From VLSM.Lib Require Import Itauto.[Loading ML file ring_plugin.cmxs (using legacy method) ... done]
[Loading ML file zify_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_plugin.cmxs (using legacy method) ... done]
[Loading ML file btauto_plugin.cmxs (using legacy method) ... done]
[Loading ML file coq-itauto.plugin ... done]
From Coq Require Import FunctionalExtensionality Lia.
From stdpp Require Import prelude finite.
From VLSM.Lib Require Import Preamble ListExtras StdppListSet StdppExtras.
From VLSM.Core Require Import VLSM VLSMProjections ProjectionTraces Composition Validator.
From VLSM.Core Require Import Equivocation EquivocationProjections Equivocation.NoEquivocation.

Core: VLSM Subcomposition

Section sec_sub_composition.

Context
  {message : Type}
  `{finite.Finite index}
  (IM : index -> VLSM message)
  (sub_index_list : list index)
  .

Definition sub_index_prop (i : index) : Prop := i ∈ sub_index_list.

#[local] Program Instance sub_index_prop_dec
  (i : index)
  : Decision (sub_index_prop i).
Next Obligation.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
∀ i : index, {sub_index_prop i} + {¬ sub_index_prop i}
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
∀ i : index, {sub_index_prop i} + {¬ sub_index_prop i}
  intros; apply decide_rel; typeclasses eauto.
Qed.

Definition sub_index : Type := dsig sub_index_prop.

Definition sub_IM
  (ei : sub_index)
  : VLSM message
  := IM (proj1_sig ei).

Lemma sub_IM_state_pi
  {i : index}
  (s : composite_state sub_IM)
  (e1 e2 : sub_index_prop i)
  : s (dexist i e1) = s (dexist i e2).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
s: composite_state sub_IM
e1, e2: sub_index_prop i
s (dexist i e1) = s (dexist i e2)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
s: composite_state sub_IM
e1, e2: sub_index_prop i
s (dexist i e1) = s (dexist i e2)
  unfold dexist.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
s: composite_state sub_IM
e1, e2: sub_index_prop i
s (i ↾ bool_decide_pack (sub_index_prop i) e1) =
s (i ↾ bool_decide_pack (sub_index_prop i) e2)
  replace (bool_decide_pack _ e1) with (bool_decide_pack _ e2); [done |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
s: composite_state sub_IM
e1, e2: sub_index_prop i
bool_decide_pack (sub_index_prop i) e2 =
bool_decide_pack (sub_index_prop i) e1
  by apply proof_irrel.
Qed.

Lemma sub_IM_state_update_eq
  (i : index)
  (s : composite_state sub_IM)
  (si : state (IM i))
  (e1 e2 : sub_index_prop i)
  : state_update sub_IM s (dexist i e1) si (dexist i e2) = si.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
s: composite_state sub_IM
si: state (IM i)
e1, e2: sub_index_prop i
state_update sub_IM s (dexist i e1) si (dexist i e2) =
si
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
s: composite_state sub_IM
si: state (IM i)
e1, e2: sub_index_prop i
state_update sub_IM s (dexist i e1) si (dexist i e2) =
si
  cut (forall be1 be2, be1 = be2 ->
      state_update sub_IM s (exist _ i be1) si (exist _ i be2) = si).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
s: composite_state sub_IM
si: state (IM i)
e1, e2: sub_index_prop i
(∀ be1
    be2 : (λ x : index, bool_decide (sub_index_prop x))
            i,
   be1 = be2
   → state_update sub_IM s (i ↾ be1) si (i ↾ be2) = si)
→ state_update sub_IM s (dexist i e1) si (dexist i e2) =
  si
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
s: composite_state sub_IM
si: state (IM i)
e1, e2: sub_index_prop i
∀ be1
   be2 : (λ x : index, bool_decide (sub_index_prop x))
           i,
  be1 = be2
  → state_update sub_IM s (i ↾ be1) si (i ↾ be2) = si
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
s: composite_state sub_IM
si: state (IM i)
e1, e2: sub_index_prop i
(∀ be1
    be2 : (λ x : index, bool_decide (sub_index_prop x))
            i,
   be1 = be2
   → state_update sub_IM s (i ↾ be1) si (i ↾ be2) = si)
→ state_update sub_IM s (dexist i e1) si (dexist i e2) =
  si by intro Heq; apply Heq, proof_irrel.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
s: composite_state sub_IM
si: state (IM i)
e1, e2: sub_index_prop i
∀ be1
   be2 : (λ x : index, bool_decide (sub_index_prop x))
           i,
  be1 = be2
  → state_update sub_IM s (i ↾ be1) si (i ↾ be2) = si by intros; subst; state_update_simpl.
Qed.

Lemma sub_IM_state_update_neq
  (s : composite_state sub_IM)
  (i : index)
  (ei : sub_index_prop i)
  (si : state (IM i))
  (j : index)
  (ej : sub_index_prop j)
  : i <> j ->
      state_update sub_IM s (dexist i ei) si (dexist j ej)
        =
      s (dexist j ej).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state sub_IM
i: index
ei: sub_index_prop i
si: state (IM i)
j: index
ej: sub_index_prop j
i ≠ j
→ state_update sub_IM s (dexist i ei) si (dexist j ej) =
  s (dexist j ej)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state sub_IM
i: index
ei: sub_index_prop i
si: state (IM i)
j: index
ej: sub_index_prop j
i ≠ j
→ state_update sub_IM s (dexist i ei) si (dexist j ej) =
  s (dexist j ej)
  by intro Hneq; apply state_update_neq; inversion 1.
Qed.

Definition free_sub_vlsm_composition : VLSM message
  := free_composite_vlsm sub_IM.

Definition seeded_free_sub_composition
  (messageSet : message -> Prop)
  := preloaded_vlsm free_sub_vlsm_composition
      (fun m => messageSet m \/ composite_initial_message_prop IM m).

Definition composite_state_sub_projection
  (s : composite_state IM)
  : composite_state sub_IM
  := fun (subi : sub_index) => s (proj1_sig subi) : state (sub_IM subi).

Lemma composite_initial_state_sub_projection
  (s : composite_state IM)
  (Hs : composite_initial_state_prop IM s)
  : composite_initial_state_prop sub_IM (composite_state_sub_projection s).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state IM
Hs: composite_initial_state_prop IM s
composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state IM
Hs: composite_initial_state_prop IM s
composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
  by intros [i Hi]; apply Hs.
Qed.

Definition composite_label_sub_projection
  (l : composite_label IM)
  (i := projT1 l)
  (e : sub_index_prop i)
  : composite_label sub_IM
  :=
  existT (dexist i e) (projT2 l).

Definition lift_sub_label
  (l : composite_label sub_IM)
  : composite_label IM
  :=
  existT (proj1_sig (projT1 l)) (projT2 l).

Definition lift_sub_state_to
  (s0 : composite_state IM)
  (s : composite_state sub_IM)
  : composite_state IM
  := fun i =>
    match decide (sub_index_prop i) with
    | left e =>  s (dexist i e)
    | _ => s0 i
    end.

Definition lift_sub_state := lift_sub_state_to (fun (n : index) => proj1_sig (vs0 (IM n))).

Lemma lift_sub_state_to_eq
  (s0 : composite_state IM)
  (s : composite_state sub_IM)
  i
  (Hi : sub_index_prop i)
  : lift_sub_state_to s0 s i = s (dexist i Hi).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hi: sub_index_prop i
lift_sub_state_to s0 s i = s (dexist i Hi)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hi: sub_index_prop i
lift_sub_state_to s0 s i = s (dexist i Hi)
  unfold lift_sub_state_to.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hi: sub_index_prop i
match decide (sub_index_prop i) with
| left e => s (dexist i e)
| right _ => s0 i
end = s (dexist i Hi)
  by case_decide; [apply sub_IM_state_pi |].
Qed.

Lemma lift_sub_state_to_neq
  (s0 : composite_state IM)
  (s : composite_state sub_IM)
  i
  (Hni : ~ sub_index_prop i)
  : lift_sub_state_to s0 s i = s0 i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hni: ¬ sub_index_prop i
lift_sub_state_to s0 s i = s0 i
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hni: ¬ sub_index_prop i
lift_sub_state_to s0 s i = s0 i
  by unfold lift_sub_state_to; case_decide.
Qed.

Lemma composite_state_sub_projection_lift_to
  (s0 : composite_state IM)
  (s : composite_state sub_IM)
  : composite_state_sub_projection (lift_sub_state_to s0 s) = s.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
composite_state_sub_projection
  (lift_sub_state_to s0 s) = s
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
composite_state_sub_projection
  (lift_sub_state_to s0 s) = s
  extensionality sub_i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
sub_i: sub_index
composite_state_sub_projection
  (lift_sub_state_to s0 s) sub_i = s sub_i
  destruct_dec_sig sub_i i Hi Heqsub_i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
sub_i: sub_index
i: index
Hi: sub_index_prop i
Heqsub_i: sub_i = dexist i Hi
composite_state_sub_projection
  (lift_sub_state_to s0 s) sub_i = s sub_i
  subst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hi: sub_index_prop i
composite_state_sub_projection
  (lift_sub_state_to s0 s) (dexist i Hi) =
s (dexist i Hi)
  unfold composite_state_sub_projection.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hi: sub_index_prop i
lift_sub_state_to s0 s (`(dexist i Hi)) =
s (dexist i Hi)
  simpl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hi: sub_index_prop i
lift_sub_state_to s0 s i = s (dexist i Hi)
  by rewrite lift_sub_state_to_eq with (Hi := Hi).
Qed.

Lemma lift_sub_state_to_neq_state_update
  (s0 : composite_state IM)
  (s : composite_state sub_IM)
  i
  (Hni : ~ sub_index_prop i)
  si'
  : state_update IM (lift_sub_state_to s0 s) i si' =
    lift_sub_state_to (state_update IM s0 i si') s.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hni: ¬ sub_index_prop i
si': state (IM i)
state_update IM (lift_sub_state_to s0 s) i si' =
lift_sub_state_to (state_update IM s0 i si') s
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hni: ¬ sub_index_prop i
si': state (IM i)
state_update IM (lift_sub_state_to s0 s) i si' =
lift_sub_state_to (state_update IM s0 i si') s
  symmetry.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hni: ¬ sub_index_prop i
si': state (IM i)
lift_sub_state_to (state_update IM s0 i si') s =
state_update IM (lift_sub_state_to s0 s) i si'
  extensionality j.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hni: ¬ sub_index_prop i
si': state (IM i)
j: index
lift_sub_state_to (state_update IM s0 i si') s j =
state_update IM (lift_sub_state_to s0 s) i si' j
  unfold lift_sub_state_to.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
s: composite_state sub_IM
i: index
Hni: ¬ sub_index_prop i
si': state (IM i)
j: index
match decide (sub_index_prop j) with
| left e => s (dexist j e)
| right _ => state_update IM s0 i si' j
end =
state_update IM
  (λ i : index,
     match decide (sub_index_prop i) with
     | left e => s (dexist i e)
     | right _ => s0 i
     end) i si' j
  by destruct (decide (i = j)); subst; state_update_simpl; case_decide.
Qed.

#[local] Hint Rewrite @sub_IM_state_update_eq using done : state_update.
#[local] Hint Rewrite @sub_IM_state_update_neq using done : state_update.
#[local] Hint Rewrite @lift_sub_state_to_eq using done : state_update.
#[local] Hint Rewrite @lift_sub_state_to_neq using done : state_update.
#[local] Hint Rewrite @lift_sub_state_to_neq_state_update using done : state_update.

Section sec_induced_sub_projection.

Context
  (constraint : composite_label IM -> composite_state IM * option message -> Prop)
  (X := composite_vlsm IM constraint)
  .

Definition composite_label_sub_projection_option
  (l : composite_label IM)
  : option (composite_label sub_IM) :=
  match decide (projT1 l ∈ sub_index_list) with
  | left i_in => Some (composite_label_sub_projection l i_in)
  | _ => None
  end.

By restricting the components of a composition to a subset we obtain a projection_induced_validator.

Definition pre_induced_sub_projection : VLSM message :=
  pre_projection_induced_validator X (composite_type sub_IM)
    composite_label_sub_projection_option
    composite_state_sub_projection
    lift_sub_label lift_sub_state.

Lemma induced_sub_projection_transition_consistency_None
  : weak_projection_transition_consistency_None X (composite_type sub_IM)
      composite_label_sub_projection_option composite_state_sub_projection.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
weak_projection_transition_consistency_None X
  (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
weak_projection_transition_consistency_None X
  (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection
  intros lX HlX sX om s'X om' HtX.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
lX: label X
HlX: composite_label_sub_projection_option lX = None
sX: state X
om: option message
s'X: state X
om': option message
HtX: input_valid_transition X lX (sX, om) (s'X, om')
composite_state_sub_projection s'X =
composite_state_sub_projection sX
  extensionality sub_i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
lX: label X
HlX: composite_label_sub_projection_option lX = None
sX: state X
om: option message
s'X: state X
om': option message
HtX: input_valid_transition X lX (sX, om) (s'X, om')
sub_i: sub_index
composite_state_sub_projection s'X sub_i =
composite_state_sub_projection sX sub_i
  destruct_dec_sig sub_i i Hi Heqsub_i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
lX: label X
HlX: composite_label_sub_projection_option lX = None
sX: state X
om: option message
s'X: state X
om': option message
HtX: input_valid_transition X lX (sX, om) (s'X, om')
sub_i: sub_index
i: index
Hi: sub_index_prop i
Heqsub_i: sub_i = dexist i Hi
composite_state_sub_projection s'X sub_i =
composite_state_sub_projection sX sub_i
  subst sub_i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
lX: label X
HlX: composite_label_sub_projection_option lX = None
sX: state X
om: option message
s'X: state X
om': option message
HtX: input_valid_transition X lX (sX, om) (s'X, om')
i: index
Hi: sub_index_prop i
composite_state_sub_projection s'X (dexist i Hi) =
composite_state_sub_projection sX (dexist i Hi)
  unfold composite_state_sub_projection.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
lX: label X
HlX: composite_label_sub_projection_option lX = None
sX: state X
om: option message
s'X: state X
om': option message
HtX: input_valid_transition X lX (sX, om) (s'X, om')
i: index
Hi: sub_index_prop i
s'X (`(dexist i Hi)) = sX (`(dexist i Hi)) simpl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
lX: label X
HlX: composite_label_sub_projection_option lX = None
sX: state X
om: option message
s'X: state X
om': option message
HtX: input_valid_transition X lX (sX, om) (s'X, om')
i: index
Hi: sub_index_prop i
s'X i = sX i
  destruct lX as [x v].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
x: index
v: label (IM x)
HlX: composite_label_sub_projection_option
  (existT x v) = None
sX: state X
om: option message
s'X: state X
om': option message
HtX: input_valid_transition X 
  (existT x v) (sX, om) (
  s'X, om')
i: index
Hi: sub_index_prop i
s'X i = sX i
  apply proj2 in HtX.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
x: index
v: label (IM x)
HlX: composite_label_sub_projection_option
  (existT x v) = None
sX: state X
om: option message
s'X: state X
om': option message
HtX: transition (existT x v) (sX, om) = (s'X, om')
i: index
Hi: sub_index_prop i
s'X i = sX i cbn in HtX.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
x: index
v: label (IM x)
HlX: composite_label_sub_projection_option
  (existT x v) = None
sX: state X
om: option message
s'X: state X
om': option message
HtX: (let (si', om') := transition v (sX x, om) in
 (state_update IM sX x si', om')) = (
s'X, om')
i: index
Hi: sub_index_prop i
s'X i = sX i
  destruct (transition _ _ _) as (si', _om').message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
x: index
v: label (IM x)
HlX: composite_label_sub_projection_option
  (existT x v) = None
sX: state X
om: option message
s'X: state X
om': option message
si': state (IM x)
_om': option message
HtX: (state_update IM sX x si', _om') = (s'X, om')
i: index
Hi: sub_index_prop i
s'X i = sX i
  inversion_clear HtX.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
x: index
v: label (IM x)
HlX: composite_label_sub_projection_option
  (existT x v) = None
sX: state X
om: option message
s'X: state X
om': option message
si': state (IM x)
_om': option message
i: index
Hi: sub_index_prop i
state_update IM sX x si' i = sX i
  rewrite state_update_neq; [done | intros ->].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
x: index
v: label (IM x)
HlX: composite_label_sub_projection_option
  (existT x v) = None
sX: state X
om: option message
s'X: state X
om': option message
si': state (IM x)
_om': option message
Hi: sub_index_prop x
False
  unfold composite_label_sub_projection_option in HlX; simpl in HlX.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
x: index
v: label (IM x)
HlX: match decide (x ∈ sub_index_list) with
| left i_in =>
    Some
      (composite_label_sub_projection
         (existT x v) i_in)
| right _ => None
end = None
sX: state X
om: option message
s'X: state X
om': option message
si': state (IM x)
_om': option message
Hi: sub_index_prop x
False
  by case_decide.
Qed.

Lemma composite_label_sub_projection_option_lift
  : induced_validator_label_lift_prop composite_label_sub_projection_option lift_sub_label.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_label_lift_prop
  composite_label_sub_projection_option lift_sub_label
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_label_lift_prop
  composite_label_sub_projection_option lift_sub_label
  intros [sub_i li].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
composite_label_sub_projection_option
  (lift_sub_label (existT sub_i li)) =
Some (existT sub_i li)
  destruct_dec_sig sub_i i Hi Heqsub_i; subst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
composite_label_sub_projection_option
  (lift_sub_label (existT (dexist i Hi) li)) =
Some (existT (dexist i Hi) li)
  unfold lift_sub_label, composite_label_sub_projection_option, composite_label_sub_projection; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
match decide (i ∈ sub_index_list) with
| left i_in => Some (existT (dexist i i_in) li)
| right _ => None
end = Some (existT (dexist i Hi) li)
  case_decide; [f_equal | done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
H0: i ∈ sub_index_list
existT (dexist i H0) li = existT (dexist i Hi) li
  by apply (@dec_sig_sigT_eq _ _ sub_index_prop_dec (fun i => label (IM i))).
Qed.

Lemma composite_state_sub_projection_lift
  : induced_validator_state_lift_prop composite_state_sub_projection lift_sub_state.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_state_lift_prop
  composite_state_sub_projection lift_sub_state
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_state_lift_prop
  composite_state_sub_projection lift_sub_state by intro; apply composite_state_sub_projection_lift_to. Qed.

Lemma composite_trace_sub_projection_lift
  (tr : list (composite_transition_item sub_IM))
  : pre_VLSM_projection_finite_trace_project (composite_type IM) _
    composite_label_sub_projection_option composite_state_sub_projection
    (pre_VLSM_embedding_finite_trace_project _ _ lift_sub_label lift_sub_state tr)
    = tr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
tr: list (composite_transition_item sub_IM)
pre_VLSM_projection_finite_trace_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection
  (pre_VLSM_embedding_finite_trace_project
     (composite_type sub_IM) (composite_type IM)
     lift_sub_label lift_sub_state tr) = tr
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
tr: list (composite_transition_item sub_IM)
pre_VLSM_projection_finite_trace_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection
  (pre_VLSM_embedding_finite_trace_project
     (composite_type sub_IM) (composite_type IM)
     lift_sub_label lift_sub_state tr) = tr
  apply (induced_validator_trace_lift (free_composite_vlsm IM)).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
tr: list (composite_transition_item sub_IM)
induced_validator_label_lift_prop
  composite_label_sub_projection_option lift_sub_label
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
tr: list (composite_transition_item sub_IM)
induced_validator_state_lift_prop
  composite_state_sub_projection lift_sub_state
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
tr: list (composite_transition_item sub_IM)
induced_validator_label_lift_prop
  composite_label_sub_projection_option lift_sub_label by apply composite_label_sub_projection_option_lift.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
tr: list (composite_transition_item sub_IM)
induced_validator_state_lift_prop
  composite_state_sub_projection lift_sub_state by apply composite_state_sub_projection_lift.
Qed.

Lemma induced_sub_projection_transition_consistency_Some
  : induced_validator_transition_consistency_Some X (composite_type sub_IM)
      composite_label_sub_projection_option composite_state_sub_projection.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_transition_consistency_Some X
  (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_transition_consistency_Some X
  (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection
  intros lX1 lX2 lY HlX1_pr HlX2_pr sX1 sX2 HsXeq_pr iom sX1' oom1 Ht1 sX2' oom2 Ht2.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
lX1, lX2: label X
lY: label (composite_type sub_IM)
HlX1_pr: composite_label_sub_projection_option lX1 =
Some lY
HlX2_pr: composite_label_sub_projection_option lX2 =
Some lY
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition lX1 (sX1, iom) = (sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  destruct lX1 as (i, lXi).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
lX2: label X
lY: label (composite_type sub_IM)
HlX1_pr: composite_label_sub_projection_option
  (existT i lXi) = Some lY
HlX2_pr: composite_label_sub_projection_option lX2 =
Some lY
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  unfold composite_label_sub_projection_option in HlX1_pr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
lX2: label X
lY: label (composite_type sub_IM)
HlX1_pr: match
  decide
    (projT1 (existT i lXi) ∈ sub_index_list)
with
| left i_in =>
    Some
      (composite_label_sub_projection
         (existT i lXi) i_in)
| right _ => None
end = Some lY
HlX2_pr: composite_label_sub_projection_option lX2 =
Some lY
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  simpl in HlX1_pr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
lX2: label X
lY: label (composite_type sub_IM)
HlX1_pr: match decide (i ∈ sub_index_list) with
| left i_in =>
    Some
      (composite_label_sub_projection
         (existT i lXi) i_in)
| right _ => None
end = Some lY
HlX2_pr: composite_label_sub_projection_option lX2 =
Some lY
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2 case_decide as Hi; [| done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
lX2: label X
lY: label (composite_type sub_IM)
Hi: i ∈ sub_index_list
HlX1_pr: Some
  (composite_label_sub_projection
     (existT i lXi) Hi) = 
Some lY
HlX2_pr: composite_label_sub_projection_option lX2 =
Some lY
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  apply Some_inj in HlX1_pr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
lX2: label X
lY: label (composite_type sub_IM)
Hi: i ∈ sub_index_list
HlX1_pr: composite_label_sub_projection
  (existT i lXi) Hi = lY
HlX2_pr: composite_label_sub_projection_option lX2 =
Some lY
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2 subst lY.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
lX2: label X
Hi: i ∈ sub_index_list
HlX2_pr: composite_label_sub_projection_option lX2 =
Some
  (composite_label_sub_projection
     (existT i lXi) Hi)
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  destruct lX2 as (_i, _lXi).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
_i: index
_lXi: label (IM _i)
Hi: i ∈ sub_index_list
HlX2_pr: composite_label_sub_projection_option
  (existT _i _lXi) =
Some
  (composite_label_sub_projection
     (existT i lXi) Hi)
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT _i _lXi) (sX2, iom) =
(sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  unfold composite_label_sub_projection_option in HlX2_pr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
_i: index
_lXi: label (IM _i)
Hi: i ∈ sub_index_list
HlX2_pr: match
  decide
    (projT1 (existT _i _lXi)
     ∈ sub_index_list)
with
| left i_in =>
    Some
      (composite_label_sub_projection
         (existT _i _lXi) i_in)
| right _ => None
end =
Some
  (composite_label_sub_projection
     (existT i lXi) Hi)
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT _i _lXi) (sX2, iom) =
(sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  simpl in HlX2_pr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
_i: index
_lXi: label (IM _i)
Hi: i ∈ sub_index_list
HlX2_pr: match decide (_i ∈ sub_index_list) with
| left i_in =>
    Some
      (composite_label_sub_projection
         (existT _i _lXi) i_in)
| right _ => None
end =
Some
  (composite_label_sub_projection
     (existT i lXi) Hi)
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT _i _lXi) (sX2, iom) =
(sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2 case_decide as H_i; [| done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
_i: index
_lXi: label (IM _i)
Hi: i ∈ sub_index_list
H_i: _i ∈ sub_index_list
HlX2_pr: Some
  (composite_label_sub_projection
     (existT _i _lXi) H_i) =
Some
  (composite_label_sub_projection
     (existT i lXi) Hi)
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT _i _lXi) (sX2, iom) =
(sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  apply Some_inj in HlX2_pr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
_i: index
_lXi: label (IM _i)
Hi: i ∈ sub_index_list
H_i: _i ∈ sub_index_list
HlX2_pr: composite_label_sub_projection
  (existT _i _lXi) H_i =
composite_label_sub_projection
  (existT i lXi) Hi
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT _i _lXi) (sX2, iom) =
(sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  unfold composite_label_sub_projection in HlX2_pr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
_i: index
_lXi: label (IM _i)
Hi: i ∈ sub_index_list
H_i: _i ∈ sub_index_list
HlX2_pr: existT
  (dexist (projT1 (existT _i _lXi)) H_i)
  (projT2 (existT _i _lXi)) =
existT (dexist (projT1 (existT i lXi)) Hi)
  (projT2 (existT i lXi))
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT _i _lXi) (sX2, iom) =
(sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  simpl in HlX2_pr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
_i: index
_lXi: label (IM _i)
Hi: i ∈ sub_index_list
H_i: _i ∈ sub_index_list
HlX2_pr: existT (dexist _i H_i) _lXi =
existT (dexist i Hi) lXi
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT _i _lXi) (sX2, iom) =
(sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  inversion HlX2_pr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
_i: index
_lXi: label (IM _i)
Hi: i ∈ sub_index_list
H_i: _i ∈ sub_index_list
HlX2_pr: existT (dexist _i H_i) _lXi =
existT (dexist i Hi) lXi
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT _i _lXi) (sX2, iom) =
(sX2', oom2)
H1: _i = i
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  subst _i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi, _lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
HlX2_pr: existT (dexist i H_i) _lXi =
existT (dexist i Hi) lXi
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT i _lXi) (sX2, iom) =
(sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  apply
    (@dec_sig_sigT_eq_rev _ _ _ sub_index_prop_dec (fun i => label (IM i)))
    in HlX2_pr as ->.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT i lXi) (sX2, iom) =
(sX2', oom2)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  apply f_equal_dep with (x := dexist i Hi) in HsXeq_pr as HsXeq_pri.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT i lXi) (sX2, iom) =
(sX2', oom2)
HsXeq_pri: composite_state_sub_projection sX1
  (dexist i Hi) =
composite_state_sub_projection sX2
  (dexist i Hi)
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  cbv in HsXeq_pri.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: transition (existT i lXi) (sX1, iom) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (existT i lXi) (sX2, iom) =
(sX2', oom2)
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  cbn in Ht1, Ht2.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: (let (si', om') :=
   transition lXi (sX1 i, iom) in
 (state_update IM sX1 i si', om')) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: (let (si', om') :=
   transition lXi (sX2 i, iom) in
 (state_update IM sX2 i si', om')) =
(sX2', oom2)
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  rewrite <- HsXeq_pri in Ht2.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
Ht1: (let (si', om') :=
   transition lXi (sX1 i, iom) in
 (state_update IM sX1 i si', om')) =
(sX1', oom1)
sX2': state X
oom2: option message
Ht2: (let (si', om') :=
   transition lXi (sX1 i, iom) in
 (state_update IM sX2 i si', om')) =
(sX2', oom2)
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  destruct (transition _ _ _) as (si', om').message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
si': state (IM i)
om': option message
Ht1: (state_update IM sX1 i si', om') = (sX1', oom1)
sX2': state X
oom2: option message
Ht2: (state_update IM sX2 i si', om') = (sX2', oom2)
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection sX1' =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  inversion Ht1.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
sX1': state X
oom1: option message
si': state (IM i)
om': option message
Ht1: (state_update IM sX1 i si', om') = (sX1', oom1)
sX2': state X
oom2: option message
Ht2: (state_update IM sX2 i si', om') = (sX2', oom2)
HsXeq_pri: sX1 i = sX2 i
H1: state_update IM sX1 i si' = sX1'
H2: om' = oom1
composite_state_sub_projection
  (state_update IM sX1 i si') =
composite_state_sub_projection sX2' ∧ oom1 = oom2 subst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom, oom1: option message
si': state (IM i)
Ht1: (state_update IM sX1 i si', oom1) =
(state_update IM sX1 i si', oom1)
sX2': state X
oom2: option message
Ht2: (state_update IM sX2 i si', oom1) = (sX2', oom2)
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection
  (state_update IM sX1 i si') =
composite_state_sub_projection sX2' ∧ oom1 = oom2 clear Ht1.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom, oom1: option message
si': state (IM i)
sX2': state X
oom2: option message
Ht2: (state_update IM sX2 i si', oom1) = (sX2', oom2)
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection
  (state_update IM sX1 i si') =
composite_state_sub_projection sX2' ∧ oom1 = oom2
  inversion Ht2.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom, oom1: option message
si': state (IM i)
sX2': state X
oom2: option message
Ht2: (state_update IM sX2 i si', oom1) = (sX2', oom2)
HsXeq_pri: sX1 i = sX2 i
H1: state_update IM sX2 i si' = sX2'
H2: oom1 = oom2
composite_state_sub_projection
  (state_update IM sX1 i si') =
composite_state_sub_projection
  (state_update IM sX2 i si') ∧ oom2 = oom2 subst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
si': state (IM i)
oom2: option message
Ht2: (state_update IM sX2 i si', oom2) =
(state_update IM sX2 i si', oom2)
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection
  (state_update IM sX1 i si') =
composite_state_sub_projection
  (state_update IM sX2 i si') ∧ oom2 = oom2 clear Ht2.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
si': state (IM i)
oom2: option message
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection
  (state_update IM sX1 i si') =
composite_state_sub_projection
  (state_update IM sX2 i si') ∧ oom2 = oom2
  split; [| done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
si': state (IM i)
oom2: option message
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection
  (state_update IM sX1 i si') =
composite_state_sub_projection
  (state_update IM sX2 i si')
  extensionality sub_j.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
HsXeq_pr: composite_state_sub_projection sX1 =
composite_state_sub_projection sX2
iom: option message
si': state (IM i)
oom2: option message
HsXeq_pri: sX1 i = sX2 i
sub_j: sub_index
composite_state_sub_projection
  (state_update IM sX1 i si') sub_j =
composite_state_sub_projection
  (state_update IM sX2 i si') sub_j
  apply f_equal_dep with (x := sub_j) in HsXeq_pr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
sub_j: sub_index
HsXeq_pr: composite_state_sub_projection sX1 sub_j =
composite_state_sub_projection sX2 sub_j
iom: option message
si': state (IM i)
oom2: option message
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection
  (state_update IM sX1 i si') sub_j =
composite_state_sub_projection
  (state_update IM sX2 i si') sub_j
  destruct_dec_sig sub_j j Hj Heqsub_j.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
sub_j: sub_index
HsXeq_pr: composite_state_sub_projection sX1 sub_j =
composite_state_sub_projection sX2 sub_j
iom: option message
si': state (IM i)
oom2: option message
HsXeq_pri: sX1 i = sX2 i
j: index
Hj: sub_index_prop j
Heqsub_j: sub_j = dexist j Hj
composite_state_sub_projection
  (state_update IM sX1 i si') sub_j =
composite_state_sub_projection
  (state_update IM sX2 i si') sub_j
  subst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
j: index
Hj: sub_index_prop j
HsXeq_pr: composite_state_sub_projection sX1
  (dexist j Hj) =
composite_state_sub_projection sX2
  (dexist j Hj)
iom: option message
si': state (IM i)
oom2: option message
HsXeq_pri: sX1 i = sX2 i
composite_state_sub_projection
  (state_update IM sX1 i si') (dexist j Hj) =
composite_state_sub_projection
  (state_update IM sX2 i si') (dexist j Hj)
  unfold composite_state_sub_projection in HsXeq_pr |- *.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
j: index
Hj: sub_index_prop j
HsXeq_pr: sX1 (`(dexist j Hj)) = sX2 (`(dexist j Hj))
iom: option message
si': state (IM i)
oom2: option message
HsXeq_pri: sX1 i = sX2 i
state_update IM sX1 i si' (`(dexist j Hj)) =
state_update IM sX2 i si' (`(dexist j Hj))
  simpl in HsXeq_pr |- *.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lXi: label (IM i)
Hi, H_i: i ∈ sub_index_list
sX1, sX2: state X
j: index
Hj: sub_index_prop j
HsXeq_pr: sX1 j = sX2 j
iom: option message
si': state (IM i)
oom2: option message
HsXeq_pri: sX1 i = sX2 i
state_update IM sX1 i si' j =
state_update IM sX2 i si' j
  by destruct (decide (i = j)); subst; state_update_simpl.
Qed.

The pre_induced_sub_projection is actually a VLSM_projection of the original composition.

Lemma induced_sub_projection_is_projection
  : VLSM_projection X pre_induced_sub_projection
    composite_label_sub_projection_option
    composite_state_sub_projection.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
VLSM_projection X pre_induced_sub_projection
  composite_label_sub_projection_option
  composite_state_sub_projection
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
VLSM_projection X pre_induced_sub_projection
  composite_label_sub_projection_option
  composite_state_sub_projection
  apply projection_induced_validator_is_projection.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_label_lift_prop
  composite_label_sub_projection_option lift_sub_label
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_state_lift_prop
  composite_state_sub_projection lift_sub_state
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_transition_consistency_Some X
  (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
weak_projection_transition_consistency_None X
  (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_label_lift_prop
  composite_label_sub_projection_option lift_sub_label by apply composite_label_sub_projection_option_lift.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_state_lift_prop
  composite_state_sub_projection lift_sub_state by apply composite_state_sub_projection_lift.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
induced_validator_transition_consistency_Some X
  (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection by apply induced_sub_projection_transition_consistency_Some.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
weak_projection_transition_consistency_None X
  (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection by apply induced_sub_projection_transition_consistency_None.
Qed.

Lemma induced_sub_projection_valid_projection l s om
  (Hv : valid pre_induced_sub_projection l (s, om))
  : exists i, i ∈ sub_index_list /\
    exists l s, input_constrained (IM i) l (s, om).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label pre_induced_sub_projection
s: state pre_induced_sub_projection
om: option message
Hv: valid l (s, om)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label pre_induced_sub_projection
s: state pre_induced_sub_projection
om: option message
Hv: valid l (s, om)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  destruct l as (sub_i, li).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
s: state pre_induced_sub_projection
om: option message
Hv: valid (existT sub_i li) (s, om)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  destruct Hv as (lX & sX & [HlX Heqs (HsX & Hom & Hv)]).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
s: state pre_induced_sub_projection
om: option message
lX: label X
sX: state X
HlX: composite_label_sub_projection_option lX =
Some (existT sub_i li)
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid lX (sX, (s, om).2)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  destruct lX as [i _li].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
s: state pre_induced_sub_projection
om: option message
i: index
_li: label (IM i)
sX: state X
HlX: composite_label_sub_projection_option
  (existT i _li) = Some (existT sub_i li)
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  unfold composite_label_sub_projection_option in HlX.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
s: state pre_induced_sub_projection
om: option message
i: index
_li: label (IM i)
sX: state X
HlX: match
  decide
    (projT1 (existT i _li) ∈ sub_index_list)
with
| left i_in =>
    Some
      (composite_label_sub_projection
         (existT i _li) i_in)
| right _ => None
end = Some (existT sub_i li)
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  simpl in HlX.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
s: state pre_induced_sub_projection
om: option message
i: index
_li: label (IM i)
sX: state X
HlX: match decide (i ∈ sub_index_list) with
| left i_in =>
    Some
      (composite_label_sub_projection
         (existT i _li) i_in)
| right _ => None
end = Some (existT sub_i li)
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  case_decide; [| by congruence].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
s: state pre_induced_sub_projection
om: option message
i: index
_li: label (IM i)
sX: state X
H0: i ∈ sub_index_list
HlX: Some
  (composite_label_sub_projection 
     (existT i _li) H0) = 
Some (existT sub_i li)
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  unfold composite_label_sub_projection in HlX.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
s: state pre_induced_sub_projection
om: option message
i: index
_li: label (IM i)
sX: state X
H0: i ∈ sub_index_list
HlX: Some
  (existT (dexist (projT1 (existT i _li)) H0)
     (projT2 (existT i _li))) =
Some (existT sub_i li)
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  simpl in HlX.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
s: state pre_induced_sub_projection
om: option message
i: index
_li: label (IM i)
sX: state X
H0: i ∈ sub_index_list
HlX: Some (existT (dexist i H0) _li) =
Some (existT sub_i li)
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  apply Some_inj in HlX.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
s: state pre_induced_sub_projection
om: option message
i: index
_li: label (IM i)
sX: state X
H0: i ∈ sub_index_list
HlX: existT (dexist i H0) _li = existT sub_i li
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  simplify_eq.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
H0: i ∈ sub_index_list
li: label (sub_IM (dexist i H0))
s: state pre_induced_sub_projection
om: option message
_li: label (IM i)
sX: state X
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
∃ i : index,
  i ∈ sub_index_list
  ∧ (∃ (l : label
              (preloaded_with_all_messages_vlsm (IM i))) 
       (s : state
              (preloaded_with_all_messages_vlsm (IM i))),
       input_constrained (IM i) l (s, om))
  exists i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
H0: i ∈ sub_index_list
li: label (sub_IM (dexist i H0))
s: state pre_induced_sub_projection
om: option message
_li: label (IM i)
sX: state X
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
i ∈ sub_index_list
∧ (∃ (l : label
            (preloaded_with_all_messages_vlsm (IM i))) 
     (s : state
            (preloaded_with_all_messages_vlsm (IM i))),
     input_constrained (IM i) l (s, om))
  split; [done |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
H0: i ∈ sub_index_list
li: label (sub_IM (dexist i H0))
s: state pre_induced_sub_projection
om: option message
_li: label (IM i)
sX: state X
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
∃ (l : label (preloaded_with_all_messages_vlsm (IM i))) 
  (s : state (preloaded_with_all_messages_vlsm (IM i))),
  input_constrained (IM i) l (s, om)
  exists _li, (sX i).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
H0: i ∈ sub_index_list
li: label (sub_IM (dexist i H0))
s: state pre_induced_sub_projection
om: option message
_li: label (IM i)
sX: state X
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
input_constrained (IM i) _li (sX i, om)
  repeat split; [| by apply any_message_is_valid_in_preloaded | by apply Hv].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
H0: i ∈ sub_index_list
li: label (sub_IM (dexist i H0))
s: state pre_induced_sub_projection
om: option message
_li: label (IM i)
sX: state X
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
valid_state_prop
  (preloaded_with_all_messages_vlsm (IM i)) (sX i)
  apply (VLSM_projection_valid_state (preloaded_component_projection IM i)).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
H0: i ∈ sub_index_list
li: label (sub_IM (dexist i H0))
s: state pre_induced_sub_projection
om: option message
_li: label (IM i)
sX: state X
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) sX
  apply VLSM_incl_valid_state; [| done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
H0: i ∈ sub_index_list
li: label (sub_IM (dexist i H0))
s: state pre_induced_sub_projection
om: option message
_li: label (IM i)
sX: state X
Heqs: composite_state_sub_projection sX = (s, om).1
HsX: valid_state_prop X sX
Hom: option_valid_message_prop X (s, om).2
Hv: valid (existT i _li) (sX, (s, om).2)
VLSM_incl_part
  (constrained_vlsm_machine (free_composite_vlsm IM)
     constraint)
  (preloaded_vlsm_machine (free_composite_vlsm IM)
     (λ _ : message, True))
  by apply constrained_preloaded_incl.
Qed.

Lemma induced_sub_projection_transition_is_composite l s om
  : transition pre_induced_sub_projection l (s, om) = composite_transition sub_IM l (s, om).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label pre_induced_sub_projection
s: state pre_induced_sub_projection
om: option message
transition l (s, om) =
composite_transition sub_IM l (s, om)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
l: label pre_induced_sub_projection
s: state pre_induced_sub_projection
om: option message
transition l (s, om) =
composite_transition sub_IM l (s, om)
  destruct l as (sub_i, li).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
sub_i: sub_index
li: label (sub_IM sub_i)
s: state pre_induced_sub_projection
om: option message
transition (existT sub_i li) (s, om) =
composite_transition sub_IM (existT sub_i li) (s, om)
  destruct_dec_sig sub_i i Hi Heqsub_i; subst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
s: state pre_induced_sub_projection
om: option message
transition (existT (dexist i Hi) li) (s, om) =
composite_transition sub_IM (existT (dexist i Hi) li)
  (s, om)
  cbn; unfold sub_IM, lift_sub_state;
  rewrite lift_sub_state_to_eq with (Hi := Hi); cbn;
  destruct (transition _ _ _) as (si', om').message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
s: state pre_induced_sub_projection
om: option message
si': state (IM i)
om': option message
(composite_state_sub_projection
   (state_update IM
      (lift_sub_state_to (λ n : index, `(vs0 (IM n)))
         s) i si'), om') =
(state_update (λ ei : sub_index, IM (`ei)) s
   (dexist i Hi) si', om')
  f_equal; extensionality sub_k.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
s: state pre_induced_sub_projection
om: option message
si': state (IM i)
om': option message
sub_k: sub_index
composite_state_sub_projection
  (state_update IM
     (lift_sub_state_to (λ n : index, `(vs0 (IM n))) s)
     i si') sub_k =
state_update (λ ei : sub_index, IM (`ei)) s
  (dexist i Hi) si' sub_k
  destruct_dec_sig sub_k k Hk Heqsub_k; subst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
s: state pre_induced_sub_projection
om: option message
si': state (IM i)
om': option message
k: index
Hk: sub_index_prop k
composite_state_sub_projection
  (state_update IM
     (lift_sub_state_to (λ n : index, `(vs0 (IM n))) s)
     i si') (dexist k Hk) =
state_update (λ ei : sub_index, IM (`ei)) s
  (dexist i Hi) si' (dexist k Hk)
  unfold composite_state_sub_projection; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
s: state pre_induced_sub_projection
om: option message
si': state (IM i)
om': option message
k: index
Hk: sub_index_prop k
state_update IM
  (lift_sub_state_to (λ n : index, `(vs0 (IM n))) s) i
  si' k =
state_update (λ ei : sub_index, IM (`ei)) s
  (dexist i Hi) si' (dexist k Hk)
  destruct (decide (i = k)); subst; state_update_simpl; [done |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
s: state pre_induced_sub_projection
om: option message
si': state (IM i)
om': option message
k: index
Hk: sub_index_prop k
n: i ≠ k
lift_sub_state_to (λ n : index, `(vs0 (IM n))) s k =
s (dexist k Hk)
  by apply lift_sub_state_to_eq.
Qed.

End sec_induced_sub_projection.

Section sec_induced_sub_projection_subsumption.

Context
  (constraint1 : composite_label IM -> composite_state IM * option message -> Prop)
  (constraint2 : composite_label IM -> composite_state IM * option message -> Prop)
  .

Lemma induced_sub_projection_constraint_subsumption_incl
  (Hsubsumption : input_valid_constraint_subsumption (free_composite_vlsm IM) constraint1 constraint2)
  : VLSM_incl (pre_induced_sub_projection constraint1) (pre_induced_sub_projection constraint2).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
VLSM_incl (pre_induced_sub_projection constraint1)
  (pre_induced_sub_projection constraint2)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
VLSM_incl (pre_induced_sub_projection constraint1)
  (pre_induced_sub_projection constraint2)
  apply projection_induced_validator_incl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
induced_validator_label_lift_prop
  composite_label_sub_projection_option lift_sub_label
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
induced_validator_state_lift_prop
  composite_state_sub_projection lift_sub_state
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
induced_validator_transition_consistency_Some
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM) constraint1
  |} (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
induced_validator_transition_consistency_Some
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM) constraint2
  |} (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
VLSM_incl
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM) constraint1
  |}
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM) constraint2
  |}
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
induced_validator_label_lift_prop
  composite_label_sub_projection_option lift_sub_label by apply composite_label_sub_projection_option_lift.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
induced_validator_state_lift_prop
  composite_state_sub_projection lift_sub_state by apply composite_state_sub_projection_lift.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
induced_validator_transition_consistency_Some
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM) constraint1
  |} (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection by apply induced_sub_projection_transition_consistency_Some.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
induced_validator_transition_consistency_Some
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM) constraint2
  |} (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection by apply induced_sub_projection_transition_consistency_Some.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint1, constraint2: composite_label IM
→ composite_state IM * option message
  → Prop
Hsubsumption: input_valid_constraint_subsumption
  (free_composite_vlsm IM) constraint1
  constraint2
VLSM_incl
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM) constraint1
  |}
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM) constraint2
  |} by apply constraint_subsumption_incl.
Qed.

End sec_induced_sub_projection_subsumption.

Definition from_sub_projection : composite_transition_item IM -> Prop :=
  pre_VLSM_projection_in_projection (composite_type IM) _ composite_label_sub_projection_option.

Definition finite_trace_sub_projection
  : list (composite_transition_item IM) -> list (composite_transition_item sub_IM) :=
  pre_VLSM_projection_finite_trace_project (composite_type IM) _
    composite_label_sub_projection_option composite_state_sub_projection.

Section sec_sub_projection_with_no_equivocation_constraints.

Context
  (constraint : composite_label IM -> composite_state IM * option message -> Prop)
  `{forall i : index, (HasBeenSentCapability (IM i))}
  (Free := free_composite_vlsm IM)
  (Sub_Free := free_composite_vlsm sub_IM)
  (X := composite_vlsm IM constraint)
  .

Program Definition sub_index_list_annotate : list sub_index :=
  list_annotate (l := sub_index_list) _.
Next Obligation.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
Forall sub_index_prop sub_index_list
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
Forall sub_index_prop sub_index_list
  by apply Forall_forall.
Qed.

#[export] Instance stdpp_finite_sub_index
  : finite.Finite sub_index.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
finite.Finite sub_index
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
finite.Finite sub_index
  exists (remove_dups sub_index_list_annotate).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
NoDup (remove_dups sub_index_list_annotate)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
∀ x : sub_index,
  x ∈ remove_dups sub_index_list_annotate
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
NoDup (remove_dups sub_index_list_annotate) by apply NoDup_remove_dups.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
∀ x : sub_index,
  x ∈ remove_dups sub_index_list_annotate intro sub_x.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
sub_x: sub_index
sub_x ∈ remove_dups sub_index_list_annotate
    apply elem_of_remove_dups, elem_of_list_annotate.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
sub_x: sub_index
`sub_x ∈ sub_index_list
    by destruct_dec_sig sub_x x Hx Heqsub_x; subst.
Qed.

Definition finite_trace_sub_projection_app
  (tr1 tr2 : list (composite_transition_item IM)) :
  finite_trace_sub_projection (tr1 ++ tr2) =
  finite_trace_sub_projection tr1 ++ finite_trace_sub_projection tr2
  :=
    pre_VLSM_projection_finite_trace_project_app (composite_type IM) _
      composite_label_sub_projection_option composite_state_sub_projection tr1 tr2.


Lemma finite_trace_sub_projection_last_state
  (start : composite_state IM)
  (transitions : list (composite_transition_item IM))
  (Htr : finite_valid_trace_from X start transitions)
  (lstx := finite_trace_last start transitions)
  (lstj := finite_trace_last
    (composite_state_sub_projection start)
    (finite_trace_sub_projection transitions))
  : lstj = composite_state_sub_projection lstx.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
start: composite_state IM
transitions: list (composite_transition_item IM)
Htr: finite_valid_trace_from X start transitions
lstx:= finite_trace_last start transitions: state (composite_type IM)
lstj:= finite_trace_last
  (composite_state_sub_projection start)
  (finite_trace_sub_projection transitions): state (composite_type sub_IM)
lstj = composite_state_sub_projection lstx
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
start: composite_state IM
transitions: list (composite_transition_item IM)
Htr: finite_valid_trace_from X start transitions
lstx:= finite_trace_last start transitions: state (composite_type IM)
lstj:= finite_trace_last
  (composite_state_sub_projection start)
  (finite_trace_sub_projection transitions): state (composite_type sub_IM)
lstj = composite_state_sub_projection lstx
  by apply (VLSM_projection_finite_trace_last (induced_sub_projection_is_projection constraint))
        in Htr.
Qed.

Lemma transition_sub_projection
  l s om s' om'
  (Ht : composite_transition IM l  (s, om) = (s', om'))
  (Hsub : sub_index_prop (projT1 l))
  : composite_transition sub_IM
    (existT
      (dexist (projT1 l) Hsub)
      (projT2 l))
    (composite_state_sub_projection s, om)
    = (composite_state_sub_projection s', om').message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
l: composite_label IM
s: composite_state IM
om: option message
s': composite_state IM
om': option message
Ht: composite_transition IM l (s, om) = (s', om')
Hsub: sub_index_prop (projT1 l)
composite_transition sub_IM
  (existT (dexist (projT1 l) Hsub) (projT2 l))
  (composite_state_sub_projection s, om) =
(composite_state_sub_projection s', om')
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
l: composite_label IM
s: composite_state IM
om: option message
s': composite_state IM
om': option message
Ht: composite_transition IM l (s, om) = (s', om')
Hsub: sub_index_prop (projT1 l)
composite_transition sub_IM
  (existT (dexist (projT1 l) Hsub) (projT2 l))
  (composite_state_sub_projection s, om) =
(composite_state_sub_projection s', om')
  simpl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
l: composite_label IM
s: composite_state IM
om: option message
s': composite_state IM
om': option message
Ht: composite_transition IM l (s, om) = (s', om')
Hsub: sub_index_prop (projT1 l)
(let (si', om') :=
   transition (projT2 l)
     (composite_state_sub_projection s
        (dexist (projT1 l) Hsub), om) in
 (state_update sub_IM
    (composite_state_sub_projection s)
    (dexist (projT1 l) Hsub) si', om')) =
(composite_state_sub_projection s', om') simpl in Ht.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
l: composite_label IM
s: composite_state IM
om: option message
s': composite_state IM
om': option message
Ht: (let (i, li) := l in
 let (si', om') := transition li (s i, om) in
 (state_update IM s i si', om')) = (
s', om')
Hsub: sub_index_prop (projT1 l)
(let (si', om') :=
   transition (projT2 l)
     (composite_state_sub_projection s
        (dexist (projT1 l) Hsub), om) in
 (state_update sub_IM
    (composite_state_sub_projection s)
    (dexist (projT1 l) Hsub) si', om')) =
(composite_state_sub_projection s', om')
  destruct l as (i, li).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om: option message
s': composite_state IM
om': option message
Ht: (let (si', om') := transition li (s i, om) in
 (state_update IM s i si', om')) = (
s', om')
Hsub: sub_index_prop (projT1 (existT i li))
(let (si', om') :=
   transition (projT2 (existT i li))
     (composite_state_sub_projection s
        (dexist (projT1 (existT i li)) Hsub), om) in
 (state_update sub_IM
    (composite_state_sub_projection s)
    (dexist (projT1 (existT i li)) Hsub) si', om')) =
(composite_state_sub_projection s', om')
  cbn; unfold composite_state_sub_projection at 1; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om: option message
s': composite_state IM
om': option message
Ht: (let (si', om') := transition li (s i, om) in
 (state_update IM s i si', om')) = (
s', om')
Hsub: sub_index_prop (projT1 (existT i li))
(let (si', om') := transition li (s i, om) in
 (state_update sub_IM
    (composite_state_sub_projection s) (dexist i Hsub)
    si', om')) =
(composite_state_sub_projection s', om')
  destruct (transition (IM i) li (s i, om)) as (si', omi') eqn: Hti.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om: option message
s': composite_state IM
om': option message
si': state (IM i)
omi': option message
Hti: transition li (s i, om) = (si', omi')
Ht: (state_update IM s i si', omi') = (s', om')
Hsub: sub_index_prop (projT1 (existT i li))
(let (si', om') := transition li (s i, om) in
 (state_update sub_IM
    (composite_state_sub_projection s) (dexist i Hsub)
    si', om')) =
(composite_state_sub_projection s', om')
  inversion Ht.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om: option message
s': composite_state IM
om': option message
si': state (IM i)
omi': option message
Hti: transition li (s i, om) = (si', omi')
Ht: (state_update IM s i si', omi') = (s', om')
Hsub: sub_index_prop (projT1 (existT i li))
H2: state_update IM s i si' = s'
H3: omi' = om'
(let (si', om') := transition li (s i, om) in
 (state_update sub_IM
    (composite_state_sub_projection s) (dexist i Hsub)
    si', om')) =
(composite_state_sub_projection
   (state_update IM s i si'), om') subst omi' s'.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om, om': option message
si': state (IM i)
Ht: (state_update IM s i si', om') =
(state_update IM s i si', om')
Hti: transition li (s i, om) = (si', om')
Hsub: sub_index_prop (projT1 (existT i li))
(let (si', om') := transition li (s i, om) in
 (state_update sub_IM
    (composite_state_sub_projection s) (dexist i Hsub)
    si', om')) =
(composite_state_sub_projection
   (state_update IM s i si'), om') clear Ht.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om, om': option message
si': state (IM i)
Hti: transition li (s i, om) = (si', om')
Hsub: sub_index_prop (projT1 (existT i li))
(let (si', om') := transition li (s i, om) in
 (state_update sub_IM
    (composite_state_sub_projection s) (dexist i Hsub)
    si', om')) =
(composite_state_sub_projection
   (state_update IM s i si'), om')
  setoid_rewrite Hti.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om, om': option message
si': state (IM i)
Hti: transition li (s i, om) = (si', om')
Hsub: sub_index_prop (projT1 (existT i li))
(state_update sub_IM
   (composite_state_sub_projection s) (dexist i Hsub)
   si', om') =
(composite_state_sub_projection
   (state_update IM s i si'), om')
  f_equal.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om, om': option message
si': state (IM i)
Hti: transition li (s i, om) = (si', om')
Hsub: sub_index_prop (projT1 (existT i li))
state_update sub_IM (composite_state_sub_projection s)
  (dexist i Hsub) si' =
composite_state_sub_projection
  (state_update IM s i si')
  extensionality sub_j.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om, om': option message
si': state (IM i)
Hti: transition li (s i, om) = (si', om')
Hsub: sub_index_prop (projT1 (existT i li))
sub_j: sub_index
state_update sub_IM (composite_state_sub_projection s)
  (dexist i Hsub) si' sub_j =
composite_state_sub_projection
  (state_update IM s i si') sub_j
  destruct_dec_sig sub_j j Hj Heqj.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om, om': option message
si': state (IM i)
Hti: transition li (s i, om) = (si', om')
Hsub: sub_index_prop (projT1 (existT i li))
sub_j: sub_index
j: index
Hj: sub_index_prop j
Heqj: sub_j = dexist j Hj
state_update sub_IM (composite_state_sub_projection s)
  (dexist i Hsub) si' sub_j =
composite_state_sub_projection
  (state_update IM s i si') sub_j
  unfold composite_state_sub_projection at 2.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
s: composite_state IM
om, om': option message
si': state (IM i)
Hti: transition li (s i, om) = (si', om')
Hsub: sub_index_prop (projT1 (existT i li))
sub_j: sub_index
j: index
Hj: sub_index_prop j
Heqj: sub_j = dexist j Hj
state_update sub_IM (composite_state_sub_projection s)
  (dexist i Hsub) si' sub_j =
state_update IM s i si' (`sub_j)
  by destruct (decide (i = j)); subst; state_update_simpl.
Qed.

Lemma valid_sub_projection
  l s om
  (Hv : composite_valid IM l  (s, om))
  (Hsub : sub_index_prop (projT1 l))
  : composite_valid sub_IM
    (existT
      (dexist (projT1 l) Hsub)
      (projT2 l))
    (composite_state_sub_projection s, om).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
l: composite_label IM
s: composite_state IM
om: option message
Hv: composite_valid IM l (s, om)
Hsub: sub_index_prop (projT1 l)
composite_valid sub_IM
  (existT (dexist (projT1 l) Hsub) (projT2 l))
  (composite_state_sub_projection s, om)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
l: composite_label IM
s: composite_state IM
om: option message
Hv: composite_valid IM l (s, om)
Hsub: sub_index_prop (projT1 l)
composite_valid sub_IM
  (existT (dexist (projT1 l) Hsub) (projT2 l))
  (composite_state_sub_projection s, om) by destruct l. Qed.

Context
  (seed : message -> Prop)
  (sub_constraint : composite_label sub_IM -> composite_state sub_IM * option message -> Prop)
  (Xj := composite_no_equivocation_vlsm_with_preloaded sub_IM (free_constraint sub_IM) seed)
  .

Lemma Xj_incl_Pre_Sub_Free
  : VLSM_incl Xj (preloaded_with_all_messages_vlsm Sub_Free).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
VLSM_incl Xj
  (preloaded_with_all_messages_vlsm Sub_Free)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
VLSM_incl Xj
  (preloaded_with_all_messages_vlsm Sub_Free)
  apply (VLSM_incl_trans _ (preloaded_with_all_messages_vlsm
    (composite_vlsm sub_IM (no_equivocations_additional_constraint_with_preloaded sub_IM _ seed)))).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
VLSM_incl
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed));
    vlsm_machine :=
      preloaded_vlsm_machine
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed))
        seed
  |}
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed));
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed))
  |}
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
VLSM_incl
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed));
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed))
  |}
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed));
    vlsm_machine :=
      preloaded_vlsm_machine Sub_Free
        (λ _ : message, True)
  |}
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
VLSM_incl
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed));
    vlsm_machine :=
      preloaded_vlsm_machine
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed))
        seed
  |}
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed));
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed))
  |} by cbn; apply (preloaded_vlsm_incl (composite_vlsm sub_IM
      (no_equivocations_additional_constraint_with_preloaded sub_IM (free_constraint sub_IM) seed))).
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
VLSM_incl
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed));
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed))
  |}
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm
        (composite_vlsm sub_IM
           (no_equivocations_additional_constraint_with_preloaded
              sub_IM (free_constraint sub_IM) seed));
    vlsm_machine :=
      preloaded_vlsm_machine Sub_Free
        (λ _ : message, True)
  |} by cbn; apply (preloaded_constraint_subsumption_incl_free (free_composite_vlsm _)).
Qed.

Property of a composite trace requiring that every message received in an transition involving a machine in the chosen subset must either belong to the set specified by seed, or it must have_been_sent by some machine in the chosen subset (prior to it being received).

Definition trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr : list (composite_transition_item IM))
  : Prop
  :=
  forall pre item suf m,
    tr = pre ++ [item] ++ suf ->
    input item = Some m ->
    from_sub_projection item ->
      seed m \/
      exists pre_item,
        pre_item ∈ pre /\
        output pre_item = Some m /\
        from_sub_projection pre_item.

Definition state_sub_item_input_is_seeded_or_sub_previously_sent
  (s : composite_state IM)
  : Prop
  := forall is tr,
    finite_constrained_trace_init_to (free_composite_vlsm IM) is s tr ->
    trace_sub_item_input_is_seeded_or_sub_previously_sent tr.

Lemma finite_valid_trace_sub_projection
  (s : composite_state IM)
  (tr : list (composite_transition_item IM))
  (Hmsg :  trace_sub_item_input_is_seeded_or_sub_previously_sent tr)
  (Htr : finite_valid_trace X s tr)
  : finite_valid_trace Xj (composite_state_sub_projection s) (finite_trace_sub_projection tr).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
Htr: finite_valid_trace X s tr
finite_valid_trace Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
Htr: finite_valid_trace X s tr
finite_valid_trace Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  destruct Htr as [Htr His].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
Htr: finite_valid_trace_from X s tr
His: initial_state_prop s
finite_valid_trace Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  apply (composite_initial_state_sub_projection s) in His.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
Htr: finite_valid_trace_from X s tr
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
finite_valid_trace Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  split; [| done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
Htr: finite_valid_trace_from X s tr
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  apply (initial_state_is_valid Xj) in His as Hisp.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
Htr: finite_valid_trace_from X s tr
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  induction tr using rev_ind; simpl
  ; [by constructor |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s (tr ++ [x])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
→ finite_valid_trace_from X s tr
  → finite_valid_trace_from Xj
      (composite_state_sub_projection s)
      (finite_trace_sub_projection tr)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection (tr ++ [x]))
  apply finite_valid_trace_from_app_iff in Htr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
∧ finite_valid_trace_from X
    (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
→ finite_valid_trace_from X s tr
  → finite_valid_trace_from Xj
      (composite_state_sub_projection s)
      (finite_trace_sub_projection tr)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection (tr ++ [x]))
  destruct Htr as [Htr Hx].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
→ finite_valid_trace_from X s tr
  → finite_valid_trace_from Xj
      (composite_state_sub_projection s)
      (finite_trace_sub_projection tr)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection (tr ++ [x]))
  spec IHtr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
→ finite_valid_trace_from X s tr
  → finite_valid_trace_from Xj
      (composite_state_sub_projection s)
      (finite_trace_sub_projection tr)
trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from X s tr
→ finite_valid_trace_from Xj
    (composite_state_sub_projection s)
    (finite_trace_sub_projection tr)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection (tr ++ [x]))
  {message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
→ finite_valid_trace_from X s tr
  → finite_valid_trace_from Xj
      (composite_state_sub_projection s)
      (finite_trace_sub_projection tr)
trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr intros pre item suf m Heq Hin_m Hitem.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
→ finite_valid_trace_from X s tr
  → finite_valid_trace_from Xj
      (composite_state_sub_projection s)
      (finite_trace_sub_projection tr)
pre: list (composite_transition_item IM)
item: composite_transition_item IM
suf: list (composite_transition_item IM)
m: message
Heq: tr = pre ++ [item] ++ suf
Hin_m: input item = Some m
Hitem: from_sub_projection item
seed m
∨ (∃ pre_item : transition_item,
     pre_item ∈ pre
     ∧ output pre_item = Some m
       ∧ from_sub_projection pre_item)
    subst tr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
pre: list (composite_transition_item IM)
item: composite_transition_item IM
suf: list (composite_transition_item IM)
Hx: finite_valid_trace_from X
  (finite_trace_last s (pre ++ [item] ++ suf))
  [x]
Htr: finite_valid_trace_from X s
  (pre ++ [item] ++ suf)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  ((pre ++ [item] ++ suf) ++ [x])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (pre ++ [item] ++ suf)
→ finite_valid_trace_from X s
    (pre ++ [item] ++ suf)
  → finite_valid_trace_from Xj
      (composite_state_sub_projection s)
      (finite_trace_sub_projection
         (pre ++ [item] ++ suf))
m: message
Hin_m: input item = Some m
Hitem: from_sub_projection item
seed m
∨ (∃ pre_item : transition_item,
     pre_item ∈ pre
     ∧ output pre_item = Some m
       ∧ from_sub_projection pre_item)
    specialize (Hmsg pre item (suf ++ [x]) m).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
pre: list (composite_transition_item IM)
item: composite_transition_item IM
suf: list (composite_transition_item IM)
Hx: finite_valid_trace_from X
  (finite_trace_last s (pre ++ [item] ++ suf))
  [x]
Htr: finite_valid_trace_from X s
  (pre ++ [item] ++ suf)
m: message
Hmsg: (pre ++ [item] ++ suf) ++ [x] =
pre ++ [item] ++ suf ++ [x]
→ input item = Some m
  → from_sub_projection item
    → seed m
      ∨ (∃ pre_item : transition_item,
           pre_item ∈ pre
           ∧ output pre_item = Some m
             ∧ from_sub_projection pre_item)
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (pre ++ [item] ++ suf)
→ finite_valid_trace_from X s
    (pre ++ [item] ++ suf)
  → finite_valid_trace_from Xj
      (composite_state_sub_projection s)
      (finite_trace_sub_projection
         (pre ++ [item] ++ suf))
Hin_m: input item = Some m
Hitem: from_sub_projection item
seed m
∨ (∃ pre_item : transition_item,
     pre_item ∈ pre
     ∧ output pre_item = Some m
       ∧ from_sub_projection pre_item)
    rewrite! app_assoc in Hmsg.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
pre: list (composite_transition_item IM)
item: composite_transition_item IM
suf: list (composite_transition_item IM)
Hx: finite_valid_trace_from X
  (finite_trace_last s (pre ++ [item] ++ suf))
  [x]
Htr: finite_valid_trace_from X s
  (pre ++ [item] ++ suf)
m: message
Hmsg: ((pre ++ [item]) ++ suf) ++ [x] =
((pre ++ [item]) ++ suf) ++ [x]
→ input item = Some m
  → from_sub_projection item
    → seed m
      ∨ (∃ pre_item : transition_item,
           pre_item ∈ pre
           ∧ output pre_item = Some m
             ∧ from_sub_projection pre_item)
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (pre ++ [item] ++ suf)
→ finite_valid_trace_from X s
    (pre ++ [item] ++ suf)
  → finite_valid_trace_from Xj
      (composite_state_sub_projection s)
      (finite_trace_sub_projection
         (pre ++ [item] ++ suf))
Hin_m: input item = Some m
Hitem: from_sub_projection item
seed m
∨ (∃ pre_item : transition_item,
     pre_item ∈ pre
     ∧ output pre_item = Some m
       ∧ from_sub_projection pre_item)
    by destruct (Hmsg eq_refl Hin_m Hitem); [left | right].
  }message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from X s tr
→ finite_valid_trace_from Xj
    (composite_state_sub_projection s)
    (finite_trace_sub_projection tr)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection (tr ++ [x]))
  specialize (IHtr Htr).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection (tr ++ [x]))
  rewrite finite_trace_sub_projection_app.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr ++
   finite_trace_sub_projection [x])
  apply finite_valid_trace_from_app_iff.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
∧ finite_valid_trace_from Xj
    (finite_trace_last
       (composite_state_sub_projection s)
       (finite_trace_sub_projection tr))
    (finite_trace_sub_projection [x])
  split; [done |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
finite_valid_trace_from Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
  (finite_trace_sub_projection [x])
  match goal with
  |- finite_valid_trace_from _ ?l _ => remember l as lst
  end.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state Xj
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
finite_valid_trace_from Xj lst
  (finite_trace_sub_projection [x])
  assert (Hlst : valid_state_prop Xj lst).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state Xj
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
valid_state_prop Xj lst
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state Xj
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
finite_valid_trace_from Xj lst
  (finite_trace_sub_projection [x])
  {message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state Xj
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
valid_state_prop Xj lst by apply finite_valid_trace_last_pstate in IHtr; subst. }message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state Xj
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
finite_valid_trace_from Xj lst
  (finite_trace_sub_projection [x])
  simpl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state Xj
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
finite_valid_trace_from Xj lst
  match
    pre_VLSM_projection_transition_item_project
      (composite_type IM) (composite_type sub_IM)
      composite_label_sub_projection_option
      composite_state_sub_projection x
  with
  | Some y => [y]
  | None => []
  end
  unfold pre_VLSM_projection_transition_item_project, composite_label_sub_projection_option.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state Xj
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
finite_valid_trace_from Xj lst
  match
    match
      match
        decide (projT1 (l x) ∈ sub_index_list)
      with
      | left i_in =>
          Some
            (composite_label_sub_projection (l x) i_in)
      | right _ => None
      end
    with
    | Some lY =>
        Some
          {|
            l := lY;
            input := input x;
            destination :=
              composite_state_sub_projection
                (destination x);
            output := output x
          |}
    | None => None
    end
  with
  | Some y => [y]
  | None => []
  end
  case_decide as Hlx; [| by constructor].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state Xj
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 (l x) ∈ sub_index_list
finite_valid_trace_from Xj lst
  [{|
     l := composite_label_sub_projection (l x) Hlx;
     input := input x;
     destination :=
       composite_state_sub_projection (destination x);
     output := output x
   |}]
  apply (finite_valid_trace_singleton Xj).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
x: composite_transition_item IM
tr: list (composite_transition_item IM)
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr) [x]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state Xj
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 (l x) ∈ sub_index_list
input_valid_transition Xj
  (composite_label_sub_projection (l x) Hlx)
  (lst, input x)
  (composite_state_sub_projection (destination x),
   output x)
  inversion Hx; subst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: state X
iom, oom: option message
l: label X
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1
  (VLSM.l
     {|
       l := l;
       input := iom;
       destination := s0;
       output := oom
     |}) ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Ht: input_valid_transition X l
  (finite_trace_last s tr, iom) (
  s0, oom)
input_valid_transition Xj
  (composite_label_sub_projection
     (VLSM.l
        {|
          l := l;
          input := iom;
          destination := s0;
          output := oom
        |}) Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr),
   input
     {|
       l := l;
       input := iom;
       destination := s0;
       output := oom
     |})
  (composite_state_sub_projection
     (destination
        {|
          l := l;
          input := iom;
          destination := s0;
          output := oom
        |}),
   output
     {|
       l := l;
       input := iom;
       destination := s0;
       output := oom
     |}) simpl in *.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Ht: input_valid_transition X l
  (finite_trace_last s tr, iom) (
  s0, oom)
input_valid_transition Xj
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
  (composite_state_sub_projection s0, oom)
  destruct Ht as [Hv Ht].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: input_valid X l (finite_trace_last s tr, iom)
Ht: transition l (finite_trace_last s tr, iom) =
(s0, oom)
input_valid_transition Xj
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
  (composite_state_sub_projection s0, oom)
  specialize (transition_sub_projection _ _ _ _ _ Ht Hlx)
    as Htj.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: input_valid X l (finite_trace_last s tr, iom)
Ht: transition l (finite_trace_last s tr, iom) =
(s0, oom)
Htj: composite_transition sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (composite_state_sub_projection
     (finite_trace_last s tr), iom) =
(composite_state_sub_projection s0, oom)
input_valid_transition Xj
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
  (composite_state_sub_projection s0, oom)
  destruct Hv as [_ [_ [Hv Hc]]].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: valid l (finite_trace_last s tr, iom)
Hc: constraint l (finite_trace_last s tr, iom)
Ht: transition l (finite_trace_last s tr, iom) =
(s0, oom)
Htj: composite_transition sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (composite_state_sub_projection
     (finite_trace_last s tr), iom) =
(composite_state_sub_projection s0, oom)
input_valid_transition Xj
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
  (composite_state_sub_projection s0, oom)
  specialize (valid_sub_projection _ _ _ Hv Hlx)
    as Hvj.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: valid l (finite_trace_last s tr, iom)
Hc: constraint l (finite_trace_last s tr, iom)
Ht: transition l (finite_trace_last s tr, iom) =
(s0, oom)
Htj: composite_transition sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (composite_state_sub_projection
     (finite_trace_last s tr), iom) =
(composite_state_sub_projection s0, oom)
Hvj: composite_valid sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (composite_state_sub_projection
     (finite_trace_last s tr), iom)
input_valid_transition Xj
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
  (composite_state_sub_projection s0, oom)
  rewrite <- (finite_trace_sub_projection_last_state s tr Htr) in Htj, Hvj.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: valid l (finite_trace_last s tr, iom)
Hc: constraint l (finite_trace_last s tr, iom)
Ht: transition l (finite_trace_last s tr, iom) =
(s0, oom)
Htj: composite_transition sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom) =
(composite_state_sub_projection s0, oom)
Hvj: composite_valid sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
input_valid_transition Xj
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
  (composite_state_sub_projection s0, oom)
  repeat split; [done | | done | | done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: valid l (finite_trace_last s tr, iom)
Hc: constraint l (finite_trace_last s tr, iom)
Ht: transition l (finite_trace_last s tr, iom) =
(s0, oom)
Htj: composite_transition sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom) =
(composite_state_sub_projection s0, oom)
Hvj: composite_valid sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
option_valid_message_prop Xj iom
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: valid l (finite_trace_last s tr, iom)
Hc: constraint l (finite_trace_last s tr, iom)
Ht: transition l (finite_trace_last s tr, iom) =
(s0, oom)
Htj: composite_transition sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom) =
(composite_state_sub_projection s0, oom)
Hvj: composite_valid sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: valid l (finite_trace_last s tr, iom)
Hc: constraint l (finite_trace_last s tr, iom)
Ht: transition l (finite_trace_last s tr, iom) =
(s0, oom)
Htj: composite_transition sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom) =
(composite_state_sub_projection s0, oom)
Hvj: composite_valid sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
option_valid_message_prop Xj iom destruct iom as [m |]; [| by apply (option_valid_message_None Xj)].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := Some m;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := Some m;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: valid l (finite_trace_last s tr, Some m)
Hc: constraint l (finite_trace_last s tr, Some m)
Ht: transition l (finite_trace_last s tr, Some m) =
(s0, oom)
Htj: composite_transition sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), 
   Some m) =
(composite_state_sub_projection s0, oom)
Hvj: composite_valid sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), 
   Some m)
option_valid_message_prop Xj (Some m)
    apply (option_valid_message_Some Xj).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := Some m;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := Some m;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: valid l (finite_trace_last s tr, Some m)
Hc: constraint l (finite_trace_last s tr, Some m)
Ht: transition l (finite_trace_last s tr, Some m) =
(s0, oom)
Htj: composite_transition sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), 
   Some m) =
(composite_state_sub_projection s0, oom)
Hvj: composite_valid sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), 
   Some m)
valid_message_prop Xj m
    clear -Hmsg m Hlx IHtr tr.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := Some m;
      destination := s0;
      output := oom
    |}])
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
valid_message_prop Xj m
    remember {| input := Some m |} as x.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
valid_message_prop Xj m
    specialize (Hmsg tr x []).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: ∀ m : message,
  tr ++ [x] = tr ++ [x] ++ []
  → input x = Some m
    → from_sub_projection x
      → seed m
        ∨ (∃ pre_item : transition_item,
             pre_item ∈ tr
             ∧ output pre_item = Some m
               ∧ from_sub_projection pre_item)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
valid_message_prop Xj m
    assert (Hx : from_sub_projection x).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: ∀ m : message,
  tr ++ [x] = tr ++ [x] ++ []
  → input x = Some m
    → from_sub_projection x
      → seed m
        ∨ (∃ pre_item : transition_item,
             pre_item ∈ tr
             ∧ output pre_item = Some m
               ∧ from_sub_projection pre_item)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
from_sub_projection x
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: ∀ m : message,
  tr ++ [x] = tr ++ [x] ++ []
  → input x = Some m
    → from_sub_projection x
      → seed m
        ∨ (∃ pre_item : transition_item,
             pre_item ∈ tr
             ∧ output pre_item = Some m
               ∧ from_sub_projection pre_item)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
valid_message_prop Xj m
    {message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: ∀ m : message,
  tr ++ [x] = tr ++ [x] ++ []
  → input x = Some m
    → from_sub_projection x
      → seed m
        ∨ (∃ pre_item : transition_item,
             pre_item ∈ tr
             ∧ output pre_item = Some m
               ∧ from_sub_projection pre_item)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
from_sub_projection x
      unfold from_sub_projection at 1, pre_VLSM_projection_in_projection,
        composite_label_sub_projection_option.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: ∀ m : message,
  tr ++ [x] = tr ++ [x] ++ []
  → input x = Some m
    → from_sub_projection x
      → seed m
        ∨ (∃ pre_item : transition_item,
             pre_item ∈ tr
             ∧ output pre_item = Some m
               ∧ from_sub_projection pre_item)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
is_Some
  match
    decide (projT1 (VLSM.l x) ∈ sub_index_list)
  with
  | left i_in =>
      Some
        (composite_label_sub_projection (VLSM.l x)
           i_in)
  | right _ => None
  end
      by subst; case_decide.
    }message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: ∀ m : message,
  tr ++ [x] = tr ++ [x] ++ []
  → input x = Some m
    → from_sub_projection x
      → seed m
        ∨ (∃ pre_item : transition_item,
             pre_item ∈ tr
             ∧ output pre_item = Some m
               ∧ from_sub_projection pre_item)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
valid_message_prop Xj m
    rewrite Heqx in Hmsg.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: ∀ m0 : message,
  tr ++
  [{|
     l := l;
     input := Some m;
     destination := s0;
     output := oom
   |}] =
  tr ++
  [{|
     l := l;
     input := Some m;
     destination := s0;
     output := oom
   |}] ++ []
  → input
      {|
        l := l;
        input := Some m;
        destination := s0;
        output := oom
      |} = Some m0
    → from_sub_projection
        {|
          l := l;
          input := Some m;
          destination := s0;
          output := oom
        |}
      → seed m0
        ∨ (∃ pre_item : transition_item,
             pre_item ∈ tr
             ∧ output pre_item = Some m0
               ∧ from_sub_projection pre_item)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
valid_message_prop Xj m
    specialize (Hmsg m eq_refl eq_refl).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: from_sub_projection
  {|
    l := l;
    input := Some m;
    destination := s0;
    output := oom
  |}
→ seed m
  ∨ (∃ pre_item : transition_item,
       pre_item ∈ tr
       ∧ output pre_item = Some m
         ∧ from_sub_projection pre_item)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
valid_message_prop Xj m
    spec Hmsg; [by subst |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
Hmsg: seed m
∨ (∃ pre_item : transition_item,
     pre_item ∈ tr
     ∧ output pre_item = Some m
       ∧ from_sub_projection pre_item)
valid_message_prop Xj m
    destruct Hmsg as [Hseed | [item [Hitem [Hout Hsub_item]]]]
    ; [by apply (initial_message_is_valid Xj); right |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
valid_message_prop Xj m
    apply (valid_trace_output_is_valid Xj _ _ IHtr).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
trace_has_message (field_selector output) m
  (finite_trace_sub_projection tr)
    apply Exists_exists.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
∃ x : transition_item,
  x ∈ finite_trace_sub_projection tr
  ∧ field_selector output m x
    specialize
      (pre_VLSM_projection_transition_item_project_is_Some (composite_type IM) _
        composite_label_sub_projection_option composite_state_sub_projection
        item Hsub_item)
      as [itemX HitemX].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
itemX: transition_item
HitemX: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item =
Some itemX
∃ x : transition_item,
  x ∈ finite_trace_sub_projection tr
  ∧ field_selector output m x
    exists itemX.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
itemX: transition_item
HitemX: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item =
Some itemX
itemX ∈ finite_trace_sub_projection tr
∧ field_selector output m itemX
    split.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
itemX: transition_item
HitemX: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item =
Some itemX
itemX ∈ finite_trace_sub_projection tr
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
itemX: transition_item
HitemX: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item =
Some itemX
field_selector output m itemX
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
itemX: transition_item
HitemX: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item =
Some itemX
itemX ∈ finite_trace_sub_projection tr by apply elem_of_list_omap; exists item.
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
itemX: transition_item
HitemX: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item =
Some itemX
field_selector output m itemX unfold pre_VLSM_projection_transition_item_project in HitemX.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
itemX: transition_item
HitemX: match
  composite_label_sub_projection_option
    (VLSM.l item)
with
| Some lY =>
    Some
      {|
        l := lY;
        input := input item;
        destination :=
          composite_state_sub_projection
            (destination item);
        output := output item
      |}
| None => None
end = Some itemX
field_selector output m itemX
      destruct (composite_label_sub_projection_option _); [| by congruence].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
itemX: transition_item
c: composite_label sub_IM
HitemX: Some
  {|
    l := c;
    input := input item;
    destination :=
      composite_state_sub_projection
        (destination item);
    output := output item
  |} = Some itemX
field_selector output m itemX
      by inversion HitemX.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
Htr: finite_valid_trace_from X s tr
Hx: finite_valid_trace_from X
  (finite_trace_last s tr)
  [{|
     l := l;
     input := iom;
     destination := s0;
     output := oom
   |}]
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
Hisp: valid_state_prop Xj
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Htl: finite_valid_trace_from X s0 []
Hv: valid l (finite_trace_last s tr, iom)
Hc: constraint l (finite_trace_last s tr, iom)
Ht: transition l (finite_trace_last s tr, iom) =
(s0, oom)
Htj: composite_transition sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom) =
(composite_state_sub_projection s0, oom)
Hvj: composite_valid sub_IM
  (existT (dexist (projT1 l) Hlx) (projT2 l))
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom) clear -Hmsg Sub_Free Hlst His IHtr.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
iom, oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := iom;
      destination := s0;
      output := oom
    |}])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), iom)
    destruct iom as [m |]; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := Some m;
      destination := s0;
      output := oom
    |}])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), Some m)
    simpl in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++
   [{|
      l := l;
      input := Some m;
      destination := s0;
      output := oom
    |}])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), Some m)
    remember {| input := Some m |} as x.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), Some m)
    assert (Hx : from_sub_projection x).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
from_sub_projection x
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), 
   Some m)
    {message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
from_sub_projection x
      unfold from_sub_projection at 1, pre_VLSM_projection_in_projection,
        composite_label_sub_projection_option.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
is_Some
  match
    decide (projT1 (VLSM.l x) ∈ sub_index_list)
  with
  | left i_in =>
      Some
        (composite_label_sub_projection (VLSM.l x)
           i_in)
  | right _ => None
  end
      by subst; case_decide.
    }message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: trace_sub_item_input_is_seeded_or_sub_previously_sent
  (tr ++ [x])
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), Some m)
    specialize (Hmsg tr x []).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: ∀ m : message,
  tr ++ [x] = tr ++ [x] ++ []
  → input x = Some m
    → from_sub_projection x
      → seed m
        ∨ (∃ pre_item : transition_item,
             pre_item ∈ tr
             ∧ output pre_item = Some m
               ∧ from_sub_projection pre_item)
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), Some m) rewrite Heqx in Hmsg.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: ∀ m0 : message,
  tr ++
  [{|
     l := l;
     input := Some m;
     destination := s0;
     output := oom
   |}] =
  tr ++
  [{|
     l := l;
     input := Some m;
     destination := s0;
     output := oom
   |}] ++ []
  → input
      {|
        l := l;
        input := Some m;
        destination := s0;
        output := oom
      |} = Some m0
    → from_sub_projection
        {|
          l := l;
          input := Some m;
          destination := s0;
          output := oom
        |}
      → seed m0
        ∨ (∃ pre_item : transition_item,
             pre_item ∈ tr
             ∧ output pre_item = Some m0
               ∧ from_sub_projection pre_item)
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), Some m)
    specialize (Hmsg m eq_refl eq_refl).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
Hmsg: from_sub_projection
  {|
    l := l;
    input := Some m;
    destination := s0;
    output := oom
  |}
→ seed m
  ∨ (∃ pre_item : transition_item,
       pre_item ∈ tr
       ∧ output pre_item = Some m
         ∧ from_sub_projection pre_item)
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), Some m)
    spec Hmsg; [by subst |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
Hmsg: seed m
∨ (∃ pre_item : transition_item,
     pre_item ∈ tr
     ∧ output pre_item = Some m
       ∧ from_sub_projection pre_item)
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), Some m)
    destruct Hmsg as [Hseed | [item [Hitem [Hout Hsub_item]]]]; [by right |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
composite_no_equivocations_except_from sub_IM seed
  (composite_label_sub_projection l Hlx)
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), Some m)
    left.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr))
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
composite_has_been_sent sub_IM
  (finite_trace_last
     (composite_state_sub_projection s)
     (finite_trace_sub_projection tr), Some m).1 m
    remember (finite_trace_last (composite_state_sub_projection _) _) as lst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
composite_has_been_sent sub_IM (lst, Some m).1 m
    assert (Hlst_pre : constrained_state_prop Sub_Free lst)
      by (revert Hlst; apply VLSM_incl_valid_state, Xj_incl_Pre_Sub_Free; done).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
composite_has_been_sent sub_IM (lst, Some m).1 m
    apply composite_proper_sent; [done |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
selected_message_exists_in_all_preloaded_traces
  (free_composite_vlsm sub_IM) (field_selector output)
  (lst, Some m).1 m
    apply has_been_sent_consistency; [by typeclasses eauto | done |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
selected_message_exists_in_some_preloaded_traces
  (free_composite_vlsm sub_IM) (field_selector output)
  (lst, Some m).1 m
    exists (composite_state_sub_projection s), (finite_trace_sub_projection tr).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
∃ _ : finite_valid_trace_init_to
        (preloaded_with_all_messages_vlsm
           (free_composite_vlsm sub_IM))
        (composite_state_sub_projection s)
        (lst, Some m).1
        (finite_trace_sub_projection tr),
  trace_has_message (field_selector output) m
    (finite_trace_sub_projection tr)
    split.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm sub_IM))
  (composite_state_sub_projection s) (lst, Some m).1
  (finite_trace_sub_projection tr)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
trace_has_message (field_selector output) m
  (finite_trace_sub_projection tr)
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm sub_IM))
  (composite_state_sub_projection s) (lst, Some m).1
  (finite_trace_sub_projection tr) split; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm sub_IM))
  (composite_state_sub_projection s) (lst, Some m).1
  (finite_trace_sub_projection tr)
      apply (VLSM_incl_finite_valid_trace_from_to Xj_incl_Pre_Sub_Free).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
finite_valid_trace_from_to
  {| vlsm_type := Xj; vlsm_machine := Xj |}
  (composite_state_sub_projection s) (lst, Some m).1
  (finite_trace_sub_projection tr)
      by apply valid_trace_add_last; auto.
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
trace_has_message (field_selector output) m
  (finite_trace_sub_projection tr) apply Exists_exists.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
∃ x : transition_item,
  x ∈ finite_trace_sub_projection tr
  ∧ field_selector output m x
      assert
        (Hsome : is_Some
          (pre_VLSM_projection_transition_item_project
            (composite_type IM) (composite_type sub_IM)
            composite_label_sub_projection_option composite_state_sub_projection
            item))
        by (apply pre_VLSM_projection_transition_item_project_is_Some; done).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
Hsome: is_Some
  (pre_VLSM_projection_transition_item_project
     (composite_type IM)
     (composite_type sub_IM)
     composite_label_sub_projection_option
     composite_state_sub_projection item)
∃ x : transition_item,
  x ∈ finite_trace_sub_projection tr
  ∧ field_selector output m x
      exists (is_Some_proj Hsome).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
Hsome: is_Some
  (pre_VLSM_projection_transition_item_project
     (composite_type IM)
     (composite_type sub_IM)
     composite_label_sub_projection_option
     composite_state_sub_projection item)
is_Some_proj Hsome ∈ finite_trace_sub_projection tr
∧ field_selector output m (is_Some_proj Hsome)
      destruct (pre_VLSM_projection_transition_item_project _ _ _ _ _) eqn: Hproj;
      [| contradict Hsome; apply is_Some_None].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
t: transition_item
Hproj: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item = 
Some t
Hsome: is_Some (Some t)
is_Some_proj Hsome ∈ finite_trace_sub_projection tr
∧ field_selector output m (is_Some_proj Hsome)
      cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
t: transition_item
Hproj: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item = 
Some t
Hsome: is_Some (Some t)
t ∈ finite_trace_sub_projection tr ∧ output t = Some m
      split.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
t: transition_item
Hproj: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item = 
Some t
Hsome: is_Some (Some t)
t ∈ finite_trace_sub_projection tr
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
t: transition_item
Hproj: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item = 
Some t
Hsome: is_Some (Some t)
output t = Some m
      *message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
t: transition_item
Hproj: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item = 
Some t
Hsome: is_Some (Some t)
t ∈ finite_trace_sub_projection tr by apply elem_of_list_omap; exists item.
      *message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
t: transition_item
Hproj: pre_VLSM_projection_transition_item_project
  (composite_type IM) (composite_type sub_IM)
  composite_label_sub_projection_option
  composite_state_sub_projection item = 
Some t
Hsome: is_Some (Some t)
output t = Some m unfold pre_VLSM_projection_transition_item_project in Hproj.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
sub_index_list: list index
H0: ∀ i : index, HasBeenSentCapability (IM i)
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
seed: message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
s0: composite_state IM
m: message
oom: option message
l: composite_label IM
x: transition_item
Heqx: x =
{|
  l := l;
  input := Some m;
  destination := s0;
  output := oom
|}
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection s)
IHtr: finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
lst: state (composite_type sub_IM)
Heqlst: lst =
finite_trace_last
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Hlst: valid_state_prop Xj lst
Hlx: projT1 l ∈ sub_index_list
Hx: from_sub_projection x
item: transition_item
Hitem: item ∈ tr
Hout: output item = Some m
Hsub_item: from_sub_projection item
Hlst_pre: constrained_state_prop Sub_Free lst
t: transition_item
Hproj: match
  composite_label_sub_projection_option
    (VLSM.l item)
with
| Some lY =>
    Some
      {|
        l := lY;
        input := input item;
        destination :=
          composite_state_sub_projection
            (destination item);
        output := output item
      |}
| None => None
end = Some t
Hsome: is_Some (Some t)
output t = Some m
        by destruct (composite_label_sub_projection_option _); [inversion Hproj | congruence].
Qed.

Lemma valid_state_sub_projection
  (s : state (composite_type IM))
  (Hs : state_sub_item_input_is_seeded_or_sub_previously_sent s)
  (Hps : valid_state_prop X s)
  : valid_state_prop Xj (composite_state_sub_projection s).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
Hs: state_sub_item_input_is_seeded_or_sub_previously_sent
  s
Hps: valid_state_prop X s
valid_state_prop Xj (composite_state_sub_projection s)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
Hs: state_sub_item_input_is_seeded_or_sub_previously_sent
  s
Hps: valid_state_prop X s
valid_state_prop Xj (composite_state_sub_projection s)
  apply valid_state_has_trace in Hps.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
Hs: state_sub_item_input_is_seeded_or_sub_previously_sent
  s
Hps: ∃ (is : state X) (tr : list transition_item),
  finite_valid_trace_init_to X is s tr
valid_state_prop Xj (composite_state_sub_projection s)
  destruct Hps as [is [tr Htr]].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
Hs: state_sub_item_input_is_seeded_or_sub_previously_sent
  s
is: state X
tr: list transition_item
Htr: finite_valid_trace_init_to X is s tr
valid_state_prop Xj (composite_state_sub_projection s)
  specialize (Hs _ _ (VLSM_incl_finite_valid_trace_init_to
    (constrained_preloaded_incl (free_composite_vlsm IM) constraint) _ _ _ Htr)).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
tr: list transition_item
Hs: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
is: state X
Htr: finite_valid_trace_init_to X is s tr
valid_state_prop Xj (composite_state_sub_projection s)
  apply valid_trace_get_last in Htr as Hlst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
tr: list transition_item
Hs: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
is: state X
Htr: finite_valid_trace_init_to X is s tr
Hlst: finite_trace_last is tr = s
valid_state_prop Xj (composite_state_sub_projection s)
  apply valid_trace_forget_last in Htr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
tr: list transition_item
Hs: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
is: state X
Htr: finite_valid_trace X is tr
Hlst: finite_trace_last is tr = s
valid_state_prop Xj (composite_state_sub_projection s)
  specialize (finite_trace_sub_projection_last_state _ _ (proj1 Htr)) as Hlst'.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
tr: list transition_item
Hs: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
is: state X
Htr: finite_valid_trace X is tr
Hlst: finite_trace_last is tr = s
Hlst': let lstx := finite_trace_last is tr in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection tr) in
lstj = composite_state_sub_projection lstx
valid_state_prop Xj (composite_state_sub_projection s)
  apply (finite_valid_trace_sub_projection _ _ Hs) in Htr as Hptr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
tr: list transition_item
Hs: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
is: state X
Htr: finite_valid_trace X is tr
Hlst: finite_trace_last is tr = s
Hlst': let lstx := finite_trace_last is tr in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection tr) in
lstj = composite_state_sub_projection lstx
Hptr: finite_valid_trace Xj
  (composite_state_sub_projection is)
  (finite_trace_sub_projection tr)
valid_state_prop Xj (composite_state_sub_projection s)
  destruct Hptr as [Hptr _].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
tr: list transition_item
Hs: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
is: state X
Htr: finite_valid_trace X is tr
Hlst: finite_trace_last is tr = s
Hlst': let lstx := finite_trace_last is tr in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection tr) in
lstj = composite_state_sub_projection lstx
Hptr: finite_valid_trace_from Xj
  (composite_state_sub_projection is)
  (finite_trace_sub_projection tr)
valid_state_prop Xj (composite_state_sub_projection s)
  apply finite_valid_trace_last_pstate in Hptr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: state (composite_type IM)
tr: list transition_item
Hs: trace_sub_item_input_is_seeded_or_sub_previously_sent
  tr
is: state X
Htr: finite_valid_trace X is tr
Hlst: finite_trace_last is tr = s
Hlst': let lstx := finite_trace_last is tr in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection tr) in
lstj = composite_state_sub_projection lstx
Hptr: valid_state_prop Xj
  (finite_trace_last
     (composite_state_sub_projection is)
     (finite_trace_sub_projection tr))
valid_state_prop Xj (composite_state_sub_projection s)
  by cbn in *; rewrite Hlst' in Hptr; subst.
Qed.

Lemma finite_valid_trace_from_sub_projection
  (s : composite_state IM)
  (tr : list (composite_transition_item IM))
  (lst := finite_trace_last s tr)
  (Hmsg : state_sub_item_input_is_seeded_or_sub_previously_sent lst)
  (Htr : finite_valid_trace_from X s tr)
  : finite_valid_trace_from Xj (composite_state_sub_projection s) (finite_trace_sub_projection tr).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
Htr: finite_valid_trace_from X s tr
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
Htr: finite_valid_trace_from X s tr
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  apply finite_valid_trace_from_complete_left in Htr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
Htr: ∃ (is : state X) (trs : list transition_item),
  finite_valid_trace X is (trs ++ tr)
  ∧ finite_trace_last is trs = s
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  destruct Htr as [is [pre [Htr Hs]]].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  assert (Hpre := proj1 Htr).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is (pre ++ tr)
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  apply finite_valid_trace_from_app_iff in Hpre.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
∧ finite_valid_trace_from X
    (finite_trace_last is pre) tr
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  destruct Hpre as [Hpre _].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  specialize (finite_trace_sub_projection_last_state _ _ Hpre) as Hpre_lst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
  apply finite_valid_trace_sub_projection in Htr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace Xj
  (composite_state_sub_projection is)
  (finite_trace_sub_projection (pre ++ tr))
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
trace_sub_item_input_is_seeded_or_sub_previously_sent
  (pre ++ tr)
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace Xj
  (composite_state_sub_projection is)
  (finite_trace_sub_projection (pre ++ tr))
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr) destruct Htr as [Htr His].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace_from Xj
  (composite_state_sub_projection is)
  (finite_trace_sub_projection (pre ++ tr))
His: initial_state_prop
  (composite_state_sub_projection is)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
    rewrite finite_trace_sub_projection_app in Htr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace_from Xj
  (composite_state_sub_projection is)
  (finite_trace_sub_projection pre ++
   finite_trace_sub_projection tr)
His: initial_state_prop
  (composite_state_sub_projection is)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
    apply finite_valid_trace_from_app_iff in Htr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace_from Xj
  (composite_state_sub_projection is)
  (finite_trace_sub_projection pre)
∧ finite_valid_trace_from Xj
    (finite_trace_last
       (composite_state_sub_projection is)
       (finite_trace_sub_projection pre))
    (finite_trace_sub_projection tr)
His: initial_state_prop
  (composite_state_sub_projection is)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
    destruct Htr as [_ Htr].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace_from Xj
  (finite_trace_last
     (composite_state_sub_projection is)
     (finite_trace_sub_projection pre))
  (finite_trace_sub_projection tr)
His: initial_state_prop
  (composite_state_sub_projection is)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_valid_trace_from Xj
  (composite_state_sub_projection s)
  (finite_trace_sub_projection tr)
    subst s.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
tr: list (composite_transition_item IM)
is: state X
pre: list transition_item
lst:= finite_trace_last (finite_trace_last is pre) tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
Htr: finite_valid_trace_from Xj
  (finite_trace_last
     (composite_state_sub_projection is)
     (finite_trace_sub_projection pre))
  (finite_trace_sub_projection tr)
His: initial_state_prop
  (composite_state_sub_projection is)
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_valid_trace_from Xj
  (composite_state_sub_projection
     (finite_trace_last is pre))
  (finite_trace_sub_projection tr) simpl in *.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
tr: list (composite_transition_item IM)
is: composite_state IM
pre: list transition_item
lst:= finite_trace_last (finite_trace_last is pre) tr: composite_state IM
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
Htr: finite_valid_trace_from Xj
  (finite_trace_last
     (composite_state_sub_projection is)
     (finite_trace_sub_projection pre))
  (finite_trace_sub_projection tr)
His: composite_initial_state_prop sub_IM
  (composite_state_sub_projection is)
Hpre: finite_valid_trace_from X is pre
Hpre_lst: finite_trace_last
  (composite_state_sub_projection is)
  (finite_trace_sub_projection pre) =
composite_state_sub_projection
  (finite_trace_last is pre)
finite_valid_trace_from Xj
  (composite_state_sub_projection
     (finite_trace_last is pre))
  (finite_trace_sub_projection tr)
    by rewrite Hpre_lst in Htr.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
Hmsg: state_sub_item_input_is_seeded_or_sub_previously_sent
  lst
is: state X
pre: list transition_item
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
trace_sub_item_input_is_seeded_or_sub_previously_sent
  (pre ++ tr) specialize (Hmsg is (pre ++ tr)).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
is: state X
pre: list transition_item
Hmsg: finite_constrained_trace_init_to
  (free_composite_vlsm IM) is lst 
  (pre ++ tr)
→ trace_sub_item_input_is_seeded_or_sub_previously_sent
    (pre ++ tr)
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
trace_sub_item_input_is_seeded_or_sub_previously_sent
  (pre ++ tr)
    apply Hmsg.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
is: state X
pre: list transition_item
Hmsg: finite_constrained_trace_init_to
  (free_composite_vlsm IM) is lst 
  (pre ++ tr)
→ trace_sub_item_input_is_seeded_or_sub_previously_sent
    (pre ++ tr)
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_constrained_trace_init_to
  (free_composite_vlsm IM) is lst (pre ++ tr)
    apply VLSM_incl_finite_valid_trace_init_to; [by apply constrained_preloaded_incl |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
is: state X
pre: list transition_item
Hmsg: finite_constrained_trace_init_to
  (free_composite_vlsm IM) is lst 
  (pre ++ tr)
→ trace_sub_item_input_is_seeded_or_sub_previously_sent
    (pre ++ tr)
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_valid_trace_init_to
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM) constraint
  |} is lst (pre ++ tr)
    apply valid_trace_add_last; [done |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
is: state X
pre: list transition_item
Hmsg: finite_constrained_trace_init_to
  (free_composite_vlsm IM) is lst 
  (pre ++ tr)
→ trace_sub_item_input_is_seeded_or_sub_previously_sent
    (pre ++ tr)
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_trace_last is (pre ++ tr) = lst
    rewrite finite_trace_last_app.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
H0: ∀ i : index, HasBeenSentCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Sub_Free:= free_composite_vlsm sub_IM: VLSM message
X:= composite_vlsm IM constraint: VLSM message
seed: message → Prop
sub_constraint: composite_label sub_IM
→ composite_state sub_IM *
  option message → Prop
Xj:= composite_no_equivocation_vlsm_with_preloaded
  sub_IM (free_constraint sub_IM) seed: VLSM message
s: composite_state IM
tr: list (composite_transition_item IM)
lst:= finite_trace_last s tr: state (composite_type IM)
is: state X
pre: list transition_item
Hmsg: finite_constrained_trace_init_to
  (free_composite_vlsm IM) is lst 
  (pre ++ tr)
→ trace_sub_item_input_is_seeded_or_sub_previously_sent
    (pre ++ tr)
Htr: finite_valid_trace X is (pre ++ tr)
Hs: finite_trace_last is pre = s
Hpre: finite_valid_trace_from X is pre
Hpre_lst: let lstx := finite_trace_last is pre in
let lstj :=
  finite_trace_last
    (composite_state_sub_projection is)
    (finite_trace_sub_projection pre) in
lstj = composite_state_sub_projection lstx
finite_trace_last (finite_trace_last is pre) tr = lst
    by unfold lst; subst.
Qed.

End sec_sub_projection_with_no_equivocation_constraints.

Lemma lift_sub_state_initial
  (s : composite_state sub_IM)
  (Hs : composite_initial_state_prop sub_IM s)
  : composite_initial_state_prop IM (lift_sub_state s).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
composite_initial_state_prop IM (lift_sub_state s)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
composite_initial_state_prop IM (lift_sub_state s)
  intros i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
initial_state_prop (lift_sub_state s i)
  unfold lift_sub_state, lift_sub_state_to.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
initial_state_prop
  match decide (sub_index_prop i) with
  | left e => s (dexist i e)
  | right _ => `(vs0 (IM i))
  end
  case_decide as Hi.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
Hi: sub_index_prop i
initial_state_prop (s (dexist i Hi))
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
Hi: ¬ sub_index_prop i
initial_state_prop (`(vs0 (IM i)))
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
Hi: sub_index_prop i
initial_state_prop (s (dexist i Hi)) by apply (Hs (dexist i Hi)).
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
Hi: ¬ sub_index_prop i
initial_state_prop (`(vs0 (IM i))) by destruct (vs0 _).
Qed.

Lemma lift_sub_state_to_initial
  (s0 : composite_state IM)
  (Hs0 : composite_initial_state_prop IM s0)
  (s : composite_state sub_IM)
  (Hs : composite_initial_state_prop sub_IM s)
  : composite_initial_state_prop IM (lift_sub_state_to s0 s).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
Hs0: composite_initial_state_prop IM s0
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
composite_initial_state_prop IM
  (lift_sub_state_to s0 s)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
Hs0: composite_initial_state_prop IM s0
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
composite_initial_state_prop IM
  (lift_sub_state_to s0 s)
  intros i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
Hs0: composite_initial_state_prop IM s0
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
initial_state_prop (lift_sub_state_to s0 s i)
  unfold lift_sub_state_to.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
Hs0: composite_initial_state_prop IM s0
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
initial_state_prop
  match decide (sub_index_prop i) with
  | left e => s (dexist i e)
  | right _ => s0 i
  end
  case_decide as Hi.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
Hs0: composite_initial_state_prop IM s0
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
Hi: sub_index_prop i
initial_state_prop (s (dexist i Hi))
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
Hs0: composite_initial_state_prop IM s0
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
Hi: ¬ sub_index_prop i
initial_state_prop (s0 i)
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
Hs0: composite_initial_state_prop IM s0
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
Hi: sub_index_prop i
initial_state_prop (s (dexist i Hi)) by apply (Hs (dexist i Hi)).
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
s0: composite_state IM
Hs0: composite_initial_state_prop IM s0
s: composite_state sub_IM
Hs: composite_initial_state_prop sub_IM s
i: index
Hi: ¬ sub_index_prop i
initial_state_prop (s0 i) by apply Hs0.
Qed.

Lemma lift_sub_message_initial
  (m : message)
  (Hm : composite_initial_message_prop sub_IM m)
  : composite_initial_message_prop IM m.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
m: message
Hm: composite_initial_message_prop sub_IM m
composite_initial_message_prop IM m
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
m: message
Hm: composite_initial_message_prop sub_IM m
composite_initial_message_prop IM m
  destruct Hm as [[i Hi] Hm].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
m: message
i: index
Hi: bool_decide (sub_index_prop i)
Hm: ∃ mi : initial_message (sub_IM (i ↾ Hi)), `mi = m
composite_initial_message_prop IM m
  unfold sub_IM in Hm.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
m: message
i: index
Hi: bool_decide (sub_index_prop i)
Hm: ∃ mi : initial_message (IM (`(i ↾ Hi))), `mi = m
composite_initial_message_prop IM m simpl in Hm.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
m: message
i: index
Hi: bool_decide (sub_index_prop i)
Hm: ∃ mi : initial_message (IM i), `mi = m
composite_initial_message_prop IM m
  by exists i.
Qed.

Lemma lift_sub_valid l s om
  (Hv : composite_valid sub_IM l (s, om))
  : composite_valid IM (lift_sub_label l) (lift_sub_state s, om).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
l: composite_label sub_IM
s: composite_state sub_IM
om: option message
Hv: composite_valid sub_IM l (s, om)
composite_valid IM (lift_sub_label l)
  (lift_sub_state s, om)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
l: composite_label sub_IM
s: composite_state sub_IM
om: option message
Hv: composite_valid sub_IM l (s, om)
composite_valid IM (lift_sub_label l)
  (lift_sub_state s, om)
  revert Hv.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
l: composite_label sub_IM
s: composite_state sub_IM
om: option message
composite_valid sub_IM l (s, om)
→ composite_valid IM (lift_sub_label l)
    (lift_sub_state s, om)
  destruct l as (sub_i, li).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
sub_i: sub_index
li: label (sub_IM sub_i)
s: composite_state sub_IM
om: option message
composite_valid sub_IM (existT sub_i li) (s, om)
→ composite_valid IM
    (lift_sub_label (existT sub_i li))
    (lift_sub_state s, om)
  destruct_dec_sig sub_i i Hi Heqsub_i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
sub_i: sub_index
li: label (sub_IM sub_i)
s: composite_state sub_IM
om: option message
i: index
Hi: sub_index_prop i
Heqsub_i: sub_i = dexist i Hi
composite_valid sub_IM (existT sub_i li) (s, om)
→ composite_valid IM
    (lift_sub_label (existT sub_i li))
    (lift_sub_state s, om)
  cbn; unfold lift_sub_state, lift_sub_state_to; subst; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
s: composite_state sub_IM
om: option message
valid li (s (dexist i Hi), om)
→ valid li
    (match decide (sub_index_prop i) with
     | left e => s (dexist i e)
     | right _ => `(vs0 (IM i))
     end, om)
  unfold sub_IM in li; cbn in li.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
Hi: sub_index_prop i
li: label (IM i)
s: composite_state sub_IM
om: option message
valid li (s (dexist i Hi), om)
→ valid li
    (match decide (sub_index_prop i) with
     | left e => s (dexist i e)
     | right _ => `(vs0 (IM i))
     end, om)
  case_decide as _Hi; [| done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
Hi: sub_index_prop i
li: label (IM i)
s: composite_state sub_IM
om: option message
_Hi: sub_index_prop i
valid li (s (dexist i Hi), om)
→ valid li (s (dexist i _Hi), om)
  by rewrite (sub_IM_state_pi s _Hi Hi); auto.
Qed.

Lemma lift_sub_transition l s om s' om'
  (Ht : composite_transition sub_IM l (s, om) = (s', om'))
  : composite_transition IM
    (lift_sub_label l) (lift_sub_state s, om) = (lift_sub_state s', om').message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
l: composite_label sub_IM
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
Ht: composite_transition sub_IM l (s, om) = (s', om')
composite_transition IM (lift_sub_label l)
  (lift_sub_state s, om) = (lift_sub_state s', om')
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
l: composite_label sub_IM
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
Ht: composite_transition sub_IM l (s, om) = (s', om')
composite_transition IM (lift_sub_label l)
  (lift_sub_state s, om) = (lift_sub_state s', om')
  revert Ht.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
l: composite_label sub_IM
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
composite_transition sub_IM l (s, om) = (s', om')
→ composite_transition IM (lift_sub_label l)
    (lift_sub_state s, om) = (lift_sub_state s', om')
  destruct l as (sub_i, li).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
sub_i: sub_index
li: label (sub_IM sub_i)
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
composite_transition sub_IM (existT sub_i li) (s, om) =
(s', om')
→ composite_transition IM
    (lift_sub_label (existT sub_i li))
    (lift_sub_state s, om) = (lift_sub_state s', om')
  destruct_dec_sig sub_i i Hi Heqsub_i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
sub_i: sub_index
li: label (sub_IM sub_i)
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
i: index
Hi: sub_index_prop i
Heqsub_i: sub_i = dexist i Hi
composite_transition sub_IM (existT sub_i li) (s, om) =
(s', om')
→ composite_transition IM
    (lift_sub_label (existT sub_i li))
    (lift_sub_state s, om) = (lift_sub_state s', om')
  cbn; unfold lift_sub_state at 1; unfold lift_sub_state_to; subst; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
Hi: sub_index_prop i
li: label (sub_IM (dexist i Hi))
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
(let (si', om') :=
   transition li (s (dexist i Hi), om) in
 (state_update sub_IM s (dexist i Hi) si', om')) =
(s', om')
→ (let (si', om') :=
     transition li
       (match decide (sub_index_prop i) with
        | left e => s (dexist i e)
        | right _ => `(vs0 (IM i))
        end, om) in
   (state_update IM (lift_sub_state s) i si', om')) =
  (lift_sub_state s', om')
  unfold sub_IM in li; simpl in li.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
Hi: sub_index_prop i
li: label (IM i)
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
(let (si', om') :=
   transition li (s (dexist i Hi), om) in
 (state_update sub_IM s (dexist i Hi) si', om')) =
(s', om')
→ (let (si', om') :=
     transition li
       (match decide (sub_index_prop i) with
        | left e => s (dexist i e)
        | right _ => `(vs0 (IM i))
        end, om) in
   (state_update IM (lift_sub_state s) i si', om')) =
  (lift_sub_state s', om')
  case_decide as _Hi; [| done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
Hi: sub_index_prop i
li: label (IM i)
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
_Hi: sub_index_prop i
(let (si', om') :=
   transition li (s (dexist i Hi), om) in
 (state_update sub_IM s (dexist i Hi) si', om')) =
(s', om')
→ (let (si', om') :=
     transition li (s (dexist i _Hi), om) in
   (state_update IM (lift_sub_state s) i si', om')) =
  (lift_sub_state s', om')
  rewrite (sub_IM_state_pi s _Hi Hi).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
Hi: sub_index_prop i
li: label (IM i)
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
_Hi: sub_index_prop i
(let (si', om') :=
   transition li (s (dexist i Hi), om) in
 (state_update sub_IM s (dexist i Hi) si', om')) =
(s', om')
→ (let (si', om') :=
     transition li (s (dexist i Hi), om) in
   (state_update IM (lift_sub_state s) i si', om')) =
  (lift_sub_state s', om')
  clear _Hi; destruct (transition _ _) as (si', _om'); inversion_clear 1.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
Hi: sub_index_prop i
li: label (IM i)
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
si': state (sub_IM (dexist i Hi))
_om': option message
(state_update IM (lift_sub_state s) i si', om') =
(lift_sub_state
   (state_update sub_IM s (dexist i Hi) si'), om')
  f_equal; extensionality j.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
Hi: sub_index_prop i
li: label (IM i)
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
si': state (sub_IM (dexist i Hi))
_om': option message
j: index
state_update IM (lift_sub_state s) i si' j =
lift_sub_state
  (state_update sub_IM s (dexist i Hi) si') j
  unfold lift_sub_state, lift_sub_state_to.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_index_list: list index
i: index
Hi: sub_index_prop i
li: label (IM i)
s: composite_state sub_IM
om: option message
s': composite_state sub_IM
om': option message
si': state (sub_IM (dexist i Hi))
_om': option message
j: index
state_update IM
  (λ i : index,
     match decide (sub_index_prop i) with
     | left e => s (dexist i e)
     | right _ => `(vs0 (IM i))
     end) i si' j =
match decide (sub_index_prop j) with
| left e =>
    state_update sub_IM s (dexist i Hi) si'
      (dexist j e)
| right _ => `(vs0 (IM j))
end
  by destruct (decide (i = j)); subst; state_update_simpl; case_decide; state_update_simpl.
Qed.

End sec_sub_composition.

#[export] Hint Rewrite @sub_IM_state_update_eq using done : state_update.
#[export] Hint Rewrite @sub_IM_state_update_neq using done : state_update.
#[export] Hint Rewrite @lift_sub_state_to_eq using done : state_update.
#[export] Hint Rewrite @lift_sub_state_to_neq using done : state_update.
#[export] Hint Rewrite @lift_sub_state_to_neq_state_update using done : state_update.

Arguments sub_IM_state_pi {_ _ _ _ _ _} _ _ _.

(*
  Make initial arguments of lift_sub_transition not maximally inserted,
  so tactics like rapply lift_sub_transition
  do not try to guess those arguments before looking at the goal,
  and we don't have to always write <<rapply @lift_sub_transition>>.
*)
Arguments lift_sub_transition [message index]%type_scope {EqDecision0} IM%function_scope
  sub_index_list%list_scope l s om s' om' Ht.

Lifting a trace from a sub-composition to the full composition

In this section, we first show that given a valid state for a composition, we can reset some of the state-components to initial states without losing the valid state property.

The set of components for which the reset operation will happen is equivocators.

We then show that a similar result holds for replacing the equivocator components with the components corresponding to any valid state of the composition of just the equivocators.

We prove those results for compositions preloaded with all messages (Lemmas reset_equivocating_transitions_preloaded_projection and PreSubFree_PreFree_weak_embedding).

Section sec_lift_sub_state_to_preloaded.

Context
  {message : Type}
  `{finite.Finite index}
  (IM : index -> VLSM message)
  (equivocators : list index)
  (Free := free_composite_vlsm IM)
  (PreFree := preloaded_with_all_messages_vlsm Free)
  (SubFree : VLSM message :=  free_composite_vlsm (sub_IM IM equivocators))
  (PreSubFree := preloaded_with_all_messages_vlsm SubFree)
  (base_s : composite_state IM)
  (Hbase_s : constrained_state_prop Free base_s)
  .

A partial label projection function which only keeps non-equivocating transitions.

Definition remove_equivocating_label_project (l : composite_label IM) : option (composite_label IM)
  := if decide (projT1 l ∈ equivocators) then None else Some l.

Replaces the state components of the given state with those of eqv_is.

Definition remove_equivocating_state_project eqv_is
  : composite_state IM -> composite_state IM
  := fun s => lift_sub_state_to IM equivocators s eqv_is.

Lemma remove_equivocating_strong_projection_valid_preservation eqv_is :
  strong_projection_valid_preservation Free Free
    remove_equivocating_label_project (remove_equivocating_state_project eqv_is).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
strong_projection_valid_preservation Free Free
  remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
strong_projection_valid_preservation Free Free
  remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
  intros lX lY Hl s om Hv.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
lX, lY: label Free
Hl: remove_equivocating_label_project lX = Some lY
s: state Free
om: option message
Hv: valid lX (s, om)
valid lY
  (remove_equivocating_state_project eqv_is s, om)
  destruct lX as (i, liX).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
lY: label Free
Hl: remove_equivocating_label_project (existT i liX) =
Some lY
s: state Free
om: option message
Hv: valid (existT i liX) (s, om)
valid lY
  (remove_equivocating_state_project eqv_is s, om)
  unfold remove_equivocating_label_project in Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
lY: label Free
Hl: (if decide (projT1 (existT i liX) ∈ equivocators)
 then None
 else Some (existT i liX)) = 
Some lY
s: state Free
om: option message
Hv: valid (existT i liX) (s, om)
valid lY
  (remove_equivocating_state_project eqv_is s, om)
  simpl in Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
lY: label Free
Hl: (if decide (i ∈ equivocators)
 then None
 else Some (existT i liX)) = 
Some lY
s: state Free
om: option message
Hv: valid (existT i liX) (s, om)
valid lY
  (remove_equivocating_state_project eqv_is s, om)
  destruct (decide _); [by congruence |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
lY: label Free
n: i ∉ equivocators
Hl: Some (existT i liX) = Some lY
s: state Free
om: option message
Hv: valid (existT i liX) (s, om)
valid lY
  (remove_equivocating_state_project eqv_is s, om)
  inversion Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
lY: label Free
n: i ∉ equivocators
Hl: Some (existT i liX) = Some lY
s: state Free
om: option message
Hv: valid (existT i liX) (s, om)
H1: existT i liX = lY
valid (existT i liX)
  (remove_equivocating_state_project eqv_is s, om) subst lY.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
Hl: Some (existT i liX) = Some (existT i liX)
s: state Free
om: option message
Hv: valid (existT i liX) (s, om)
valid (existT i liX)
  (remove_equivocating_state_project eqv_is s, om) clear Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
s: state Free
om: option message
Hv: valid (existT i liX) (s, om)
valid (existT i liX)
  (remove_equivocating_state_project eqv_is s, om)
  cbn in Hv |- *.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
s: state Free
om: option message
Hv: valid liX (s i, om)
valid liX
  (remove_equivocating_state_project eqv_is s i, om)
  unfold remove_equivocating_state_project.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
s: state Free
om: option message
Hv: valid liX (s i, om)
valid liX
  (lift_sub_state_to IM equivocators s eqv_is i, om)
  by rewrite lift_sub_state_to_neq; [apply Hv |].
Qed.

Lemma remove_equivocating_strong_projection_transition_preservation_Some eqv_is :
  strong_projection_transition_preservation_Some Free Free
    remove_equivocating_label_project (remove_equivocating_state_project eqv_is).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
strong_projection_transition_preservation_Some Free
  Free remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
strong_projection_transition_preservation_Some Free
  Free remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
  intros lX lY Hl s om s' om' Ht.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
lX, lY: label Free
Hl: remove_equivocating_label_project lX = Some lY
s: state Free
om: option message
s': state Free
om': option message
Ht: transition lX (s, om) = (s', om')
transition lY
  (remove_equivocating_state_project eqv_is s, om) =
(remove_equivocating_state_project eqv_is s', om')
  destruct lX as (i, liX).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
lY: label Free
Hl: remove_equivocating_label_project (existT i liX) =
Some lY
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
transition lY
  (remove_equivocating_state_project eqv_is s, om) =
(remove_equivocating_state_project eqv_is s', om')
  unfold remove_equivocating_label_project in Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
lY: label Free
Hl: (if decide (projT1 (existT i liX) ∈ equivocators)
 then None
 else Some (existT i liX)) = 
Some lY
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
transition lY
  (remove_equivocating_state_project eqv_is s, om) =
(remove_equivocating_state_project eqv_is s', om')
  simpl in Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
lY: label Free
Hl: (if decide (i ∈ equivocators)
 then None
 else Some (existT i liX)) = 
Some lY
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
transition lY
  (remove_equivocating_state_project eqv_is s, om) =
(remove_equivocating_state_project eqv_is s', om')
  destruct (decide _); [by congruence |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
lY: label Free
n: i ∉ equivocators
Hl: Some (existT i liX) = Some lY
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
transition lY
  (remove_equivocating_state_project eqv_is s, om) =
(remove_equivocating_state_project eqv_is s', om')
  inversion Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
lY: label Free
n: i ∉ equivocators
Hl: Some (existT i liX) = Some lY
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
H1: existT i liX = lY
transition (existT i liX)
  (remove_equivocating_state_project eqv_is s, om) =
(remove_equivocating_state_project eqv_is s', om') subst lY.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
Hl: Some (existT i liX) = Some (existT i liX)
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
transition (existT i liX)
  (remove_equivocating_state_project eqv_is s, om) =
(remove_equivocating_state_project eqv_is s', om') clear Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
transition (existT i liX)
  (remove_equivocating_state_project eqv_is s, om) =
(remove_equivocating_state_project eqv_is s', om')
  cbn in Ht |- *.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
s: state Free
om: option message
s': state Free
om': option message
Ht: (let (si', om') := transition liX (s i, om) in
 (state_update IM s i si', om')) = (
s', om')
(let (si', om') :=
   transition liX
     (remove_equivocating_state_project eqv_is s i, om) in
 (state_update IM
    (remove_equivocating_state_project eqv_is s) i si',
  om')) =
(remove_equivocating_state_project eqv_is s', om')
  unfold remove_equivocating_state_project.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
s: state Free
om: option message
s': state Free
om': option message
Ht: (let (si', om') := transition liX (s i, om) in
 (state_update IM s i si', om')) = (
s', om')
(let (si', om') :=
   transition liX
     (lift_sub_state_to IM equivocators s eqv_is i, om) in
 (state_update IM
    (lift_sub_state_to IM equivocators s eqv_is) i si',
  om')) =
(lift_sub_state_to IM equivocators s' eqv_is, om')
  rewrite lift_sub_state_to_neq by done.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
s: state Free
om: option message
s': state Free
om': option message
Ht: (let (si', om') := transition liX (s i, om) in
 (state_update IM s i si', om')) = (
s', om')
(let (si', om') := transition liX (s i, om) in
 (state_update IM
    (lift_sub_state_to IM equivocators s eqv_is) i si',
  om')) =
(lift_sub_state_to IM equivocators s' eqv_is, om')
  destruct (transition _ _ _) as (si', _om').message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
s: state Free
om: option message
s': state Free
om': option message
si': state (IM i)
_om': option message
Ht: (state_update IM s i si', _om') = (s', om')
(state_update IM
   (lift_sub_state_to IM equivocators s eqv_is) i si',
 _om') =
(lift_sub_state_to IM equivocators s' eqv_is, om')
  inversion_clear Ht.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
s: state Free
om: option message
s': state Free
om': option message
si': state (IM i)
_om': option message
(state_update IM
   (lift_sub_state_to IM equivocators s eqv_is) i si',
 om') =
(lift_sub_state_to IM equivocators
   (state_update IM s i si') eqv_is, om')
  f_equal; extensionality j.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
n: i ∉ equivocators
s: state Free
om: option message
s': state Free
om': option message
si': state (IM i)
_om': option message
j: index
state_update IM
  (lift_sub_state_to IM equivocators s eqv_is) i si' j =
lift_sub_state_to IM equivocators
  (state_update IM s i si') eqv_is j
  by destruct (decide (i = j)); subst; state_update_simpl.
Qed.

Lemma remove_equivocating_strong_projection_transition_consistency_None eqv_is :
  @strong_projection_transition_consistency_None _ Free _
    remove_equivocating_label_project (remove_equivocating_state_project eqv_is).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
strong_projection_transition_consistency_None Free
  (composite_type IM)
  remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
strong_projection_transition_consistency_None Free
  (composite_type IM)
  remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
  intros lX Hl s om s' om' Ht.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
lX: label Free
Hl: remove_equivocating_label_project lX = None
s: state Free
om: option message
s': state Free
om': option message
Ht: transition lX (s, om) = (s', om')
remove_equivocating_state_project eqv_is s' =
remove_equivocating_state_project eqv_is s
  destruct lX as (i, liX).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
Hl: remove_equivocating_label_project (existT i liX) =
None
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
remove_equivocating_state_project eqv_is s' =
remove_equivocating_state_project eqv_is s
  unfold remove_equivocating_label_project in Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
Hl: (if decide (projT1 (existT i liX) ∈ equivocators)
 then None
 else Some (existT i liX)) = None
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
remove_equivocating_state_project eqv_is s' =
remove_equivocating_state_project eqv_is s
  simpl in Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
Hl: (if decide (i ∈ equivocators)
 then None
 else Some (existT i liX)) = None
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
remove_equivocating_state_project eqv_is s' =
remove_equivocating_state_project eqv_is s
  case_decide; [| by congruence].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
H0: i ∈ equivocators
Hl: None = None
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
remove_equivocating_state_project eqv_is s' =
remove_equivocating_state_project eqv_is s clear Hl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
H0: i ∈ equivocators
s: state Free
om: option message
s': state Free
om': option message
Ht: transition (existT i liX) (s, om) = (s', om')
remove_equivocating_state_project eqv_is s' =
remove_equivocating_state_project eqv_is s
  cbn in Ht.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
H0: i ∈ equivocators
s: state Free
om: option message
s': state Free
om': option message
Ht: (let (si', om') := transition liX (s i, om) in
 (state_update IM s i si', om')) = (
s', om')
remove_equivocating_state_project eqv_is s' =
remove_equivocating_state_project eqv_is s
  destruct (transition _ _ _) as (si', _om').message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
H0: i ∈ equivocators
s: state Free
om: option message
s': state Free
om': option message
si': state (IM i)
_om': option message
Ht: (state_update IM s i si', _om') = (s', om')
remove_equivocating_state_project eqv_is s' =
remove_equivocating_state_project eqv_is s
  inversion_clear Ht.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
H0: i ∈ equivocators
s: state Free
om: option message
s': state Free
om': option message
si': state (IM i)
_om': option message
remove_equivocating_state_project eqv_is
  (state_update IM s i si') =
remove_equivocating_state_project eqv_is s
  extensionality j.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
H0: i ∈ equivocators
s: state Free
om: option message
s': state Free
om': option message
si': state (IM i)
_om': option message
j: index
remove_equivocating_state_project eqv_is
  (state_update IM s i si') j =
remove_equivocating_state_project eqv_is s j
  unfold remove_equivocating_state_project, lift_sub_state_to.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
H0: i ∈ equivocators
s: state Free
om: option message
s': state Free
om': option message
si': state (IM i)
_om': option message
j: index
match decide (sub_index_prop equivocators j) with
| left e => eqv_is (dexist j e)
| right _ => state_update IM s i si' j
end =
match decide (sub_index_prop equivocators j) with
| left e => eqv_is (dexist j e)
| right _ => s j
end
  case_decide; [done |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
i: index
liX: label (IM i)
H0: i ∈ equivocators
s: state Free
om: option message
s': state Free
om': option message
si': state (IM i)
_om': option message
j: index
H1: ¬ sub_index_prop equivocators j
state_update IM s i si' j = s j
  by destruct (decide (i = j)); subst; state_update_simpl.
Qed.

Lemma remove_equivocating_strong_embedding_initial_state_preservation eqv_is
  (Heqv_is : composite_initial_state_prop (sub_IM IM equivocators) eqv_is) :
  strong_projection_initial_state_preservation Free Free
    (remove_equivocating_state_project eqv_is).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
strong_projection_initial_state_preservation Free Free
  (remove_equivocating_state_project eqv_is)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
strong_projection_initial_state_preservation Free Free
  (remove_equivocating_state_project eqv_is)
  intros s Hs i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
s: state Free
Hs: initial_state_prop s
i: index
initial_state_prop
  (remove_equivocating_state_project eqv_is s i)
  unfold remove_equivocating_state_project, lift_sub_state_to.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
s: state Free
Hs: initial_state_prop s
i: index
initial_state_prop
  match decide (sub_index_prop equivocators i) with
  | left e => eqv_is (dexist i e)
  | right _ => s i
  end
  destruct (decide _); [| done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
s: state Free
Hs: initial_state_prop s
i: index
s0: sub_index_prop equivocators i
initial_state_prop (eqv_is (dexist i s0))
  by apply (Heqv_is (dexist i s0)).
Qed.

Given any valid trace for the composition of all components and an initial state for the composition of just the equivocators, the trace obtained by resetting the components corresponding to the equivocators to those of the given initial state and removing the transitions corresponding to the equivocators is still a valid trace.

Lemma remove_equivocating_transitions_preloaded_projection eqv_is
  (Heqv_is : composite_initial_state_prop (sub_IM IM equivocators) eqv_is) :
  VLSM_projection PreFree PreFree
    remove_equivocating_label_project (remove_equivocating_state_project eqv_is).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
VLSM_projection PreFree PreFree
  remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
VLSM_projection PreFree PreFree
  remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
  apply basic_VLSM_projection_preloaded.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
strong_projection_valid_preservation Free Free
  remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
strong_projection_transition_preservation_Some Free
  Free remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
strong_projection_transition_consistency_None Free
  Free remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
strong_projection_initial_state_preservation Free Free
  (remove_equivocating_state_project eqv_is)
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
strong_projection_valid_preservation Free Free
  remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is) by apply remove_equivocating_strong_projection_valid_preservation.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
strong_projection_transition_preservation_Some Free
  Free remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is) by apply remove_equivocating_strong_projection_transition_preservation_Some.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
strong_projection_transition_consistency_None Free
  Free remove_equivocating_label_project
  (remove_equivocating_state_project eqv_is) by apply remove_equivocating_strong_projection_transition_consistency_None.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
eqv_is: composite_state (sub_IM IM equivocators)
Heqv_is: composite_initial_state_prop
  (sub_IM IM equivocators) eqv_is
strong_projection_initial_state_preservation Free Free
  (remove_equivocating_state_project eqv_is) by apply remove_equivocating_strong_embedding_initial_state_preservation.
Qed.

Lemma preloaded_lift_sub_state_to_initial_state :
  weak_projection_initial_state_preservation PreSubFree PreFree
    (lift_sub_state_to IM equivocators base_s).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
weak_projection_initial_state_preservation PreSubFree
  PreFree (lift_sub_state_to IM equivocators base_s)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
weak_projection_initial_state_preservation PreSubFree
  PreFree (lift_sub_state_to IM equivocators base_s)
  apply valid_state_has_trace in Hbase_s as Htr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
Htr: ∃ (is : state
          (preloaded_with_all_messages_vlsm Free)) 
  (tr : list transition_item),
  finite_valid_trace_init_to
    (preloaded_with_all_messages_vlsm Free) is
    base_s tr
weak_projection_initial_state_preservation PreSubFree
  PreFree (lift_sub_state_to IM equivocators base_s)
  destruct Htr as [is [tr Htr]].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
is: state (preloaded_with_all_messages_vlsm Free)
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm Free) is
  base_s tr
weak_projection_initial_state_preservation PreSubFree
  PreFree (lift_sub_state_to IM equivocators base_s)
  intros eqv_is Heqv_is.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
is: state (preloaded_with_all_messages_vlsm Free)
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm Free) is
  base_s tr
eqv_is: state PreSubFree
Heqv_is: initial_state_prop eqv_is
valid_state_prop PreFree
  (lift_sub_state_to IM equivocators base_s eqv_is)
  apply (VLSM_projection_finite_valid_trace_init_to
    (remove_equivocating_transitions_preloaded_projection _ Heqv_is)) in Htr.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
is: state (preloaded_with_all_messages_vlsm Free)
tr: list transition_item
eqv_is: state PreSubFree
Heqv_is: initial_state_prop eqv_is
Htr: finite_valid_trace_init_to PreFree
  (remove_equivocating_state_project eqv_is is)
  (remove_equivocating_state_project eqv_is
     base_s)
  (VLSM_projection_finite_trace_project
     (remove_equivocating_transitions_preloaded_projection
        eqv_is Heqv_is) tr)
valid_state_prop PreFree
  (lift_sub_state_to IM equivocators base_s eqv_is)
  by apply valid_trace_last_pstate in Htr.
Qed.

Lemma lift_sub_to_valid l s om
  (Hv : composite_valid (sub_IM IM equivocators) l (s, om)) :
  composite_valid IM (lift_sub_label IM equivocators l)
    (lift_sub_state_to IM equivocators base_s s, om).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
l: composite_label (sub_IM IM equivocators)
s: composite_state (sub_IM IM equivocators)
om: option message
Hv: composite_valid (sub_IM IM equivocators) l
  (s, om)
composite_valid IM (lift_sub_label IM equivocators l)
  (lift_sub_state_to IM equivocators base_s s, om)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
l: composite_label (sub_IM IM equivocators)
s: composite_state (sub_IM IM equivocators)
om: option message
Hv: composite_valid (sub_IM IM equivocators) l
  (s, om)
composite_valid IM (lift_sub_label IM equivocators l)
  (lift_sub_state_to IM equivocators base_s s, om)
  revert Hv.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
l: composite_label (sub_IM IM equivocators)
s: composite_state (sub_IM IM equivocators)
om: option message
composite_valid (sub_IM IM equivocators) l (s, om)
→ composite_valid IM
    (lift_sub_label IM equivocators l)
    (lift_sub_state_to IM equivocators base_s s, om) destruct l as (i, li).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
i: sub_index equivocators
li: label (sub_IM IM equivocators i)
s: composite_state (sub_IM IM equivocators)
om: option message
composite_valid (sub_IM IM equivocators) (existT i li)
  (s, om)
→ composite_valid IM
    (lift_sub_label IM equivocators (existT i li))
    (lift_sub_state_to IM equivocators base_s s, om)
  destruct_dec_sig i j Hj Heq.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
i: sub_index equivocators
li: label (sub_IM IM equivocators i)
s: composite_state (sub_IM IM equivocators)
om: option message
j: index
Hj: sub_index_prop equivocators j
Heq: i = dexist j Hj
composite_valid (sub_IM IM equivocators) (existT i li)
  (s, om)
→ composite_valid IM
    (lift_sub_label IM equivocators (existT i li))
    (lift_sub_state_to IM equivocators base_s s, om) subst i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
composite_valid (sub_IM IM equivocators)
  (existT (dexist j Hj) li) (s, om)
→ composite_valid IM
    (lift_sub_label IM equivocators
       (existT (dexist j Hj) li))
    (lift_sub_state_to IM equivocators base_s s, om) simpl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
valid li (s (dexist j Hj), om)
→ valid li
    (lift_sub_state_to IM equivocators base_s s j, om)
  by erewrite lift_sub_state_to_eq.
Qed.

Lemma lift_sub_to_transition l s om s' om'
  (Ht : composite_transition (sub_IM IM equivocators) l (s, om) = (s', om'))
  : composite_transition IM
    (lift_sub_label IM equivocators l) (lift_sub_state_to IM equivocators base_s s, om) =
    (lift_sub_state_to IM equivocators base_s s', om').message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
l: composite_label (sub_IM IM equivocators)
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
Ht: composite_transition (sub_IM IM equivocators) l
  (s, om) = (s', om')
composite_transition IM
  (lift_sub_label IM equivocators l)
  (lift_sub_state_to IM equivocators base_s s, om) =
(lift_sub_state_to IM equivocators base_s s', om')
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
l: composite_label (sub_IM IM equivocators)
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
Ht: composite_transition (sub_IM IM equivocators) l
  (s, om) = (s', om')
composite_transition IM
  (lift_sub_label IM equivocators l)
  (lift_sub_state_to IM equivocators base_s s, om) =
(lift_sub_state_to IM equivocators base_s s', om')
  destruct l as (i, li).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
i: sub_index equivocators
li: label (sub_IM IM equivocators i)
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
Ht: composite_transition (sub_IM IM equivocators)
  (existT i li) (s, om) = (
s', om')
composite_transition IM
  (lift_sub_label IM equivocators (existT i li))
  (lift_sub_state_to IM equivocators base_s s, om) =
(lift_sub_state_to IM equivocators base_s s', om')
  destruct_dec_sig i j Hj Heq.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
i: sub_index equivocators
li: label (sub_IM IM equivocators i)
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
Ht: composite_transition (sub_IM IM equivocators)
  (existT i li) (s, om) = (
s', om')
j: index
Hj: sub_index_prop equivocators j
Heq: i = dexist j Hj
composite_transition IM
  (lift_sub_label IM equivocators (existT i li))
  (lift_sub_state_to IM equivocators base_s s, om) =
(lift_sub_state_to IM equivocators base_s s', om') subst i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
Ht: composite_transition (sub_IM IM equivocators)
  (existT (dexist j Hj) li) (
  s, om) = (s', om')
composite_transition IM
  (lift_sub_label IM equivocators
     (existT (dexist j Hj) li))
  (lift_sub_state_to IM equivocators base_s s, om) =
(lift_sub_state_to IM equivocators base_s s', om')
  revert Ht; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
(let (si', om') :=
   transition li (s (dexist j Hj), om) in
 (state_update (sub_IM IM equivocators) s
    (dexist j Hj) si', om')) = (s', om')
→ (let (si', om') :=
     transition li
       (lift_sub_state_to IM equivocators base_s s j,
        om) in
   (state_update IM
      (lift_sub_state_to IM equivocators base_s s) j
      si', om')) =
  (lift_sub_state_to IM equivocators base_s s', om')
  rewrite lift_sub_state_to_eq with (Hi := Hj).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
(let (si', om') :=
   transition li (s (dexist j Hj), om) in
 (state_update (sub_IM IM equivocators) s
    (dexist j Hj) si', om')) = (s', om')
→ (let (si', om') :=
     transition li (s (dexist j Hj), om) in
   (state_update IM
      (lift_sub_state_to IM equivocators base_s s) j
      si', om')) =
  (lift_sub_state_to IM equivocators base_s s', om')
  destruct (transition _ _) as (si', _om').message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
(state_update (sub_IM IM equivocators) s (dexist j Hj)
   si', _om') = (s', om')
→ (state_update IM
     (lift_sub_state_to IM equivocators base_s s) j
     si', _om') =
  (lift_sub_state_to IM equivocators base_s s', om')
  inversion_clear 1.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
(state_update IM
   (lift_sub_state_to IM equivocators base_s s) j si',
 om') =
(lift_sub_state_to IM equivocators base_s
   (state_update (sub_IM IM equivocators) s
      (dexist j Hj) si'), om')
  f_equal; extensionality i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
i: index
state_update IM
  (lift_sub_state_to IM equivocators base_s s) j si' i =
lift_sub_state_to IM equivocators base_s
  (state_update (sub_IM IM equivocators) s
     (dexist j Hj) si') i
  destruct (decide (i = j)); subst; state_update_simpl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
si' =
lift_sub_state_to IM equivocators base_s
  (state_update (sub_IM IM equivocators) s
     (dexist j Hj) si') j
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
i: index
n: i ≠ j
lift_sub_state_to IM equivocators base_s s i =
lift_sub_state_to IM equivocators base_s
  (state_update (sub_IM IM equivocators) s
     (dexist j Hj) si') i
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
si' =
lift_sub_state_to IM equivocators base_s
  (state_update (sub_IM IM equivocators) s
     (dexist j Hj) si') j by rewrite lift_sub_state_to_eq with (Hi := Hj); state_update_simpl.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
i: index
n: i ≠ j
lift_sub_state_to IM equivocators base_s s i =
lift_sub_state_to IM equivocators base_s
  (state_update (sub_IM IM equivocators) s
     (dexist j Hj) si') i destruct (decide (i ∈ equivocators)).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
i: index
n: i ≠ j
e: i ∈ equivocators
lift_sub_state_to IM equivocators base_s s i =
lift_sub_state_to IM equivocators base_s
  (state_update (sub_IM IM equivocators) s
     (dexist j Hj) si') i
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
i: index
n: i ≠ j
n0: i ∉ equivocators
lift_sub_state_to IM equivocators base_s s i =
lift_sub_state_to IM equivocators base_s
  (state_update (sub_IM IM equivocators) s
     (dexist j Hj) si') i
    +message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
i: index
n: i ≠ j
e: i ∈ equivocators
lift_sub_state_to IM equivocators base_s s i =
lift_sub_state_to IM equivocators base_s
  (state_update (sub_IM IM equivocators) s
     (dexist j Hj) si') i by rewrite !lift_sub_state_to_eq with (Hi := e); state_update_simpl.
    +message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
j: index
Hj: sub_index_prop equivocators j
li: label (sub_IM IM equivocators (dexist j Hj))
s: composite_state (sub_IM IM equivocators)
om: option message
s': composite_state (sub_IM IM equivocators)
om': option message
si': state (sub_IM IM equivocators (dexist j Hj))
_om': option message
i: index
n: i ≠ j
n0: i ∉ equivocators
lift_sub_state_to IM equivocators base_s s i =
lift_sub_state_to IM equivocators base_s
  (state_update (sub_IM IM equivocators) s
     (dexist j Hj) si') i by state_update_simpl.
Qed.

Given any valid state for the composition of all components and a valid trace for the composition of just the equivocators, the trace obtained by completing the state-components from the trace with the components from the given valid state is a valid trace for the composition of all components.

Lemma PreSubFree_PreFree_weak_embedding :
  VLSM_weak_embedding PreSubFree PreFree
    (lift_sub_label IM equivocators) (lift_sub_state_to IM equivocators base_s).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
VLSM_weak_embedding PreSubFree PreFree
  (lift_sub_label IM equivocators)
  (lift_sub_state_to IM equivocators base_s)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
VLSM_weak_embedding PreSubFree PreFree
  (lift_sub_label IM equivocators)
  (lift_sub_state_to IM equivocators base_s)
  apply basic_VLSM_weak_embedding.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
weak_embedding_valid_preservation PreSubFree PreFree
  (lift_sub_label IM equivocators)
  (lift_sub_state_to IM equivocators base_s)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
weak_embedding_transition_preservation PreSubFree
  PreFree (lift_sub_label IM equivocators)
  (lift_sub_state_to IM equivocators base_s)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
weak_projection_initial_state_preservation PreSubFree
  PreFree (lift_sub_state_to IM equivocators base_s)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
weak_embedding_initial_message_preservation PreSubFree
  PreFree (lift_sub_state_to IM equivocators base_s)
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
weak_embedding_valid_preservation PreSubFree PreFree
  (lift_sub_label IM equivocators)
  (lift_sub_state_to IM equivocators base_s) by red; intros; by apply lift_sub_to_valid, Hv.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
weak_embedding_transition_preservation PreSubFree
  PreFree (lift_sub_label IM equivocators)
  (lift_sub_state_to IM equivocators base_s) intros l s om s' om' Hv.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
l: label PreSubFree
s: state PreSubFree
om: option message
s': state PreSubFree
om': option message
Hv: input_valid_transition PreSubFree l (
  s, om) (s', om')
transition (lift_sub_label IM equivocators l)
  (lift_sub_state_to IM equivocators base_s s, om) =
(lift_sub_state_to IM equivocators base_s s', om')
    by apply lift_sub_to_transition, Hv.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
weak_projection_initial_state_preservation PreSubFree
  PreFree (lift_sub_state_to IM equivocators base_s) by apply preloaded_lift_sub_state_to_initial_state.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
weak_embedding_initial_message_preservation PreSubFree
  PreFree (lift_sub_state_to IM equivocators base_s) by intro; intros; apply any_message_is_valid_in_preloaded.
Qed.

If the composition constraint only depends on the projection sub-state, then valid traces of the pre_induced_sub_projection can be lifted to valid traces of the constrained composition.

Lemma induced_sub_projection_lift
  (constraint : composite_label IM -> composite_state IM * option message -> Prop)
  (Hconstraint_consistency :
    forall s1 s2,
      composite_state_sub_projection IM equivocators s1
        =
      composite_state_sub_projection IM equivocators s2 ->
        forall l om, constraint l (s1, om) -> constraint l (s2, om))
   : VLSM_embedding
    (pre_induced_sub_projection IM equivocators constraint)
    (composite_vlsm IM constraint)
    (lift_sub_label IM equivocators)
    (lift_sub_state IM equivocators).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
VLSM_embedding
  (pre_induced_sub_projection IM equivocators
     constraint) (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
VLSM_embedding
  (pre_induced_sub_projection IM equivocators
     constraint) (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
  apply basic_VLSM_embedding.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
weak_embedding_valid_preservation
  (pre_induced_sub_projection IM equivocators
     constraint) (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
weak_embedding_transition_preservation
  (pre_induced_sub_projection IM equivocators
     constraint) (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
strong_projection_initial_state_preservation
  (pre_induced_sub_projection IM equivocators
     constraint) (composite_vlsm IM constraint)
  (lift_sub_state IM equivocators)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
weak_embedding_initial_message_preservation
  (pre_induced_sub_projection IM equivocators
     constraint) (composite_vlsm IM constraint)
  (lift_sub_state IM equivocators)
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
weak_embedding_valid_preservation
  (pre_induced_sub_projection IM equivocators
     constraint) (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators) intros l s om (_ & _ & (i, li) & sX & [Heql [=] (HsX & Hom & Hv & Hc)]) _ _.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
l: label
  (pre_induced_sub_projection IM equivocators
     constraint)
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
i: index
li: label (IM i)
sX: state (composite_vlsm IM constraint)
Heql: composite_label_sub_projection_option IM
  equivocators (existT i li) = 
Some l
H0: composite_state_sub_projection IM equivocators sX =
s
HsX: valid_state_prop (composite_vlsm IM constraint)
  sX
Hom: option_valid_message_prop
  (composite_vlsm IM constraint) (
  s, om).2
Hv: valid (existT i li) (sX, (s, om).2)
Hc: constraint (existT i li) (sX, (s, om).2)
valid (lift_sub_label IM equivocators l)
  (lift_sub_state IM equivocators s, om)
    unfold composite_label_sub_projection_option in Heql; cbn in Heql.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
l: label
  (pre_induced_sub_projection IM equivocators
     constraint)
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
i: index
li: label (IM i)
sX: state (composite_vlsm IM constraint)
Heql: match decide (i ∈ equivocators) with
| left i_in =>
    Some
      (composite_label_sub_projection IM
         equivocators (existT i li) i_in)
| right _ => None
end = Some l
H0: composite_state_sub_projection IM equivocators sX =
s
HsX: valid_state_prop (composite_vlsm IM constraint)
  sX
Hom: option_valid_message_prop
  (composite_vlsm IM constraint) (
  s, om).2
Hv: valid (existT i li) (sX, (s, om).2)
Hc: constraint (existT i li) (sX, (s, om).2)
valid (lift_sub_label IM equivocators l)
  (lift_sub_state IM equivocators s, om)
    case_decide as Hi; [| by congruence].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
l: label
  (pre_induced_sub_projection IM equivocators
     constraint)
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
i: index
li: label (IM i)
sX: state (composite_vlsm IM constraint)
Hi: i ∈ equivocators
Heql: Some
  (composite_label_sub_projection IM
     equivocators (existT i li) Hi) = 
Some l
H0: composite_state_sub_projection IM equivocators sX =
s
HsX: valid_state_prop (composite_vlsm IM constraint)
  sX
Hom: option_valid_message_prop
  (composite_vlsm IM constraint) (
  s, om).2
Hv: valid (existT i li) (sX, (s, om).2)
Hc: constraint (existT i li) (sX, (s, om).2)
valid (lift_sub_label IM equivocators l)
  (lift_sub_state IM equivocators s, om)
    apply Some_inj in Heql; subst l; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
i: index
li: label (IM i)
sX: state (composite_vlsm IM constraint)
Hi: i ∈ equivocators
H0: composite_state_sub_projection IM equivocators sX =
s
HsX: valid_state_prop (composite_vlsm IM constraint)
  sX
Hom: option_valid_message_prop
  (composite_vlsm IM constraint) (
  s, om).2
Hv: valid (existT i li) (sX, (s, om).2)
Hc: constraint (existT i li) (sX, (s, om).2)
valid li (lift_sub_state IM equivocators s i, om)
∧ constraint
    (lift_sub_label IM equivocators
       (composite_label_sub_projection IM equivocators
          (existT i li) Hi))
    (lift_sub_state IM equivocators s, om)
    unfold lift_sub_state; cbn;
    rewrite (lift_sub_state_to_eq _ _ _ _ _ Hi); subst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
om: option message
i: index
li: label (IM i)
sX: state (composite_vlsm IM constraint)
Hi: i ∈ equivocators
HsX: valid_state_prop (composite_vlsm IM constraint)
  sX
Hc: constraint (existT i li)
  (sX,
   (composite_state_sub_projection IM
      equivocators sX, om).2)
Hv: valid (existT i li)
  (sX,
   (composite_state_sub_projection IM
      equivocators sX, om).2)
Hom: option_valid_message_prop
  (composite_vlsm IM constraint)
  (composite_state_sub_projection IM
     equivocators sX, om).2
valid li
  (composite_state_sub_projection IM equivocators sX
     (dexist i Hi), om)
∧ constraint
    (lift_sub_label IM equivocators
       (composite_label_sub_projection IM equivocators
          (existT i li) Hi))
    (lift_sub_state_to IM equivocators
       (λ n : index, `(vs0 (IM n)))
       (composite_state_sub_projection IM equivocators
          sX), om)
    split; [done |].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
om: option message
i: index
li: label (IM i)
sX: state (composite_vlsm IM constraint)
Hi: i ∈ equivocators
HsX: valid_state_prop (composite_vlsm IM constraint)
  sX
Hc: constraint (existT i li)
  (sX,
   (composite_state_sub_projection IM
      equivocators sX, om).2)
Hv: valid (existT i li)
  (sX,
   (composite_state_sub_projection IM
      equivocators sX, om).2)
Hom: option_valid_message_prop
  (composite_vlsm IM constraint)
  (composite_state_sub_projection IM
     equivocators sX, om).2
constraint
  (lift_sub_label IM equivocators
     (composite_label_sub_projection IM equivocators
        (existT i li) Hi))
  (lift_sub_state_to IM equivocators
     (λ n : index, `(vs0 (IM n)))
     (composite_state_sub_projection IM equivocators
        sX), om)
    eapply Hconstraint_consistency; [| done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
om: option message
i: index
li: label (IM i)
sX: state (composite_vlsm IM constraint)
Hi: i ∈ equivocators
HsX: valid_state_prop (composite_vlsm IM constraint)
  sX
Hc: constraint (existT i li)
  (sX,
   (composite_state_sub_projection IM
      equivocators sX, om).2)
Hv: valid (existT i li)
  (sX,
   (composite_state_sub_projection IM
      equivocators sX, om).2)
Hom: option_valid_message_prop
  (composite_vlsm IM constraint)
  (composite_state_sub_projection IM
     equivocators sX, om).2
composite_state_sub_projection IM equivocators sX =
composite_state_sub_projection IM equivocators
  (lift_sub_state_to IM equivocators
     (λ n : index, `(vs0 (IM n)))
     (composite_state_sub_projection IM equivocators
        sX))
    by symmetry; apply composite_state_sub_projection_lift_to.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
weak_embedding_transition_preservation
  (pre_induced_sub_projection IM equivocators
     constraint) (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators) intros l s om s' om' [_ Ht]; revert Ht; cbn
    ; destruct (transition _ _ _) as [si' _om']
    ; inversion_clear 1.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
l: label
  (pre_induced_sub_projection IM equivocators
     constraint)
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 l)))
_om': option message
(state_update IM (lift_sub_state IM equivocators s)
   (`(projT1 l)) si', om') =
(lift_sub_state IM equivocators
   (composite_state_sub_projection IM equivocators
      (state_update IM
         (lift_sub_state IM equivocators s)
         (`(projT1 l)) si')), om')
    f_equal; extensionality i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
l: label
  (pre_induced_sub_projection IM equivocators
     constraint)
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 l)))
_om': option message
i: index
state_update IM (lift_sub_state IM equivocators s)
  (`(projT1 l)) si' i =
lift_sub_state IM equivocators
  (composite_state_sub_projection IM equivocators
     (state_update IM
        (lift_sub_state IM equivocators s)
        (`(projT1 l)) si')) i
    destruct l as [sub_j lj]
    ; destruct_dec_sig sub_j j Hj Heqsub_j; subst; cbn
    ; destruct (decide (i = j)); subst.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
state_update IM (lift_sub_state IM equivocators s) j
  si' j =
lift_sub_state IM equivocators
  (composite_state_sub_projection IM equivocators
     (state_update IM
        (lift_sub_state IM equivocators s) j si')) j
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
i: index
n: i ≠ j
state_update IM (lift_sub_state IM equivocators s) j
  si' i =
lift_sub_state IM equivocators
  (composite_state_sub_projection IM equivocators
     (state_update IM
        (lift_sub_state IM equivocators s) j si')) i
    +message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
state_update IM (lift_sub_state IM equivocators s) j
  si' j =
lift_sub_state IM equivocators
  (composite_state_sub_projection IM equivocators
     (state_update IM
        (lift_sub_state IM equivocators s) j si')) j unfold lift_sub_state, composite_state_sub_projection; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
state_update IM
  (lift_sub_state_to IM equivocators
     (λ n : index, `(vs0 (IM n))) s) j si' j =
lift_sub_state_to IM equivocators
  (λ n : index, `(vs0 (IM n)))
  (λ subi : sub_index equivocators,
     state_update IM
       (lift_sub_state_to IM equivocators
          (λ n : index, `(vs0 (IM n))) s) j si'
       (`subi)) j
      by rewrite state_update_eq, lift_sub_state_to_eq with (Hi := Hj), state_update_eq.
    +message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
i: index
n: i ≠ j
state_update IM (lift_sub_state IM equivocators s) j
  si' i =
lift_sub_state IM equivocators
  (composite_state_sub_projection IM equivocators
     (state_update IM
        (lift_sub_state IM equivocators s) j si')) i state_update_simpl.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
i: index
n: i ≠ j
lift_sub_state IM equivocators s i =
lift_sub_state IM equivocators
  (composite_state_sub_projection IM equivocators
     (state_update IM
        (lift_sub_state IM equivocators s) j si')) i
      destruct (decide (i ∈ equivocators)).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
i: index
n: i ≠ j
e: i ∈ equivocators
lift_sub_state IM equivocators s i =
lift_sub_state IM equivocators
  (composite_state_sub_projection IM equivocators
     (state_update IM
        (lift_sub_state IM equivocators s) j si')) i
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
i: index
n: i ≠ j
n0: i ∉ equivocators
lift_sub_state IM equivocators s i =
lift_sub_state IM equivocators
  (composite_state_sub_projection IM equivocators
     (state_update IM
        (lift_sub_state IM equivocators s) j si')) i
      *message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
i: index
n: i ≠ j
e: i ∈ equivocators
lift_sub_state IM equivocators s i =
lift_sub_state IM equivocators
  (composite_state_sub_projection IM equivocators
     (state_update IM
        (lift_sub_state IM equivocators s) j si')) i unfold lift_sub_state, composite_state_sub_projection; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
i: index
n: i ≠ j
e: i ∈ equivocators
lift_sub_state_to IM equivocators
  (λ n : index, `(vs0 (IM n))) s i =
lift_sub_state_to IM equivocators
  (λ n : index, `(vs0 (IM n)))
  (λ subi : sub_index equivocators,
     state_update IM
       (lift_sub_state_to IM equivocators
          (λ n : index, `(vs0 (IM n))) s) j si'
       (`subi)) i
        by rewrite !lift_sub_state_to_eq with (Hi := e), state_update_neq,
          lift_sub_state_to_eq with (Hi := e).
      *message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
j: index
Hj: sub_index_prop equivocators j
lj: label (sub_IM IM equivocators (dexist j Hj))
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM equivocators
     constraint)
om': option message
si': state (IM (`(projT1 (existT (dexist j Hj) lj))))
_om': option message
i: index
n: i ≠ j
n0: i ∉ equivocators
lift_sub_state IM equivocators s i =
lift_sub_state IM equivocators
  (composite_state_sub_projection IM equivocators
     (state_update IM
        (lift_sub_state IM equivocators s) j si')) i by unfold lift_sub_state, lift_sub_state_to; case_decide.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
strong_projection_initial_state_preservation
  (pre_induced_sub_projection IM equivocators
     constraint) (composite_vlsm IM constraint)
  (lift_sub_state IM equivocators) intros s Hs.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
Hs: initial_state_prop s
initial_state_prop (lift_sub_state IM equivocators s)
    apply (lift_sub_state_initial IM).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
s: state
  (pre_induced_sub_projection IM equivocators
     constraint)
Hs: initial_state_prop s
composite_initial_state_prop (sub_IM IM equivocators)
  s
    destruct Hs as (sX & <- & HsX).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
sX: state (composite_vlsm IM constraint)
HsX: initial_state_prop sX
composite_initial_state_prop (sub_IM IM equivocators)
  (composite_state_sub_projection IM equivocators sX)
    by intro sub_i; destruct_dec_sig sub_i i Hi Heqsub_i; subst; apply HsX.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hconstraint_consistency: ∀ s1 s2 : composite_state IM,
  composite_state_sub_projection
    IM equivocators s1 =
  composite_state_sub_projection
    IM equivocators s2
  → ∀ (l : composite_label
             IM) (om : 
                  option
                    message),
      constraint l (s1, om)
      → constraint l
          (s2, om)
weak_embedding_initial_message_preservation
  (pre_induced_sub_projection IM equivocators
     constraint) (composite_vlsm IM constraint)
  (lift_sub_state IM equivocators) by intros _ ? m (_ & _ & _ & _ & [_ _ (_ & HmX & _)]).
Qed.

A specialization of basic_projection_induces_friendliness for pre_induced_sub_projections.

Lemma induced_sub_projection_friendliness
  (constraint : composite_label IM -> composite_state IM * option message -> Prop)
  (Hlift_proj : VLSM_embedding
    (pre_induced_sub_projection IM equivocators constraint)
    (composite_vlsm IM constraint)
    (lift_sub_label IM equivocators)
    (lift_sub_state IM equivocators))
  : projection_friendly_prop (induced_sub_projection_is_projection IM equivocators constraint).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hlift_proj: VLSM_embedding
  (pre_induced_sub_projection IM
     equivocators constraint)
  (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
projection_friendly_prop
  (induced_sub_projection_is_projection IM
     equivocators constraint)
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hlift_proj: VLSM_embedding
  (pre_induced_sub_projection IM
     equivocators constraint)
  (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
projection_friendly_prop
  (induced_sub_projection_is_projection IM
     equivocators constraint)
  unshelve eapply basic_projection_induces_friendliness; [| | | | done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hlift_proj: VLSM_embedding
  (pre_induced_sub_projection IM
     equivocators constraint)
  (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
induced_validator_label_lift_prop
  (composite_label_sub_projection_option IM
     equivocators) (lift_sub_label IM equivocators)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hlift_proj: VLSM_embedding
  (pre_induced_sub_projection IM
     equivocators constraint)
  (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
induced_validator_state_lift_prop
  (composite_state_sub_projection IM equivocators)
  (lift_sub_state IM equivocators)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hlift_proj: VLSM_embedding
  (pre_induced_sub_projection IM
     equivocators constraint)
  (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
induced_validator_transition_consistency_Some
  (composite_vlsm IM constraint)
  (composite_type (sub_IM IM equivocators))
  (composite_label_sub_projection_option IM
     equivocators)
  (composite_state_sub_projection IM equivocators)
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hlift_proj: VLSM_embedding
  (pre_induced_sub_projection IM
     equivocators constraint)
  (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
weak_projection_transition_consistency_None
  (composite_vlsm IM constraint)
  (composite_type (sub_IM IM equivocators))
  (composite_label_sub_projection_option IM
     equivocators)
  (composite_state_sub_projection IM equivocators)
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hlift_proj: VLSM_embedding
  (pre_induced_sub_projection IM
     equivocators constraint)
  (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
induced_validator_label_lift_prop
  (composite_label_sub_projection_option IM
     equivocators) (lift_sub_label IM equivocators) by apply composite_label_sub_projection_option_lift.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hlift_proj: VLSM_embedding
  (pre_induced_sub_projection IM
     equivocators constraint)
  (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
induced_validator_state_lift_prop
  (composite_state_sub_projection IM equivocators)
  (lift_sub_state IM equivocators) by apply composite_state_sub_projection_lift.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hlift_proj: VLSM_embedding
  (pre_induced_sub_projection IM
     equivocators constraint)
  (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
induced_validator_transition_consistency_Some
  (composite_vlsm IM constraint)
  (composite_type (sub_IM IM equivocators))
  (composite_label_sub_projection_option IM
     equivocators)
  (composite_state_sub_projection IM equivocators) by apply induced_sub_projection_transition_consistency_Some.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
equivocators: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM equivocators): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
base_s: composite_state IM
Hbase_s: constrained_state_prop Free base_s
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
Hlift_proj: VLSM_embedding
  (pre_induced_sub_projection IM
     equivocators constraint)
  (composite_vlsm IM constraint)
  (lift_sub_label IM equivocators)
  (lift_sub_state IM equivocators)
weak_projection_transition_consistency_None
  (composite_vlsm IM constraint)
  (composite_type (sub_IM IM equivocators))
  (composite_label_sub_projection_option IM
     equivocators)
  (composite_state_sub_projection IM equivocators) by apply induced_sub_projection_transition_consistency_None.
Qed.

End sec_lift_sub_state_to_preloaded.

Section sec_sub_composition_incl.

Context
  {message : Type}
  `{EqDecision index}
  (IM : index -> VLSM message)
  (indices1 indices2 : list index)
  (Hincl : indices1 ⊆ indices2)
  (sub_index1_prop_dec :
    forall i, Decision (sub_index_prop indices1 i) := fun i => sub_index_prop_dec indices1 i)
  .

Definition lift_sub_incl_state
  (s : composite_state (sub_IM IM indices1))
  : composite_state (sub_IM IM indices2)
  := fun sub_i2 =>
    let i := proj1_sig sub_i2 in
    match @decide  (sub_index_prop indices1 i) (sub_index1_prop_dec i) with
    | left e =>  s (dexist i e)
    | _ => proj1_sig (vs0 (IM i))
    end.

Lemma lift_sub_incl_state_initial
  (s : composite_state (sub_IM IM indices1))
  (Hs : composite_initial_state_prop (sub_IM IM indices1) s)
  : composite_initial_state_prop (sub_IM IM indices2) (lift_sub_incl_state s).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
s: composite_state (sub_IM IM indices1)
Hs: composite_initial_state_prop 
  (sub_IM IM indices1) s
composite_initial_state_prop (sub_IM IM indices2)
  (lift_sub_incl_state s)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
s: composite_state (sub_IM IM indices1)
Hs: composite_initial_state_prop 
  (sub_IM IM indices1) s
composite_initial_state_prop (sub_IM IM indices2)
  (lift_sub_incl_state s)
  intros [i Hi].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
s: composite_state (sub_IM IM indices1)
Hs: composite_initial_state_prop 
  (sub_IM IM indices1) s
i: index
Hi: bool_decide (sub_index_prop indices2 i)
initial_state_prop (lift_sub_incl_state s (i ↾ Hi))
  unfold lift_sub_incl_state.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
s: composite_state (sub_IM IM indices1)
Hs: composite_initial_state_prop 
  (sub_IM IM indices1) s
i: index
Hi: bool_decide (sub_index_prop indices2 i)
initial_state_prop
  match
    decide (sub_index_prop indices1 (`(i ↾ Hi)))
  with
  | left e => s (dexist (`(i ↾ Hi)) e)
  | right _ => `(vs0 (IM (`(i ↾ Hi))))
  end
  case_decide.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
s: composite_state (sub_IM IM indices1)
Hs: composite_initial_state_prop 
  (sub_IM IM indices1) s
i: index
Hi: bool_decide (sub_index_prop indices2 i)
H: sub_index_prop indices1 (`(i ↾ Hi))
initial_state_prop (s (dexist (`(i ↾ Hi)) H))
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
s: composite_state (sub_IM IM indices1)
Hs: composite_initial_state_prop 
  (sub_IM IM indices1) s
i: index
Hi: bool_decide (sub_index_prop indices2 i)
H: ¬ sub_index_prop indices1 (`(i ↾ Hi))
initial_state_prop (`(vs0 (IM (`(i ↾ Hi)))))
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
s: composite_state (sub_IM IM indices1)
Hs: composite_initial_state_prop 
  (sub_IM IM indices1) s
i: index
Hi: bool_decide (sub_index_prop indices2 i)
H: sub_index_prop indices1 (`(i ↾ Hi))
initial_state_prop (s (dexist (`(i ↾ Hi)) H)) by apply (Hs (dexist i H)).
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
s: composite_state (sub_IM IM indices1)
Hs: composite_initial_state_prop 
  (sub_IM IM indices1) s
i: index
Hi: bool_decide (sub_index_prop indices2 i)
H: ¬ sub_index_prop indices1 (`(i ↾ Hi))
initial_state_prop (`(vs0 (IM (`(i ↾ Hi))))) by destruct (vs0 _).
Qed.

Lemma lift_sub_incl_message_initial
  (m : message)
  (Hm : composite_initial_message_prop (sub_IM IM indices1) m)
  : composite_initial_message_prop (sub_IM IM indices2) m.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
m: message
Hm: composite_initial_message_prop
  (sub_IM IM indices1) m
composite_initial_message_prop (sub_IM IM indices2) m
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
m: message
Hm: composite_initial_message_prop
  (sub_IM IM indices1) m
composite_initial_message_prop (sub_IM IM indices2) m
  destruct Hm as [[i Hi] Hm].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
m: message
i: index
Hi: bool_decide (sub_index_prop indices1 i)
Hm: ∃ mi : initial_message
         (sub_IM IM indices1 (i ↾ Hi)), 
  `mi = m
composite_initial_message_prop (sub_IM IM indices2) m
  unfold sub_IM in Hm.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
m: message
i: index
Hi: bool_decide (sub_index_prop indices1 i)
Hm: ∃ mi : initial_message (IM (`(i ↾ Hi))), `mi = m
composite_initial_message_prop (sub_IM IM indices2) m simpl in Hm.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
m: message
i: index
Hi: bool_decide (sub_index_prop indices1 i)
Hm: ∃ mi : initial_message (IM i), `mi = m
composite_initial_message_prop (sub_IM IM indices2) m
  apply bool_decide_spec, Hincl in Hi.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
m: message
i: index
Hi: i ∈ indices2
Hm: ∃ mi : initial_message (IM i), `mi = m
composite_initial_message_prop (sub_IM IM indices2) m
  by exists (dexist i Hi).
Qed.

Definition lift_sub_incl_label
  (l : composite_label (sub_IM IM indices1))
  : composite_label (sub_IM IM indices2)
  :=
  let sub1_i := projT1 l in
  let i := proj1_sig sub1_i in
  let H1i := proj2_dsig sub1_i in
  let H2i := Hincl _ H1i in
  existT (dexist i H2i) (projT2 l).

Lemma lift_sub_incl_valid l s om
  (Hv : composite_valid (sub_IM IM indices1) l (s, om))
  : composite_valid (sub_IM IM indices2) (lift_sub_incl_label l) (lift_sub_incl_state s, om).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
l: composite_label (sub_IM IM indices1)
s: composite_state (sub_IM IM indices1)
om: option message
Hv: composite_valid (sub_IM IM indices1) l (s, om)
composite_valid (sub_IM IM indices2)
  (lift_sub_incl_label l) (lift_sub_incl_state s, om)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
l: composite_label (sub_IM IM indices1)
s: composite_state (sub_IM IM indices1)
om: option message
Hv: composite_valid (sub_IM IM indices1) l (s, om)
composite_valid (sub_IM IM indices2)
  (lift_sub_incl_label l) (lift_sub_incl_state s, om)
  revert Hv.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
l: composite_label (sub_IM IM indices1)
s: composite_state (sub_IM IM indices1)
om: option message
composite_valid (sub_IM IM indices1) l (s, om)
→ composite_valid (sub_IM IM indices2)
    (lift_sub_incl_label l)
    (lift_sub_incl_state s, om)
  destruct l as (sub1_i, li); destruct_dec_sig sub1_i i Hi Heqsub1_i; subst; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
i: index
Hi: sub_index_prop indices1 i
li: label (sub_IM IM indices1 (dexist i Hi))
s: composite_state (sub_IM IM indices1)
om: option message
valid li (s (dexist i Hi), om)
→ valid li
    (lift_sub_incl_state s
       (dexist i (Hincl i (proj2_dsig (dexist i Hi)))),
     om)
  unfold lift_sub_incl_state; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
i: index
Hi: sub_index_prop indices1 i
li: label (sub_IM IM indices1 (dexist i Hi))
s: composite_state (sub_IM IM indices1)
om: option message
valid li (s (dexist i Hi), om)
→ valid li
    (match decide (sub_index_prop indices1 i) with
     | left e => s (dexist i e)
     | right _ => `(vs0 (IM i))
     end, om)
  unfold sub_IM in li; simpl in li.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
i: index
Hi: sub_index_prop indices1 i
li: label (IM i)
s: composite_state (sub_IM IM indices1)
om: option message
valid li (s (dexist i Hi), om)
→ valid li
    (match decide (sub_index_prop indices1 i) with
     | left e => s (dexist i e)
     | right _ => `(vs0 (IM i))
     end, om)
  destruct (decide (sub_index_prop indices1 i)) as [H_i |]
  ; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
i: index
Hi: sub_index_prop indices1 i
li: label (IM i)
s: composite_state (sub_IM IM indices1)
om: option message
H_i: sub_index_prop indices1 i
valid li (s (dexist i Hi), om)
→ valid li (s (dexist i H_i), om)
  by rewrite (sub_IM_state_pi s H_i Hi).
Qed.

Lemma lift_sub_incl_transition l s om s' om'
  (Ht : composite_transition (sub_IM IM indices1) l (s, om) = (s', om'))
  : composite_transition (sub_IM IM indices2)
    (lift_sub_incl_label l) (lift_sub_incl_state s, om) = (lift_sub_incl_state s', om').message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
l: composite_label (sub_IM IM indices1)
s: composite_state (sub_IM IM indices1)
om: option message
s': composite_state (sub_IM IM indices1)
om': option message
Ht: composite_transition (sub_IM IM indices1) l
  (s, om) = (s', om')
composite_transition (sub_IM IM indices2)
  (lift_sub_incl_label l) (lift_sub_incl_state s, om) =
(lift_sub_incl_state s', om')
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
l: composite_label (sub_IM IM indices1)
s: composite_state (sub_IM IM indices1)
om: option message
s': composite_state (sub_IM IM indices1)
om': option message
Ht: composite_transition (sub_IM IM indices1) l
  (s, om) = (s', om')
composite_transition (sub_IM IM indices2)
  (lift_sub_incl_label l) (lift_sub_incl_state s, om) =
(lift_sub_incl_state s', om')
  revert Ht.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
l: composite_label (sub_IM IM indices1)
s: composite_state (sub_IM IM indices1)
om: option message
s': composite_state (sub_IM IM indices1)
om': option message
composite_transition (sub_IM IM indices1) l (s, om) =
(s', om')
→ composite_transition (sub_IM IM indices2)
    (lift_sub_incl_label l)
    (lift_sub_incl_state s, om) =
  (lift_sub_incl_state s', om')
  destruct l as (sub1_i, li); destruct_dec_sig sub1_i i Hi Heqsub1_i; subst
  ; cbn; unfold lift_sub_incl_state at 1
  ; cbn; unfold sub_IM in li; simpl in li.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
i: index
Hi: sub_index_prop indices1 i
li: label (IM i)
s: composite_state (sub_IM IM indices1)
om: option message
s': composite_state (sub_IM IM indices1)
om': option message
(let (si', om') :=
   transition li (s (dexist i Hi), om) in
 (state_update (sub_IM IM indices1) s (dexist i Hi)
    si', om')) = (s', om')
→ (let (si', om') :=
     transition li
       (match decide (sub_index_prop indices1 i) with
        | left e => s (dexist i e)
        | right _ => `(vs0 (IM i))
        end, om) in
   (state_update (sub_IM IM indices2)
      (lift_sub_incl_state s)
      (dexist i (Hincl i (proj2_dsig (dexist i Hi))))
      si', om')) = (lift_sub_incl_state s', om')
  destruct (decide (sub_index_prop indices1 i)) as [H_i |]
  ; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
i: index
Hi: sub_index_prop indices1 i
li: label (IM i)
s: composite_state (sub_IM IM indices1)
om: option message
s': composite_state (sub_IM IM indices1)
om': option message
H_i: sub_index_prop indices1 i
(let (si', om') :=
   transition li (s (dexist i Hi), om) in
 (state_update (sub_IM IM indices1) s (dexist i Hi)
    si', om')) = (s', om')
→ (let (si', om') :=
     transition li (s (dexist i H_i), om) in
   (state_update (sub_IM IM indices2)
      (lift_sub_incl_state s)
      (dexist i (Hincl i (proj2_dsig (dexist i Hi))))
      si', om')) = (lift_sub_incl_state s', om')
  rewrite (sub_IM_state_pi s H_i Hi).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
i: index
Hi: sub_index_prop indices1 i
li: label (IM i)
s: composite_state (sub_IM IM indices1)
om: option message
s': composite_state (sub_IM IM indices1)
om': option message
H_i: sub_index_prop indices1 i
(let (si', om') :=
   transition li (s (dexist i Hi), om) in
 (state_update (sub_IM IM indices1) s (dexist i Hi)
    si', om')) = (s', om')
→ (let (si', om') :=
     transition li (s (dexist i Hi), om) in
   (state_update (sub_IM IM indices2)
      (lift_sub_incl_state s)
      (dexist i (Hincl i (proj2_dsig (dexist i Hi))))
      si', om')) = (lift_sub_incl_state s', om')
  destruct (transition _ _) as (si', _om'); inversion_clear 1; f_equal.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
i: index
Hi: sub_index_prop indices1 i
li: label (IM i)
s: composite_state (sub_IM IM indices1)
om: option message
s': composite_state (sub_IM IM indices1)
om': option message
H_i: sub_index_prop indices1 i
si': state (sub_IM IM indices1 (dexist i Hi))
_om': option message
state_update (sub_IM IM indices2)
  (lift_sub_incl_state s)
  (dexist i (Hincl i (proj2_dsig (dexist i Hi)))) si' =
lift_sub_incl_state
  (state_update (sub_IM IM indices1) s (dexist i Hi)
     si')
  extensionality sub2_j; destruct_dec_sig sub2_j j Hj Heqsub2_j; subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
i: index
Hi: sub_index_prop indices1 i
li: label (IM i)
s: composite_state (sub_IM IM indices1)
om: option message
s': composite_state (sub_IM IM indices1)
om': option message
H_i: sub_index_prop indices1 i
si': state (sub_IM IM indices1 (dexist i Hi))
_om': option message
j: index
Hj: sub_index_prop indices2 j
state_update (sub_IM IM indices2)
  (lift_sub_incl_state s)
  (dexist i (Hincl i (proj2_dsig (dexist i Hi)))) si'
  (dexist j Hj) =
lift_sub_incl_state
  (state_update (sub_IM IM indices1) s (dexist i Hi)
     si') (dexist j Hj)
  unfold lift_sub_incl_state.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
i: index
Hi: sub_index_prop indices1 i
li: label (IM i)
s: composite_state (sub_IM IM indices1)
om: option message
s': composite_state (sub_IM IM indices1)
om': option message
H_i: sub_index_prop indices1 i
si': state (sub_IM IM indices1 (dexist i Hi))
_om': option message
j: index
Hj: sub_index_prop indices2 j
state_update (sub_IM IM indices2)
  (λ sub_i2 : sub_index indices2,
     match
       decide (sub_index_prop indices1 (`sub_i2))
     with
     | left e => s (dexist (`sub_i2) e)
     | right _ => `(vs0 (IM (`sub_i2)))
     end)
  (dexist i (Hincl i (proj2_dsig (dexist i Hi)))) si'
  (dexist j Hj) =
match
  decide (sub_index_prop indices1 (`(dexist j Hj)))
with
| left e =>
    state_update (sub_IM IM indices1) s (dexist i Hi)
      si' (dexist (`(dexist j Hj)) e)
| right _ => `(vs0 (IM (`(dexist j Hj))))
end
  by destruct (decide (i = j)); subst; state_update_simpl; cbn; case_decide; state_update_simpl.
Qed.

Lemma lift_sub_incl_embedding :
  VLSM_embedding (free_composite_vlsm (sub_IM IM indices1)) (free_composite_vlsm (sub_IM IM indices2))
    lift_sub_incl_label lift_sub_incl_state.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
VLSM_embedding
  (free_composite_vlsm (sub_IM IM indices1))
  (free_composite_vlsm (sub_IM IM indices2))
  lift_sub_incl_label lift_sub_incl_state
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
VLSM_embedding
  (free_composite_vlsm (sub_IM IM indices1))
  (free_composite_vlsm (sub_IM IM indices2))
  lift_sub_incl_label lift_sub_incl_state
  apply basic_VLSM_strong_embedding; intro; intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
l: label (free_composite_vlsm (sub_IM IM indices1))
s: state (free_composite_vlsm (sub_IM IM indices1))
om: option message
H: valid l (s, om)
valid (lift_sub_incl_label l)
  (lift_sub_incl_state s, om)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
l: label (free_composite_vlsm (sub_IM IM indices1))
s: state (free_composite_vlsm (sub_IM IM indices1))
om: option message
s': state (free_composite_vlsm (sub_IM IM indices1))
om': option message
H: transition l (s, om) = (s', om')
transition (lift_sub_incl_label l)
  (lift_sub_incl_state s, om) =
(lift_sub_incl_state s', om')
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
s: state (free_composite_vlsm (sub_IM IM indices1))
H: initial_state_prop s
initial_state_prop (lift_sub_incl_state s)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
m: message
H: initial_message_prop m
initial_message_prop m
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
l: label (free_composite_vlsm (sub_IM IM indices1))
s: state (free_composite_vlsm (sub_IM IM indices1))
om: option message
H: valid l (s, om)
valid (lift_sub_incl_label l)
  (lift_sub_incl_state s, om) by apply lift_sub_incl_valid, H.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
l: label (free_composite_vlsm (sub_IM IM indices1))
s: state (free_composite_vlsm (sub_IM IM indices1))
om: option message
s': state (free_composite_vlsm (sub_IM IM indices1))
om': option message
H: transition l (s, om) = (s', om')
transition (lift_sub_incl_label l)
  (lift_sub_incl_state s, om) =
(lift_sub_incl_state s', om') by apply lift_sub_incl_transition.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
s: state (free_composite_vlsm (sub_IM IM indices1))
H: initial_state_prop s
initial_state_prop (lift_sub_incl_state s) by apply lift_sub_incl_state_initial.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
m: message
H: initial_message_prop m
initial_message_prop m by apply lift_sub_incl_message_initial.
Qed.

Lemma lift_sub_incl_preloaded_embedding
  (P Q : message -> Prop)
  (Hpq : forall m, P m -> Q m)
  : VLSM_embedding
      (preloaded_vlsm (free_composite_vlsm (sub_IM IM indices1)) P)
      (preloaded_vlsm (free_composite_vlsm (sub_IM IM indices2)) Q)
      lift_sub_incl_label lift_sub_incl_state.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
P, Q: message → Prop
Hpq: ∀ m : message, P m → Q m
VLSM_embedding
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices1)) P)
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices2)) Q)
  lift_sub_incl_label lift_sub_incl_state
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
P, Q: message → Prop
Hpq: ∀ m : message, P m → Q m
VLSM_embedding
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices1)) P)
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices2)) Q)
  lift_sub_incl_label lift_sub_incl_state
  apply basic_VLSM_embedding_preloaded_with; [done | ..]; intro; intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
P, Q: message → Prop
Hpq: ∀ m : message, P m → Q m
l: label (free_composite_vlsm (sub_IM IM indices1))
s: state (free_composite_vlsm (sub_IM IM indices1))
om: option message
H: valid l (s, om)
valid (lift_sub_incl_label l)
  (lift_sub_incl_state s, om)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
P, Q: message → Prop
Hpq: ∀ m : message, P m → Q m
l: label (free_composite_vlsm (sub_IM IM indices1))
s: state (free_composite_vlsm (sub_IM IM indices1))
om: option message
s': state (free_composite_vlsm (sub_IM IM indices1))
om': option message
H: transition l (s, om) = (s', om')
transition (lift_sub_incl_label l)
  (lift_sub_incl_state s, om) =
(lift_sub_incl_state s', om')
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
P, Q: message → Prop
Hpq: ∀ m : message, P m → Q m
s: state (free_composite_vlsm (sub_IM IM indices1))
H: initial_state_prop s
initial_state_prop (lift_sub_incl_state s)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
P, Q: message → Prop
Hpq: ∀ m : message, P m → Q m
m: message
H: initial_message_prop m
initial_message_prop m
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
P, Q: message → Prop
Hpq: ∀ m : message, P m → Q m
l: label (free_composite_vlsm (sub_IM IM indices1))
s: state (free_composite_vlsm (sub_IM IM indices1))
om: option message
H: valid l (s, om)
valid (lift_sub_incl_label l)
  (lift_sub_incl_state s, om) by apply lift_sub_incl_valid, H.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
P, Q: message → Prop
Hpq: ∀ m : message, P m → Q m
l: label (free_composite_vlsm (sub_IM IM indices1))
s: state (free_composite_vlsm (sub_IM IM indices1))
om: option message
s': state (free_composite_vlsm (sub_IM IM indices1))
om': option message
H: transition l (s, om) = (s', om')
transition (lift_sub_incl_label l)
  (lift_sub_incl_state s, om) =
(lift_sub_incl_state s', om') by apply lift_sub_incl_transition.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
P, Q: message → Prop
Hpq: ∀ m : message, P m → Q m
s: state (free_composite_vlsm (sub_IM IM indices1))
H: initial_state_prop s
initial_state_prop (lift_sub_incl_state s) by apply lift_sub_incl_state_initial.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices1, indices2: list index
Hincl: indices1 ⊆ indices2
sub_index1_prop_dec:= λ i : index,
  sub_index_prop_dec indices1 i: ∀ i : index,
  Decision
    (sub_index_prop indices1 i)
P, Q: message → Prop
Hpq: ∀ m : message, P m → Q m
m: message
H: initial_message_prop m
initial_message_prop m by apply lift_sub_incl_message_initial.
Qed.

End sec_sub_composition_incl.

Section sec_sub_composition_sender.

Context
  {message : Type}
  `{EqDecision index}
  (IM : index -> VLSM message)
  (indices : list index)
  (sub_index_prop_dec : forall i, Decision (sub_index_prop indices i) := sub_index_prop_dec indices)
  {validator : Type}
  (A : validator -> index)
  (sender : message -> option validator)
  (Hsender_safety : sender_safety_alt_prop IM A sender)
  .

If a sub-composition can_emit a message then its sender must be one of the components of the sub-composition.

Lemma sub_can_emit_sender (P : message -> Prop)
  : forall m v,
    sender m = Some v ->
    can_emit (preloaded_vlsm (free_composite_vlsm (sub_IM IM indices)) P)  m ->
    A v ∈ indices.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
P: message → Prop
∀ (m : message) (v : validator),
  sender m = Some v
  → can_emit
      (preloaded_vlsm
         (free_composite_vlsm (sub_IM IM indices)) P)
      m → A v ∈ indices
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
P: message → Prop
∀ (m : message) (v : validator),
  sender m = Some v
  → can_emit
      (preloaded_vlsm
         (free_composite_vlsm (sub_IM IM indices)) P)
      m → A v ∈ indices
  intros m v Hsender Hemit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
P: message → Prop
m: message
v: validator
Hsender: sender m = Some v
Hemit: can_emit
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices))
     P) m
A v ∈ indices
  specialize (Hsender_safety m v Hsender).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
Hemit: can_emit
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices))
     P) m
A v ∈ indices
  destruct Hemit as [[s om] [[sub_i li] [s' Ht]]].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
sub_i: sub_index indices
li: label (sub_IM IM indices sub_i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
Ht: input_valid_transition
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
  (existT sub_i li) (s, om) (
  s', Some m)
A v ∈ indices
  destruct_dec_sig sub_i i Hi Heqsub_i; subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (sub_IM IM indices (dexist i Hi))
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
Ht: input_valid_transition
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
  (existT (dexist i Hi) li) (
  s, om) (s', Some m)
A v ∈ indices
  unfold sub_IM, SubProjectionTraces.sub_IM in li; cbn in li.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
Ht: input_valid_transition
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
  (existT (dexist i Hi) li) (
  s, om) (s', Some m)
A v ∈ indices
  specialize (PreSubFree_PreFree_weak_embedding IM indices (proj1_sig (composite_s0 IM)))
    as Hproj.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
Ht: input_valid_transition
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
  (existT (dexist i Hi) li) (
  s, om) (s', Some m)
Hproj: constrained_state_prop
  (free_composite_vlsm IM)
  (`(composite_s0 IM))
→ VLSM_weak_embedding
    (preloaded_with_all_messages_vlsm
       (free_composite_vlsm
          (sub_IM IM indices)))
    (preloaded_with_all_messages_vlsm
       (free_composite_vlsm IM))
    (lift_sub_label IM indices)
    (lift_sub_state_to IM indices
       (`(composite_s0 IM)))
A v ∈ indices
  spec Hproj; [by apply initial_state_is_valid; destruct (composite_s0 IM) |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
Ht: input_valid_transition
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
  (existT (dexist i Hi) li) (
  s, om) (s', Some m)
Hproj: VLSM_weak_embedding
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices)
  (lift_sub_state_to IM indices
     (`(composite_s0 IM)))
A v ∈ indices
  apply (VLSM_incl_input_valid_transition
    (preloaded_vlsm_incl_preloaded_with_all_messages (free_composite_vlsm (sub_IM IM indices)) P))
     in Ht.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
Ht: input_valid_transition
  {|
    vlsm_type :=
      preloaded_vlsm
        (free_composite_vlsm (sub_IM IM indices))
        P;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (free_composite_vlsm (sub_IM IM indices))
  |} (existT (dexist i Hi) li) (
  s, om) (s', Some m)
Hproj: VLSM_weak_embedding
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices)
  (lift_sub_state_to IM indices
     (`(composite_s0 IM)))
A v ∈ indices
  apply (VLSM_weak_embedding_input_valid_transition Hproj) in Ht; clear Hproj.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices
     (existT (dexist i Hi) li))
  (lift_sub_state_to IM indices
     (`(composite_s0 IM)) s, om)
  (lift_sub_state_to IM indices
     (`(composite_s0 IM)) s', 
   Some m)
A v ∈ indices
  specialize (ProjectionTraces.preloaded_component_projection IM i) as Hproj.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices
     (existT (dexist i Hi) li))
  (lift_sub_state_to IM indices
     (`(composite_s0 IM)) s, om)
  (lift_sub_state_to IM indices
     (`(composite_s0 IM)) s', 
   Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
A v ∈ indices
  remember (lift_sub_state_to _ _ _ s) as sX.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
sX: composite_state IM
HeqsX: sX =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices
     (existT (dexist i Hi) li)) (
  sX, om)
  (lift_sub_state_to IM indices
     (`(composite_s0 IM)) s', 
   Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
A v ∈ indices
  remember (lift_sub_state_to _ _ _ s') as sX'.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
sX: composite_state IM
HeqsX: sX =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s
sX': composite_state IM
HeqsX': sX' =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s'
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices
     (existT (dexist i Hi) li)) (
  sX, om) (sX', Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
A v ∈ indices
  remember (lift_sub_label _ _ _) as lX.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
sX: composite_state IM
HeqsX: sX =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s
sX': composite_state IM
HeqsX': sX' =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s'
lX: composite_label IM
HeqlX: lX =
lift_sub_label IM indices
  (existT (dexist i Hi) li)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) lX (
  sX, om) (sX', Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
A v ∈ indices
  specialize (VLSM_projection_input_valid_transition Hproj lX li) as Hproj_t.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
sX: composite_state IM
HeqsX: sX =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s
sX': composite_state IM
HeqsX': sX' =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s'
lX: composite_label IM
HeqlX: lX =
lift_sub_label IM indices
  (existT (dexist i Hi) li)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) lX (
  sX, om) (sX', Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
Hproj_t: composite_project_label IM i lX = Some li
→ ∀ (s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM))) 
    (im : option message) 
    (s' : state
            (preloaded_with_all_messages_vlsm
               (free_composite_vlsm IM))) 
    (om : option message),
    input_valid_transition
      (preloaded_with_all_messages_vlsm
         (free_composite_vlsm IM)) lX
      (s, im) (s', om)
    → input_valid_transition
        (preloaded_with_all_messages_vlsm
           (IM i)) li
        ((λ s0 : state
                   (preloaded_with_all_messages_vlsm
                      (free_composite_vlsm
                      IM)), 
            s0 i) s, im)
        ((λ s0 : state
                   (preloaded_with_all_messages_vlsm
                      (free_composite_vlsm
                      IM)), 
            s0 i) s', om)
A v ∈ indices
  subst lX; unfold lift_sub_label in Hproj_t; cbn in Hproj_t.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
sX: composite_state IM
HeqsX: sX =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s
sX': composite_state IM
HeqsX': sX' =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s'
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices
     (existT (dexist i Hi) li)) (
  sX, om) (sX', Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
Hproj_t: composite_project_label IM i (existT i li) =
Some li
→ ∀ (s : composite_state IM) 
    (im : option message) 
    (s' : composite_state IM) 
    (om : option message),
    input_valid_transition
      (preloaded_with_all_messages_vlsm
         (free_composite_vlsm IM))
      (existT i li) (s, im) (
      s', om)
    → input_valid_transition
        (preloaded_with_all_messages_vlsm
           (IM i)) li (
        s i, im) (s' i, om)
A v ∈ indices
  spec Hproj_t.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
sX: composite_state IM
HeqsX: sX =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s
sX': composite_state IM
HeqsX': sX' =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s'
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices
     (existT (dexist i Hi) li)) (
  sX, om) (sX', Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
Hproj_t: composite_project_label IM i (existT i li) =
Some li
→ ∀ (s : composite_state IM) 
    (im : option message) 
    (s' : composite_state IM) 
    (om : option message),
    input_valid_transition
      (preloaded_with_all_messages_vlsm
         (free_composite_vlsm IM))
      (existT i li) (s, im) (
      s', om)
    → input_valid_transition
        (preloaded_with_all_messages_vlsm
           (IM i)) li (
        s i, im) (s' i, om)
composite_project_label IM i (existT i li) = Some li
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
sX: composite_state IM
HeqsX: sX =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s
sX': composite_state IM
HeqsX': sX' =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s'
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices
     (existT (dexist i Hi) li)) (
  sX, om) (sX', Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
Hproj_t: ∀ (s : composite_state IM) 
  (im : option message) 
  (s' : composite_state IM) 
  (om : option message),
  input_valid_transition
    (preloaded_with_all_messages_vlsm
       (free_composite_vlsm IM))
    (existT i li) (s, im) (
    s', om)
  → input_valid_transition
      (preloaded_with_all_messages_vlsm
         (IM i)) li (s i, im) (
      s' i, om)
A v ∈ indices
  {message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
sX: composite_state IM
HeqsX: sX =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s
sX': composite_state IM
HeqsX': sX' =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s'
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices
     (existT (dexist i Hi) li)) (
  sX, om) (sX', Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
Hproj_t: composite_project_label IM i (existT i li) =
Some li
→ ∀ (s : composite_state IM) 
    (im : option message) 
    (s' : composite_state IM) 
    (om : option message),
    input_valid_transition
      (preloaded_with_all_messages_vlsm
         (free_composite_vlsm IM))
      (existT i li) (s, im) (
      s', om)
    → input_valid_transition
        (preloaded_with_all_messages_vlsm
           (IM i)) li (
        s i, im) (s' i, om)
composite_project_label IM i (existT i li) = Some li
    unfold composite_project_label; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
sX: composite_state IM
HeqsX: sX =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s
sX': composite_state IM
HeqsX': sX' =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s'
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices
     (existT (dexist i Hi) li)) (
  sX, om) (sX', Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
Hproj_t: composite_project_label IM i (existT i li) =
Some li
→ ∀ (s : composite_state IM) 
    (im : option message) 
    (s' : composite_state IM) 
    (om : option message),
    input_valid_transition
      (preloaded_with_all_messages_vlsm
         (free_composite_vlsm IM))
      (existT i li) (s, im) (
      s', om)
    → input_valid_transition
        (preloaded_with_all_messages_vlsm
           (IM i)) li (
        s i, im) (s' i, om)
match decide (i = i) with
| left e =>
    Some (eq_rect_r (λ n : index, label (IM n)) li e)
| right _ => None
end = Some li
    by rewrite decide_True_pi with eq_refl.
  }message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
Hsender_safety: ∀ i : index,
  can_emit
    (preloaded_with_all_messages_vlsm
       (IM i)) m → A v = i
P: message → Prop
Hsender: sender m = Some v
s: state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
om: option message
i: index
Hi: sub_index_prop indices i
li: label (IM i)
s': state
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices)) P)
sX: composite_state IM
HeqsX: sX =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s
sX': composite_state IM
HeqsX': sX' =
lift_sub_state_to IM indices
  (`(composite_s0 IM)) s'
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM indices
     (existT (dexist i Hi) li)) (
  sX, om) (sX', Some m)
Hproj: VLSM_projection
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (preloaded_with_all_messages_vlsm (IM i))
  (composite_project_label IM i)
  (λ s : state
           (preloaded_with_all_messages_vlsm
              (free_composite_vlsm IM)), 
     s i)
Hproj_t: ∀ (s : composite_state IM) 
  (im : option message) 
  (s' : composite_state IM) 
  (om : option message),
  input_valid_transition
    (preloaded_with_all_messages_vlsm
       (free_composite_vlsm IM))
    (existT i li) (s, im) (
    s', om)
  → input_valid_transition
      (preloaded_with_all_messages_vlsm
         (IM i)) li (s i, im) (
      s' i, om)
A v ∈ indices
  by rewrite (Hsender_safety i); [| eexists _; eauto].
Qed.

Sender and sender-safety specialized for the subcomposition

Definition sub_IM_sender (m : message)
  : option (dsig (fun v => A v ∈ indices)) :=
  match sender m with
  | None => None
  | Some v =>
    match (decide (A v ∈ indices)) with
    | left Av_in => Some (@dexist _ (fun v => A v ∈ indices) _ v Av_in)
    | _ => None
    end
  end.

Definition sub_IM_A
  (v : dsig (fun v => A v ∈ indices))
  : sub_index indices :=
  dexist (A (proj1_sig v)) (proj2_dsig v).

Lemma sub_IM_preserves_channel_authentication
  : channel_authentication_prop IM A sender ->
    channel_authentication_prop (sub_IM IM indices) sub_IM_A sub_IM_sender.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
channel_authentication_prop IM A sender
→ channel_authentication_prop (sub_IM IM indices)
    sub_IM_A sub_IM_sender
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
channel_authentication_prop IM A sender
→ channel_authentication_prop (sub_IM IM indices)
    sub_IM_A sub_IM_sender
  intros Hsigned sub_i m Hemit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
sub_i: sub_index indices
m: message
Hemit: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices sub_i)) m
channel_authenticated_message sub_IM_A sub_IM_sender
  sub_i m
  destruct_dec_sig sub_i i Hi Heqsub_i.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
sub_i: sub_index indices
m: message
Hemit: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices sub_i)) m
i: index
Hi: sub_index_prop indices i
Heqsub_i: sub_i = dexist i Hi
channel_authenticated_message sub_IM_A sub_IM_sender
  sub_i m
  subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
i: index
Hi: sub_index_prop indices i
Hemit: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices (dexist i Hi))) m
channel_authenticated_message sub_IM_A sub_IM_sender
  (dexist i Hi) m
  apply Hsigned in Hemit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
i: index
Hi: sub_index_prop indices i
Hemit: channel_authenticated_message A sender
  (`(dexist i Hi)) m
channel_authenticated_message sub_IM_A sub_IM_sender
  (dexist i Hi) m
  unfold channel_authenticated_message in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
i: index
Hi: sub_index_prop indices i
Hemit: option_map A (sender m) =
Some (`(dexist i Hi))
option_map sub_IM_A (sub_IM_sender m) =
Some (dexist i Hi)
  simpl in Hemit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
i: index
Hi: sub_index_prop indices i
Hemit: option_map A (sender m) = Some i
option_map sub_IM_A (sub_IM_sender m) =
Some (dexist i Hi)
  unfold sub_IM_sender.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
i: index
Hi: sub_index_prop indices i
Hemit: option_map A (sender m) = Some i
option_map sub_IM_A
  match sender m with
  | Some v =>
      match decide (A v ∈ indices) with
      | left Av_in => Some (dexist v Av_in)
      | right _ => None
      end
  | None => None
  end = Some (dexist i Hi)
  destruct (sender m) as [v |]; [| by simpl in Hemit; congruence].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
i: index
Hi: sub_index_prop indices i
v: validator
Hemit: option_map A (Some v) = Some i
option_map sub_IM_A
  match decide (A v ∈ indices) with
  | left Av_in => Some (dexist v Av_in)
  | right _ => None
  end = Some (dexist i Hi)
  apply Some_inj in Hemit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
i: index
Hi: sub_index_prop indices i
v: validator
Hemit: A v = i
option_map sub_IM_A
  match decide (A v ∈ indices) with
  | left Av_in => Some (dexist v Av_in)
  | right _ => None
  end = Some (dexist i Hi) subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
v: validator
Hi: sub_index_prop indices (A v)
option_map sub_IM_A
  match decide (A v ∈ indices) with
  | left Av_in => Some (dexist v Av_in)
  | right _ => None
  end = Some (dexist (A v) Hi)
  case_decide; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
v: validator
Hi: sub_index_prop indices (A v)
H: A v ∈ indices
option_map sub_IM_A (Some (dexist v H)) =
Some (dexist (A v) Hi)
  simpl.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
v: validator
Hi: sub_index_prop indices (A v)
H: A v ∈ indices
Some (sub_IM_A (dexist v H)) = Some (dexist (A v) Hi)
  f_equal.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hsigned: channel_authentication_prop IM A sender
m: message
v: validator
Hi: sub_index_prop indices (A v)
H: A v ∈ indices
sub_IM_A (dexist v H) = dexist (A v) Hi
  by apply dsig_eq.
Qed.

Lemma sub_IM_preserves_no_initial_messages
  : no_initial_messages_in_IM_prop IM ->
    no_initial_messages_in_IM_prop (sub_IM IM indices).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
no_initial_messages_in_IM_prop IM
→ no_initial_messages_in_IM_prop (sub_IM IM indices)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
no_initial_messages_in_IM_prop IM
→ no_initial_messages_in_IM_prop (sub_IM IM indices)
  intros Hno_init sub_i m.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hno_init: no_initial_messages_in_IM_prop IM
sub_i: sub_index indices
m: message
¬ initial_message_prop m
  destruct_dec_sig sub_i i Hi Heqsub_i.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hno_init: no_initial_messages_in_IM_prop IM
sub_i: sub_index indices
m: message
i: index
Hi: sub_index_prop indices i
Heqsub_i: sub_i = dexist i Hi
¬ initial_message_prop m
  subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
Hno_init: no_initial_messages_in_IM_prop IM
m: message
i: index
Hi: sub_index_prop indices i
¬ initial_message_prop m
  by apply Hno_init.
Qed.

Lemma sub_IM_sender_safety
  : sender_safety_alt_prop (sub_IM IM indices) sub_IM_A sub_IM_sender.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
sender_safety_alt_prop (sub_IM IM indices) sub_IM_A
  sub_IM_sender
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
sender_safety_alt_prop (sub_IM IM indices) sub_IM_A
  sub_IM_sender
  intros m sub_v Hsender sub_i Hm.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
m: message
sub_v: dsig (λ v : validator, A v ∈ indices)
Hsender: sub_IM_sender m = Some sub_v
sub_i: sub_index indices
Hm: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices sub_i)) m
sub_IM_A sub_v = sub_i
  destruct_dec_sig sub_v v HAv Heqsub_v.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
m: message
sub_v: dsig (λ v : validator, A v ∈ indices)
Hsender: sub_IM_sender m = Some sub_v
sub_i: sub_index indices
Hm: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices sub_i)) m
v: validator
HAv: A v ∈ indices
Heqsub_v: sub_v = dexist v HAv
sub_IM_A sub_v = sub_i
  destruct_dec_sig sub_i i Hi Heqsub_i.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
m: message
sub_v: dsig (λ v : validator, A v ∈ indices)
Hsender: sub_IM_sender m = Some sub_v
sub_i: sub_index indices
Hm: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices sub_i)) m
v: validator
HAv: A v ∈ indices
Heqsub_v: sub_v = dexist v HAv
i: index
Hi: sub_index_prop indices i
Heqsub_i: sub_i = dexist i Hi
sub_IM_A sub_v = sub_i
  subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
m: message
v: validator
HAv: A v ∈ indices
Hsender: sub_IM_sender m = Some (dexist v HAv)
i: index
Hi: sub_index_prop indices i
Hm: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices (dexist i Hi))) m
sub_IM_A (dexist v HAv) = dexist i Hi
  unfold sub_IM_A.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
m: message
v: validator
HAv: A v ∈ indices
Hsender: sub_IM_sender m = Some (dexist v HAv)
i: index
Hi: sub_index_prop indices i
Hm: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices (dexist i Hi))) m
dexist (A (`(dexist v HAv)))
  (proj2_dsig (dexist v HAv)) = dexist i Hi
  apply dsig_eq.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
m: message
v: validator
HAv: A v ∈ indices
Hsender: sub_IM_sender m = Some (dexist v HAv)
i: index
Hi: sub_index_prop indices i
Hm: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices (dexist i Hi))) m
`(dexist (A (`(dexist v HAv)))
    (proj2_dsig (dexist v HAv))) = `(dexist i Hi) simpl.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
m: message
v: validator
HAv: A v ∈ indices
Hsender: sub_IM_sender m = Some (dexist v HAv)
i: index
Hi: sub_index_prop indices i
Hm: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices (dexist i Hi))) m
A v = i
  apply (Hsender_safety m v); [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
m: message
v: validator
HAv: A v ∈ indices
Hsender: sub_IM_sender m = Some (dexist v HAv)
i: index
Hi: sub_index_prop indices i
Hm: can_emit
  (preloaded_with_all_messages_vlsm
     (sub_IM IM indices (dexist i Hi))) m
sender m = Some v
  clear -Hsender.message, index: Type
EqDecision0: EqDecision index
indices: list index
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
HAv: A v ∈ indices
Hsender: sub_IM_sender m = Some (dexist v HAv)
sender m = Some v
  unfold sub_IM_sender in Hsender.message, index: Type
EqDecision0: EqDecision index
indices: list index
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
HAv: A v ∈ indices
Hsender: match sender m with
| Some v =>
    match decide (A v ∈ indices) with
    | left Av_in => Some (dexist v Av_in)
    | right _ => None
    end
| None => None
end = Some (dexist v HAv)
sender m = Some v
  destruct (sender m) as [_v |] eqn: Hsender_v; [| by congruence].message, index: Type
EqDecision0: EqDecision index
indices: list index
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
HAv: A v ∈ indices
_v: validator
Hsender_v: sender m = Some _v
Hsender: match decide (A _v ∈ indices) with
| left Av_in => Some (dexist _v Av_in)
| right _ => None
end = Some (dexist v HAv)
Some _v = Some v
  case_decide; [| by congruence].message, index: Type
EqDecision0: EqDecision index
indices: list index
validator: Type
A: validator → index
sender: message → option validator
m: message
v: validator
HAv: A v ∈ indices
_v: validator
Hsender_v: sender m = Some _v
H: A _v ∈ indices
Hsender: Some (dexist _v H) = Some (dexist v HAv)
Some _v = Some v
  by inversion Hsender; itauto.
Qed.

Context
  `{forall sub_i, HasBeenSentCapability (sub_IM IM indices sub_i)}
  .

Lemma sub_IM_has_been_sent_iff_by_sender s
  (Hs : constrained_state_prop (free_composite_vlsm (sub_IM IM indices)) s)
  m v
  (Hsender : sender m = Some v)
  (Hv : A v ∈ indices)
  : composite_has_been_sent (sub_IM IM indices) s m ->
    has_been_sent (sub_IM IM indices (dexist (A v) Hv)) (s (dexist (A v) Hv)) m.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
composite_has_been_sent (sub_IM IM indices) s m
→ has_been_sent (sub_IM IM indices (dexist (A v) Hv))
    (s (dexist (A v) Hv)) m
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
composite_has_been_sent (sub_IM IM indices) s m
→ has_been_sent (sub_IM IM indices (dexist (A v) Hv))
    (s (dexist (A v) Hv)) m
  apply valid_state_has_trace in Hs as Htr.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
Htr: ∃ (is : state
          (preloaded_with_all_messages_vlsm
             (free_composite_vlsm
                (sub_IM IM indices)))) 
  (tr : list transition_item),
  finite_valid_trace_init_to
    (preloaded_with_all_messages_vlsm
       (free_composite_vlsm (sub_IM IM indices)))
    is s tr
composite_has_been_sent (sub_IM IM indices) s m
→ has_been_sent (sub_IM IM indices (dexist (A v) Hv))
    (s (dexist (A v) Hv)) m
  destruct Htr as [is [tr Htr]].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
composite_has_been_sent (sub_IM IM indices) s m
→ has_been_sent (sub_IM IM indices (dexist (A v) Hv))
    (s (dexist (A v) Hv)) m
  assert (Hsub_sender : sub_IM_sender m = Some (dexist v Hv)).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
sub_IM_sender m = Some (dexist v Hv)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
Hsub_sender: sub_IM_sender m = Some (dexist v Hv)
composite_has_been_sent (sub_IM IM indices) s m
→ has_been_sent (sub_IM IM indices (dexist (A v) Hv))
    (s (dexist (A v) Hv)) m
  {message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
sub_IM_sender m = Some (dexist v Hv) unfold sub_IM_sender.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
match sender m with
| Some v =>
    match decide (A v ∈ indices) with
    | left Av_in => Some (dexist v Av_in)
    | right _ => None
    end
| None => None
end = Some (dexist v Hv) rewrite Hsender.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
match decide (A v ∈ indices) with
| left Av_in => Some (dexist v Av_in)
| right _ => None
end = Some (dexist v Hv)
    case_decide; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
H0: A v ∈ indices
Some (dexist v H0) = Some (dexist v Hv)
    f_equal.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
H0: A v ∈ indices
dexist v H0 = dexist v Hv
    by apply dsig_eq.
  }message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
Hsub_sender: sub_IM_sender m = Some (dexist v Hv)
composite_has_been_sent (sub_IM IM indices) s m
→ has_been_sent (sub_IM IM indices (dexist (A v) Hv))
    (s (dexist (A v) Hv)) m
  erewrite has_been_sent_iff_by_sender
  ; [| by apply sub_IM_sender_safety | done | done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
Hsub_sender: sub_IM_sender m = Some (dexist v Hv)
has_been_sent
  (sub_IM IM indices (sub_IM_A (dexist v Hv)))
  (s (sub_IM_A (dexist v Hv))) m
→ has_been_sent (sub_IM IM indices (dexist (A v) Hv))
    (s (dexist (A v) Hv)) m
  unfold sub_IM_A, sub_IM, SubProjectionTraces.sub_IM; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
Hsub_sender: sub_IM_sender m = Some (dexist v Hv)
has_been_sent (IM (A v))
  (s (dexist (A v) (proj2_dsig (dexist v Hv)))) m
→ has_been_sent (IM (A v)) (s (dexist (A v) Hv)) m
  rewrite (sub_IM_state_pi s (proj2_dsig (dexist v Hv)) Hv).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
Hsub_sender: sub_IM_sender m = Some (dexist v Hv)
has_been_sent (IM (A v)) (s (dexist (A v) Hv)) m
→ has_been_sent (IM (A v)) (s (dexist (A v) Hv)) m
  apply has_been_sent_irrelevance.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
s: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
Hs: constrained_state_prop
  (free_composite_vlsm (sub_IM IM indices)) s
m: message
v: validator
Hsender: sender m = Some v
Hv: A v ∈ indices
is: state
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
tr: list transition_item
Htr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm (sub_IM IM indices)))
  is s tr
Hsub_sender: sub_IM_sender m = Some (dexist v Hv)
constrained_state_prop (IM (A v))
  (s (dexist (A v) Hv))
  by revert Hs; apply preloaded_valid_state_projection with (j := dexist (A v) Hv).
Qed.

No-equivocation results for sub-composition

Constraining (only) a subset of the components of a composition to not message-equivocate.

Definition sub_IM_not_equivocating_constraint
  (l : composite_label IM)
  (som : composite_state IM * option message)
  : Prop :=
  let (s, om) := som in
  match om with
  | None => True
  | Some m =>
    match option_map A (sender m) with
    | None => True
    | Some i =>
      match decide (i ∈ indices) with
      | left non_byzantine_i =>
        let sub_i := @dexist _ (sub_index_prop indices) _ i non_byzantine_i in
        has_been_sent (sub_IM IM indices sub_i) (s i) m
      | _ => True
      end
    end
  end.

Definition non_sub_index_authenticated_message (m : message) : Prop :=
  exists i, i ∉ indices /\ channel_authenticated_message A sender i m.

Context
  (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM)
  (can_emit_signed : channel_authentication_prop IM A sender)
  .

Lemma induced_sub_projection_valid_preservation constraint l s om
  (Hv : valid (pre_induced_sub_projection IM indices constraint) l (s, om))
  : composite_valid (sub_IM IM indices) l (s, om).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
l: label
  (pre_induced_sub_projection IM indices
     constraint)
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
Hv: valid l (s, om)
composite_valid (sub_IM IM indices) l (s, om)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
l: label
  (pre_induced_sub_projection IM indices
     constraint)
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
Hv: valid l (s, om)
composite_valid (sub_IM IM indices) l (s, om)
  destruct Hv as ([i lXi] & sX & [Heql [=] (HsX & Hom & Hv & Hc)]).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
l: label
  (pre_induced_sub_projection IM indices
     constraint)
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
i: index
lXi: label (IM i)
sX: state (composite_vlsm IM constraint)
Heql: composite_label_sub_projection_option IM
  indices (existT i lXi) = 
Some l
H0: composite_state_sub_projection IM indices sX = s
HsX: valid_state_prop (composite_vlsm IM constraint)
  sX
Hom: option_valid_message_prop
  (composite_vlsm IM constraint) (
  s, om).2
Hv: valid (existT i lXi) (sX, (s, om).2)
Hc: constraint (existT i lXi) (sX, (s, om).2)
composite_valid (sub_IM IM indices) l (s, om)
  unfold composite_label_sub_projection_option in Heql; cbn in Heql.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
l: label
  (pre_induced_sub_projection IM indices
     constraint)
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
i: index
lXi: label (IM i)
sX: state (composite_vlsm IM constraint)
Heql: match decide (i ∈ indices) with
| left i_in =>
    Some
      (composite_label_sub_projection IM
         indices (existT i lXi) i_in)
| right _ => None
end = Some l
H0: composite_state_sub_projection IM indices sX = s
HsX: valid_state_prop (composite_vlsm IM constraint)
  sX
Hom: option_valid_message_prop
  (composite_vlsm IM constraint) (
  s, om).2
Hv: valid (existT i lXi) (sX, (s, om).2)
Hc: constraint (existT i lXi) (sX, (s, om).2)
composite_valid (sub_IM IM indices) l (s, om)
  by case_decide; [inversion Heql; subst |].
Qed.

Lemma induced_sub_projection_transition_preservation [constraint]
  : forall l s om s' om',
  transition (pre_induced_sub_projection IM indices constraint) l (s, om) = (s', om') <->
  composite_transition (sub_IM IM indices) l (s, om) = (s', om').message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
∀ (l : label
         (pre_induced_sub_projection IM indices
            constraint)) (s : state
                                (pre_induced_sub_projection
                                   IM indices
                                   constraint)) (om : 
                                                 option
                                                 message) 
  (s' : state
          (pre_induced_sub_projection IM indices
             constraint)) (om' : option message),
  transition l (s, om) = (s', om')
  ↔ composite_transition (sub_IM IM indices) l (s, om) =
    (s', om')
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
∀ (l : label
         (pre_induced_sub_projection IM indices
            constraint)) (s : state
                                (pre_induced_sub_projection
                                   IM indices
                                   constraint)) (om : 
                                                 option
                                                 message) 
  (s' : state
          (pre_induced_sub_projection IM indices
             constraint)) (om' : option message),
  transition l (s, om) = (s', om')
  ↔ composite_transition (sub_IM IM indices) l (s, om) =
    (s', om')
  intros.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
l: label
  (pre_induced_sub_projection IM indices
     constraint)
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM indices
     constraint)
om': option message
transition l (s, om) = (s', om')
↔ composite_transition (sub_IM IM indices) l (s, om) =
  (s', om')
  destruct l as (sub_i, li).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
sub_i: sub_index indices
li: label (sub_IM IM indices sub_i)
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM indices
     constraint)
om': option message
transition (existT sub_i li) (s, om) = (s', om')
↔ composite_transition (sub_IM IM indices)
    (existT sub_i li) (s, om) = (s', om')
  destruct_dec_sig sub_i i Hi Heqsub_i.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
sub_i: sub_index indices
li: label (sub_IM IM indices sub_i)
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM indices
     constraint)
om': option message
i: index
Hi: sub_index_prop indices i
Heqsub_i: sub_i = dexist i Hi
transition (existT sub_i li) (s, om) = (s', om')
↔ composite_transition (sub_IM IM indices)
    (existT sub_i li) (s, om) = (s', om')
  subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
i: index
Hi: sub_index_prop indices i
li: label (sub_IM IM indices (dexist i Hi))
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM indices
     constraint)
om': option message
transition (existT (dexist i Hi) li) (s, om) =
(s', om')
↔ composite_transition (sub_IM IM indices)
    (existT (dexist i Hi) li) (s, om) = (s', om')
  cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
i: index
Hi: sub_index_prop indices i
li: label (sub_IM IM indices (dexist i Hi))
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM indices
     constraint)
om': option message
(let (s'X, om') :=
   let (si', om') :=
     transition li (lift_sub_state IM indices s i, om) in
   (state_update IM (lift_sub_state IM indices s) i
      si', om') in
 (composite_state_sub_projection IM indices s'X, om')) =
(s', om')
↔ (let (si', om') :=
     transition li (s (dexist i Hi), om) in
   (state_update (sub_IM IM indices) s (dexist i Hi)
      si', om')) = (s', om') unfold sub_IM at 6.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
i: index
Hi: sub_index_prop indices i
li: label (sub_IM IM indices (dexist i Hi))
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM indices
     constraint)
om': option message
(let (s'X, om') :=
   let (si', om') :=
     transition li (lift_sub_state IM indices s i, om) in
   (state_update IM (lift_sub_state IM indices s) i
      si', om') in
 (composite_state_sub_projection IM indices s'X, om')) =
(s', om')
↔ (let (si', om') :=
     transition li (s (dexist i Hi), om) in
   (state_update (sub_IM IM indices) s (dexist i Hi)
      si', om')) = (s', om') simpl.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
i: index
Hi: sub_index_prop indices i
li: label (sub_IM IM indices (dexist i Hi))
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM indices
     constraint)
om': option message
(let (s'X, om') :=
   let (si', om') :=
     transition li (lift_sub_state IM indices s i, om) in
   (state_update IM (lift_sub_state IM indices s) i
      si', om') in
 (composite_state_sub_projection IM indices s'X, om')) =
(s', om')
↔ (let (si', om') :=
     transition li (s (dexist i Hi), om) in
   (state_update (sub_IM IM indices) s (dexist i Hi)
      si', om')) = (s', om')
  unfold lift_sub_state at 1.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
i: index
Hi: sub_index_prop indices i
li: label (sub_IM IM indices (dexist i Hi))
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM indices
     constraint)
om': option message
(let (s'X, om') :=
   let (si', om') :=
     transition li
       (lift_sub_state_to IM indices
          (λ n : index, `(vs0 (IM n))) s i, om) in
   (state_update IM (lift_sub_state IM indices s) i
      si', om') in
 (composite_state_sub_projection IM indices s'X, om')) =
(s', om')
↔ (let (si', om') :=
     transition li (s (dexist i Hi), om) in
   (state_update (sub_IM IM indices) s (dexist i Hi)
      si', om')) = (s', om') rewrite (lift_sub_state_to_eq _ _ _ _ _ Hi).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
i: index
Hi: sub_index_prop indices i
li: label (sub_IM IM indices (dexist i Hi))
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM indices
     constraint)
om': option message
(let (s'X, om') :=
   let (si', om') :=
     transition li (s (dexist i Hi), om) in
   (state_update IM (lift_sub_state IM indices s) i
      si', om') in
 (composite_state_sub_projection IM indices s'X, om')) =
(s', om')
↔ (let (si', om') :=
     transition li (s (dexist i Hi), om) in
   (state_update (sub_IM IM indices) s (dexist i Hi)
      si', om')) = (s', om')
  destruct (transition _ _ _) as (si', _om').message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
i: index
Hi: sub_index_prop indices i
li: label (sub_IM IM indices (dexist i Hi))
s: state
  (pre_induced_sub_projection IM indices
     constraint)
om: option message
s': state
  (pre_induced_sub_projection IM indices
     constraint)
om': option message
si': state (IM i)
_om': option message
(composite_state_sub_projection IM indices
   (state_update IM (lift_sub_state IM indices s) i
      si'), _om') = (s', om')
↔ (state_update (sub_IM IM indices) s (dexist i Hi)
     si', _om') = (s', om')
  by split; inversion 1; subst; clear H; f_equal; extensionality sub_j
  ; destruct_dec_sig sub_j j Hj Heqsub_j
  ; subst sub_j
  ; unfold composite_state_sub_projection
  ; simpl
  ; (destruct (decide (i = j)); subst; state_update_simpl; [done |])
  ; unfold lift_sub_state
  ; rewrite (lift_sub_state_to_eq _ _ _ _ _ Hj)
  ; itauto.
Qed.

Lemma sub_IM_no_equivocation_preservation
  l s om
  (Hv : valid (pre_induced_sub_projection IM indices sub_IM_not_equivocating_constraint)
    l (s, om))
  : composite_no_equivocations_except_from (sub_IM IM indices)
      non_sub_index_authenticated_message l (s, om).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
om: option message
Hv: valid l (s, om)
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, om)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
om: option message
Hv: valid l (s, om)
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, om)
  destruct om as [m |]; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
Hv: valid l (s, Some m)
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m)
  destruct Hv as (lX & sX & [_ [=] (_ & Hm & _ & Hc)]).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
Hm: option_valid_message_prop
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
  (s, Some m).2
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m)
  specialize (composite_no_initial_valid_messages_have_sender IM A sender
                can_emit_signed no_initial_messages_in_IM _ _ Hm)
    as Hhas_sender.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
Hm: option_valid_message_prop
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
  (s, Some m).2
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
Hhas_sender: sender m ≠ None
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m)
  destruct (sender m) as [v |] eqn: Hsender; [clear Hhas_sender | congruence].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
Hm: option_valid_message_prop
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
  (s, Some m).2
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
v: validator
Hsender: sender m = Some v
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m)
  apply (emitted_messages_are_valid_iff (composite_vlsm IM sub_IM_not_equivocating_constraint) m)
    in Hm as [[i [[im Him] Heqm]] | Hemitted].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
i: index
im: message
Him: initial_message_prop im
Heqm: `(im ↾ Him) = m
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
v: validator
Hsender: sender m = Some v
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
Hemitted: can_emit
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint) m
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
v: validator
Hsender: sender m = Some v
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (
  s, Some m)
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
i: index
im: message
Him: initial_message_prop im
Heqm: `(im ↾ Him) = m
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
v: validator
Hsender: sender m = Some v
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m) by elim (no_initial_messages_in_IM i im).
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
Hemitted: can_emit
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint) m
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
v: validator
Hsender: sender m = Some v
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m) eapply VLSM_incl_can_emit in Hemitted; [| by apply constrained_preloaded_incl].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
v: validator
Hsender: sender m = Some v
Hemitted: can_emit
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM)
  |} m
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m)
    specialize (can_emit_projection IM A sender Hsender_safety (A v) m) as Hemit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
v: validator
Hsender: sender m = Some v
Hemitted: can_emit
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM)
  |} m
Hemit: option_map A (sender m) = Some (A v)
→ can_emit
    (preloaded_with_all_messages_vlsm
       (free_composite_vlsm IM)) m
  → can_emit
      (preloaded_with_all_messages_vlsm
         (IM (A v))) m
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m)
    spec Hemit; [by rewrite Hsender; itauto |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
v: validator
Hsender: sender m = Some v
Hemitted: can_emit
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM)
  |} m
Hemit: can_emit
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) m
→ can_emit
    (preloaded_with_all_messages_vlsm
       (IM (A v))) m
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m)
    apply Hemit in Hemitted; clear Hemit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
Hc: sub_IM_not_equivocating_constraint lX
  (sX, (s, Some m).2)
v: validator
Hsender: sender m = Some v
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM (A v))) m
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m)
    cbn in Hc; rewrite Hsender in Hc; cbn in Hc; case_decide.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
v: validator
H1: A v ∈ indices
Hc: has_been_sent
  (sub_IM IM indices (dexist (A v) H1))
  (sX (A v)) m
Hsender: sender m = Some v
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM (A v))) m
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
v: validator
H1: A v ∉ indices
Hc: True
Hsender: sender m = Some v
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM (A v))) m
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (
  s, Some m)
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
v: validator
H1: A v ∈ indices
Hc: has_been_sent
  (sub_IM IM indices (dexist (A v) H1))
  (sX (A v)) m
Hsender: sender m = Some v
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM (A v))) m
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m) by left; subst; eexists; exact Hc.
    +message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
v: validator
H1: A v ∉ indices
Hc: True
Hsender: sender m = Some v
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM (A v))) m
composite_no_equivocations_except_from
  (sub_IM IM indices)
  non_sub_index_authenticated_message l (s, Some m) right.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
v: validator
H1: A v ∉ indices
Hc: True
Hsender: sender m = Some v
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM (A v))) m
non_sub_index_authenticated_message m exists (A v).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
v: validator
H1: A v ∉ indices
Hc: True
Hsender: sender m = Some v
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM (A v))) m
(A v ∉ indices)
∧ channel_authenticated_message A sender (A v) m
      unfold channel_authenticated_message.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
sub_index_prop_dec:= SubProjectionTraces.sub_index_prop_dec
  indices: ∀ i : index,
  Decision
    (sub_index_prop indices i)
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
H: ∀ sub_i : sub_index indices,
  HasBeenSentCapability (sub_IM IM indices sub_i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
l: label
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
s: state
  (pre_induced_sub_projection IM indices
     sub_IM_not_equivocating_constraint)
m: message
lX: label
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
sX: state
  (composite_vlsm IM
     sub_IM_not_equivocating_constraint)
H0: composite_state_sub_projection IM indices sX = s
v: validator
H1: A v ∉ indices
Hc: True
Hsender: sender m = Some v
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM (A v))) m
(A v ∉ indices) ∧ option_map A (sender m) = Some (A v)
      by rewrite Hsender; itauto.
Qed.

End sec_sub_composition_sender.

Section sec_sub_composition_all.

A subcomposition with all the components

If taking the subset of indices used for the sub-composition to be the entire set of indices, the obtained sub-composition is trace-equivalent with the original composition.

Context
  {message : Type}
  `{finite.Finite index}
  (IM : index -> VLSM message)
  (sub_IM := sub_IM IM (enum index))
  .

Program Definition free_sub_free_index (i : index) : sub_index (enum index) :=
  dexist i _.
Next Obligation.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
∀ i : index, sub_index_prop (enum index) i
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
∀ i : index, sub_index_prop (enum index) i
  by intros; apply elem_of_enum.
Qed.

Definition free_sub_free_label (l : composite_label IM) : composite_label sub_IM :=
  let (i, li) := l in
  existT (free_sub_free_index i) li.

Definition free_sub_free_state (sub_s : composite_state sub_IM) : composite_state IM :=
  fun i => sub_s (free_sub_free_index i).

Definition free_sub_free_constraint
  (constraint : composite_label IM -> composite_state IM * option message -> Prop)
  : composite_label sub_IM -> composite_state sub_IM * option message -> Prop
  := fun l som => let (s, om) := som in
    constraint (lift_sub_label IM (enum index) l) (free_sub_free_state s, om).

Context
  (constraint : composite_label IM -> composite_state IM * option message -> Prop)
  (X := composite_vlsm IM constraint)
  (SubX := composite_vlsm sub_IM (free_sub_free_constraint constraint))
  .

Lemma preloaded_sub_composition_all_embedding (seed : message -> Prop) :
  VLSM_embedding (preloaded_vlsm X seed) (preloaded_vlsm SubX seed)
    free_sub_free_label  (composite_state_sub_projection IM (enum index)).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
VLSM_embedding (preloaded_vlsm X seed)
  (preloaded_vlsm SubX seed) free_sub_free_label
  (composite_state_sub_projection IM (enum index))
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
VLSM_embedding (preloaded_vlsm X seed)
  (preloaded_vlsm SubX seed) free_sub_free_label
  (composite_state_sub_projection IM (enum index))
  apply basic_VLSM_strong_embedding.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
strong_embedding_valid_preservation
  (preloaded_vlsm X seed) (preloaded_vlsm SubX seed)
  free_sub_free_label
  (composite_state_sub_projection IM (enum index))
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
strong_embedding_transition_preservation
  (preloaded_vlsm X seed) 
  (preloaded_vlsm SubX seed) free_sub_free_label
  (composite_state_sub_projection IM (enum index))
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
strong_projection_initial_state_preservation
  (preloaded_vlsm X seed) 
  (preloaded_vlsm SubX seed)
  (composite_state_sub_projection IM (enum index))
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
strong_embedding_initial_message_preservation
  (preloaded_vlsm X seed) 
  (preloaded_vlsm SubX seed)
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
strong_embedding_valid_preservation
  (preloaded_vlsm X seed) (preloaded_vlsm SubX seed)
  free_sub_free_label
  (composite_state_sub_projection IM (enum index)) by intros [i li] *; auto.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
strong_embedding_transition_preservation
  (preloaded_vlsm X seed) (preloaded_vlsm SubX seed)
  free_sub_free_label
  (composite_state_sub_projection IM (enum index)) intros [i li] *; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
i: index
li: label (IM i)
s: state (preloaded_vlsm X seed)
om: option message
s': state (preloaded_vlsm X seed)
om': option message
(let (si', om') := transition li (s i, om) in
 (state_update IM s i si', om')) = (s', om')
→ (let (si', om') :=
     transition li
       (composite_state_sub_projection IM (enum index)
          s (free_sub_free_index i), om) in
   (state_update sub_IM
      (composite_state_sub_projection IM (enum index)
         s) (free_sub_free_index i) si', om')) =
  (composite_state_sub_projection IM (enum index) s',
   om')
    unfold sub_IM, SubProjectionTraces.sub_IM at 2; cbn
    ; unfold composite_state_sub_projection at 1; cbn
    ; destruct (transition _ _ _) as (si', _om')
    ; inversion_clear 1; f_equal.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
i: index
li: label (IM i)
s: state (preloaded_vlsm X seed)
om: option message
s': state (preloaded_vlsm X seed)
om': option message
si': state (IM i)
_om': option message
state_update
  (SubProjectionTraces.sub_IM IM (enum index))
  (composite_state_sub_projection IM (enum index) s)
  (free_sub_free_index i) si' =
composite_state_sub_projection IM (enum index)
  (state_update IM s i si')
    extensionality sub_j; destruct_dec_sig sub_j j Hj Heqj; subst sub_j
    ; unfold composite_state_sub_projection at 2; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
i: index
li: label (IM i)
s: state (preloaded_vlsm X seed)
om: option message
s': state (preloaded_vlsm X seed)
om': option message
si': state (IM i)
_om': option message
j: index
Hj: sub_index_prop (enum index) j
state_update
  (SubProjectionTraces.sub_IM IM (enum index))
  (composite_state_sub_projection IM (enum index) s)
  (free_sub_free_index i) si' (dexist j Hj) =
state_update IM s i si' j
    unfold free_sub_free_index.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
i: index
li: label (IM i)
s: state (preloaded_vlsm X seed)
om: option message
s': state (preloaded_vlsm X seed)
om': option message
si': state (IM i)
_om': option message
j: index
Hj: sub_index_prop (enum index) j
state_update
  (SubProjectionTraces.sub_IM IM (enum index))
  (composite_state_sub_projection IM (enum index) s)
  (dexist i (free_sub_free_index_obligation_1 i)) si'
  (dexist j Hj) = state_update IM s i si' j
    by destruct (decide (i = j)); subst; state_update_simpl.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
strong_projection_initial_state_preservation
  (preloaded_vlsm X seed) (preloaded_vlsm SubX seed)
  (composite_state_sub_projection IM (enum index)) by intros s Hs; rapply (composite_initial_state_sub_projection IM).
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
strong_embedding_initial_message_preservation
  (preloaded_vlsm X seed) (preloaded_vlsm SubX seed) intros m [[i Hi] | Hseed]; [left | by right].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
seed: message → Prop
m: message
i: index
Hi: ∃ mi : initial_message (IM i), `mi = m
initial_message_prop m
    by exists (free_sub_free_index i).
Qed.

Lemma sub_composition_all_embedding :
  VLSM_embedding X SubX free_sub_free_label
    (composite_state_sub_projection IM (enum index)).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
VLSM_embedding X SubX free_sub_free_label
  (composite_state_sub_projection IM (enum index))
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
VLSM_embedding X SubX free_sub_free_label
  (composite_state_sub_projection IM (enum index))
  apply basic_VLSM_strong_embedding.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_valid_preservation X SubX
  free_sub_free_label
  (composite_state_sub_projection IM (enum index))
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_transition_preservation X SubX
  free_sub_free_label
  (composite_state_sub_projection IM (enum index))
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_projection_initial_state_preservation X SubX
  (composite_state_sub_projection IM (enum index))
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_initial_message_preservation X SubX
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_valid_preservation X SubX
  free_sub_free_label
  (composite_state_sub_projection IM (enum index)) by intros [i li] *; auto.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_transition_preservation X SubX
  free_sub_free_label
  (composite_state_sub_projection IM (enum index)) intros [i li] *
    ; cbn; unfold sub_IM, SubProjectionTraces.sub_IM at 2
    ; cbn; unfold composite_state_sub_projection at 1
    ; cbn; destruct (transition _ _) as (si', _om'); inversion_clear 1.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
i: index
li: label (IM i)
s: state X
om: option message
s': state X
om': option message
si': state (IM i)
_om': option message
(state_update
   (SubProjectionTraces.sub_IM IM (enum index))
   (composite_state_sub_projection IM (enum index) s)
   (free_sub_free_index i) si', om') =
(composite_state_sub_projection IM (enum index)
   (state_update IM s i si'), om')
    f_equal; extensionality sub_j; destruct_dec_sig sub_j j Hj Heqj; subst sub_j
    ; unfold composite_state_sub_projection at 2; cbn.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
i: index
li: label (IM i)
s: state X
om: option message
s': state X
om': option message
si': state (IM i)
_om': option message
j: index
Hj: sub_index_prop (enum index) j
state_update
  (SubProjectionTraces.sub_IM IM (enum index))
  (composite_state_sub_projection IM (enum index) s)
  (free_sub_free_index i) si' (dexist j Hj) =
state_update IM s i si' j
    unfold free_sub_free_index.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
i: index
li: label (IM i)
s: state X
om: option message
s': state X
om': option message
si': state (IM i)
_om': option message
j: index
Hj: sub_index_prop (enum index) j
state_update
  (SubProjectionTraces.sub_IM IM (enum index))
  (composite_state_sub_projection IM (enum index) s)
  (dexist i (free_sub_free_index_obligation_1 i)) si'
  (dexist j Hj) = state_update IM s i si' j
    by destruct (decide (i = j)); subst; state_update_simpl.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_projection_initial_state_preservation X SubX
  (composite_state_sub_projection IM (enum index)) by intros s Hs; rapply (composite_initial_state_sub_projection IM).
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_initial_message_preservation X SubX by intros m [i Hi]; exists (free_sub_free_index i).
Qed.

Lemma sub_composition_all_embedding_rev
  : VLSM_embedding SubX X (lift_sub_label IM (enum index)) free_sub_free_state.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
VLSM_embedding SubX X (lift_sub_label IM (enum index))
  free_sub_free_state
Proof.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
VLSM_embedding SubX X (lift_sub_label IM (enum index))
  free_sub_free_state
  apply basic_VLSM_strong_embedding.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_valid_preservation SubX X
  (lift_sub_label IM (enum index)) free_sub_free_state
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_transition_preservation SubX X
  (lift_sub_label IM (enum index)) free_sub_free_state
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_projection_initial_state_preservation SubX X
  free_sub_free_state
message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_initial_message_preservation SubX X
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_valid_preservation SubX X
  (lift_sub_label IM (enum index)) free_sub_free_state intros [sub_i li] * [Hv Hc]; split; [| done].message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
sub_i: sub_index (enum index)
li: label (sub_IM sub_i)
s: state SubX
om: option message
Hv: valid (existT sub_i li) (s, om)
Hc: free_sub_free_constraint constraint
  (existT sub_i li) (s, om)
valid
  (lift_sub_label IM (enum index) (existT sub_i li))
  (free_sub_free_state s, om)
    destruct_dec_sig sub_i i Hi Heqi; subst sub_i; cbn in *
    ; unfold sub_IM, SubProjectionTraces.sub_IM in Hc; cbn in Hc
    ; unfold free_sub_free_state, free_sub_free_index.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
i: index
Hi: sub_index_prop (enum index) i
li: label (sub_IM (dexist i Hi))
s: composite_state sub_IM
om: option message
Hc: constraint
  (lift_sub_label IM (enum index)
     (existT (dexist i Hi) li))
  (free_sub_free_state s, om)
Hv: valid li (s (dexist i Hi), om)
valid li
  (s (dexist i (free_sub_free_index_obligation_1 i)),
   om)
    by rewrite (sub_IM_state_pi s (free_sub_free_index_obligation_1 i) Hi).
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_transition_preservation SubX X
  (lift_sub_label IM (enum index)) free_sub_free_state intros [sub_i li] *; destruct_dec_sig sub_i i Hi Heqi; subst sub_i.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
i: index
Hi: sub_index_prop (enum index) i
li: label (sub_IM (dexist i Hi))
s: state SubX
om: option message
s': state SubX
om': option message
transition (existT (dexist i Hi) li) (s, om) =
(s', om')
→ transition
    (lift_sub_label IM (enum index)
       (existT (dexist i Hi) li))
    (free_sub_free_state s, om) =
  (free_sub_free_state s', om')
    cbn
    ; unfold sub_IM at 2, SubProjectionTraces.sub_IM, free_sub_free_state at 1,
             free_sub_free_index; cbn
    ; rewrite (sub_IM_state_pi s (free_sub_free_index_obligation_1 i) Hi)
    ; destruct (transition _ _ _) as (si', _om'); inversion_clear 1.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
i: index
Hi: sub_index_prop (enum index) i
li: label (sub_IM (dexist i Hi))
s: state SubX
om: option message
s': state SubX
om': option message
si': state (IM i)
_om': option message
(state_update IM (free_sub_free_state s) i si', om') =
(free_sub_free_state
   (state_update sub_IM s (dexist i Hi) si'), om')
    f_equal; extensionality j; unfold free_sub_free_state at 2.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
i: index
Hi: sub_index_prop (enum index) i
li: label (sub_IM (dexist i Hi))
s: state SubX
om: option message
s': state SubX
om': option message
si': state (IM i)
_om': option message
j: index
state_update IM (free_sub_free_state s) i si' j =
state_update sub_IM s (dexist i Hi) si'
  (free_sub_free_index j)
    unfold free_sub_free_index, sub_IM.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
i: index
Hi: sub_index_prop (enum index) i
li: label (sub_IM (dexist i Hi))
s: state SubX
om: option message
s': state SubX
om': option message
si': state (IM i)
_om': option message
j: index
state_update IM (free_sub_free_state s) i si' j =
state_update
  (SubProjectionTraces.sub_IM IM (enum index)) s
  (dexist i Hi) si'
  (dexist j (free_sub_free_index_obligation_1 j))
    by destruct (decide (i = j)); subst; state_update_simpl.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_projection_initial_state_preservation SubX X
  free_sub_free_state intros s Hi i; rapply Hi.
  -message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
sub_IM:= SubProjectionTraces.sub_IM IM (enum index): sub_index (enum index) → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
SubX:= composite_vlsm sub_IM
  (free_sub_free_constraint constraint): VLSM message
strong_embedding_initial_message_preservation SubX X by intros m [[i Hi] Him]; exists i.
Qed.

End sec_sub_composition_all.

Section sec_sub_composition_element.

Relating a sub-composition with one of its components

A component can be lifted to a free subcomposition

Context
  {message : Type}
  `{FinSet index Ci}
  (IM : index -> VLSM message)
  (indices : Ci)
  (j : index)
  (Hj : j ∈ elements indices)
  .

Definition sub_element_label (l : label (IM j))
  : composite_label (sub_IM IM (elements indices)) :=
  existT (dexist j Hj) l.

Definition sub_element_state (s : state (IM j)) sub_i
  : state (sub_IM IM (elements indices) sub_i) :=
  match (decide (` sub_i = j)) with
  | left e =>
    eq_rect_r (fun j : index => state (IM j)) s e
  | right _ => ` (vs0 (IM (` sub_i)))
  end.

Lemma sub_element_state_eq s H_j
  : sub_element_state s (dexist j H_j) = s.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
s: state (IM j)
H_j: sub_index_prop (elements indices) j
sub_element_state s (dexist j H_j) = s
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
s: state (IM j)
H_j: sub_index_prop (elements indices) j
sub_element_state s (dexist j H_j) = s
  unfold sub_element_state; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
s: state (IM j)
H_j: sub_index_prop (elements indices) j
match decide (j = j) with
| left e => eq_rect_r (λ j : index, state (IM j)) s e
| right _ => `(vs0 (IM j))
end = s
  by rewrite (decide_True_pi eq_refl).
Qed.

Lemma sub_element_state_neq s i Hi
  : i <> j -> sub_element_state s (dexist i Hi) = ` (vs0 (IM i)).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
s: state (IM j)
i: index
Hi: sub_index_prop (elements indices) i
i ≠ j
→ sub_element_state s (dexist i Hi) = `(vs0 (IM i))
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
s: state (IM j)
i: index
Hi: sub_index_prop (elements indices) i
i ≠ j
→ sub_element_state s (dexist i Hi) = `(vs0 (IM i))
  intros Hij.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
s: state (IM j)
i: index
Hi: sub_index_prop (elements indices) i
Hij: i ≠ j
sub_element_state s (dexist i Hi) = `(vs0 (IM i))
  unfold sub_element_state; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
s: state (IM j)
i: index
Hi: sub_index_prop (elements indices) i
Hij: i ≠ j
match decide (i = j) with
| left e => eq_rect_r (λ j : index, state (IM j)) s e
| right _ => `(vs0 (IM i))
end = `(vs0 (IM i))
  by case_decide; congruence.
Qed.

#[local] Hint Rewrite @sub_element_state_eq : state_update.
#[local] Hint Rewrite @sub_element_state_neq using done : state_update.

Lemma preloaded_sub_element_embedding
  (P Q : message -> Prop)
  (PimpliesQ : forall m, P m -> Q m)
  (PrePXj := preloaded_vlsm (IM j) P)
  (PreQSubFree := preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements indices))) Q)
  : VLSM_embedding PrePXj PreQSubFree sub_element_label sub_element_state.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
VLSM_embedding PrePXj PreQSubFree sub_element_label
  sub_element_state
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
VLSM_embedding PrePXj PreQSubFree sub_element_label
  sub_element_state
  apply basic_VLSM_embedding_preloaded_with; [done | ..].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
strong_embedding_valid_preservation (IM j)
  (free_composite_vlsm (sub_IM IM (elements indices)))
  sub_element_label sub_element_state
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
strong_embedding_transition_preservation 
  (IM j)
  (free_composite_vlsm (sub_IM IM (elements indices)))
  sub_element_label sub_element_state
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
strong_projection_initial_state_preservation 
  (IM j)
  (free_composite_vlsm (sub_IM IM (elements indices)))
  sub_element_state
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
strong_embedding_initial_message_preservation 
  (IM j)
  (free_composite_vlsm (sub_IM IM (elements indices)))
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
strong_embedding_valid_preservation (IM j)
  (free_composite_vlsm (sub_IM IM (elements indices)))
  sub_element_label sub_element_state intros l s om Hv; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
l: label (IM j)
s: state (IM j)
om: option message
Hv: valid l (s, om)
valid l (sub_element_state s (dexist j Hj), om)
    by rewrite sub_element_state_eq.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
strong_embedding_transition_preservation (IM j)
  (free_composite_vlsm (sub_IM IM (elements indices)))
  sub_element_label sub_element_state intros l s om s' om'; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
transition l (s, om) = (s', om')
→ (let (si', om') :=
     transition l
       (sub_element_state s (dexist j Hj), om) in
   (state_update (sub_IM IM (elements indices))
      (sub_element_state s) (dexist j Hj) si', om')) =
  (sub_element_state s', om')
    rewrite sub_element_state_eq.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
transition l (s, om) = (s', om')
→ (let (si', om') := transition l (s, om) in
   (state_update (sub_IM IM (elements indices))
      (sub_element_state s) (dexist j Hj) si', om')) =
  (sub_element_state s', om')
    intro Ht; replace (transition _ _ _) with (s', om'); f_equal.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
Ht: transition l (s, om) = (s', om')
state_update (sub_IM IM (elements indices))
  (sub_element_state s) (dexist j Hj) s' =
sub_element_state s'
    extensionality sub_i.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
Ht: transition l (s, om) = (s', om')
sub_i: sub_index (elements indices)
state_update (sub_IM IM (elements indices))
  (sub_element_state s) (dexist j Hj) s' sub_i =
sub_element_state s' sub_i
    destruct_dec_sig sub_i i Hi Heqsub_i; subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
l: label (IM j)
s: state (IM j)
om: option message
s': state (IM j)
om': option message
Ht: transition l (s, om) = (s', om')
i: index
Hi: sub_index_prop (elements indices) i
state_update (sub_IM IM (elements indices))
  (sub_element_state s) (dexist j Hj) s' (dexist i Hi) =
sub_element_state s' (dexist i Hi)
    by destruct (decide (i = j)); subst; state_update_simpl.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
strong_projection_initial_state_preservation (IM j)
  (free_composite_vlsm (sub_IM IM (elements indices)))
  sub_element_state intros sj Hsj sub_i.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
sj: state (IM j)
Hsj: initial_state_prop sj
sub_i: sub_index (elements indices)
initial_state_prop (sub_element_state sj sub_i)
    destruct_dec_sig sub_i i Hi Heqsub_i; subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
sj: state (IM j)
Hsj: initial_state_prop sj
i: index
Hi: sub_index_prop (elements indices) i
initial_state_prop
  (sub_element_state sj (dexist i Hi))
    destruct (decide (i = j)); subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
sj: state (IM j)
Hsj: initial_state_prop sj
Hi: sub_index_prop (elements indices) j
initial_state_prop
  (sub_element_state sj (dexist j Hi))
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
sj: state (IM j)
Hsj: initial_state_prop sj
i: index
Hi: sub_index_prop (elements indices) i
n: i ≠ j
initial_state_prop
  (sub_element_state sj (dexist i Hi))
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
sj: state (IM j)
Hsj: initial_state_prop sj
Hi: sub_index_prop (elements indices) j
initial_state_prop
  (sub_element_state sj (dexist j Hi)) by rewrite sub_element_state_eq.
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
sj: state (IM j)
Hsj: initial_state_prop sj
i: index
Hi: sub_index_prop (elements indices) i
n: i ≠ j
initial_state_prop
  (sub_element_state sj (dexist i Hi)) by rewrite sub_element_state_neq; destruct (vs0 (IM i)).
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
strong_embedding_initial_message_preservation (IM j)
  (free_composite_vlsm (sub_IM IM (elements indices))) intros m Hm.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
PrePXj:= preloaded_vlsm (IM j) P: VLSM message
PreQSubFree:= preloaded_vlsm
  (free_composite_vlsm
     (sub_IM IM (elements indices))) Q: VLSM message
m: message
Hm: initial_message_prop m
initial_message_prop m
    by exists (dexist j Hj), (exist _ m Hm).
Qed.

Lemma sub_valid_preloaded_lifts_can_be_emitted
  (P Q : message -> Prop)
  (HPvalid : forall dm, P dm ->
    valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements indices))) Q) dm)
  : forall m, can_emit (preloaded_vlsm (IM j) P) m ->
    can_emit (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements indices))) Q) m.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices)))
         Q) dm
∀ m : message,
  can_emit (preloaded_vlsm (IM j) P) m
  → can_emit
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices))) Q) m
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices)))
         Q) dm
∀ m : message,
  can_emit (preloaded_vlsm (IM j) P) m
  → can_emit
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices))) Q) m
  intros m Hm.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices)))
         Q) dm
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
can_emit
  (preloaded_vlsm
     (free_composite_vlsm
        (sub_IM IM (elements indices))) Q) m
  eapply VLSM_incl_can_emit.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices)))
         Q) dm
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
VLSM_incl_part ?MX
  (preloaded_vlsm_machine
     (free_composite_vlsm
        (sub_IM IM (elements indices))) Q)
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices)))
         Q) dm
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
can_emit
  {|
    vlsm_type :=
      free_composite_vlsm
        (sub_IM IM (elements indices));
    vlsm_machine := ?MX
  |} m
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices)))
         Q) dm
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
VLSM_incl_part ?MX
  (preloaded_vlsm_machine
     (free_composite_vlsm
        (sub_IM IM (elements indices))) Q) apply (preloaded_vlsm_incl_relaxed _ (fun m => Q m \/ P m)).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices)))
         Q) dm
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
∀ m : message,
  Q m ∨ P m
  → Q m
    ∨ valid_message_prop
        (preloaded_vlsm
           (free_composite_vlsm
              (sub_IM IM (elements indices))) Q) m
    by itauto.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices)))
         Q) dm
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
can_emit
  {|
    vlsm_type :=
      free_composite_vlsm
        (sub_IM IM (elements indices));
    vlsm_machine :=
      preloaded_vlsm
        (free_composite_vlsm
           (sub_IM IM (elements indices)))
        (λ m : message, Q m ∨ P m)
  |} m eapply VLSM_embedding_can_emit; [| done].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices)))
         Q) dm
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
VLSM_embedding (preloaded_vlsm (IM j) P)
  {|
    vlsm_type :=
      free_composite_vlsm
        (sub_IM IM (elements indices));
    vlsm_machine :=
      preloaded_vlsm
        (free_composite_vlsm
           (sub_IM IM (elements indices)))
        (λ m : message, Q m ∨ P m)
  |} ?label_project ?state_project
    apply preloaded_sub_element_embedding.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
P, Q: message → Prop
HPvalid: ∀ dm : message,
  P dm
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements indices)))
         Q) dm
m: message
Hm: can_emit (preloaded_vlsm (IM j) P) m
∀ m : message, P m → Q m ∨ P m
    by itauto.
Qed.

A subcomposition can be projected to one component

In the following we define the projection_induced_validator to a single component of the pre_induced_sub_projection of a constrained composition so a subset of its components.

Note that, in general, this is not trace-equivalent with the directly obtained projection_induced_validator of the constrained composition to the corresponding component, as the intermediate induced projection might generate more input_valid_transitions to be considered as a basis for the next projection.

Definition sub_label_element_project
  (l : composite_label (sub_IM IM (elements indices)))
  : option (label (IM j)) :=
  match decide (j = ` (projT1 l)) with
  | left e => Some (eq_rect_r (fun j => label (IM j)) (projT2 l) e)
  | right _ => None
  end.

Definition sub_state_element_project
  (s : composite_state (sub_IM IM (elements indices)))
  : state (IM j) := s (dexist j Hj).

Lemma sub_transition_element_project_None
  : forall lX, sub_label_element_project lX = None ->
    forall s om s' om', composite_transition (sub_IM IM (elements indices)) lX (s, om) = (s', om') ->
    sub_state_element_project s' = sub_state_element_project s.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
∀ lX : composite_label (sub_IM IM (elements indices)),
  sub_label_element_project lX = None
  → ∀ (s : composite_state
             (sub_IM IM (elements indices))) (om : 
                                              option
                                                message) 
      (s' : composite_state
              (sub_IM IM (elements indices))) (om' : 
                                               option
                                                 message),
      composite_transition
        (sub_IM IM (elements indices)) lX (s, om) =
      (s', om')
      → sub_state_element_project s' =
        sub_state_element_project s
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
∀ lX : composite_label (sub_IM IM (elements indices)),
  sub_label_element_project lX = None
  → ∀ (s : composite_state
             (sub_IM IM (elements indices))) (om : 
                                              option
                                                message) 
      (s' : composite_state
              (sub_IM IM (elements indices))) (om' : 
                                               option
                                                 message),
      composite_transition
        (sub_IM IM (elements indices)) lX (s, om) =
      (s', om')
      → sub_state_element_project s' =
        sub_state_element_project s
  intros (sub_i, li) HlX s om s' om' HtX.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
sub_i: sub_index (elements indices)
li: label (sub_IM IM (elements indices) sub_i)
HlX: sub_label_element_project (existT sub_i li) =
None
s: composite_state (sub_IM IM (elements indices))
om: option message
s': composite_state (sub_IM IM (elements indices))
om': option message
HtX: composite_transition
  (sub_IM IM (elements indices))
  (existT sub_i li) (s, om) = (
s', om')
sub_state_element_project s' =
sub_state_element_project s
  destruct_dec_sig sub_i i Hi Heqsub_i; subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
i: index
Hi: sub_index_prop (elements indices) i
li: label
  (sub_IM IM (elements indices) (dexist i Hi))
HlX: sub_label_element_project
  (existT (dexist i Hi) li) = None
s: composite_state (sub_IM IM (elements indices))
om: option message
s': composite_state (sub_IM IM (elements indices))
om': option message
HtX: composite_transition
  (sub_IM IM (elements indices))
  (existT (dexist i Hi) li) (
  s, om) = (s', om')
sub_state_element_project s' =
sub_state_element_project s
  unfold sub_label_element_project in HlX; cbn in HlX, HtX.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
i: index
Hi: sub_index_prop (elements indices) i
li: label
  (sub_IM IM (elements indices) (dexist i Hi))
HlX: match decide (j = i) with
| left e =>
    Some
      (eq_rect_r (λ j : index, label (IM j)) li
         e)
| right _ => None
end = None
s: composite_state (sub_IM IM (elements indices))
om: option message
s': composite_state (sub_IM IM (elements indices))
om': option message
HtX: (let (si', om') :=
   transition li (s (dexist i Hi), om) in
 (state_update (sub_IM IM (elements indices)) s
    (dexist i Hi) si', om')) = (
s', om')
sub_state_element_project s' =
sub_state_element_project s
  case_decide as Hij; [by congruence |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
i: index
Hi: sub_index_prop (elements indices) i
li: label
  (sub_IM IM (elements indices) (dexist i Hi))
Hij: j ≠ i
HlX: None = None
s: composite_state (sub_IM IM (elements indices))
om: option message
s': composite_state (sub_IM IM (elements indices))
om': option message
HtX: (let (si', om') :=
   transition li (s (dexist i Hi), om) in
 (state_update (sub_IM IM (elements indices)) s
    (dexist i Hi) si', om')) = (
s', om')
sub_state_element_project s' =
sub_state_element_project s
  destruct (transition _ _ _) as (si', _om').message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
i: index
Hi: sub_index_prop (elements indices) i
li: label
  (sub_IM IM (elements indices) (dexist i Hi))
Hij: j ≠ i
HlX: None = None
s: composite_state (sub_IM IM (elements indices))
om: option message
s': composite_state (sub_IM IM (elements indices))
om': option message
si': state
  (sub_IM IM (elements indices) (dexist i Hi))
_om': option message
HtX: (state_update (sub_IM IM (elements indices)) s
   (dexist i Hi) si', _om') = (
s', om')
sub_state_element_project s' =
sub_state_element_project s
  inversion_clear HtX.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
i: index
Hi: sub_index_prop (elements indices) i
li: label
  (sub_IM IM (elements indices) (dexist i Hi))
Hij: j ≠ i
HlX: None = None
s: composite_state (sub_IM IM (elements indices))
om: option message
s': composite_state (sub_IM IM (elements indices))
om': option message
si': state
  (sub_IM IM (elements indices) (dexist i Hi))
_om': option message
sub_state_element_project
  (state_update (sub_IM IM (elements indices)) s
     (dexist i Hi) si') = sub_state_element_project s
  unfold sub_state_element_project.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
i: index
Hi: sub_index_prop (elements indices) i
li: label
  (sub_IM IM (elements indices) (dexist i Hi))
Hij: j ≠ i
HlX: None = None
s: composite_state (sub_IM IM (elements indices))
om: option message
s': composite_state (sub_IM IM (elements indices))
om': option message
si': state
  (sub_IM IM (elements indices) (dexist i Hi))
_om': option message
state_update (sub_IM IM (elements indices)) s
  (dexist i Hi) si' (dexist j Hj) = s (dexist j Hj)
  by state_update_simpl.
Qed.

Lemma sub_element_label_project
  : forall lY, sub_label_element_project (sub_element_label lY) = Some lY.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
∀ lY : label (IM j),
  sub_label_element_project (sub_element_label lY) =
  Some lY
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
∀ lY : label (IM j),
  sub_label_element_project (sub_element_label lY) =
  Some lY
  intros lY.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
lY: label (IM j)
sub_label_element_project (sub_element_label lY) =
Some lY
  unfold sub_element_label, sub_label_element_project; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
lY: label (IM j)
match decide (j = j) with
| left e =>
    Some (eq_rect_r (λ j : index, label (IM j)) lY e)
| right _ => None
end = Some lY
  by rewrite (decide_True_pi eq_refl).
Qed.

Lemma sub_element_state_project
  : forall sY, sub_state_element_project (sub_element_state sY) = sY.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
∀ sY : state (IM j),
  sub_state_element_project (sub_element_state sY) =
  sY
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
∀ sY : state (IM j),
  sub_state_element_project (sub_element_state sY) =
  sY
  intros sY.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
sY: state (IM j)
sub_state_element_project (sub_element_state sY) = sY
  unfold sub_element_state, sub_state_element_project; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
sY: state (IM j)
match decide (j = j) with
| left e => eq_rect_r (λ j : index, state (IM j)) sY e
| right _ => `(vs0 (IM j))
end = sY
  by rewrite (decide_True_pi eq_refl).
Qed.

Lemma sub_transition_element_project_Some :
  forall lX1 lX2 lY,
    sub_label_element_project lX1 = Some lY ->
    sub_label_element_project lX2 = Some lY ->
  forall sX1 sX2,
    sub_state_element_project sX1 = sub_state_element_project sX2 ->
  forall iom sX1' oom1,
    composite_transition (sub_IM IM (elements indices)) lX1 (sX1, iom) = (sX1', oom1) ->
  forall sX2' oom2,
    composite_transition (sub_IM IM (elements indices)) lX2 (sX2, iom) = (sX2', oom2) ->
      sub_state_element_project sX1' = sub_state_element_project sX2' /\ oom1 = oom2.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
∀ (lX1
   lX2 : composite_label
           (sub_IM IM (elements indices))) (lY : label
                                                 (IM j)),
  sub_label_element_project lX1 = Some lY
  → sub_label_element_project lX2 = Some lY
    → ∀ sX1
         sX2 : composite_state
                 (sub_IM IM (elements indices)),
        sub_state_element_project sX1 =
        sub_state_element_project sX2
        → ∀ (iom : option message) (sX1' : composite_state
                                             (sub_IM
                                                IM
                                                (elements
                                                 indices))) 
            (oom1 : option message),
            composite_transition
              (sub_IM IM (elements indices)) lX1
              (sX1, iom) = (sX1', oom1)
            → ∀ (sX2' : composite_state
                          (sub_IM IM
                             (elements indices))) 
                (oom2 : option message),
                composite_transition
                  (sub_IM IM (elements indices)) lX2
                  (sX2, iom) = (sX2', oom2)
                → sub_state_element_project sX1' =
                  sub_state_element_project sX2'
                  ∧ oom1 = oom2
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
∀ (lX1
   lX2 : composite_label
           (sub_IM IM (elements indices))) (lY : label
                                                 (IM j)),
  sub_label_element_project lX1 = Some lY
  → sub_label_element_project lX2 = Some lY
    → ∀ sX1
         sX2 : composite_state
                 (sub_IM IM (elements indices)),
        sub_state_element_project sX1 =
        sub_state_element_project sX2
        → ∀ (iom : option message) (sX1' : composite_state
                                             (sub_IM
                                                IM
                                                (elements
                                                 indices))) 
            (oom1 : option message),
            composite_transition
              (sub_IM IM (elements indices)) lX1
              (sX1, iom) = (sX1', oom1)
            → ∀ (sX2' : composite_state
                          (sub_IM IM
                             (elements indices))) 
                (oom2 : option message),
                composite_transition
                  (sub_IM IM (elements indices)) lX2
                  (sX2, iom) = (sX2', oom2)
                → sub_state_element_project sX1' =
                  sub_state_element_project sX2'
                  ∧ oom1 = oom2
  intros [sub_j1 lj1] [sub_j2 lj2] lj.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
sub_j1: sub_index (elements indices)
lj1: label (sub_IM IM (elements indices) sub_j1)
sub_j2: sub_index (elements indices)
lj2: label (sub_IM IM (elements indices) sub_j2)
lj: label (IM j)
sub_label_element_project (existT sub_j1 lj1) =
Some lj
→ sub_label_element_project (existT sub_j2 lj2) =
  Some lj
  → ∀ sX1
       sX2 : composite_state
               (sub_IM IM (elements indices)),
      sub_state_element_project sX1 =
      sub_state_element_project sX2
      → ∀ (iom : option message) (sX1' : composite_state
                                           (sub_IM IM
                                              (elements
                                                 indices))) 
          (oom1 : option message),
          composite_transition
            (sub_IM IM (elements indices))
            (existT sub_j1 lj1) (sX1, iom) =
          (sX1', oom1)
          → ∀ (sX2' : composite_state
                        (sub_IM IM (elements indices))) 
              (oom2 : option message),
              composite_transition
                (sub_IM IM (elements indices))
                (existT sub_j2 lj2) (sX2, iom) =
              (sX2', oom2)
              → sub_state_element_project sX1' =
                sub_state_element_project sX2'
                ∧ oom1 = oom2
  destruct_dec_sig sub_j1 j1 Hj1 Heqsub_j1;
  destruct_dec_sig sub_j2 j2 Hj2 Heqsub_j2; subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
j1: index
Hj1: sub_index_prop (elements indices) j1
lj1: label
  (sub_IM IM (elements indices) (dexist j1 Hj1))
j2: index
Hj2: sub_index_prop (elements indices) j2
lj2: label
  (sub_IM IM (elements indices) (dexist j2 Hj2))
lj: label (IM j)
sub_label_element_project (existT (dexist j1 Hj1) lj1) =
Some lj
→ sub_label_element_project
    (existT (dexist j2 Hj2) lj2) = Some lj
  → ∀ sX1
       sX2 : composite_state
               (sub_IM IM (elements indices)),
      sub_state_element_project sX1 =
      sub_state_element_project sX2
      → ∀ (iom : option message) (sX1' : composite_state
                                           (sub_IM IM
                                              (elements
                                                 indices))) 
          (oom1 : option message),
          composite_transition
            (sub_IM IM (elements indices))
            (existT (dexist j1 Hj1) lj1) (sX1, iom) =
          (sX1', oom1)
          → ∀ (sX2' : composite_state
                        (sub_IM IM (elements indices))) 
              (oom2 : option message),
              composite_transition
                (sub_IM IM (elements indices))
                (existT (dexist j2 Hj2) lj2)
                (sX2, iom) = (sX2', oom2)
              → sub_state_element_project sX1' =
                sub_state_element_project sX2'
                ∧ oom1 = oom2
  unfold sub_label_element_project; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
j1: index
Hj1: sub_index_prop (elements indices) j1
lj1: label
  (sub_IM IM (elements indices) (dexist j1 Hj1))
j2: index
Hj2: sub_index_prop (elements indices) j2
lj2: label
  (sub_IM IM (elements indices) (dexist j2 Hj2))
lj: label (IM j)
match decide (j = j1) with
| left e =>
    Some (eq_rect_r (λ j : index, label (IM j)) lj1 e)
| right _ => None
end = Some lj
→ match decide (j = j2) with
  | left e =>
      Some
        (eq_rect_r (λ j : index, label (IM j)) lj2 e)
  | right _ => None
  end = Some lj
  → ∀ sX1
       sX2 : composite_state
               (sub_IM IM (elements indices)),
      sub_state_element_project sX1 =
      sub_state_element_project sX2
      → ∀ (iom : option message) (sX1' : composite_state
                                           (sub_IM IM
                                              (elements
                                                 indices))) 
          (oom1 : option message),
          (let (si', om') :=
             transition lj1 (sX1 (dexist j1 Hj1), iom) in
           (state_update
              (sub_IM IM (elements indices)) sX1
              (dexist j1 Hj1) si', om')) =
          (sX1', oom1)
          → ∀ (sX2' : composite_state
                        (sub_IM IM (elements indices))) 
              (oom2 : option message),
              (let (si', om') :=
                 transition lj2
                   (sX2 (dexist j2 Hj2), iom) in
               (state_update
                  (sub_IM IM (elements indices)) sX2
                  (dexist j2 Hj2) si', om')) =
              (sX2', oom2)
              → sub_state_element_project sX1' =
                sub_state_element_project sX2'
                ∧ oom1 = oom2
  do 2 (case_decide; inversion 1); subst; cbn in *; subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
Hj1: sub_index_prop (elements indices) j
lj1: label
  (sub_IM IM (elements indices) (dexist j Hj1))
Hj2: sub_index_prop (elements indices) j
H8, H11: Some lj1 = Some lj1
∀ sX1
   sX2 : composite_state
           (sub_IM IM (elements indices)),
  sub_state_element_project sX1 =
  sub_state_element_project sX2
  → ∀ (iom : option message) (sX1' : composite_state
                                       (sub_IM IM
                                          (elements
                                             indices))) 
      (oom1 : option message),
      (let (si', om') :=
         transition lj1 (sX1 (dexist j Hj1), iom) in
       (state_update (sub_IM IM (elements indices))
          sX1 (dexist j Hj1) si', om')) = (sX1', oom1)
      → ∀ (sX2' : composite_state
                    (sub_IM IM (elements indices))) 
          (oom2 : option message),
          (let (si', om') :=
             transition lj1 (sX2 (dexist j Hj2), iom) in
           (state_update
              (sub_IM IM (elements indices)) sX2
              (dexist j Hj2) si', om')) = (sX2', oom2)
          → sub_state_element_project sX1' =
            sub_state_element_project sX2'
            ∧ oom1 = oom2
  unfold sub_state_element_project.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
Hj1: sub_index_prop (elements indices) j
lj1: label
  (sub_IM IM (elements indices) (dexist j Hj1))
Hj2: sub_index_prop (elements indices) j
H8, H11: Some lj1 = Some lj1
∀ sX1
   sX2 : composite_state
           (sub_IM IM (elements indices)),
  sX1 (dexist j Hj) = sX2 (dexist j Hj)
  → ∀ (iom : option message) (sX1' : composite_state
                                       (sub_IM IM
                                          (elements
                                             indices))) 
      (oom1 : option message),
      (let (si', om') :=
         transition lj1 (sX1 (dexist j Hj1), iom) in
       (state_update (sub_IM IM (elements indices))
          sX1 (dexist j Hj1) si', om')) = (sX1', oom1)
      → ∀ (sX2' : composite_state
                    (sub_IM IM (elements indices))) 
          (oom2 : option message),
          (let (si', om') :=
             transition lj1 (sX2 (dexist j Hj2), iom) in
           (state_update
              (sub_IM IM (elements indices)) sX2
              (dexist j Hj2) si', om')) = (sX2', oom2)
          → sX1' (dexist j Hj) = sX2' (dexist j Hj)
            ∧ oom1 = oom2
  intros sX1 sX2 Hsjeq iom.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
Hj1: sub_index_prop (elements indices) j
lj1: label
  (sub_IM IM (elements indices) (dexist j Hj1))
Hj2: sub_index_prop (elements indices) j
H8, H11: Some lj1 = Some lj1
sX1, sX2: composite_state (sub_IM IM (elements indices))
Hsjeq: sX1 (dexist j Hj) = sX2 (dexist j Hj)
iom: option message
∀ (sX1' : composite_state
            (sub_IM IM (elements indices))) (oom1 : 
                                             option
                                               message),
  (let (si', om') :=
     transition lj1 (sX1 (dexist j Hj1), iom) in
   (state_update (sub_IM IM (elements indices)) sX1
      (dexist j Hj1) si', om')) = (sX1', oom1)
  → ∀ (sX2' : composite_state
                (sub_IM IM (elements indices))) (oom2 : 
                                                 option
                                                 message),
      (let (si', om') :=
         transition lj1 (sX2 (dexist j Hj2), iom) in
       (state_update (sub_IM IM (elements indices))
          sX2 (dexist j Hj2) si', om')) = (sX2', oom2)
      → sX1' (dexist j Hj) = sX2' (dexist j Hj)
        ∧ oom1 = oom2
  rewrite (sub_IM_state_pi sX1 Hj1 Hj), (sub_IM_state_pi sX2 Hj2 Hj), <- Hsjeq
  ; unfold sub_IM at 3 13; cbn
  ; destruct (transition _ _ _) as (si', om').message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
Hj1: sub_index_prop (elements indices) j
lj1: label
  (sub_IM IM (elements indices) (dexist j Hj1))
Hj2: sub_index_prop (elements indices) j
H8, H11: Some lj1 = Some lj1
sX1, sX2: composite_state (sub_IM IM (elements indices))
Hsjeq: sX1 (dexist j Hj) = sX2 (dexist j Hj)
iom: option message
si': state (IM j)
om': option message
∀ (sX1' : composite_state
            (sub_IM IM (elements indices))) (oom1 : 
                                             option
                                               message),
  (state_update (sub_IM IM (elements indices)) sX1
     (dexist j Hj1) si', om') = (sX1', oom1)
  → ∀ (sX2' : composite_state
                (sub_IM IM (elements indices))) (oom2 : 
                                                 option
                                                 message),
      (state_update (sub_IM IM (elements indices)) sX2
         (dexist j Hj2) si', om') = (sX2', oom2)
      → sX1' (dexist j Hj) = sX2' (dexist j Hj)
        ∧ oom1 = oom2
  do 2 inversion_clear 1.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
Hj1: sub_index_prop (elements indices) j
lj1: label
  (sub_IM IM (elements indices) (dexist j Hj1))
Hj2: sub_index_prop (elements indices) j
H8, H11: Some lj1 = Some lj1
sX1, sX2: composite_state (sub_IM IM (elements indices))
Hsjeq: sX1 (dexist j Hj) = sX2 (dexist j Hj)
iom: option message
si': state (IM j)
om': option message
sX1': composite_state (sub_IM IM (elements indices))
oom1: option message
sX2': composite_state (sub_IM IM (elements indices))
oom2: option message
state_update (sub_IM IM (elements indices)) sX1
  (dexist j Hj1) si' (dexist j Hj) =
state_update (sub_IM IM (elements indices)) sX2
  (dexist j Hj2) si' (dexist j Hj) ∧ oom2 = oom2
  by state_update_simpl.
Qed.

Definition induced_sub_element_projection constraint : VLSM message :=
  projection_induced_validator
    (pre_induced_sub_projection IM (elements indices) constraint) (IM j)
    sub_label_element_project sub_state_element_project
    sub_element_label sub_element_state.

Definition pre_induced_sub_element_projection constraint : VLSM message :=
  preloaded_with_all_messages_vlsm (induced_sub_element_projection constraint).

Lemma induced_sub_element_projection_is_projection constraint
  : VLSM_projection
    (pre_induced_sub_projection IM (elements indices) constraint)
    (pre_induced_sub_element_projection constraint)
    sub_label_element_project sub_state_element_project.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
VLSM_projection
  (pre_induced_sub_projection IM (elements indices)
     constraint)
  (pre_induced_sub_element_projection constraint)
  sub_label_element_project sub_state_element_project
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
VLSM_projection
  (pre_induced_sub_projection IM (elements indices)
     constraint)
  (pre_induced_sub_element_projection constraint)
  sub_label_element_project sub_state_element_project
  apply @projection_induced_validator_is_projection.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
induced_validator_label_lift_prop
  sub_label_element_project sub_element_label
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
induced_validator_state_lift_prop
  sub_state_element_project sub_element_state
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
induced_validator_transition_consistency_Some
  (pre_induced_sub_projection IM 
     (elements indices) constraint) 
  (IM j) sub_label_element_project
  sub_state_element_project
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
weak_projection_transition_consistency_None
  (pre_induced_sub_projection IM 
     (elements indices) constraint) 
  (IM j) sub_label_element_project
  sub_state_element_project
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
induced_validator_label_lift_prop
  sub_label_element_project sub_element_label by intro; apply sub_element_label_project.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
induced_validator_state_lift_prop
  sub_state_element_project sub_element_state by intro; apply sub_element_state_project.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
induced_validator_transition_consistency_Some
  (pre_induced_sub_projection IM (elements indices)
     constraint) (IM j) sub_label_element_project
  sub_state_element_project intros lX1 lX2 lY Hl1 Hl2 sX1 sX2 Hs iom sX1' oom1 Ht1 sX2' oom2 Ht2.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
lX1, lX2: label
  (pre_induced_sub_projection IM
     (elements indices) constraint)
lY: label (IM j)
Hl1: sub_label_element_project lX1 = Some lY
Hl2: sub_label_element_project lX2 = Some lY
sX1, sX2: state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
Hs: sub_state_element_project sX1 =
sub_state_element_project sX2
iom: option message
sX1': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
oom1: option message
Ht1: transition lX1 (sX1, iom) = (sX1', oom1)
sX2': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
sub_state_element_project sX1' =
sub_state_element_project sX2' ∧ oom1 = oom2
    eapply sub_transition_element_project_Some; [by apply Hl1 | by apply Hl2 | by apply Hs | ..].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
lX1, lX2: label
  (pre_induced_sub_projection IM
     (elements indices) constraint)
lY: label (IM j)
Hl1: sub_label_element_project lX1 = Some lY
Hl2: sub_label_element_project lX2 = Some lY
sX1, sX2: state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
Hs: sub_state_element_project sX1 =
sub_state_element_project sX2
iom: option message
sX1': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
oom1: option message
Ht1: transition lX1 (sX1, iom) = (sX1', oom1)
sX2': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_transition (sub_IM IM (elements indices))
  lX1 (sX1, ?iom) = (sX1', oom1)
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
lX1, lX2: label
  (pre_induced_sub_projection IM
     (elements indices) constraint)
lY: label (IM j)
Hl1: sub_label_element_project lX1 = Some lY
Hl2: sub_label_element_project lX2 = Some lY
sX1, sX2: state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
Hs: sub_state_element_project sX1 =
sub_state_element_project sX2
iom: option message
sX1': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
oom1: option message
Ht1: transition lX1 (sX1, iom) = (sX1', oom1)
sX2': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_transition (sub_IM IM (elements indices))
  lX2 (sX2, ?iom) = (sX2', oom2)
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
lX1, lX2: label
  (pre_induced_sub_projection IM
     (elements indices) constraint)
lY: label (IM j)
Hl1: sub_label_element_project lX1 = Some lY
Hl2: sub_label_element_project lX2 = Some lY
sX1, sX2: state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
Hs: sub_state_element_project sX1 =
sub_state_element_project sX2
iom: option message
sX1': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
oom1: option message
Ht1: transition lX1 (sX1, iom) = (sX1', oom1)
sX2': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_transition (sub_IM IM (elements indices))
  lX1 (sX1, ?iom) = (sX1', oom1) by rewrite induced_sub_projection_transition_is_composite in Ht1.
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
lX1, lX2: label
  (pre_induced_sub_projection IM
     (elements indices) constraint)
lY: label (IM j)
Hl1: sub_label_element_project lX1 = Some lY
Hl2: sub_label_element_project lX2 = Some lY
sX1, sX2: state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
Hs: sub_state_element_project sX1 =
sub_state_element_project sX2
iom: option message
sX1': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
oom1: option message
Ht1: transition lX1 (sX1, iom) = (sX1', oom1)
sX2': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
oom2: option message
Ht2: transition lX2 (sX2, iom) = (sX2', oom2)
composite_transition (sub_IM IM (elements indices))
  lX2 (sX2, iom) = (sX2', oom2) by rewrite induced_sub_projection_transition_is_composite in Ht2.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
weak_projection_transition_consistency_None
  (pre_induced_sub_projection IM (elements indices)
     constraint) (IM j) sub_label_element_project
  sub_state_element_project intros lX HlX s om s' om' [_ Ht].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
lX: label
  (pre_induced_sub_projection IM
     (elements indices) constraint)
HlX: sub_label_element_project lX = None
s: state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
om: option message
s': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
om': option message
Ht: transition lX (s, om) = (s', om')
sub_state_element_project s' =
sub_state_element_project s
    apply sub_transition_element_project_None with lX om om'; [done |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
IM: index → VLSM message
indices: Ci
j: index
Hj: j ∈ elements indices
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
lX: label
  (pre_induced_sub_projection IM
     (elements indices) constraint)
HlX: sub_label_element_project lX = None
s: state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
om: option message
s': state
  (pre_induced_sub_projection IM
     (elements indices) constraint)
om': option message
Ht: transition lX (s, om) = (s', om')
composite_transition (sub_IM IM (elements indices)) lX
  (s, om) = (s', om')
    by setoid_rewrite <- (induced_sub_projection_transition_is_composite _ _ constraint).
Qed.

End sec_sub_composition_element.

#[export] Hint Rewrite @sub_element_state_eq : state_update.
#[export] Hint Rewrite @sub_element_state_neq using done : state_update.

Section sec_sub_composition_preloaded_lift.

Context
  {message : Type}
  `{EqDecision index}
  (IM : index -> VLSM message)
  indices
  (Free := free_composite_vlsm IM)
  (PreFree := preloaded_with_all_messages_vlsm Free)
  (SubFree := free_composite_vlsm (sub_IM IM indices))
  (PreSubFree := preloaded_with_all_messages_vlsm SubFree)
  .

Lemma lift_sub_free_preloaded_with_embedding
  (seed : message -> Prop)
  : VLSM_embedding (preloaded_vlsm SubFree seed) (preloaded_vlsm Free seed)
    (lift_sub_label IM indices) (lift_sub_state IM indices).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
seed: message → Prop
VLSM_embedding (preloaded_vlsm SubFree seed)
  (preloaded_vlsm Free seed)
  (lift_sub_label IM indices)
  (lift_sub_state IM indices)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
seed: message → Prop
VLSM_embedding (preloaded_vlsm SubFree seed)
  (preloaded_vlsm Free seed)
  (lift_sub_label IM indices)
  (lift_sub_state IM indices)
  apply (basic_VLSM_embedding_preloaded_with SubFree Free seed seed); intro; intros; [done | ..].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
seed: message → Prop
l: label SubFree
s: state SubFree
om: option message
H: valid l (s, om)
valid (lift_sub_label IM indices l)
  (lift_sub_state IM indices s, om)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
seed: message → Prop
l: label SubFree
s: state SubFree
om: option message
s': state SubFree
om': option message
H: transition l (s, om) = (s', om')
transition (lift_sub_label IM indices l)
  (lift_sub_state IM indices s, om) =
(lift_sub_state IM indices s', om')
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
seed: message → Prop
s: state SubFree
H: initial_state_prop s
initial_state_prop (lift_sub_state IM indices s)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
seed: message → Prop
m: message
H: initial_message_prop m
initial_message_prop m
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
seed: message → Prop
l: label SubFree
s: state SubFree
om: option message
H: valid l (s, om)
valid (lift_sub_label IM indices l)
  (lift_sub_state IM indices s, om) by cbn; apply lift_sub_valid, H.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
seed: message → Prop
l: label SubFree
s: state SubFree
om: option message
s': state SubFree
om': option message
H: transition l (s, om) = (s', om')
transition (lift_sub_label IM indices l)
  (lift_sub_state IM indices s, om) =
(lift_sub_state IM indices s', om') by rapply lift_sub_transition.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
seed: message → Prop
s: state SubFree
H: initial_state_prop s
initial_state_prop (lift_sub_state IM indices s) by apply (lift_sub_state_initial IM).
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
seed: message → Prop
m: message
H: initial_message_prop m
initial_message_prop m by apply (lift_sub_message_initial IM indices).
Qed.

Lemma lift_sub_free_embedding
  : VLSM_embedding SubFree Free
    (lift_sub_label IM indices) (lift_sub_state IM indices).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
VLSM_embedding SubFree Free
  (lift_sub_label IM indices)
  (lift_sub_state IM indices)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
VLSM_embedding SubFree Free
  (lift_sub_label IM indices)
  (lift_sub_state IM indices)
  constructor.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
∀ (sX : state SubFree) (trX : list transition_item),
  finite_valid_trace SubFree sX trX
  → finite_valid_trace Free
      (lift_sub_state IM indices sX)
      (pre_VLSM_embedding_finite_trace_project SubFree
         Free (lift_sub_label IM indices)
         (lift_sub_state IM indices) trX)
  intros sX trX HtrX.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
sX: state SubFree
trX: list transition_item
HtrX: finite_valid_trace SubFree sX trX
finite_valid_trace Free (lift_sub_state IM indices sX)
  (pre_VLSM_embedding_finite_trace_project SubFree
     Free (lift_sub_label IM indices)
     (lift_sub_state IM indices) trX)
  by apply (VLSM_eq_finite_valid_trace (vlsm_is_preloaded_with_False Free)),
    (VLSM_embedding_finite_valid_trace (lift_sub_free_preloaded_with_embedding _)),
    (VLSM_eq_finite_valid_trace (vlsm_is_preloaded_with_False SubFree)).
Qed.

Lemma lift_sub_preloaded_free_embedding
  : VLSM_embedding PreSubFree PreFree
    (lift_sub_label IM indices) (lift_sub_state IM indices).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
VLSM_embedding PreSubFree PreFree
  (lift_sub_label IM indices)
  (lift_sub_state IM indices)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
VLSM_embedding PreSubFree PreFree
  (lift_sub_label IM indices)
  (lift_sub_state IM indices)
  constructor.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
∀ (sX : state PreSubFree) (trX : list transition_item),
  finite_valid_trace PreSubFree sX trX
  → finite_valid_trace PreFree
      (lift_sub_state IM indices sX)
      (pre_VLSM_embedding_finite_trace_project
         PreSubFree PreFree
         (lift_sub_label IM indices)
         (lift_sub_state IM indices) trX)
  intros sX trX HtrX.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
sX: state PreSubFree
trX: list transition_item
HtrX: finite_valid_trace PreSubFree sX trX
finite_valid_trace PreFree
  (lift_sub_state IM indices sX)
  (pre_VLSM_embedding_finite_trace_project PreSubFree
     PreFree (lift_sub_label IM indices)
     (lift_sub_state IM indices) trX)
  by apply (VLSM_embedding_finite_valid_trace (lift_sub_free_preloaded_with_embedding _)).
Qed.

Deriving reachable-validity for the component from the input validity w.r.t. a sub_composition preloaded with messages.

Lemma preloaded_sub_composite_input_valid_projection constraint Q
  i Hi li sub_s im
  : input_valid
      (preloaded_vlsm (composite_vlsm (sub_IM IM indices) constraint) Q)
      (existT (dexist i Hi) li) (sub_s, Some im) ->
    input_constrained (IM i) li (lift_sub_state IM indices sub_s i, Some im).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
constraint: composite_label (sub_IM IM indices)
→ composite_state (sub_IM IM indices) *
  option message → Prop
Q: message → Prop
i: index
Hi: sub_index_prop indices i
li: (λ n : sub_index indices,
   label (sub_IM IM indices n)) 
  (dexist i Hi)
sub_s: state
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices)
        constraint) Q)
im: message
input_valid
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices) constraint) Q)
  (existT (dexist i Hi) li) (sub_s, Some im)
→ input_constrained (IM i) li
    (lift_sub_state IM indices sub_s i, Some im)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
constraint: composite_label (sub_IM IM indices)
→ composite_state (sub_IM IM indices) *
  option message → Prop
Q: message → Prop
i: index
Hi: sub_index_prop indices i
li: (λ n : sub_index indices,
   label (sub_IM IM indices n)) 
  (dexist i Hi)
sub_s: state
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices)
        constraint) Q)
im: message
input_valid
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices) constraint) Q)
  (existT (dexist i Hi) li) (sub_s, Some im)
→ input_constrained (IM i) li
    (lift_sub_state IM indices sub_s i, Some im)
  intro Ht_sub.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
constraint: composite_label (sub_IM IM indices)
→ composite_state (sub_IM IM indices) *
  option message → Prop
Q: message → Prop
i: index
Hi: sub_index_prop indices i
li: (λ n : sub_index indices,
   label (sub_IM IM indices n)) 
  (dexist i Hi)
sub_s: state
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices)
        constraint) Q)
im: message
Ht_sub: input_valid
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices)
        constraint) Q)
  (existT (dexist i Hi) li) (
  sub_s, Some im)
input_constrained (IM i) li
  (lift_sub_state IM indices sub_s i, Some im)
  eapply (VLSM_projection_input_valid (preloaded_component_projection IM i) (existT i li) li)
  ; [by rewrite composite_project_label_eq |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
constraint: composite_label (sub_IM IM indices)
→ composite_state (sub_IM IM indices) *
  option message → Prop
Q: message → Prop
i: index
Hi: sub_index_prop indices i
li: (λ n : sub_index indices,
   label (sub_IM IM indices n)) 
  (dexist i Hi)
sub_s: state
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices)
        constraint) Q)
im: message
Ht_sub: input_valid
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices)
        constraint) Q)
  (existT (dexist i Hi) li) (
  sub_s, Some im)
input_valid
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) (existT i li)
  (lift_sub_state IM indices sub_s, Some im)
  cut (input_constrained (free_composite_vlsm (sub_IM IM indices))
    (existT (dexist i Hi) li) (sub_s, Some im));
    [by apply (VLSM_embedding_input_valid lift_sub_preloaded_free_embedding) |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
constraint: composite_label (sub_IM IM indices)
→ composite_state (sub_IM IM indices) *
  option message → Prop
Q: message → Prop
i: index
Hi: sub_index_prop indices i
li: (λ n : sub_index indices,
   label (sub_IM IM indices n)) 
  (dexist i Hi)
sub_s: state
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices)
        constraint) Q)
im: message
Ht_sub: input_valid
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices)
        constraint) Q)
  (existT (dexist i Hi) li) (
  sub_s, Some im)
input_constrained
  (free_composite_vlsm (sub_IM IM indices))
  (existT (dexist i Hi) li) (sub_s, Some im)
  eapply VLSM_incl_input_valid; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
constraint: composite_label (sub_IM IM indices)
→ composite_state (sub_IM IM indices) *
  option message → Prop
Q: message → Prop
i: index
Hi: sub_index_prop indices i
li: (λ n : sub_index indices,
   label (sub_IM IM indices n)) 
  (dexist i Hi)
sub_s: state
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices)
        constraint) Q)
im: message
Ht_sub: input_valid
  (preloaded_vlsm
     (composite_vlsm (sub_IM IM indices)
        constraint) Q)
  (existT (dexist i Hi) li) (
  sub_s, Some im)
VLSM_incl_part
  (preloaded_vlsm_machine
     (composite_vlsm (sub_IM IM indices) constraint) Q)
  (preloaded_vlsm_machine
     (free_composite_vlsm (sub_IM IM indices))
     (λ _ : message, True))
  by apply constrained_preloaded_vlsm_incl_preloaded_with_all_messages.
Qed.

Lemma can_emit_sub_projection
  {validator : Type}
  (A : validator -> index)
  (sender : message -> option validator)
  (Hsender_safety : sender_safety_alt_prop IM A sender)
  (j : index)
  (m : message)
  (Hj : option_map A (sender m) = Some j)
  : can_emit PreSubFree m -> can_emit (preloaded_with_all_messages_vlsm (IM j)) m.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
j: index
m: message
Hj: option_map A (sender m) = Some j
can_emit PreSubFree m
→ can_emit (preloaded_with_all_messages_vlsm (IM j)) m
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
j: index
m: message
Hj: option_map A (sender m) = Some j
can_emit PreSubFree m
→ can_emit (preloaded_with_all_messages_vlsm (IM j)) m
  intro Hemit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
j: index
m: message
Hj: option_map A (sender m) = Some j
Hemit: can_emit PreSubFree m
can_emit (preloaded_with_all_messages_vlsm (IM j)) m
  apply can_emit_projection with validator A sender; [done | done |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
validator: Type
A: validator → index
sender: message → option validator
Hsender_safety: sender_safety_alt_prop IM A sender
j: index
m: message
Hj: option_map A (sender m) = Some j
Hemit: can_emit PreSubFree m
can_emit
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) m
  by apply (VLSM_embedding_can_emit lift_sub_preloaded_free_embedding).
Qed.

If a component can emit a message, it can also emit it in a subcomposition with other components, and starting with more preloaded messages.

Lemma can_emit_with_more
  (j : index)
  (m : message)
  (Hj : j ∈ indices)
  (P Q : message -> Prop)
  (PimpliesQ : forall m, P m -> Q m)
  : can_emit (preloaded_vlsm (IM j) P) m -> can_emit (preloaded_vlsm SubFree Q) m.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
j: index
m: message
Hj: j ∈ indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
can_emit (preloaded_vlsm (IM j) P) m
→ can_emit (preloaded_vlsm SubFree Q) m
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
j: index
m: message
Hj: j ∈ indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
can_emit (preloaded_vlsm (IM j) P) m
→ can_emit (preloaded_vlsm SubFree Q) m
  intro Hemit.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
j: index
m: message
Hj: j ∈ indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
Hemit: can_emit (preloaded_vlsm (IM j) P) m
can_emit (preloaded_vlsm SubFree Q) m
  specialize
    (lift_to_composite_generalized_preloaded_VLSM_embedding
      (sub_IM IM indices) _ _ PimpliesQ (dexist j Hj))
    as Hproj.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Free:= free_composite_vlsm IM: VLSM message
PreFree:= preloaded_with_all_messages_vlsm Free: VLSM message
SubFree:= free_composite_vlsm (sub_IM IM indices): VLSM message
PreSubFree:= preloaded_with_all_messages_vlsm SubFree: VLSM message
j: index
m: message
Hj: j ∈ indices
P, Q: message → Prop
PimpliesQ: ∀ m : message, P m → Q m
Hemit: can_emit (preloaded_vlsm (IM j) P) m
Hproj: VLSM_embedding
  (preloaded_vlsm
     (sub_IM IM indices (dexist j Hj)) P)
  (preloaded_vlsm
     (free_composite_vlsm (sub_IM IM indices))
     Q)
  (lift_to_composite_label 
     (sub_IM IM indices) 
     (dexist j Hj))
  (lift_to_composite_state'
     (sub_IM IM indices) 
     (dexist j Hj))
can_emit (preloaded_vlsm SubFree Q) m
  by apply (VLSM_embedding_can_emit Hproj).
Qed.

End sec_sub_composition_preloaded_lift.

Section sec_empty_sub_composition.

A subcomposition with no components

If taking the subset of indices used for the sub-composition to be the empty set of indices, the obtained sub-composition is an empty composition.

Context
  {message : Type}
  `{EqDecision index}
  (IM : index -> VLSM message)
  (indices : list index)
  (Hno_indices : indices = [])
  .

If a sub-composition can_emit a message then its sender must be one of the components of the sub-composition.

Lemma sub_no_indices_no_can_emit (P : message -> Prop) :
  forall m, ~ can_emit (preloaded_vlsm (free_composite_vlsm (sub_IM IM indices)) P) m.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Hno_indices: indices = []
P: message → Prop
∀ m : message,
  ¬ can_emit
      (preloaded_vlsm
         (free_composite_vlsm (sub_IM IM indices)) P)
      m
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Hno_indices: indices = []
P: message → Prop
∀ m : message,
  ¬ can_emit
      (preloaded_vlsm
         (free_composite_vlsm (sub_IM IM indices)) P)
      m
  apply preloaded_empty_free_composition_no_emit, elem_of_nil_inv.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
indices: list index
Hno_indices: indices = []
P: message → Prop
∀ x : sub_index indices, x ∉ enum (sub_index indices)
  by intro sub_i; destruct_dec_sig sub_i i Hi Heqsub_i; subst; inversion Hi.
Qed.

End sec_empty_sub_composition.

Section sec_update_IM.

Context
  {message : Type}
  `{FinSet index Ci}
  `{finite.Finite index}
  (IM : index -> VLSM message)
  (selection : Ci)
  .

Definition update_IM
  (replacement_IM : sub_index (elements selection) -> VLSM message)
  (i : index)
  : VLSM message :=
  match decide (i ∈ elements selection) with
  | left i_in => replacement_IM (@dexist _ (sub_index_prop (elements selection)) _ i i_in)
  | _ => IM i
  end.

(*
  TODO(bmmoore): use the definition above to provide an alternate definition
  for fixed-set equivocation model, similar to the one for byzantine traces.
*)

Context
  (replacement_IM : sub_index (elements selection) -> VLSM message)
  (selection_complement : Ci := list_to_set (enum index) ∖ selection)
  .

#[export] Instance update_IM_complement_Hbs
  `{forall i : index, HasBeenSentCapability (IM i)}
  : forall sub_i : sub_index (elements selection_complement),
    HasBeenSentCapability (sub_IM (update_IM replacement_IM) (elements selection_complement) sub_i).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
selection: Ci
replacement_IM: sub_index (elements selection)
→ VLSM message
selection_complement:= list_to_set (enum index)
∖ selection: Ci
H8: ∀ i : index, HasBeenSentCapability (IM i)
∀ sub_i : sub_index (elements selection_complement),
  HasBeenSentCapability
    (sub_IM (update_IM replacement_IM)
       (elements selection_complement) sub_i)
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
selection: Ci
replacement_IM: sub_index (elements selection)
→ VLSM message
selection_complement:= list_to_set (enum index)
∖ selection: Ci
H8: ∀ i : index, HasBeenSentCapability (IM i)
∀ sub_i : sub_index (elements selection_complement),
  HasBeenSentCapability
    (sub_IM (update_IM replacement_IM)
       (elements selection_complement) sub_i)
  intros sub_i.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
selection: Ci
replacement_IM: sub_index (elements selection)
→ VLSM message
selection_complement:= list_to_set (enum index)
∖ selection: Ci
H8: ∀ i : index, HasBeenSentCapability (IM i)
sub_i: sub_index (elements selection_complement)
HasBeenSentCapability
  (sub_IM (update_IM replacement_IM)
     (elements selection_complement) sub_i)
  unfold sub_IM, update_IM.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
selection: Ci
replacement_IM: sub_index (elements selection)
→ VLSM message
selection_complement:= list_to_set (enum index)
∖ selection: Ci
H8: ∀ i : index, HasBeenSentCapability (IM i)
sub_i: sub_index (elements selection_complement)
HasBeenSentCapability
  match decide (`sub_i ∈ elements selection) with
  | left i_in => replacement_IM (dexist (`sub_i) i_in)
  | right _ => IM (`sub_i)
  end
  case_decide as Hi; [| typeclasses eauto].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
selection: Ci
replacement_IM: sub_index (elements selection)
→ VLSM message
selection_complement:= list_to_set (enum index)
∖ selection: Ci
H8: ∀ i : index, HasBeenSentCapability (IM i)
sub_i: sub_index (elements selection_complement)
Hi: `sub_i ∈ elements selection
HasBeenSentCapability
  (replacement_IM (dexist (`sub_i) Hi))
  contradict Hi.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
selection: Ci
replacement_IM: sub_index (elements selection)
→ VLSM message
selection_complement:= list_to_set (enum index)
∖ selection: Ci
H8: ∀ i : index, HasBeenSentCapability (IM i)
sub_i: sub_index (elements selection_complement)
`sub_i ∉ elements selection
  destruct_dec_sig sub_i i Hi Heqsub_i; subst sub_i; simpl.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
selection: Ci
replacement_IM: sub_index (elements selection)
→ VLSM message
selection_complement:= list_to_set (enum index)
∖ selection: Ci
H8: ∀ i : index, HasBeenSentCapability (IM i)
i: index
Hi: sub_index_prop (elements selection_complement) i
i ∉ elements selection
  apply elem_of_elements, elem_of_difference in Hi as [_ Hi].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
selection: Ci
replacement_IM: sub_index (elements selection)
→ VLSM message
selection_complement:= list_to_set (enum index)
∖ selection: Ci
H8: ∀ i : index, HasBeenSentCapability (IM i)
i: index
Hi: i ∉ selection
i ∉ elements selection
  by rewrite elem_of_elements.
Qed.

End sec_update_IM.