last (state_project si)
     (pre_VLSM_projection_finite_trace_project
        (preloaded_with_all_messages_vlsm X)
        (preloaded_with_all_messages_vlsm Y)
        label_project state_project tr))
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project [x])
  rewrite <- (final_state_project _ _ _ _ Htype) in IHHtrX |- * by apply HtrX.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
  (pre_VLSM_projection_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project [x])
  cbn; unfold pre_VLSM_projection_transition_item_project; cbn.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
  match
    match label_project l with
    | Some lY =>
        Some
          {|
            l := lY;
            input := iom;
            destination := state_project sf;
            output := oom
          |}
    | None => None
    end
  with
  | Some y => [y]
  | None => []
  end
  destruct (label_project l) as [lY |] eqn: Hl;
    [| by apply (finite_valid_trace_from_empty (preloaded_with_all_messages_vlsm Y))].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
lY: label Y
Hl: label_project l = Some lY
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
  [{|
     l := lY;
     input := iom;
     destination := state_project sf;
     output := oom
   |}]
  apply (finite_valid_trace_singleton (preloaded_with_all_messages_vlsm Y)).message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
lY: label Y
Hl: label_project l = Some lY
input_valid_transition
  (preloaded_with_all_messages_vlsm Y) lY
  (state_project (finite_trace_last si tr), iom)
  (state_project sf, oom)
  destruct Hx as [(_ & _ & Hv) Ht].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
lY: label Y
Hl: label_project l = Some lY
input_valid_transition
  (preloaded_with_all_messages_vlsm Y) lY
  (state_project (finite_trace_last si tr), iom)
  (state_project sf, oom)
  repeat split; [done | ..].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
lY: label Y
Hl: label_project l = Some lY
option_valid_message_prop
  (preloaded_with_all_messages_vlsm Y) iom
message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
lY: label Y
Hl: label_project l = Some lY
valid lY
  (state_project (finite_trace_last si tr), iom)
message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
lY: label Y
Hl: label_project l = Some lY
transition lY
  (state_project (finite_trace_last si tr), iom) =
(state_project sf, oom)
  -message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
lY: label Y
Hl: label_project l = Some lY
option_valid_message_prop
  (preloaded_with_all_messages_vlsm Y) iom destruct iom; [| by apply option_valid_message_None].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
m: message
oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (finite_trace_last si tr, Some m)
Ht: transition l (finite_trace_last si tr, Some m) =
(sf, oom)
x:= {|
  l := l;
  input := Some m;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
lY: label Y
Hl: label_project l = Some lY
option_valid_message_prop
  (preloaded_with_all_messages_vlsm Y) (Some m)
    by apply any_message_is_valid_in_preloaded.
  -message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
lY: label Y
Hl: label_project l = Some lY
valid lY
  (state_project (finite_trace_last si tr), iom) by eapply Hvalid.
  -message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type
  (preloaded_with_all_messages_vlsm X) Y
  label_project state_project
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop
  (preloaded_with_all_messages_vlsm Y)
  (state_project (finite_trace_last si tr))
lY: label Y
Hl: label_project l = Some lY
transition lY
  (state_project (finite_trace_last si tr), iom) =
(state_project sf, oom) by eapply Htransition_Some.
Qed.

Lemma basic_VLSM_projection_type_preloaded_with :
  VLSM_projection_type (preloaded_vlsm X P) Y label_project state_project.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
Proof.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
  constructor.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
∀ (sX : state (preloaded_vlsm X P)) (trX : list
                                             transition_item),
  finite_valid_trace_from (preloaded_vlsm X P) sX trX
  → state_project (finite_trace_last sX trX) =
    finite_trace_last (state_project sX)
      (pre_VLSM_projection_finite_trace_project
         (preloaded_vlsm X P) Y label_project
         state_project trX)
  intros is tr Htr.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
is: state (preloaded_vlsm X P)
tr: list transition_item
Htr: finite_valid_trace_from 
  (preloaded_vlsm X P) is tr
state_project (finite_trace_last is tr) =
finite_trace_last (state_project is)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) Y label_project
     state_project tr)
  induction Htr using finite_valid_trace_from_rev_ind; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
s: state (preloaded_vlsm X P)
tr: list transition_item
Htr: finite_valid_trace_from 
  (preloaded_vlsm X P) s tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hx: input_valid_transition 
  (preloaded_vlsm X P) l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: state_project (finite_trace_last s tr) =
finite_trace_last (state_project s)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) Y label_project
     state_project tr)
state_project (finite_trace_last s (tr ++ [x])) =
finite_trace_last (state_project s)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) Y label_project
     state_project (tr ++ [x]))
  rewrite pre_VLSM_projection_finite_trace_project_app, finite_trace_last_is_last,
    finite_trace_last_app, <- IHHtr.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
s: state (preloaded_vlsm X P)
tr: list transition_item
Htr: finite_valid_trace_from 
  (preloaded_vlsm X P) s tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hx: input_valid_transition 
  (preloaded_vlsm X P) l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: state_project (finite_trace_last s tr) =
finite_trace_last (state_project s)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) Y label_project
     state_project tr)
state_project (destination x) =
finite_trace_last
  (state_project (finite_trace_last s tr))
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) Y label_project
     state_project [x])
  cbn; unfold pre_VLSM_projection_transition_item_project.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
s: state (preloaded_vlsm X P)
tr: list transition_item
Htr: finite_valid_trace_from 
  (preloaded_vlsm X P) s tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hx: input_valid_transition 
  (preloaded_vlsm X P) l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: state_project (finite_trace_last s tr) =
finite_trace_last (state_project s)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) Y label_project
     state_project tr)
state_project sf =
List.last
  (map destination
     match
       match label_project (VLSM.l x) with
       | Some lY =>
           Some
             {|
               l := lY;
               input := input x;
               destination :=
                 state_project (destination x);
               output := output x
             |}
       | None => None
       end
     with
     | Some y => [y]
     | None => []
     end) (state_project (finite_trace_last s tr))
  destruct (label_project _) as [lY |] eqn: Hl; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
s: state (preloaded_vlsm X P)
tr: list transition_item
Htr: finite_valid_trace_from 
  (preloaded_vlsm X P) s tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hx: input_valid_transition 
  (preloaded_vlsm X P) l
  (finite_trace_last s tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: state_project (finite_trace_last s tr) =
finite_trace_last (state_project s)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) Y label_project
     state_project tr)
Hl: label_project (VLSM.l x) = None
state_project sf =
List.last (map destination [])
  (state_project (finite_trace_last s tr))
  by rewrite Htransition_None; [.. | apply Hx].
Qed.

Lemma basic_VLSM_projection_preloaded_with :
  VLSM_projection (preloaded_vlsm X P) (preloaded_vlsm Y Q) label_project state_project.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
VLSM_projection (preloaded_vlsm X P)
  (preloaded_vlsm Y Q) label_project state_project
Proof.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
VLSM_projection (preloaded_vlsm X P)
  (preloaded_vlsm Y Q) label_project state_project
  pose proof (Htype := basic_VLSM_projection_type_preloaded_with).message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
VLSM_projection (preloaded_vlsm X P)
  (preloaded_vlsm Y Q) label_project state_project
  constructor; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
∀ (sX : state (preloaded_vlsm X P)) (trX : list
                                             transition_item),
  finite_valid_trace (preloaded_vlsm X P) sX trX
  → finite_valid_trace (preloaded_vlsm Y Q)
      (state_project sX)
      (pre_VLSM_projection_finite_trace_project
         (preloaded_vlsm X P) (preloaded_vlsm Y Q)
         label_project state_project trX)
  intros sX trX HtrX.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
sX: state (preloaded_vlsm X P)
trX: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) sX trX
finite_valid_trace (preloaded_vlsm Y Q)
  (state_project sX)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project trX)
  split; [| by apply Hstate; apply HtrX].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
sX: state (preloaded_vlsm X P)
trX: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) sX trX
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project sX)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project trX)
  induction HtrX using finite_valid_trace_rev_ind;
    [by constructor; apply initial_state_is_valid, Hstate |].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hx: input_valid_transition 
  (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project (tr ++ [x]))
  rewrite pre_VLSM_projection_finite_trace_project_app.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hx: input_valid_transition 
  (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project tr ++
   pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project [x])
  apply (finite_valid_trace_from_app_iff (preloaded_vlsm Y Q)).message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hx: input_valid_transition 
  (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project tr)
∧ finite_valid_trace_from (preloaded_vlsm Y Q)
    (finite_trace_last (state_project si)
       (pre_VLSM_projection_finite_trace_project
          (preloaded_vlsm X P) (preloaded_vlsm Y Q)
          label_project state_project tr))
    (pre_VLSM_projection_finite_trace_project
       (preloaded_vlsm X P) (preloaded_vlsm Y Q)
       label_project state_project [x])
  split; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hx: input_valid_transition 
  (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project si)
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (finite_trace_last (state_project si)
     (pre_VLSM_projection_finite_trace_project
        (preloaded_vlsm X P) (preloaded_vlsm Y Q)
        label_project state_project tr))
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project [x])
  apply finite_valid_trace_last_pstate in IHHtrX.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hx: input_valid_transition 
  (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (finite_trace_last (state_project si)
     (pre_VLSM_projection_finite_trace_project
        (preloaded_vlsm X P)
        (preloaded_vlsm Y Q) label_project
        state_project tr))
finite_valid_trace_from (preloaded_vlsm Y Q)
  (finite_trace_last (state_project si)
     (pre_VLSM_projection_finite_trace_project
        (preloaded_vlsm X P) (preloaded_vlsm Y Q)
        label_project state_project tr))
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project [x])
  apply proj1 in Hx as Hpv.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hx: input_valid_transition 
  (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (finite_trace_last (state_project si)
     (pre_VLSM_projection_finite_trace_project
        (preloaded_vlsm X P)
        (preloaded_vlsm Y Q) label_project
        state_project tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (finite_trace_last (state_project si)
     (pre_VLSM_projection_finite_trace_project
        (preloaded_vlsm X P) (preloaded_vlsm Y Q)
        label_project state_project tr))
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project [x])
  destruct Hx as [(_ & _ & Hv) Ht].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (finite_trace_last (state_project si)
     (pre_VLSM_projection_finite_trace_project
        (preloaded_vlsm X P)
        (preloaded_vlsm Y Q) label_project
        state_project tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (finite_trace_last (state_project si)
     (pre_VLSM_projection_finite_trace_project
        (preloaded_vlsm X P) (preloaded_vlsm Y Q)
        label_project state_project tr))
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project [x])
  rewrite <- (final_state_project _ _ _ _ Htype) in IHHtrX |- * by apply HtrX.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
  (pre_VLSM_projection_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project [x])
  cbn; unfold pre_VLSM_projection_transition_item_project; cbn.message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
  match
    match label_project l with
    | Some lY =>
        Some
          {|
            l := lY;
            input := iom;
            destination := state_project sf;
            output := oom
          |}
    | None => None
    end
  with
  | Some y => [y]
  | None => []
  end
  destruct (label_project l) as [lY |] eqn: Hl;
    [| by apply (finite_valid_trace_from_empty (preloaded_vlsm Y Q))].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
lY: label Y
Hl: label_project l = Some lY
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
  [{|
     l := lY;
     input := iom;
     destination := state_project sf;
     output := oom
   |}]
  apply (finite_valid_trace_singleton (preloaded_vlsm Y Q)).message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
lY: label Y
Hl: label_project l = Some lY
input_valid_transition (preloaded_vlsm Y Q) lY
  (state_project (finite_trace_last si tr), iom)
  (state_project sf, oom)
  repeat split; [done | ..].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
lY: label Y
Hl: label_project l = Some lY
option_valid_message_prop (preloaded_vlsm Y Q) iom
message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
lY: label Y
Hl: label_project l = Some lY
valid lY
  (state_project (finite_trace_last si tr), iom)
message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
lY: label Y
Hl: label_project l = Some lY
transition lY
  (state_project (finite_trace_last si tr), iom) =
(state_project sf, oom)
  -message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
lY: label Y
Hl: label_project l = Some lY
option_valid_message_prop (preloaded_vlsm Y Q) iom destruct iom; [| by apply option_valid_message_None].message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
m: message
oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, Some m)
Ht: transition l (finite_trace_last si tr, Some m) =
(sf, oom)
x:= {|
  l := l;
  input := Some m;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, Some m)
lY: label Y
Hl: label_project l = Some lY
option_valid_message_prop (preloaded_vlsm Y Q)
  (Some m)
    by eapply Hmessage.
  -message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
lY: label Y
Hl: label_project l = Some lY
valid lY
  (state_project (finite_trace_last si tr), iom) by eapply Hvalid.
  -message: Type
X, Y: VLSM message
P, Q: message → Prop
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalid: strong_projection_valid_preservation X Y
  label_project state_project
Htransition_Some: strong_projection_transition_preservation_Some
  X Y label_project state_project
Htransition_None: strong_projection_transition_consistency_None
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: weak_projection_valid_message_preservation
  (preloaded_vlsm X P) 
  (preloaded_vlsm Y Q) label_project
  state_project
Htype: VLSM_projection_type (preloaded_vlsm X P) Y
  label_project state_project
si: state (preloaded_vlsm X P)
tr: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) si tr
sf: state (preloaded_vlsm X P)
iom, oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: valid_state_prop (preloaded_vlsm Y Q)
  (state_project (finite_trace_last si tr))
Hpv: input_valid (preloaded_vlsm X P) l
  (finite_trace_last si tr, iom)
lY: label Y
Hl: label_project l = Some lY
transition lY
  (state_project (finite_trace_last si tr), iom) =
(state_project sf, oom) by eapply Htransition_Some.
Qed.

End sec_preloaded_vlsm_total_projection.

Section sec_preloaded_vlsm_embedding.

Context
  {message : Type}
  (X Y : VLSM message)
  (P Q : message -> Prop)
  (PimpliesQ : forall m : message, P m -> Q m)
  (label_project : label X -> label Y)
  (state_project : state X -> state Y)
  (Hvalid : strong_embedding_valid_preservation X Y label_project state_project)
  (Htransition : strong_embedding_transition_preservation  X Y label_project state_project)
  (Hstate : strong_projection_initial_state_preservation X Y state_project)
  (Hmessage : strong_embedding_initial_message_preservation X Y)
  .

Lemma basic_VLSM_embedding_preloaded :
  VLSM_embedding
    (preloaded_with_all_messages_vlsm X)
    (preloaded_with_all_messages_vlsm Y)
    label_project state_project.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
VLSM_embedding (preloaded_with_all_messages_vlsm X)
  (preloaded_with_all_messages_vlsm Y) label_project
  state_project
Proof.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
VLSM_embedding (preloaded_with_all_messages_vlsm X)
  (preloaded_with_all_messages_vlsm Y) label_project
  state_project
  constructor.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
∀ (sX : state (preloaded_with_all_messages_vlsm X)) 
  (trX : list transition_item),
  finite_valid_trace
    (preloaded_with_all_messages_vlsm X) sX trX
  → finite_valid_trace
      (preloaded_with_all_messages_vlsm Y)
      (state_project sX)
      (pre_VLSM_embedding_finite_trace_project
         (preloaded_with_all_messages_vlsm X)
         (preloaded_with_all_messages_vlsm Y)
         label_project state_project trX)
  intros sX trX HtrX.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
sX: state (preloaded_with_all_messages_vlsm X)
trX: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) sX trX
finite_valid_trace
  (preloaded_with_all_messages_vlsm Y)
  (state_project sX)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project trX)
  split; [| by apply Hstate; apply HtrX].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
sX: state (preloaded_with_all_messages_vlsm X)
trX: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) sX trX
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project sX)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project trX)
  induction HtrX using finite_valid_trace_rev_ind;
    [by constructor; apply initial_state_is_valid, Hstate |].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project (tr ++ [x]))
  setoid_rewrite map_app.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (map
     (pre_VLSM_embedding_transition_item_project
        (preloaded_with_all_messages_vlsm X)
        (preloaded_with_all_messages_vlsm Y)
        label_project state_project) tr ++
   map
     (pre_VLSM_embedding_transition_item_project
        (preloaded_with_all_messages_vlsm X)
        (preloaded_with_all_messages_vlsm Y)
        label_project state_project) [x])
  apply finite_valid_trace_from_app_iff.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (map
     (pre_VLSM_embedding_transition_item_project
        (preloaded_with_all_messages_vlsm X)
        (preloaded_with_all_messages_vlsm Y)
        label_project state_project) tr)
∧ finite_valid_trace_from
    (preloaded_with_all_messages_vlsm Y)
    (finite_trace_last (state_project si)
       (map
          (pre_VLSM_embedding_transition_item_project
             (preloaded_with_all_messages_vlsm X)
             (preloaded_with_all_messages_vlsm Y)
             label_project state_project) tr))
    (map
       (pre_VLSM_embedding_transition_item_project
          (preloaded_with_all_messages_vlsm X)
          (preloaded_with_all_messages_vlsm Y)
          label_project state_project) [x])
  split; cbn; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (finite_trace_last (state_project si)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr))
  [pre_VLSM_embedding_transition_item_project X Y
     label_project state_project x]
  apply (finite_valid_trace_singleton (preloaded_with_all_messages_vlsm Y)).message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hx: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
input_valid_transition
  (preloaded_with_all_messages_vlsm Y)
  (label_project (VLSM.l x))
  (finite_trace_last (state_project si)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr), input x)
  (state_project (destination x), output x)
  destruct Hx as [(_ & _ & Hv) Ht].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid l (finite_trace_last si tr, iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
input_valid_transition
  (preloaded_with_all_messages_vlsm Y)
  (label_project (VLSM.l x))
  (finite_trace_last (state_project si)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr), input x)
  (state_project (destination x), output x)
  apply Hvalid in Hv.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid (label_project l)
  (state_project (finite_trace_last si tr), iom)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
input_valid_transition
  (preloaded_with_all_messages_vlsm Y)
  (label_project (VLSM.l x))
  (finite_trace_last (state_project si)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr), input x)
  (state_project (destination x), output x)
  apply Htransition in Ht.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid (label_project l)
  (state_project (finite_trace_last si tr), iom)
Ht: transition (label_project l)
  (state_project (finite_trace_last si tr), iom) =
(state_project sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
input_valid_transition
  (preloaded_with_all_messages_vlsm Y)
  (label_project (VLSM.l x))
  (finite_trace_last (state_project si)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr), input x)
  (state_project (destination x), output x)
  rewrite (pre_VLSM_embedding_finite_trace_last _ _ label_project state_project) in Hv, Ht.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid (label_project l)
  (finite_trace_last (state_project si)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom)
Ht: transition (label_project l)
  (finite_trace_last (state_project si)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom) =
(state_project sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
input_valid_transition
  (preloaded_with_all_messages_vlsm Y)
  (label_project (VLSM.l x))
  (finite_trace_last (state_project si)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr), input x)
  (state_project (destination x), output x)
  repeat split; [| | done..].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid (label_project l)
  (finite_trace_last (state_project si)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom)
Ht: transition (label_project l)
  (finite_trace_last (state_project si)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom) =
(state_project sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
valid_state_prop (preloaded_with_all_messages_vlsm Y)
  (finite_trace_last (state_project si)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr))
message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid (label_project l)
  (finite_trace_last (state_project si)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom)
Ht: transition (label_project l)
  (finite_trace_last (state_project si)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom) =
(state_project sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
option_valid_message_prop
  (preloaded_with_all_messages_vlsm Y) 
  (input x)
  -message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid (label_project l)
  (finite_trace_last (state_project si)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom)
Ht: transition (label_project l)
  (finite_trace_last (state_project si)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom) =
(state_project sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
valid_state_prop (preloaded_with_all_messages_vlsm Y)
  (finite_trace_last (state_project si)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr)) by apply finite_valid_trace_last_pstate in IHHtrX.
  -message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
si: state (preloaded_with_all_messages_vlsm X)
tr: list transition_item
HtrX: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) si tr
sf: state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Hv: valid (label_project l)
  (finite_trace_last (state_project si)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom)
Ht: transition (label_project l)
  (finite_trace_last (state_project si)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom) =
(state_project sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrX: finite_valid_trace_from
  (preloaded_with_all_messages_vlsm Y)
  (state_project si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_with_all_messages_vlsm X)
     (preloaded_with_all_messages_vlsm Y)
     label_project state_project tr)
option_valid_message_prop
  (preloaded_with_all_messages_vlsm Y) (input x) by apply any_message_is_valid_in_preloaded.
Qed.

Lemma basic_VLSM_embedding_preloaded_with :
  VLSM_embedding (preloaded_vlsm X P) (preloaded_vlsm Y Q) label_project state_project.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
VLSM_embedding (preloaded_vlsm X P)
  (preloaded_vlsm Y Q) label_project state_project
Proof.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
VLSM_embedding (preloaded_vlsm X P)
  (preloaded_vlsm Y Q) label_project state_project
  constructor.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
∀ (sX : state (preloaded_vlsm X P)) (trX : list
                                             transition_item),
  finite_valid_trace (preloaded_vlsm X P) sX trX
  → finite_valid_trace (preloaded_vlsm Y Q)
      (state_project sX)
      (pre_VLSM_embedding_finite_trace_project
         (preloaded_vlsm X P) (preloaded_vlsm Y Q)
         label_project state_project trX)
  intros sX trX HtrX.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
sX: state (preloaded_vlsm X P)
trX: list transition_item
HtrX: finite_valid_trace (preloaded_vlsm X P) sX trX
finite_valid_trace (preloaded_vlsm Y Q)
  (state_project sX)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project trX)
  apply valid_trace_add_default_last in HtrX.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
sX: state (preloaded_vlsm X P)
trX: list transition_item
HtrX: finite_valid_trace_init_to 
  (preloaded_vlsm X P) sX
  (finite_trace_last sX trX) trX
finite_valid_trace (preloaded_vlsm Y Q)
  (state_project sX)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project trX)
  split; [| by apply Hstate; apply HtrX].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
sX: state (preloaded_vlsm X P)
trX: list transition_item
HtrX: finite_valid_trace_init_to 
  (preloaded_vlsm X P) sX
  (finite_trace_last sX trX) trX
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project sX)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project trX)
  induction HtrX using finite_valid_trace_init_to_rev_strong_ind;
    [by constructor; apply initial_state_is_valid, Hstate |].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is, s: state (preloaded_vlsm X P)
tr: list transition_item
HtrX1: finite_valid_trace_init_to
  (preloaded_vlsm X P) is s tr
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: input_valid_transition 
  (preloaded_vlsm X P) l (
  s, iom) (sf, oom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project
     (tr ++
      [{|
         l := l;
         input := iom;
         destination := sf;
         output := oom
       |}]))
  setoid_rewrite map_app.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is, s: state (preloaded_vlsm X P)
tr: list transition_item
HtrX1: finite_valid_trace_init_to
  (preloaded_vlsm X P) is s tr
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: input_valid_transition 
  (preloaded_vlsm X P) l (
  s, iom) (sf, oom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project is)
  (map
     (pre_VLSM_embedding_transition_item_project
        (preloaded_vlsm X P) (preloaded_vlsm Y Q)
        label_project state_project) tr ++
   map
     (pre_VLSM_embedding_transition_item_project
        (preloaded_vlsm X P) (preloaded_vlsm Y Q)
        label_project state_project)
     [{|
        l := l;
        input := iom;
        destination := sf;
        output := oom
      |}])
  apply finite_valid_trace_from_app_iff.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is, s: state (preloaded_vlsm X P)
tr: list transition_item
HtrX1: finite_valid_trace_init_to
  (preloaded_vlsm X P) is s tr
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: input_valid_transition 
  (preloaded_vlsm X P) l (
  s, iom) (sf, oom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (state_project is)
  (map
     (pre_VLSM_embedding_transition_item_project
        (preloaded_vlsm X P) (preloaded_vlsm Y Q)
        label_project state_project) tr)
∧ finite_valid_trace_from (preloaded_vlsm Y Q)
    (finite_trace_last (state_project is)
       (map
          (pre_VLSM_embedding_transition_item_project
             (preloaded_vlsm X P) (preloaded_vlsm Y Q)
             label_project state_project) tr))
    (map
       (pre_VLSM_embedding_transition_item_project
          (preloaded_vlsm X P) (preloaded_vlsm Y Q)
          label_project state_project)
       [{|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}])
  split; cbn; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is, s: state (preloaded_vlsm X P)
tr: list transition_item
HtrX1: finite_valid_trace_init_to
  (preloaded_vlsm X P) is s tr
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: input_valid_transition 
  (preloaded_vlsm X P) l (
  s, iom) (sf, oom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
finite_valid_trace_from (preloaded_vlsm Y Q)
  (finite_trace_last (state_project is)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr))
  [pre_VLSM_embedding_transition_item_project X Y
     label_project state_project
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |}]
  apply (finite_valid_trace_singleton (preloaded_vlsm Y Q)).message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is, s: state (preloaded_vlsm X P)
tr: list transition_item
HtrX1: finite_valid_trace_init_to
  (preloaded_vlsm X P) is s tr
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: input_valid_transition 
  (preloaded_vlsm X P) l (
  s, iom) (sf, oom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
input_valid_transition (preloaded_vlsm Y Q)
  (label_project
     (VLSM.l
        {|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}))
  (finite_trace_last (state_project is)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr),
   input
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
  (state_project
     (destination
        {|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}),
   output
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
  destruct Ht as [(_ & _ & Hv) Ht].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is, s: state (preloaded_vlsm X P)
tr: list transition_item
HtrX1: finite_valid_trace_init_to
  (preloaded_vlsm X P) is s tr
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Hv: valid l (s, iom)
Ht: transition l (s, iom) = (sf, oom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
input_valid_transition (preloaded_vlsm Y Q)
  (label_project
     (VLSM.l
        {|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}))
  (finite_trace_last (state_project is)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr),
   input
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
  (state_project
     (destination
        {|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}),
   output
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
  apply Hvalid in Hv.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is, s: state (preloaded_vlsm X P)
tr: list transition_item
HtrX1: finite_valid_trace_init_to
  (preloaded_vlsm X P) is s tr
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Hv: valid (label_project l) (state_project s, iom)
Ht: transition l (s, iom) = (sf, oom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
input_valid_transition (preloaded_vlsm Y Q)
  (label_project
     (VLSM.l
        {|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}))
  (finite_trace_last (state_project is)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr),
   input
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
  (state_project
     (destination
        {|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}),
   output
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
  apply Htransition in Ht.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is, s: state (preloaded_vlsm X P)
tr: list transition_item
HtrX1: finite_valid_trace_init_to
  (preloaded_vlsm X P) is s tr
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Hv: valid (label_project l) (state_project s, iom)
Ht: transition (label_project l)
  (state_project s, iom) =
(state_project sf, oom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
input_valid_transition (preloaded_vlsm Y Q)
  (label_project
     (VLSM.l
        {|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}))
  (finite_trace_last (state_project is)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr),
   input
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
  (state_project
     (destination
        {|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}),
   output
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
  apply valid_trace_get_last in HtrX1.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is, s: state (preloaded_vlsm X P)
tr: list transition_item
HtrX1: finite_trace_last is tr = s
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Hv: valid (label_project l) (state_project s, iom)
Ht: transition (label_project l)
  (state_project s, iom) =
(state_project sf, oom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
input_valid_transition (preloaded_vlsm Y Q)
  (label_project
     (VLSM.l
        {|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}))
  (finite_trace_last (state_project is)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr),
   input
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
  (state_project
     (destination
        {|
          l := l;
          input := iom;
          destination := sf;
          output := oom
        |}),
   output
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
  subst s; cbn.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (state_project (finite_trace_last is tr), iom) =
(state_project sf, oom)
Hv: valid (label_project l)
  (state_project (finite_trace_last is tr), iom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
input_valid_transition (preloaded_vlsm Y Q)
  (label_project l)
  (finite_trace_last (state_project is)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr), iom)
  (state_project sf, oom)
  rewrite (pre_VLSM_embedding_finite_trace_last _ _ label_project state_project) in Hv, Ht.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom) =
(state_project sf, oom)
Hv: valid (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
input_valid_transition (preloaded_vlsm Y Q)
  (label_project l)
  (finite_trace_last (state_project is)
     (map
        (pre_VLSM_embedding_transition_item_project X
           Y label_project state_project) tr), iom)
  (state_project sf, oom)
  repeat split; [by apply finite_valid_trace_last_pstate in IHHtrX1 | | done..].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
iom: option message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr iom
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom) =
(state_project sf, oom)
Hv: valid (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), iom)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
option_valid_message_prop (preloaded_vlsm Y Q) iom
  destruct iom as [m |]; [| by apply option_valid_message_None].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
m: message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output
  (preloaded_vlsm X P) iom_tr 
  (Some m)
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m) = (state_project sf, oom)
Hv: valid (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
option_valid_message_prop (preloaded_vlsm Y Q)
  (Some m)
  unfold empty_initial_message_or_final_output in Heqiom.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
m: message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom: match has_last_or_null iom_tr with
| inleft (existT x (x0 ↾ _)) =>
    output x0 = Some m
| inright _ =>
    option_initial_message_prop
      (preloaded_vlsm X P) 
      (Some m)
end
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s iom_tr
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m) = (state_project sf, oom)
Hv: valid (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project iom_tr)
option_valid_message_prop (preloaded_vlsm Y Q)
  (Some m)
  destruct_list_last iom_tr iom_tr' iom_lst Heqiom_tr.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
m: message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom_tr: iom_tr = []
Heqiom: option_initial_message_prop
  (preloaded_vlsm X P) 
  (Some m)
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s []
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m) = (state_project sf, oom)
Hv: valid (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project [])
option_valid_message_prop (preloaded_vlsm Y Q)
  (Some m)
message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
m: message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr, iom_tr': list transition_item
iom_lst: transition_item
Heqiom_tr: iom_tr = iom_tr' ++ [iom_lst]
Heqiom: output iom_lst = Some m
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s
  (iom_tr' ++ [iom_lst])
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m) = (state_project sf, oom)
Hv: valid (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project (iom_tr' ++ [iom_lst]))
option_valid_message_prop 
  (preloaded_vlsm Y Q) 
  (Some m)
  -message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
m: message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr: list transition_item
Heqiom_tr: iom_tr = []
Heqiom: option_initial_message_prop
  (preloaded_vlsm X P) 
  (Some m)
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s []
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m) = (state_project sf, oom)
Hv: valid (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project [])
option_valid_message_prop (preloaded_vlsm Y Q)
  (Some m) by apply option_initial_message_is_valid; destruct Heqiom; cbn; itauto.
  -message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
m: message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr, iom_tr': list transition_item
iom_lst: transition_item
Heqiom_tr: iom_tr = iom_tr' ++ [iom_lst]
Heqiom: output iom_lst = Some m
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s
  (iom_tr' ++ [iom_lst])
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m) = (state_project sf, oom)
Hv: valid (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project (iom_tr' ++ [iom_lst]))
option_valid_message_prop (preloaded_vlsm Y Q)
  (Some m) eapply valid_trace_output_is_valid; [done |].message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
m: message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr, iom_tr': list transition_item
iom_lst: transition_item
Heqiom_tr: iom_tr = iom_tr' ++ [iom_lst]
Heqiom: output iom_lst = Some m
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s
  (iom_tr' ++ [iom_lst])
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m) = (state_project sf, oom)
Hv: valid (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project (iom_tr' ++ [iom_lst]))
trace_has_message (field_selector output) m
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P) (preloaded_vlsm Y Q)
     label_project state_project
     (iom_tr' ++ [iom_lst]))
    setoid_rewrite map_app.message: Type
X, Y: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
label_project: label X → label Y
state_project: state X → state Y
Hvalid: strong_embedding_valid_preservation X Y
  label_project state_project
Htransition: strong_embedding_transition_preservation
  X Y label_project state_project
Hstate: strong_projection_initial_state_preservation
  X Y state_project
Hmessage: strong_embedding_initial_message_preservation
  X Y
is: state (preloaded_vlsm X P)
tr: list transition_item
m: message
iom_si, iom_s: state (preloaded_vlsm X P)
iom_tr, iom_tr': list transition_item
iom_lst: transition_item
Heqiom_tr: iom_tr = iom_tr' ++ [iom_lst]
Heqiom: output iom_lst = Some m
HtrX2: finite_valid_trace_init_to
  (preloaded_vlsm X P) iom_si iom_s
  (iom_tr' ++ [iom_lst])
sf: state (preloaded_vlsm X P)
oom: option message
l: label (preloaded_vlsm X P)
Ht: transition (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m) = (state_project sf, oom)
Hv: valid (label_project l)
  (finite_trace_last (state_project is)
     (pre_VLSM_embedding_finite_trace_project X Y
        label_project state_project tr), 
   Some m)
IHHtrX1: finite_valid_trace_from 
  (preloaded_vlsm Y Q) 
  (state_project is)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project tr)
IHHtrX2: finite_valid_trace_from 
  (preloaded_vlsm Y Q)
  (state_project iom_si)
  (pre_VLSM_embedding_finite_trace_project
     (preloaded_vlsm X P)
     (preloaded_vlsm Y Q) label_project
     state_project (iom_tr' ++ [iom_lst]))
trace_has_message (field_selector output) m
  (map
     (pre_VLSM_embedding_transition_item_project
        (preloaded_vlsm X P) (preloaded_vlsm Y Q)
        label_project state_project) iom_tr' ++
   map
     (pre_VLSM_embedding_transition_item_project
        (preloaded_vlsm X P) (preloaded_vlsm Y Q)
        label_project state_project) [iom_lst])
    by apply Exists_app; right; left.
Qed.

End sec_preloaded_vlsm_embedding.

Section sec_preloaded_vlsm_inclusion.

Context
  {message : Type}
  {T : VLSMType message}
  (MX MY : VLSMMachine T)
  (X := mk_vlsm MX)
  (Y := mk_vlsm MY)
  .

Lemma basic_VLSM_incl_preloaded
  (Hinitial_state : strong_incl_initial_state_preservation MX MY)
  (Hvalid : strong_incl_valid_preservation MX MY)
  (Htransition : strong_incl_transition_preservation MX MY) :
    VLSM_incl (preloaded_with_all_messages_vlsm X) (preloaded_with_all_messages_vlsm Y).message: Type
T: VLSMType message
MX, MY: VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
Y:= {| vlsm_type := T; vlsm_machine := MY |}: VLSM message
Hinitial_state: strong_incl_initial_state_preservation
  MX MY
Hvalid: strong_incl_valid_preservation MX MY
Htransition: strong_incl_transition_preservation MX
  MY
VLSM_incl (preloaded_with_all_messages_vlsm X)
  (preloaded_with_all_messages_vlsm Y)
Proof.message: Type
T: VLSMType message
MX, MY: VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
Y:= {| vlsm_type := T; vlsm_machine := MY |}: VLSM message
Hinitial_state: strong_incl_initial_state_preservation
  MX MY
Hvalid: strong_incl_valid_preservation MX MY
Htransition: strong_incl_transition_preservation MX
  MY
VLSM_incl (preloaded_with_all_messages_vlsm X)
  (preloaded_with_all_messages_vlsm Y)
  by apply VLSM_incl_embedding_iff, (basic_VLSM_embedding_preloaded X Y id id).
Qed.

Lemma basic_VLSM_incl_preloaded_with
  (P Q : message -> Prop)
  (PimpliesQ : forall m : message, P m -> Q m)
  (Hvalid : strong_incl_valid_preservation MX MY)
  (Htransition : strong_incl_transition_preservation  MX MY)
  (Hstate : strong_incl_initial_state_preservation MX MY)
  (Hmessage : strong_incl_initial_message_preservation MX MY) :
    VLSM_incl (preloaded_vlsm X P) (preloaded_vlsm Y Q).message: Type
T: VLSMType message
MX, MY: VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
Y:= {| vlsm_type := T; vlsm_machine := MY |}: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
Hvalid: strong_incl_valid_preservation MX MY
Htransition: strong_incl_transition_preservation MX
  MY
Hstate: strong_incl_initial_state_preservation MX MY
Hmessage: strong_incl_initial_message_preservation MX
  MY
VLSM_incl (preloaded_vlsm X P) (preloaded_vlsm Y Q)
Proof.message: Type
T: VLSMType message
MX, MY: VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
Y:= {| vlsm_type := T; vlsm_machine := MY |}: VLSM message
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
Hvalid: strong_incl_valid_preservation MX MY
Htransition: strong_incl_transition_preservation MX
  MY
Hstate: strong_incl_initial_state_preservation MX MY
Hmessage: strong_incl_initial_message_preservation MX
  MY
VLSM_incl (preloaded_vlsm X P) (preloaded_vlsm Y Q)
  by apply VLSM_incl_embedding_iff, (basic_VLSM_embedding_preloaded_with X Y _ _ PimpliesQ id id).
Qed.

End sec_preloaded_vlsm_inclusion.

Section sec_VLSM_incl_preloaded_properties.

Context
  `(X : VLSM message)
  .

Lemma vlsm_incl_preloaded :
  forall (P : message -> Prop),
    VLSM_incl X (preloaded_vlsm X P).message: Type
X: VLSM message
∀ P : message → Prop, VLSM_incl X (preloaded_vlsm X P)
Proof.message: Type
X: VLSM message
∀ P : message → Prop, VLSM_incl X (preloaded_vlsm X P)
  by intros; apply basic_VLSM_strong_incl; cbv; itauto.
Qed.

Lemma vlsm_incl_preloaded_with_all_messages_vlsm :
  VLSM_incl X (preloaded_with_all_messages_vlsm X).message: Type
X: VLSM message
VLSM_incl X (preloaded_with_all_messages_vlsm X)
Proof.message: Type
X: VLSM message
VLSM_incl X (preloaded_with_all_messages_vlsm X)
  by apply vlsm_incl_preloaded.
Qed.

Lemma preloaded_vlsm_incl_relaxed :
  forall (P Q : message -> Prop),
    (forall m : message, P m -> Q m \/ valid_message_prop (preloaded_vlsm X Q) m) ->
    VLSM_incl (preloaded_vlsm X P) (preloaded_vlsm X Q).message: Type
X: VLSM message
∀ P Q : message → Prop,
  (∀ m : message,
     P m
     → Q m ∨ valid_message_prop (preloaded_vlsm X Q) m)
  → VLSM_incl (preloaded_vlsm X P)
      (preloaded_vlsm X Q)
Proof.message: Type
X: VLSM message
∀ P Q : message → Prop,
  (∀ m : message,
     P m
     → Q m ∨ valid_message_prop (preloaded_vlsm X Q) m)
  → VLSM_incl (preloaded_vlsm X P)
      (preloaded_vlsm X Q)
  intros P Q PimpliesQorValid.message: Type
X: VLSM message
P, Q: message → Prop
PimpliesQorValid: ∀ m : message,
  P m
  → Q m
    ∨ valid_message_prop
        (preloaded_vlsm X Q) m
VLSM_incl (preloaded_vlsm X P) (preloaded_vlsm X Q)
  apply basic_VLSM_incl; cycle 1; [| by cbv; itauto..].message: Type
X: VLSM message
P, Q: message → Prop
PimpliesQorValid: ∀ m : message,
  P m
  → Q m
    ∨ valid_message_prop
        (preloaded_vlsm X Q) m
weak_incl_initial_message_preservation
  (preloaded_vlsm_machine X P)
  (preloaded_vlsm_machine X Q)
  intros _ _ m _ _ [Him | Hp].message: Type
X: VLSM message
P, Q: message → Prop
PimpliesQorValid: ∀ m : message,
  P m
  → Q m
    ∨ valid_message_prop
        (preloaded_vlsm X Q) m
m: message
Him: initial_message_prop m
valid_message_prop
  {|
    vlsm_type := X;
    vlsm_machine := preloaded_vlsm_machine X Q
  |} m
message: Type
X: VLSM message
P, Q: message → Prop
PimpliesQorValid: ∀ m : message,
  P m
  → Q m
    ∨ valid_message_prop
        (preloaded_vlsm X Q) m
m: message
Hp: P m
valid_message_prop
  {|
    vlsm_type := X;
    vlsm_machine := preloaded_vlsm_machine X Q
  |} m
  -message: Type
X: VLSM message
P, Q: message → Prop
PimpliesQorValid: ∀ m : message,
  P m
  → Q m
    ∨ valid_message_prop
        (preloaded_vlsm X Q) m
m: message
Him: initial_message_prop m
valid_message_prop
  {|
    vlsm_type := X;
    vlsm_machine := preloaded_vlsm_machine X Q
  |} m by apply initial_message_is_valid; left.
  -message: Type
X: VLSM message
P, Q: message → Prop
PimpliesQorValid: ∀ m : message,
  P m
  → Q m
    ∨ valid_message_prop
        (preloaded_vlsm X Q) m
m: message
Hp: P m
valid_message_prop
  {|
    vlsm_type := X;
    vlsm_machine := preloaded_vlsm_machine X Q
  |} m apply PimpliesQorValid in Hp as []; [| done].message: Type
X: VLSM message
P, Q: message → Prop
PimpliesQorValid: ∀ m : message,
  P m
  → Q m
    ∨ valid_message_prop
        (preloaded_vlsm X Q) m
m: message
H: Q m
valid_message_prop
  {|
    vlsm_type := X;
    vlsm_machine := preloaded_vlsm_machine X Q
  |} m
    by apply initial_message_is_valid; right.
Qed.

Lemma preloaded_vlsm_incl :
  forall (P Q : message -> Prop),
    (forall m : message, P m -> Q m) ->
    VLSM_incl (preloaded_vlsm X P) (preloaded_vlsm X Q).message: Type
X: VLSM message
∀ P Q : message → Prop,
  (∀ m : message, P m → Q m)
  → VLSM_incl (preloaded_vlsm X P)
      (preloaded_vlsm X Q)
Proof.message: Type
X: VLSM message
∀ P Q : message → Prop,
  (∀ m : message, P m → Q m)
  → VLSM_incl (preloaded_vlsm X P)
      (preloaded_vlsm X Q)
  by intros; apply preloaded_vlsm_incl_relaxed; itauto.
Qed.

Lemma preloaded_vlsm_idem_l :
  forall (P : message -> Prop),
    VLSM_incl (preloaded_vlsm (preloaded_vlsm X P) P) (preloaded_vlsm X P).message: Type
X: VLSM message
∀ P : message → Prop,
  VLSM_incl (preloaded_vlsm (preloaded_vlsm X P) P)
    (preloaded_vlsm X P)
Proof.message: Type
X: VLSM message
∀ P : message → Prop,
  VLSM_incl (preloaded_vlsm (preloaded_vlsm X P) P)
    (preloaded_vlsm X P)
  by intros; apply basic_VLSM_strong_incl; cbv; itauto.
Qed.

Lemma preloaded_vlsm_idem_r :
  forall (P : message -> Prop),
    VLSM_incl (preloaded_vlsm X P) (preloaded_vlsm (preloaded_vlsm X P) P).message: Type
X: VLSM message
∀ P : message → Prop,
  VLSM_incl (preloaded_vlsm X P)
    (preloaded_vlsm (preloaded_vlsm X P) P)
Proof.message: Type
X: VLSM message
∀ P : message → Prop,
  VLSM_incl (preloaded_vlsm X P)
    (preloaded_vlsm (preloaded_vlsm X P) P)
  by intros; apply basic_VLSM_incl_preloaded_with; cbv; itauto.
Qed.

Lemma preloaded_vlsm_incl_preloaded_with_all_messages :
  forall (P : message -> Prop),
    VLSM_incl (preloaded_vlsm X P) (preloaded_with_all_messages_vlsm X).message: Type
X: VLSM message
∀ P : message → Prop,
  VLSM_incl (preloaded_vlsm X P)
    (preloaded_with_all_messages_vlsm X)
Proof.message: Type
X: VLSM message
∀ P : message → Prop,
  VLSM_incl (preloaded_vlsm X P)
    (preloaded_with_all_messages_vlsm X)
  by intros; apply preloaded_vlsm_incl.
Qed.

Lemma preloaded_with_all_messages_can_emit :
  forall (m : message),
    can_emit X m ->
    can_emit (preloaded_with_all_messages_vlsm X) m.message: Type
X: VLSM message
∀ m : message,
  can_emit X m
  → can_emit (preloaded_with_all_messages_vlsm X) m
Proof.message: Type
X: VLSM message
∀ m : message,
  can_emit X m
  → can_emit (preloaded_with_all_messages_vlsm X) m
  intros m Hm.message: Type
X: VLSM message
m: message
Hm: can_emit X m
can_emit (preloaded_with_all_messages_vlsm X) m
  apply (VLSM_incl_can_emit vlsm_incl_preloaded_with_all_messages_vlsm).message: Type
X: VLSM message
m: message
Hm: can_emit X m
can_emit {| vlsm_type := X; vlsm_machine := X |} m
  by rewrite mk_vlsm_machine.
Qed.

Lemma preloaded_weaken_finite_valid_trace_from :
  forall (from : state X) (tr : list transition_item),
    finite_valid_trace_from X from tr ->
    finite_constrained_trace_from X from tr.message: Type
X: VLSM message
∀ (from : state X) (tr : list transition_item),
  finite_valid_trace_from X from tr
  → finite_constrained_trace_from X from tr
Proof.message: Type
X: VLSM message
∀ (from : state X) (tr : list transition_item),
  finite_valid_trace_from X from tr
  → finite_constrained_trace_from X from tr
  by intros; eapply VLSM_incl_finite_valid_trace_from;
    [apply vlsm_incl_preloaded_with_all_messages_vlsm | destruct X].
Qed.

Lemma preloaded_weaken_finite_valid_trace_from_to :
  forall (from to : state X) (tr : list transition_item),
    finite_valid_trace_from_to X from to tr ->
    finite_constrained_trace_from_to X from to tr.message: Type
X: VLSM message
∀ (from to : state X) (tr : list transition_item),
  finite_valid_trace_from_to X from to tr
  → finite_constrained_trace_from_to X from to tr
Proof.message: Type
X: VLSM message
∀ (from to : state X) (tr : list transition_item),
  finite_valid_trace_from_to X from to tr
  → finite_constrained_trace_from_to X from to tr
  by intros; eapply VLSM_incl_finite_valid_trace_from_to;
    [apply vlsm_incl_preloaded_with_all_messages_vlsm | destruct X].
Qed.

End sec_VLSM_incl_preloaded_properties.

Section sec_VLSM_eq_preloaded_properties.

Context
  `(X : VLSM message)
  .

Lemma preloaded_vlsm_with_valid_eq :
  forall (P Q : message -> Prop),
    (forall m, Q m -> valid_message_prop (preloaded_vlsm X P) m) ->
    VLSM_eq (preloaded_vlsm X (fun m => P m \/ Q m)) (preloaded_vlsm X P).message: Type
X: VLSM message
∀ P Q : message → Prop,
  (∀ m : message,
     Q m → valid_message_prop (preloaded_vlsm X P) m)
  → VLSM_eq
      (preloaded_vlsm X (λ m : message, P m ∨ Q m))
      (preloaded_vlsm X P)
Proof.message: Type
X: VLSM message
∀ P Q : message → Prop,
  (∀ m : message,
     Q m → valid_message_prop (preloaded_vlsm X P) m)
  → VLSM_eq
      (preloaded_vlsm X (λ m : message, P m ∨ Q m))
      (preloaded_vlsm X P)
  split; cbn.message: Type
X: VLSM message
P, Q: message → Prop
H: ∀ m : message,
  Q m → valid_message_prop (preloaded_vlsm X P) m
VLSM_incl_part
  (preloaded_vlsm_machine X (λ m : message, P m ∨ Q m))
  (preloaded_vlsm_machine X P)
message: Type
X: VLSM message
P, Q: message → Prop
H: ∀ m : message,
  Q m → valid_message_prop (preloaded_vlsm X P) m
VLSM_incl_part (preloaded_vlsm_machine X P)
  (preloaded_vlsm_machine X (λ m : message, P m ∨ Q m))
  -message: Type
X: VLSM message
P, Q: message → Prop
H: ∀ m : message,
  Q m → valid_message_prop (preloaded_vlsm X P) m
VLSM_incl_part
  (preloaded_vlsm_machine X (λ m : message, P m ∨ Q m))
  (preloaded_vlsm_machine X P) by apply preloaded_vlsm_incl_relaxed; itauto.
  -message: Type
X: VLSM message
P, Q: message → Prop
H: ∀ m : message,
  Q m → valid_message_prop (preloaded_vlsm X P) m
VLSM_incl_part (preloaded_vlsm_machine X P)
  (preloaded_vlsm_machine X (λ m : message, P m ∨ Q m)) by apply preloaded_vlsm_incl; itauto.
Qed.

Lemma preloaded_vlsm_idem :
  forall (P : message -> Prop),
    VLSM_eq (preloaded_vlsm (preloaded_vlsm X P) P) (preloaded_vlsm X P).message: Type
X: VLSM message
∀ P : message → Prop,
  VLSM_eq (preloaded_vlsm (preloaded_vlsm X P) P)
    (preloaded_vlsm X P)
Proof.message: Type
X: VLSM message
∀ P : message → Prop,
  VLSM_eq (preloaded_vlsm (preloaded_vlsm X P) P)
    (preloaded_vlsm X P)
  split; cbn.message: Type
X: VLSM message
P: message → Prop
VLSM_incl_part
  (preloaded_vlsm_machine (preloaded_vlsm X P) P)
  (preloaded_vlsm_machine X P)
message: Type
X: VLSM message
P: message → Prop
VLSM_incl_part (preloaded_vlsm_machine X P)
  (preloaded_vlsm_machine (preloaded_vlsm X P) P)
  -message: Type
X: VLSM message
P: message → Prop
VLSM_incl_part
  (preloaded_vlsm_machine (preloaded_vlsm X P) P)
  (preloaded_vlsm_machine X P) by apply preloaded_vlsm_idem_l.
  -message: Type
X: VLSM message
P: message → Prop
VLSM_incl_part (preloaded_vlsm_machine X P)
  (preloaded_vlsm_machine (preloaded_vlsm X P) P) by apply preloaded_vlsm_idem_r.
Qed.

Lemma preloaded_with_all_messages_eq_validating_preloaded_vlsm :
  forall (P : message -> Prop),
    (forall (l : label _) (s : state _) (m : message),
      input_constrained X l (s, Some m) -> valid_message_prop (preloaded_vlsm X P) m) ->
  VLSM_eq (preloaded_with_all_messages_vlsm X) (preloaded_vlsm X P).message: Type
X: VLSM message
∀ P : message → Prop,
  (∀ (l : label (preloaded_with_all_messages_vlsm X)) 
     (s : state (preloaded_with_all_messages_vlsm X)) 
     (m : message),
     input_constrained X l (s, Some m)
     → valid_message_prop (preloaded_vlsm X P) m)
  → VLSM_eq (preloaded_with_all_messages_vlsm X)
      (preloaded_vlsm X P)
Proof.message: Type
X: VLSM message
∀ P : message → Prop,
  (∀ (l : label (preloaded_with_all_messages_vlsm X)) 
     (s : state (preloaded_with_all_messages_vlsm X)) 
     (m : message),
     input_constrained X l (s, Some m)
     → valid_message_prop (preloaded_vlsm X P) m)
  → VLSM_eq (preloaded_with_all_messages_vlsm X)
      (preloaded_vlsm X P)
  intros P Hvalidating.message: Type
X: VLSM message
P: message → Prop
Hvalidating: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (m : message),
  input_constrained X l (s, Some m)
  → valid_message_prop
      (preloaded_vlsm X P) m
VLSM_eq (preloaded_with_all_messages_vlsm X)
  (preloaded_vlsm X P)
  split; cbn; [| by apply preloaded_vlsm_incl_preloaded_with_all_messages].message: Type
X: VLSM message
P: message → Prop
Hvalidating: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (m : message),
  input_constrained X l (s, Some m)
  → valid_message_prop
      (preloaded_vlsm X P) m
VLSM_incl_part
  (preloaded_vlsm_machine X (λ _ : message, True))
  (preloaded_vlsm_machine X P)
  apply basic_VLSM_incl.message: Type
X: VLSM message
P: message → Prop
Hvalidating: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (m : message),
  input_constrained X l (s, Some m)
  → valid_message_prop
      (preloaded_vlsm X P) m
strong_incl_initial_state_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ True;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
message: Type
X: VLSM message
P: message → Prop
Hvalidating: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (m : message),
  input_constrained X l (s, Some m)
  → valid_message_prop
      (preloaded_vlsm X P) m
weak_incl_initial_message_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ True;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
message: Type
X: VLSM message
P: message → Prop
Hvalidating: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (m : message),
  input_constrained X l (s, Some m)
  → valid_message_prop
      (preloaded_vlsm X P) m
weak_incl_valid_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ True;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
message: Type
X: VLSM message
P: message → Prop
Hvalidating: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (m : message),
  input_constrained X l (s, Some m)
  → valid_message_prop
      (preloaded_vlsm X P) m
weak_incl_transition_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ True;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  -message: Type
X: VLSM message
P: message → Prop
Hvalidating: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (m : message),
  input_constrained X l (s, Some m)
  → valid_message_prop
      (preloaded_vlsm X P) m
strong_incl_initial_state_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ True;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} by intro.
  -message: Type
X: VLSM message
P: message → Prop
Hvalidating: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (m : message),
  input_constrained X l (s, Some m)
  → valid_message_prop
      (preloaded_vlsm X P) m
weak_incl_initial_message_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ True;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} by intros l s m Hv _ _; eapply Hvalidating.
  -message: Type
X: VLSM message
P: message → Prop
Hvalidating: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (m : message),
  input_constrained X l (s, Some m)
  → valid_message_prop
      (preloaded_vlsm X P) m
weak_incl_valid_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ True;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} by intros l s om (_ & _ & ?).
  -message: Type
X: VLSM message
P: message → Prop
Hvalidating: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (m : message),
  input_constrained X l (s, Some m)
  → valid_message_prop
      (preloaded_vlsm X P) m
weak_incl_transition_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ True;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 := s0 X X;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} by intros l s om s' om' [_ Ht].
Qed.

Lemma vlsm_is_preloaded_with_False :
  VLSM_eq X (preloaded_vlsm X (fun _ => False)).message: Type
X: VLSM message
VLSM_eq X (preloaded_vlsm X (λ _ : message, False))
Proof.message: Type
X: VLSM message
VLSM_eq X (preloaded_vlsm X (λ _ : message, False))
  by cbn; split; apply basic_VLSM_strong_incl; cbv; itauto.
Qed.

Lemma vlsm_is_preloaded_with_False_initial_message :
  strong_embedding_initial_message_preservation X (preloaded_vlsm X (fun _ => False)).message: Type
X: VLSM message
strong_embedding_initial_message_preservation X
  (preloaded_vlsm X (λ _ : message, False))
Proof.message: Type
X: VLSM message
strong_embedding_initial_message_preservation X
  (preloaded_vlsm X (λ _ : message, False))
  by intros m Hm; left.
Qed.

Lemma vlsm_is_preloaded_with_False_initial_message_rev :
  strong_embedding_initial_message_preservation (preloaded_vlsm X (fun _ => False)) X.message: Type
X: VLSM message
strong_embedding_initial_message_preservation
  (preloaded_vlsm X (λ _ : message, False)) X
Proof.message: Type
X: VLSM message
strong_embedding_initial_message_preservation
  (preloaded_vlsm X (λ _ : message, False)) X
  by intros m [].
Qed.

Lemma vlsm_is_preloaded_with_False_valid_state_message :
  forall (s : state X) (om : option message),
    valid_state_message_prop X s om
      <->
    valid_state_message_prop (preloaded_vlsm X (fun _ => False)) s om.message: Type
X: VLSM message
∀ (s : state X) (om : option message),
  valid_state_message_prop X s om
  ↔ valid_state_message_prop
      (preloaded_vlsm X (λ _ : message, False)) s om
Proof.message: Type
X: VLSM message
∀ (s : state X) (om : option message),
  valid_state_message_prop X s om
  ↔ valid_state_message_prop
      (preloaded_vlsm X (λ _ : message, False)) s om
  destruct vlsm_is_preloaded_with_False as [Heq1 Heq2].message: Type
X: VLSM message
Heq1: VLSM_incl
  {| vlsm_type := X; vlsm_machine := X |}
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (λ _ : message, False)
  |}
Heq2: VLSM_incl
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (λ _ : message, False)
  |} {| vlsm_type := X; vlsm_machine := X |}
∀ (s : state X) (om : option message),
  valid_state_message_prop X s om
  ↔ valid_state_message_prop
      (preloaded_vlsm X (λ _ : message, False)) s om
  destruct X as [T M]; cbn in *.message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Heq1: VLSM_incl_part M
  (preloaded_vlsm_machine
     {| vlsm_type := T; vlsm_machine := M |}
     (λ _ : message, False))
Heq2: VLSM_incl_part
  (preloaded_vlsm_machine
     {| vlsm_type := T; vlsm_machine := M |}
     (λ _ : message, False)) M
∀ (s : state T) (om : option message),
  valid_state_message_prop
    {| vlsm_type := T; vlsm_machine := M |} s om
  ↔ valid_state_message_prop
      (preloaded_vlsm
         {| vlsm_type := T; vlsm_machine := M |}
         (λ _ : message, False)) s om
  by split; (apply VLSM_incl_valid_state_message; [| cbv]); itauto.
Qed.

End sec_VLSM_eq_preloaded_properties.

Direct definitions of constrained traces, states and messages

In the above formalization, "valid" concepts are defined first, then "constrained" ones are derived from them, expressed as validity within the preloaded_with_all_messages_vlsm.

In this section we state the original mathematical definitions (as presented in the VLSM paper) and we show them equivalent to the ones defined above.

Section sec_constrained_direct_defs.

Context
  `(X : VLSM message)
  .

A sequence of constrained transitions, without any requirements on the starting state.

Inductive constrained_transitions_from_to
  : state X -> state X -> list (transition_item X) -> Prop :=
| ct_empty :
    forall (s : state X),
      constrained_transitions_from_to s s []
| ct_extend :
    forall (s s' f : state X) (om om' : option message) (l : label X) (tr : list transition_item),
      transition X l (s, om) = (s', om') ->
      valid X l (s, om) -> constrained_transitions_from_to s' f tr ->
      constrained_transitions_from_to s f (Build_transition_item l om s' om' :: tr).

A constrained state is a sequence of constrained transitions originating in an initial state.

Definition finite_constrained_trace_init_to_direct
  (s f : state X) (tr : list (transition_item X)) : Prop :=
    constrained_transitions_from_to s f tr /\ initial_state_prop X s.

Lemma finite_constrained_trace_init_to_direct_right_impl :
  forall (s f : state X) (tr : list (transition_item X)),
    finite_constrained_trace_init_to X s f tr ->
    finite_constrained_trace_init_to_direct s f tr.message: Type
X: VLSM message
∀ (s f : state X) (tr : list transition_item),
  finite_constrained_trace_init_to X s f tr
  → finite_constrained_trace_init_to_direct s f tr
Proof.message: Type
X: VLSM message
∀ (s f : state X) (tr : list transition_item),
  finite_constrained_trace_init_to X s f tr
  → finite_constrained_trace_init_to_direct s f tr
  intros s f tr [Htr Hinit].message: Type
X: VLSM message
s, f: state X
tr: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tr
Hinit: initial_state_prop s
finite_constrained_trace_init_to_direct s f tr
  constructor; [| done]; clear Hinit.message: Type
X: VLSM message
s, f: state X
tr: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tr
constrained_transitions_from_to s f tr
  induction Htr.message: Type
X: VLSM message
s: state (preloaded_with_all_messages_vlsm X)
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
constrained_transitions_from_to s s []
message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s', iom) (s, oom)
IHHtr: constrained_transitions_from_to s f tl
constrained_transitions_from_to s' f
  ({|
     l := l;
     input := iom;
     destination := s;
     output := oom
   |} :: tl)
  -message: Type
X: VLSM message
s: state (preloaded_with_all_messages_vlsm X)
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
constrained_transitions_from_to s s [] by constructor.
  -message: Type
X: VLSM message
s, f: state (preloaded_with_all_messages_vlsm X)
tl: list transition_item
Htr: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tl
s': state (preloaded_with_all_messages_vlsm X)
iom, oom: option message
l: label (preloaded_with_all_messages_vlsm X)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm X) l
  (s', iom) (s, oom)
IHHtr: constrained_transitions_from_to s f tl
constrained_transitions_from_to s' f
  ({|
     l := l;
     input := iom;
     destination := s;
     output := oom
   |} :: tl) by constructor; [apply Ht..|].
Qed.

Lemma finite_constrained_trace_init_to_direct_left_impl :
  forall (s f : state X) (tr : list (transition_item X)),
    finite_constrained_trace_init_to_direct s f tr ->
    finite_constrained_trace_init_to X s f tr.message: Type
X: VLSM message
∀ (s f : state X) (tr : list transition_item),
  finite_constrained_trace_init_to_direct s f tr
  → finite_constrained_trace_init_to X s f tr
Proof.message: Type
X: VLSM message
∀ (s f : state X) (tr : list transition_item),
  finite_constrained_trace_init_to_direct s f tr
  → finite_constrained_trace_init_to X s f tr
  intros s f tr [Htr Hs].message: Type
X: VLSM message
s, f: state X
tr: list transition_item
Htr: constrained_transitions_from_to s f tr
Hs: initial_state_prop s
finite_constrained_trace_init_to X s f tr
  split; [| done].message: Type
X: VLSM message
s, f: state X
tr: list transition_item
Htr: constrained_transitions_from_to s f tr
Hs: initial_state_prop s
finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tr
  apply (initial_state_is_valid (preloaded_with_all_messages_vlsm X)) in Hs.message: Type
X: VLSM message
s, f: state X
tr: list transition_item
Htr: constrained_transitions_from_to s f tr
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f tr
  revert s Hs Htr; induction tr; intros; inversion Htr; subst.message: Type
X: VLSM message
f: state X
Htr: constrained_transitions_from_to f f []
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) f
finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) f f []
message: Type
X: VLSM message
f: state X
tr: list transition_item
IHtr: ∀ s : state X,
  valid_state_prop
    (preloaded_with_all_messages_vlsm X) s
  → constrained_transitions_from_to s f tr
    → finite_valid_trace_from_to
        (preloaded_with_all_messages_vlsm X) s
        f tr
s: state X
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
s': state X
om, om': option message
l: label X
Htr: constrained_transitions_from_to s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr)
H1: transition l (s, om) = (s', om')
H4: valid l (s, om)
H5: constrained_transitions_from_to s' f tr
finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr)
  -message: Type
X: VLSM message
f: state X
Htr: constrained_transitions_from_to f f []
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) f
finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) f f [] by apply (finite_valid_trace_from_to_empty (preloaded_with_all_messages_vlsm X)).
  -message: Type
X: VLSM message
f: state X
tr: list transition_item
IHtr: ∀ s : state X,
  valid_state_prop
    (preloaded_with_all_messages_vlsm X) s
  → constrained_transitions_from_to s f tr
    → finite_valid_trace_from_to
        (preloaded_with_all_messages_vlsm X) s
        f tr
s: state X
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
s': state X
om, om': option message
l: label X
Htr: constrained_transitions_from_to s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr)
H1: transition l (s, om) = (s', om')
H4: valid l (s, om)
H5: constrained_transitions_from_to s' f tr
finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr) apply (finite_valid_trace_from_to_extend (preloaded_with_all_messages_vlsm X)); cycle 1.message: Type
X: VLSM message
f: state X
tr: list transition_item
IHtr: ∀ s : state X,
  valid_state_prop
    (preloaded_with_all_messages_vlsm X) s
  → constrained_transitions_from_to s f tr
    → finite_valid_trace_from_to
        (preloaded_with_all_messages_vlsm X) s
        f tr
s: state X
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
s': state X
om, om': option message
l: label X
Htr: constrained_transitions_from_to s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr)
H1: transition l (s, om) = (s', om')
H4: valid l (s, om)
H5: constrained_transitions_from_to s' f tr
input_valid_transition
  (preloaded_with_all_messages_vlsm X) l (s, om)
  (s', om')
message: Type
X: VLSM message
f: state X
tr: list transition_item
IHtr: ∀ s : state X,
  valid_state_prop
    (preloaded_with_all_messages_vlsm X) s
  → constrained_transitions_from_to s f tr
    → finite_valid_trace_from_to
        (preloaded_with_all_messages_vlsm X) s
        f tr
s: state X
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
s': state X
om, om': option message
l: label X
Htr: constrained_transitions_from_to s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr)
H1: transition l (s, om) = (s', om')
H4: valid l (s, om)
H5: constrained_transitions_from_to s' f tr
finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s' f tr
    +message: Type
X: VLSM message
f: state X
tr: list transition_item
IHtr: ∀ s : state X,
  valid_state_prop
    (preloaded_with_all_messages_vlsm X) s
  → constrained_transitions_from_to s f tr
    → finite_valid_trace_from_to
        (preloaded_with_all_messages_vlsm X) s
        f tr
s: state X
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
s': state X
om, om': option message
l: label X
Htr: constrained_transitions_from_to s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr)
H1: transition l (s, om) = (s', om')
H4: valid l (s, om)
H5: constrained_transitions_from_to s' f tr
input_valid_transition
  (preloaded_with_all_messages_vlsm X) l (s, om)
  (s', om') by repeat split; [| apply any_message_is_valid_in_preloaded | ..].
    +message: Type
X: VLSM message
f: state X
tr: list transition_item
IHtr: ∀ s : state X,
  valid_state_prop
    (preloaded_with_all_messages_vlsm X) s
  → constrained_transitions_from_to s f tr
    → finite_valid_trace_from_to
        (preloaded_with_all_messages_vlsm X) s
        f tr
s: state X
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
s': state X
om, om': option message
l: label X
Htr: constrained_transitions_from_to s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr)
H1: transition l (s, om) = (s', om')
H4: valid l (s, om)
H5: constrained_transitions_from_to s' f tr
finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm X) s' f tr apply IHtr; [| done].message: Type
X: VLSM message
f: state X
tr: list transition_item
IHtr: ∀ s : state X,
  valid_state_prop
    (preloaded_with_all_messages_vlsm X) s
  → constrained_transitions_from_to s f tr
    → finite_valid_trace_from_to
        (preloaded_with_all_messages_vlsm X) s
        f tr
s: state X
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
s': state X
om, om': option message
l: label X
Htr: constrained_transitions_from_to s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr)
H1: transition l (s, om) = (s', om')
H4: valid l (s, om)
H5: constrained_transitions_from_to s' f tr
valid_state_prop (preloaded_with_all_messages_vlsm X)
  s'
      apply valid_state_prop_iff; right.message: Type
X: VLSM message
f: state X
tr: list transition_item
IHtr: ∀ s : state X,
  valid_state_prop
    (preloaded_with_all_messages_vlsm X) s
  → constrained_transitions_from_to s f tr
    → finite_valid_trace_from_to
        (preloaded_with_all_messages_vlsm X) s
        f tr
s: state X
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
s': state X
om, om': option message
l: label X
Htr: constrained_transitions_from_to s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr)
H1: transition l (s, om) = (s', om')
H4: valid l (s, om)
H5: constrained_transitions_from_to s' f tr
∃ (l : label (preloaded_with_all_messages_vlsm X)) 
  (som : state (preloaded_with_all_messages_vlsm X) *
         option message) (om' : option message),
  input_valid_transition
    (preloaded_with_all_messages_vlsm X) l som
    (s', om')
      exists l, (s, om), om'.message: Type
X: VLSM message
f: state X
tr: list transition_item
IHtr: ∀ s : state X,
  valid_state_prop
    (preloaded_with_all_messages_vlsm X) s
  → constrained_transitions_from_to s f tr
    → finite_valid_trace_from_to
        (preloaded_with_all_messages_vlsm X) s
        f tr
s: state X
Hs: valid_state_prop
  (preloaded_with_all_messages_vlsm X) s
s': state X
om, om': option message
l: label X
Htr: constrained_transitions_from_to s f
  ({|
     l := l;
     input := om;
     destination := s';
     output := om'
   |} :: tr)
H1: transition l (s, om) = (s', om')
H4: valid l (s, om)
H5: constrained_transitions_from_to s' f tr
input_valid_transition
  (preloaded_with_all_messages_vlsm X) l (s, om)
  (s', om')
      by repeat split; [| apply any_message_is_valid_in_preloaded | ..].
Qed.

Lemma finite_constrained_trace_init_to_direct_equiv :
  forall (s f : state X) (tr : list (transition_item X)),
    finite_constrained_trace_init_to_direct s f tr
      <->
    finite_constrained_trace_init_to X s f tr.message: Type
X: VLSM message
∀ (s f : state X) (tr : list transition_item),
  finite_constrained_trace_init_to_direct s f tr
  ↔ finite_constrained_trace_init_to X s f tr
Proof.message: Type
X: VLSM message
∀ (s f : state X) (tr : list transition_item),
  finite_constrained_trace_init_to_direct s f tr
  ↔ finite_constrained_trace_init_to X s f tr
  split.message: Type
X: VLSM message
s, f: state X
tr: list transition_item
finite_constrained_trace_init_to_direct s f tr
→ finite_constrained_trace_init_to X s f tr
message: Type
X: VLSM message
s, f: state X
tr: list transition_item
finite_constrained_trace_init_to X s f tr
→ finite_constrained_trace_init_to_direct s f tr
  -message: Type
X: VLSM message
s, f: state X
tr: list transition_item
finite_constrained_trace_init_to_direct s f tr
→ finite_constrained_trace_init_to X s f tr by apply finite_constrained_trace_init_to_direct_left_impl.
  -message: Type
X: VLSM message
s, f: state X
tr: list transition_item
finite_constrained_trace_init_to X s f tr
→ finite_constrained_trace_init_to_direct s f tr by apply finite_constrained_trace_init_to_direct_right_impl.
Qed.

A constrained state is a state reachable through a constrained trace.

Definition constrained_state_prop_direct (f : state X) : Prop :=
  exists (s : state X) (tr : list (transition_item X)),
    finite_constrained_trace_init_to_direct s f tr.

Lemma constrained_state_prop_direct_equiv :
  forall (s : state X),
    constrained_state_prop_direct s <-> constrained_state_prop X s.message: Type
X: VLSM message
∀ s : state X,
  constrained_state_prop_direct s
  ↔ constrained_state_prop X s
Proof.message: Type
X: VLSM message
∀ s : state X,
  constrained_state_prop_direct s
  ↔ constrained_state_prop X s
  unfold constrained_state_prop_direct.message: Type
X: VLSM message
∀ s : state X,
  (∃ (s0 : state X) (tr : list transition_item),
     finite_constrained_trace_init_to_direct s0 s tr)
  ↔ constrained_state_prop X s
  setoid_rewrite finite_constrained_trace_init_to_direct_equiv.message: Type
X: VLSM message
∀ s : state X,
  (∃ (s0 : state X) (tr : list transition_item),
     finite_constrained_trace_init_to X s0 s tr)
  ↔ constrained_state_prop X s
  split.message: Type
X: VLSM message
s: state X
(∃ (s0 : state X) (tr : list transition_item),
   finite_constrained_trace_init_to X s0 s tr)
→ constrained_state_prop X s
message: Type
X: VLSM message
s: state X
constrained_state_prop X s
→ ∃ (s0 : state X) (tr : list transition_item),
    finite_constrained_trace_init_to X s0 s tr
  -message: Type
X: VLSM message
s: state X
(∃ (s0 : state X) (tr : list transition_item),
   finite_constrained_trace_init_to X s0 s tr)
→ constrained_state_prop X s by intros (? & ? & []); eapply finite_valid_trace_from_to_last_pstate.
  -message: Type
X: VLSM message
s: state X
constrained_state_prop X s
→ ∃ (s0 : state X) (tr : list transition_item),
    finite_constrained_trace_init_to X s0 s tr by intro Hs; apply valid_state_has_trace in Hs as (? & ? & ?); eexists _, _.
Qed.

A constrained message is one which can be emitted by a constrained trace.

Definition constrained_message_prop_direct (m : message) : Prop :=
  exists (s f : state X) (tr : list (transition_item X)) (item : transition_item X),
    finite_constrained_trace_init_to_direct s f (tr ++ [item]) /\ output item = Some m.

Lemma constrained_message_prop_direct_equiv :
  forall (m : message),
    constrained_message_prop_direct m <-> constrained_message_prop X m.message: Type
X: VLSM message
∀ m : message,
  constrained_message_prop_direct m
  ↔ constrained_message_prop X m
Proof.message: Type
X: VLSM message
∀ m : message,
  constrained_message_prop_direct m
  ↔ constrained_message_prop X m
  intros m.message: Type
X: VLSM message
m: message
constrained_message_prop_direct m
↔ constrained_message_prop X m
  unfold constrained_message_prop_direct, constrained_message_prop.message: Type
X: VLSM message
m: message
(∃ (s f : state X) (tr : list transition_item) (item : transition_item),
   finite_constrained_trace_init_to_direct s f
     (tr ++ [item]) ∧ output item = Some m)
↔ can_emit (preloaded_with_all_messages_vlsm X) m
  rewrite can_emit_iff.message: Type
X: VLSM message
m: message
(∃ (s f : state X) (tr : list transition_item) (item : transition_item),
   finite_constrained_trace_init_to_direct s f
     (tr ++ [item]) ∧ output item = Some m)
↔ (∃ s : state (preloaded_with_all_messages_vlsm X),
     can_produce (preloaded_with_all_messages_vlsm X)
       s m)
  setoid_rewrite finite_constrained_trace_init_to_direct_equiv;
    setoid_rewrite non_empty_valid_trace_from_can_produce.message: Type
X: VLSM message
m: message
(∃ (s f : state X) (tr : list transition_item) (item : transition_item),
   finite_constrained_trace_init_to X s f
     (tr ++ [item]) ∧ output item = Some m)
↔ (∃ (s
      is : state (preloaded_with_all_messages_vlsm X)) 
     (tr : list transition_item) (item : transition_item),
     finite_valid_trace
       (preloaded_with_all_messages_vlsm X) is tr
     ∧ last_error tr = Some item
       ∧ destination item = s ∧ output item = Some m)
  split.message: Type
X: VLSM message
m: message
(∃ (s f : state X) (tr : list transition_item) (item : transition_item),
   finite_constrained_trace_init_to X s f
     (tr ++ [item]) ∧ output item = Some m)
→ ∃ (s
     is : state (preloaded_with_all_messages_vlsm X)) 
    (tr : list transition_item) (item : transition_item),
    finite_valid_trace
      (preloaded_with_all_messages_vlsm X) is tr
    ∧ last_error tr = Some item
      ∧ destination item = s ∧ output item = Some m
message: Type
X: VLSM message
m: message
(∃ (s is : state (preloaded_with_all_messages_vlsm X)) 
   (tr : list transition_item) 
   (item : transition_item),
   finite_valid_trace
     (preloaded_with_all_messages_vlsm X) is tr
   ∧ last_error tr = Some item
     ∧ destination item = s ∧ output item = Some m)
→ ∃ (s f : state X) (tr : list transition_item) 
    (item : transition_item),
    finite_constrained_trace_init_to X s f
      (tr ++ [item]) ∧ 
    output item = Some m
  -message: Type
X: VLSM message
m: message
(∃ (s f : state X) (tr : list transition_item) (item : transition_item),
   finite_constrained_trace_init_to X s f
     (tr ++ [item]) ∧ output item = Some m)
→ ∃ (s
     is : state (preloaded_with_all_messages_vlsm X)) 
    (tr : list transition_item) (item : transition_item),
    finite_valid_trace
      (preloaded_with_all_messages_vlsm X) is tr
    ∧ last_error tr = Some item
      ∧ destination item = s ∧ output item = Some m intros (is & s & tr & item & Htr & Hm).message: Type
X: VLSM message
m: message
is, s: state X
tr: list transition_item
item: transition_item
Htr: finite_constrained_trace_init_to X is s
  (tr ++ [item])
Hm: output item = Some m
∃ (s is : state (preloaded_with_all_messages_vlsm X)) 
  (tr : list transition_item) (item : transition_item),
  finite_valid_trace
    (preloaded_with_all_messages_vlsm X) is tr
  ∧ last_error tr = Some item
    ∧ destination item = s ∧ output item = Some m
    exists s, is, (tr ++ [item]), item.message: Type
X: VLSM message
m: message
is, s: state X
tr: list transition_item
item: transition_item
Htr: finite_constrained_trace_init_to X is s
  (tr ++ [item])
Hm: output item = Some m
finite_valid_trace
  (preloaded_with_all_messages_vlsm X) is
  (tr ++ [item])
∧ last_error (tr ++ [item]) = Some item
  ∧ destination item = s ∧ output item = Some m
    split_and!; [.. | done].message: Type
X: VLSM message
m: message
is, s: state X
tr: list transition_item
item: transition_item
Htr: finite_constrained_trace_init_to X is s
  (tr ++ [item])
Hm: output item = Some m
finite_valid_trace
  (preloaded_with_all_messages_vlsm X) is
  (tr ++ [item])
message: Type
X: VLSM message
m: message
is, s: state X
tr: list transition_item
item: transition_item
Htr: finite_constrained_trace_init_to X is s
  (tr ++ [item])
Hm: output item = Some m
last_error (tr ++ [item]) = Some item
message: Type
X: VLSM message
m: message
is, s: state X
tr: list transition_item
item: transition_item
Htr: finite_constrained_trace_init_to X is s
  (tr ++ [item])
Hm: output item = Some m
destination item = s
    +message: Type
X: VLSM message
m: message
is, s: state X
tr: list transition_item
item: transition_item
Htr: finite_constrained_trace_init_to X is s
  (tr ++ [item])
Hm: output item = Some m
finite_valid_trace
  (preloaded_with_all_messages_vlsm X) is
  (tr ++ [item]) by eapply valid_trace_forget_last.
    +message: Type
X: VLSM message
m: message
is, s: state X
tr: list transition_item
item: transition_item
Htr: finite_constrained_trace_init_to X is s
  (tr ++ [item])
Hm: output item = Some m
last_error (tr ++ [item]) = Some item by apply last_error_is_last.
    +message: Type
X: VLSM message
m: message
is, s: state X
tr: list transition_item
item: transition_item
Htr: finite_constrained_trace_init_to X is s
  (tr ++ [item])
Hm: output item = Some m
destination item = s apply finite_valid_trace_init_to_last in Htr.message: Type
X: VLSM message
m: message
is, s: state X
tr: list transition_item
item: transition_item
Htr: finite_trace_last is (tr ++ [item]) = s
Hm: output item = Some m
destination item = s
      by erewrite <- finite_trace_last_is_last.
  -message: Type
X: VLSM message
m: message
(∃ (s is : state (preloaded_with_all_messages_vlsm X)) 
   (tr : list transition_item) (item : transition_item),
   finite_valid_trace
     (preloaded_with_all_messages_vlsm X) is tr
   ∧ last_error tr = Some item
     ∧ destination item = s ∧ output item = Some m)
→ ∃ (s f : state X) (tr : list transition_item) (item : transition_item),
    finite_constrained_trace_init_to X s f
      (tr ++ [item]) ∧ output item = Some m intros (s & is & tr' & item & Htr & Hlast & Hs & Hm).message: Type
X: VLSM message
m: message
s, is: state (preloaded_with_all_messages_vlsm X)
tr': list transition_item
item: transition_item
Htr: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) is tr'
Hlast: last_error tr' = Some item
Hs: destination item = s
Hm: output item = Some m
∃ (s f : state X) (tr : list transition_item) (item : transition_item),
  finite_constrained_trace_init_to X s f
    (tr ++ [item]) ∧ output item = Some m
    destruct_list_last tr' tr item_ Heqtr; subst; [done |].message: Type
X: VLSM message
m: message
is: state (preloaded_with_all_messages_vlsm X)
item: transition_item
tr: list transition_item
item_: transition_item
Htr: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) is
  (tr ++ [item_])
Hlast: last_error (tr ++ [item_]) = Some item
Hm: output item = Some m
∃ (s f : state X) (tr : list transition_item) (item : transition_item),
  finite_constrained_trace_init_to X s f
    (tr ++ [item]) ∧ output item = Some m
    rewrite last_error_is_last in Hlast; apply Some_inj in Hlast as ->.message: Type
X: VLSM message
m: message
is: state (preloaded_with_all_messages_vlsm X)
item: transition_item
tr: list transition_item
Htr: finite_valid_trace
  (preloaded_with_all_messages_vlsm X) is
  (tr ++ [item])
Hm: output item = Some m
∃ (s f : state X) (tr : list transition_item) (item : transition_item),
  finite_constrained_trace_init_to X s f
    (tr ++ [item]) ∧ output item = Some m
    apply valid_trace_add_default_last in Htr.message: Type
X: VLSM message
m: message
is: state (preloaded_with_all_messages_vlsm X)
item: transition_item
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm X) is
  (finite_trace_last is (tr ++ [item]))
  (tr ++ [item])
Hm: output item = Some m
∃ (s f : state X) (tr : list transition_item) (item : transition_item),
  finite_constrained_trace_init_to X s f
    (tr ++ [item]) ∧ output item = Some m
    by eexists _, _, _, _.
Qed.

Definitions of valid traces, messages, and states based on constrained ones

Here we state the original mathematical definitions (as presented in the VLSM paper) for valid traces, states, and messages, deriving them from the "constrained" notions, and we show them equivalent to the ones defined in the VLSM module.

A valid trace is a constrained trace whose inputs are all valid messages; a valid message is either an initial message or an output of a valid trace.

Inductive finite_valid_trace_init_to_from_constrained
  : state X -> state X -> list (transition_item X) -> Prop :=
| fvtit_def :
    forall (s f : state X) (tr : list (transition_item X)),
      finite_constrained_trace_init_to_direct s f tr ->
      (forall item, item ∈ tr -> option_valid_message_prop_from_constrained (input item)) ->
      finite_valid_trace_init_to_from_constrained s f tr

with option_valid_message_prop_from_constrained : option message -> Prop :=
| ovmp_def_initial :
    forall (om : option message),
      option_initial_message_prop X om ->
      option_valid_message_prop_from_constrained om
| ovmp_def_emit :
    forall (s f : state X) (tr : list (transition_item X)),
      finite_valid_trace_init_to_from_constrained s f tr ->
      forall (item : transition_item X), item ∈ tr ->
      option_valid_message_prop_from_constrained (output item).

Lemma finite_valid_trace_init_to_from_constrained_right_impl :
  forall (s f : state X) (tr : list (transition_item X)),
    finite_valid_trace_init_to X s f tr ->
    finite_valid_trace_init_to_from_constrained s f tr.message: Type
X: VLSM message
∀ (s f : state X) (tr : list transition_item),
  finite_valid_trace_init_to X s f tr
  → finite_valid_trace_init_to_from_constrained s f tr
Proof.message: Type
X: VLSM message
∀ (s f : state X) (tr : list transition_item),
  finite_valid_trace_init_to X s f tr
  → finite_valid_trace_init_to_from_constrained s f tr
  intros * Htr.message: Type
X: VLSM message
s, f: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X s f tr
finite_valid_trace_init_to_from_constrained s f tr
  induction Htr using finite_valid_trace_init_to_rev_strong_ind;
    [by repeat constructor; [| inversion H] |].message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output X
  iom_tr iom
Htr2: finite_valid_trace_init_to X iom_si iom_s
  iom_tr
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr1: finite_valid_trace_init_to_from_constrained
  is s tr
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s iom_tr
finite_valid_trace_init_to_from_constrained is sf
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := sf;
      output := oom
    |}])
  constructor.message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output X
  iom_tr iom
Htr2: finite_valid_trace_init_to X iom_si iom_s
  iom_tr
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr1: finite_valid_trace_init_to_from_constrained
  is s tr
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s iom_tr
finite_constrained_trace_init_to_direct is sf
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := sf;
      output := oom
    |}])
message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output X
  iom_tr iom
Htr2: finite_valid_trace_init_to X iom_si iom_s
  iom_tr
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr1: finite_valid_trace_init_to_from_constrained
  is s tr
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s iom_tr
∀ item : transition_item,
  item
  ∈ tr ++
    [{|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |}]
  → option_valid_message_prop_from_constrained
      (input item)
  -message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output X
  iom_tr iom
Htr2: finite_valid_trace_init_to X iom_si iom_s
  iom_tr
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr1: finite_valid_trace_init_to_from_constrained
  is s tr
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s iom_tr
finite_constrained_trace_init_to_direct is sf
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := sf;
      output := oom
    |}]) clear -Htr1 Ht.message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
finite_constrained_trace_init_to_direct is sf
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := sf;
      output := oom
    |}])
    apply finite_constrained_trace_init_to_direct_equiv.message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
finite_constrained_trace_init_to X is sf
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := sf;
      output := oom
    |}])
    destruct X as [T M].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
is, s: state {| vlsm_type := T; vlsm_machine := M |}
tr: list transition_item
Htr1: finite_valid_trace_init_to
  {| vlsm_type := T; vlsm_machine := M |} is s
  tr
iom: option message
sf: state {| vlsm_type := T; vlsm_machine := M |}
oom: option message
l: label {| vlsm_type := T; vlsm_machine := M |}
Ht: input_valid_transition
  {| vlsm_type := T; vlsm_machine := M |} l
  (s, iom) (sf, oom)
finite_constrained_trace_init_to
  {| vlsm_type := T; vlsm_machine := M |} is sf
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := sf;
      output := oom
    |}])
    eapply VLSM_incl_finite_valid_trace_init_to;
      [by apply vlsm_incl_preloaded_with_all_messages_vlsm |].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
is, s: state {| vlsm_type := T; vlsm_machine := M |}
tr: list transition_item
Htr1: finite_valid_trace_init_to
  {| vlsm_type := T; vlsm_machine := M |} is s
  tr
iom: option message
sf: state {| vlsm_type := T; vlsm_machine := M |}
oom: option message
l: label {| vlsm_type := T; vlsm_machine := M |}
Ht: input_valid_transition
  {| vlsm_type := T; vlsm_machine := M |} l
  (s, iom) (sf, oom)
finite_valid_trace_init_to
  {|
    vlsm_type :=
      {| vlsm_type := T; vlsm_machine := M |};
    vlsm_machine := M
  |} is sf
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := sf;
      output := oom
    |}])
    destruct Htr1 as [Htr1 Hinit].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
is, s: state {| vlsm_type := T; vlsm_machine := M |}
tr: list transition_item
Htr1: finite_valid_trace_from_to
  {| vlsm_type := T; vlsm_machine := M |} is s
  tr
Hinit: initial_state_prop is
iom: option message
sf: state {| vlsm_type := T; vlsm_machine := M |}
oom: option message
l: label {| vlsm_type := T; vlsm_machine := M |}
Ht: input_valid_transition
  {| vlsm_type := T; vlsm_machine := M |} l
  (s, iom) (sf, oom)
finite_valid_trace_init_to
  {|
    vlsm_type :=
      {| vlsm_type := T; vlsm_machine := M |};
    vlsm_machine := M
  |} is sf
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := sf;
      output := oom
    |}])
    split; [| done].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
is, s: state {| vlsm_type := T; vlsm_machine := M |}
tr: list transition_item
Htr1: finite_valid_trace_from_to
  {| vlsm_type := T; vlsm_machine := M |} is s
  tr
Hinit: initial_state_prop is
iom: option message
sf: state {| vlsm_type := T; vlsm_machine := M |}
oom: option message
l: label {| vlsm_type := T; vlsm_machine := M |}
Ht: input_valid_transition
  {| vlsm_type := T; vlsm_machine := M |} l
  (s, iom) (sf, oom)
finite_valid_trace_from_to
  {|
    vlsm_type :=
      {| vlsm_type := T; vlsm_machine := M |};
    vlsm_machine := M
  |} is sf
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := sf;
      output := oom
    |}])
    eapply finite_valid_trace_from_to_app; [done |].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
is, s: state {| vlsm_type := T; vlsm_machine := M |}
tr: list transition_item
Htr1: finite_valid_trace_from_to
  {| vlsm_type := T; vlsm_machine := M |} is s
  tr
Hinit: initial_state_prop is
iom: option message
sf: state {| vlsm_type := T; vlsm_machine := M |}
oom: option message
l: label {| vlsm_type := T; vlsm_machine := M |}
Ht: input_valid_transition
  {| vlsm_type := T; vlsm_machine := M |} l
  (s, iom) (sf, oom)
finite_valid_trace_from_to
  {| vlsm_type := T; vlsm_machine := M |} s sf
  [{|
     l := l;
     input := iom;
     destination := sf;
     output := oom
   |}]
    by apply finite_valid_trace_from_to_singleton.
  -message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output X
  iom_tr iom
Htr2: finite_valid_trace_init_to X iom_si iom_s
  iom_tr
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr1: finite_valid_trace_init_to_from_constrained
  is s tr
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s iom_tr
∀ item : transition_item,
  item
  ∈ tr ++
    [{|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |}]
  → option_valid_message_prop_from_constrained
      (input item) inversion IHHtr1 as [? ? ? _ IHoutput]; subst; clear IHHtr1.message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output X
  iom_tr iom
Htr2: finite_valid_trace_init_to X iom_si iom_s
  iom_tr
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s iom_tr
IHoutput: ∀ item : transition_item,
  item ∈ tr
  → option_valid_message_prop_from_constrained
      (input item)
∀ item : transition_item,
  item
  ∈ tr ++
    [{|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |}]
  → option_valid_message_prop_from_constrained
      (input item)
    intros item.message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output X
  iom_tr iom
Htr2: finite_valid_trace_init_to X iom_si iom_s
  iom_tr
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s iom_tr
IHoutput: ∀ item : transition_item,
  item ∈ tr
  → option_valid_message_prop_from_constrained
      (input item)
item: transition_item
item
∈ tr ++
  [{|
     l := l;
     input := iom;
     destination := sf;
     output := oom
   |}]
→ option_valid_message_prop_from_constrained
    (input item)
    rewrite elem_of_app, elem_of_list_singleton.message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output X
  iom_tr iom
Htr2: finite_valid_trace_init_to X iom_si iom_s
  iom_tr
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s iom_tr
IHoutput: ∀ item : transition_item,
  item ∈ tr
  → option_valid_message_prop_from_constrained
      (input item)
item: transition_item
item ∈ tr
∨ item =
  {|
    l := l;
    input := iom;
    destination := sf;
    output := oom
  |}
→ option_valid_message_prop_from_constrained
    (input item)
    intros [| ->]; [by apply IHoutput |].message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output X
  iom_tr iom
Htr2: finite_valid_trace_init_to X iom_si iom_s
  iom_tr
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s iom_tr
IHoutput: ∀ item : transition_item,
  item ∈ tr
  → option_valid_message_prop_from_constrained
      (input item)
option_valid_message_prop_from_constrained
  (input
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
    unfold empty_initial_message_or_final_output in Heqiom.message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr: list transition_item
Heqiom: match has_last_or_null iom_tr with
| inleft (existT x (x0 ↾ _)) =>
    output x0 = iom
| inright _ =>
    option_initial_message_prop X iom
end
Htr2: finite_valid_trace_init_to X iom_si iom_s
  iom_tr
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s iom_tr
IHoutput: ∀ item : transition_item,
  item ∈ tr
  → option_valid_message_prop_from_constrained
      (input item)
option_valid_message_prop_from_constrained
  (input
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
    destruct_list_last iom_tr iom_tr' item Heq; [by constructor 1 |].message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom: option message
iom_si, iom_s: state X
iom_tr, iom_tr': list transition_item
item: transition_item
Heq: iom_tr = iom_tr' ++ [item]
Heqiom: output item = iom
Htr2: finite_valid_trace_init_to X iom_si iom_s
  (iom_tr' ++ [item])
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (s, iom) (sf, oom)
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s (iom_tr' ++ [item])
IHoutput: ∀ item : transition_item,
  item ∈ tr
  → option_valid_message_prop_from_constrained
      (input item)
option_valid_message_prop_from_constrained
  (input
     {|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |})
    subst iom; econstructor 2; [done |].message: Type
X: VLSM message
is, s: state X
tr: list transition_item
Htr1: finite_valid_trace_init_to X is s tr
iom_si, iom_s: state X
iom_tr, iom_tr': list transition_item
item: transition_item
Heq: iom_tr = iom_tr' ++ [item]
Htr2: finite_valid_trace_init_to X iom_si iom_s
  (iom_tr' ++ [item])
sf: state X
oom: option message
l: label X
Ht: input_valid_transition X l (
  s, output item) (sf, oom)
IHHtr2: finite_valid_trace_init_to_from_constrained
  iom_si iom_s (iom_tr' ++ [item])
IHoutput: ∀ item : transition_item,
  item ∈ tr
  → option_valid_message_prop_from_constrained
      (input item)
item ∈ iom_tr' ++ [item]
    by rewrite elem_of_app, elem_of_list_singleton; right.
Qed.

Lemma finite_valid_trace_init_to_from_constrained_left_impl :
  forall (s f : state X) (tr : list (transition_item X)),
    finite_valid_trace_init_to_from_constrained s f tr ->
    finite_valid_trace_init_to X s f tr

with option_valid_message_prop_from_constrained_left_impl :
  forall (om : option message),
    option_valid_message_prop_from_constrained om ->
    option_valid_message_prop X om.message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
∀ (s f : state X) (tr : list transition_item),
  finite_valid_trace_init_to_from_constrained s f tr
  → finite_valid_trace_init_to X s f tr
message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
∀ om : option message,
  option_valid_message_prop_from_constrained om
  → option_valid_message_prop X om
Proof.message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
∀ (s f : state X) (tr : list transition_item),
  finite_valid_trace_init_to_from_constrained s f tr
  → finite_valid_trace_init_to X s f tr
message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
∀ om : option message,
  option_valid_message_prop_from_constrained om
  → option_valid_message_prop X om
  -message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
∀ (s f : state X) (tr : list transition_item),
  finite_valid_trace_init_to_from_constrained s f tr
  → finite_valid_trace_init_to X s f tr intros s f tr [? ? ? [Htrc Hinit] Hmsgs]; subst.message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
s, f: state X
tr: list transition_item
s0, f0: state X
tr0: list transition_item
Htrc: constrained_transitions_from_to s0 f0 tr0
Hinit: initial_state_prop s0
Hmsgs: ∀ item : transition_item,
  item ∈ tr0
  → option_valid_message_prop_from_constrained
      (input item)
finite_valid_trace_init_to X s0 f0 tr0
    apply pre_traces_with_valid_inputs_are_valid;
      [by apply finite_constrained_trace_init_to_direct_left_impl |].message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
s, f: state X
tr: list transition_item
s0, f0: state X
tr0: list transition_item
Htrc: constrained_transitions_from_to s0 f0 tr0
Hinit: initial_state_prop s0
Hmsgs: ∀ item : transition_item,
  item ∈ tr0
  → option_valid_message_prop_from_constrained
      (input item)
Forall
  (λ item : transition_item,
     option_valid_message_prop X (input item)) tr0
    rewrite Forall_forall in *; intros.message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
s, f: state X
tr: list transition_item
s0, f0: state X
tr0: list transition_item
Htrc: constrained_transitions_from_to s0 f0 tr0
Hinit: initial_state_prop s0
Hmsgs: ∀ item : transition_item,
  item ∈ tr0
  → option_valid_message_prop_from_constrained
      (input item)
x: transition_item
H: x ∈ tr0
option_valid_message_prop X (input x)
    by apply option_valid_message_prop_from_constrained_left_impl, Hmsgs.
  -message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
∀ om : option message,
  option_valid_message_prop_from_constrained om
  → option_valid_message_prop X om intros om [? Hinit | ? ? ? Hemit ? Hitem]; subst;
      [by apply option_initial_message_is_valid |].message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
om: option message
s, f: state X
tr: list transition_item
Hemit: finite_valid_trace_init_to_from_constrained s
  f tr
item: transition_item
Hitem: item ∈ tr
option_valid_message_prop X (output item)
    destruct (output item) as [m |] eqn: Houtput;
      [| by apply option_valid_message_None].message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
om: option message
s, f: state X
tr: list transition_item
Hemit: finite_valid_trace_init_to_from_constrained s
  f tr
item: transition_item
Hitem: item ∈ tr
m: message
Houtput: output item = Some m
option_valid_message_prop X (Some m)
    eapply option_valid_message_Some, valid_trace_output_is_valid;
      [| by apply Exists_exists; eexists].message: Type
X: VLSM message
finite_valid_trace_init_to_from_constrained_left_impl: ∀ (s
   f : state X) 
  (tr : list
        transition_item),
  finite_valid_trace_init_to_from_constrained
    s f tr
  → finite_valid_trace_init_to
      X s f tr
option_valid_message_prop_from_constrained_left_impl: ∀ om : option
        message,
  option_valid_message_prop_from_constrained
    om
  → option_valid_message_prop
      X om
om: option message
s, f: state X
tr: list transition_item
Hemit: finite_valid_trace_init_to_from_constrained s
  f tr
item: transition_item
Hitem: item ∈ tr
m: message
Houtput: output item = Some m
finite_valid_trace_from X ?is tr
    by eapply valid_trace_forget_last,
      finite_valid_trace_init_to_from_constrained_left_impl.
Qed.

Lemma finite_valid_trace_init_to_from_constrained_equiv :
  forall (s f : state X) (tr : list (transition_item X)),
    finite_valid_trace_init_to_from_constrained s f tr <-> finite_valid_trace_init_to X s f tr.message: Type
X: VLSM message
∀ (s f : state X) (tr : list transition_item),
  finite_valid_trace_init_to_from_constrained s f tr
  ↔ finite_valid_trace_init_to X s f tr
Proof.message: Type
X: VLSM message
∀ (s f : state X) (tr : list transition_item),
  finite_valid_trace_init_to_from_constrained s f tr
  ↔ finite_valid_trace_init_to X s f tr
  split.message: Type
X: VLSM message
s, f: state X
tr: list transition_item
finite_valid_trace_init_to_from_constrained s f tr
→ finite_valid_trace_init_to X s f tr
message: Type
X: VLSM message
s, f: state X
tr: list transition_item
finite_valid_trace_init_to X s f tr
→ finite_valid_trace_init_to_from_constrained s f tr
  -message: Type
X: VLSM message
s, f: state X
tr: list transition_item
finite_valid_trace_init_to_from_constrained s f tr
→ finite_valid_trace_init_to X s f tr by apply finite_valid_trace_init_to_from_constrained_left_impl.
  -message: Type
X: VLSM message
s, f: state X
tr: list transition_item
finite_valid_trace_init_to X s f tr
→ finite_valid_trace_init_to_from_constrained s f tr by apply finite_valid_trace_init_to_from_constrained_right_impl.
Qed.

Lemma option_valid_message_prop_from_constrained_right_impl :
  forall (om : option message),
    option_valid_message_prop X om ->
    option_valid_message_prop_from_constrained om.message: Type
X: VLSM message
∀ om : option message,
  option_valid_message_prop X om
  → option_valid_message_prop_from_constrained om
Proof.message: Type
X: VLSM message
∀ om : option message,
  option_valid_message_prop X om
  → option_valid_message_prop_from_constrained om
  intros [m |] Hm; [| by apply ovmp_def_initial].message: Type
X: VLSM message
m: message
Hm: option_valid_message_prop X (Some m)
option_valid_message_prop_from_constrained (Some m)
  apply emitted_messages_are_valid_iff in Hm as [| Hm]; [by apply ovmp_def_initial |].message: Type
X: VLSM message
m: message
Hm: can_emit X m
option_valid_message_prop_from_constrained (Some m)
  apply can_emit_has_trace in Hm as (is & tr & item & Htr & <-).message: Type
X: VLSM message
m: message
is: state X
tr: list transition_item
item: transition_item
Htr: finite_valid_trace X is (tr ++ [item])
option_valid_message_prop_from_constrained
  (output item)
  apply valid_trace_add_default_last, finite_valid_trace_init_to_from_constrained_right_impl in Htr.message: Type
X: VLSM message
m: message
is: state X
tr: list transition_item
item: transition_item
Htr: finite_valid_trace_init_to_from_constrained is
  (finite_trace_last is (tr ++ [item]))
  (tr ++ [item])
option_valid_message_prop_from_constrained
  (output item)
  econstructor 2; [done |].message: Type
X: VLSM message
m: message
is: state X
tr: list transition_item
item: transition_item
Htr: finite_valid_trace_init_to_from_constrained is
  (finite_trace_last is (tr ++ [item]))
  (tr ++ [item])
item ∈ tr ++ [item]
  by rewrite elem_of_app, elem_of_list_singleton; right.
Qed.

Lemma option_valid_message_prop_from_constrained_equiv :
  forall (om : option message),
    option_valid_message_prop_from_constrained om <-> option_valid_message_prop X om.message: Type
X: VLSM message
∀ om : option message,
  option_valid_message_prop_from_constrained om
  ↔ option_valid_message_prop X om
Proof.message: Type
X: VLSM message
∀ om : option message,
  option_valid_message_prop_from_constrained om
  ↔ option_valid_message_prop X om
  split.message: Type
X: VLSM message
om: option message
option_valid_message_prop_from_constrained om
→ option_valid_message_prop X om
message: Type
X: VLSM message
om: option message
option_valid_message_prop X om
→ option_valid_message_prop_from_constrained om
  -message: Type
X: VLSM message
om: option message
option_valid_message_prop_from_constrained om
→ option_valid_message_prop X om by apply option_valid_message_prop_from_constrained_left_impl.
  -message: Type
X: VLSM message
om: option message
option_valid_message_prop X om
→ option_valid_message_prop_from_constrained om by apply option_valid_message_prop_from_constrained_right_impl.
Qed.

A valid state is a state reachable through a valid trace.

Definition valid_state_prop_from_constrained (s : state X) : Prop :=
  exists (is : state X) (tr : list (transition_item X)),
    finite_valid_trace_init_to_from_constrained is s tr.

Lemma valid_state_prop_from_constrained_left_impl :
  forall (s : state X),
    valid_state_prop_from_constrained s ->
    valid_state_prop X s.message: Type
X: VLSM message
∀ s : state X,
  valid_state_prop_from_constrained s
  → valid_state_prop X s
Proof.message: Type
X: VLSM message
∀ s : state X,
  valid_state_prop_from_constrained s
  → valid_state_prop X s
  intros s (is & tr & Htr).message: Type
X: VLSM message
s, is: state X
tr: list transition_item
Htr: finite_valid_trace_init_to_from_constrained is s
  tr
valid_state_prop X s
  by apply finite_valid_trace_init_to_from_constrained_equiv, valid_trace_last_pstate in Htr.
Qed.

Lemma valid_state_prop_from_constrained_right_impl :
  forall (s : state X),
    valid_state_prop X s ->
    valid_state_prop_from_constrained s.message: Type
X: VLSM message
∀ s : state X,
  valid_state_prop X s
  → valid_state_prop_from_constrained s
Proof.message: Type
X: VLSM message
∀ s : state X,
  valid_state_prop X s
  → valid_state_prop_from_constrained s
  intros s Hs.message: Type
X: VLSM message
s: state X
Hs: valid_state_prop X s
valid_state_prop_from_constrained s
  apply valid_state_has_trace in Hs as (is & tr & Htr).message: Type
X: VLSM message
s, is: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X is s tr
valid_state_prop_from_constrained s
  by exists is, tr; apply finite_valid_trace_init_to_from_constrained_equiv.
Qed.

Lemma valid_state_prop_from_constrained_equiv :
  forall (s : state X),
    valid_state_prop_from_constrained s <-> valid_state_prop X s.message: Type
X: VLSM message
∀ s : state X,
  valid_state_prop_from_constrained s
  ↔ valid_state_prop X s
Proof.message: Type
X: VLSM message
∀ s : state X,
  valid_state_prop_from_constrained s
  ↔ valid_state_prop X s
  split.message: Type
X: VLSM message
s: state X
valid_state_prop_from_constrained s
→ valid_state_prop X s
message: Type
X: VLSM message
s: state X
valid_state_prop X s
→ valid_state_prop_from_constrained s
  -message: Type
X: VLSM message
s: state X
valid_state_prop_from_constrained s
→ valid_state_prop X s by apply valid_state_prop_from_constrained_left_impl.
  -message: Type
X: VLSM message
s: state X
valid_state_prop X s
→ valid_state_prop_from_constrained s by apply valid_state_prop_from_constrained_right_impl.
Qed.

End sec_constrained_direct_defs.

Lemma vlsm_is_preloaded_with_valid `(X : VLSM message) :
  VLSM_eq X (preloaded_vlsm X (valid_message_prop X)).message: Type
X: VLSM message
VLSM_eq X (preloaded_vlsm X (valid_message_prop X))
Proof.message: Type
X: VLSM message
VLSM_eq X (preloaded_vlsm X (valid_message_prop X))
  split; [by apply basic_VLSM_strong_incl; intros ?; only 2: left |].message: Type
X: VLSM message
VLSM_incl
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} {| vlsm_type := X; vlsm_machine := X |}
  apply basic_VLSM_incl; intros ? **; cbn; [done | ..].message: Type
X: VLSM message
l: label
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
s: state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
m: message
Hv: input_valid
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} l (s, Some m)
HsY: valid_state_prop
  {| vlsm_type := X; vlsm_machine := X |} 
  (id s)
HmX: initial_message_prop m
valid_message_prop
  {| vlsm_type := X; vlsm_machine := X |} m
message: Type
X: VLSM message
l: label
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
s: state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
om: option message
Hv: input_valid
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} l (s, om)
HsY: valid_state_prop
  {| vlsm_type := X; vlsm_machine := X |} 
  (id s)
HomY: option_valid_message_prop
  {| vlsm_type := X; vlsm_machine := X |} om
valid l (s, om)
message: Type
X: VLSM message
l: label
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
s: state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
om: option message
s': state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
om': option message
H: input_valid_transition
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} l (s, om) (s', om')
transition l (s, om) = (s', om')
  -message: Type
X: VLSM message
l: label
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
s: state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
m: message
Hv: input_valid
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} l (s, Some m)
HsY: valid_state_prop
  {| vlsm_type := X; vlsm_machine := X |} 
  (id s)
HmX: initial_message_prop m
valid_message_prop
  {| vlsm_type := X; vlsm_machine := X |} m destruct HmX as [Hinit | HmX].message: Type
X: VLSM message
l: label
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
s: state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
m: message
Hv: input_valid
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} l (s, Some m)
HsY: valid_state_prop
  {| vlsm_type := X; vlsm_machine := X |} 
  (id s)
Hinit: initial_message_prop m
valid_message_prop
  {| vlsm_type := X; vlsm_machine := X |} m
message: Type
X: VLSM message
l: label
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
s: state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
m: message
Hv: input_valid
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} l (s, Some m)
HsY: valid_state_prop
  {| vlsm_type := X; vlsm_machine := X |} 
  (id s)
HmX: valid_message_prop X m
valid_message_prop
  {| vlsm_type := X; vlsm_machine := X |} m
    +message: Type
X: VLSM message
l: label
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
s: state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
m: message
Hv: input_valid
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} l (s, Some m)
HsY: valid_state_prop
  {| vlsm_type := X; vlsm_machine := X |} 
  (id s)
Hinit: initial_message_prop m
valid_message_prop
  {| vlsm_type := X; vlsm_machine := X |} m by apply initial_message_is_valid.
    +message: Type
X: VLSM message
l: label
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
s: state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
m: message
Hv: input_valid
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} l (s, Some m)
HsY: valid_state_prop
  {| vlsm_type := X; vlsm_machine := X |} 
  (id s)
HmX: valid_message_prop X m
valid_message_prop
  {| vlsm_type := X; vlsm_machine := X |} m by destruct X.
  -message: Type
X: VLSM message
l: label
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
s: state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
om: option message
Hv: input_valid
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} l (s, om)
HsY: valid_state_prop
  {| vlsm_type := X; vlsm_machine := X |} 
  (id s)
HomY: option_valid_message_prop
  {| vlsm_type := X; vlsm_machine := X |} om
valid l (s, om) by apply Hv.
  -message: Type
X: VLSM message
l: label
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
s: state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
om: option message
s': state
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |}
om': option message
H: input_valid_transition
  {|
    vlsm_type := X;
    vlsm_machine :=
      preloaded_vlsm X (valid_message_prop X)
  |} l (s, om) (s', om')
transition l (s, om) = (s', om') by apply H.
Qed.