From VLSM.Lib Require Import Itauto.[Loading ML file ring_plugin.cmxs (using legacy method) ... done]
[Loading ML file zify_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_plugin.cmxs (using legacy method) ... done]
[Loading ML file btauto_plugin.cmxs (using legacy method) ... done]
[Loading ML file coq-itauto.plugin ... done]
From stdpp Require Import prelude.
From VLSM.Core Require Import VLSM PreloadedVLSM VLSMProjections Composition.

Core: VLSM Projection Validators

Below, we fix VLSMs X and Y and some label_project and <state_project>> VLSM_projection mappings from X to Y.

The transition input validation property validates an input corresponding to a projection by ensuring that that input can be "lifted" to the original VLSM.

Section sec_input_validation_definitions.

Context
  `{X : VLSM message}
  {TY : VLSMType message}
  (label_project : label X -> option (label TY))
  (state_project : state X -> state TY)
  .

Record InputValidation
  (lY : label TY)
  (sY : state TY)
  (om : option message)
  (lX : label X)
  (sX : state X)
  : Prop :=
{
  tiv_label_project : label_project lX = Some lY;
  tiv_state_project : state_project sX = sY;
  lifted_transition_input_valid : input_valid X lX (sX, om);
}.

Record TransitionValidation
  (lY : label TY)
  (sY : state TY)
  (om : option message)
  (lX : label X)
  (sX : state X)
  (sX' : state X)
  (om' : option message)
  : Prop :=
{
  tv_tiv :> InputValidation lY sY om lX sX;
  tv_transition : transition X lX (sX, om) = (sX', om');
  tv_tiv_transition : input_valid_transition X lX (sX, om) (sX', om') :=
    conj (lifted_transition_input_valid lY sY om lX sX tv_tiv) tv_transition;
}.

End sec_input_validation_definitions.

Section sec_projection_validator.

Context
  `{X : VLSM message}
  (Y : VLSM message)
  (label_project : label X -> option (label Y))
  (state_project : state X -> state Y)
  .

We say that Y is a validator X w.r.t. the projection determined by label_project and state_project if input_validity in the component (for reachable states) implies TransitionInputValidation.

Definition projection_validator_prop :=
  forall li si omi,
    input_constrained Y li (si, omi) ->
    exists lX sX, InputValidation label_project state_project li si omi lX sX.

We say that Y is a transition_validator if any valid transition (from a reachable state) in Y can be "lifted" to an input_valid_transition in X.

Definition transition_validator :=
  forall lY sY omi, input_constrained Y lY (sY, omi) ->
  exists lX sX sX' om',
    TransitionValidation label_project state_project lY sY omi lX sX sX' om'.

A message validator can check within a component whether the message is valid for the composition.

Definition message_validator_prop :=
  forall li si im,
    input_constrained Y li (si, Some im) ->
    valid_message_prop X im.

The projection_validator_property is stronger.

Lemma projection_validator_is_message_validator
  : projection_validator_prop -> message_validator_prop.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
projection_validator_prop → message_validator_prop
Proof.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
projection_validator_prop → message_validator_prop
  intros Hvalidator li si im Hvi.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalidator: projection_validator_prop
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
im: message
Hvi: input_constrained Y li (si, Some im)
valid_message_prop X im
  by apply Hvalidator in Hvi as (_ & _ & [_ _ (_ & ? & _)]).
Qed.

Lemma projection_validator_messages_transitions
  : projection_validator_prop -> transition_validator.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
projection_validator_prop → transition_validator
Proof.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
projection_validator_prop → transition_validator
  intros Hvalidator li si omi Hpvi.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalidator: projection_validator_prop
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
Hpvi: input_constrained Y li (si, omi)
∃ (lX : label X) (sX sX' : state X) (om' : option
                                             message),
  TransitionValidation label_project state_project li
    si omi lX sX sX' om'
  apply Hvalidator in Hpvi as (l & s & Hiv).message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalidator: projection_validator_prop
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
l: label X
s: state X
Hiv: InputValidation label_project state_project li
  si omi l s
∃ (lX : label X) (sX sX' : state X) (om' : option
                                             message),
  TransitionValidation label_project state_project li
    si omi lX sX sX' om'
  destruct (transition X l (s, omi)) as (s', omo) eqn: Ht.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalidator: projection_validator_prop
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
l: label X
s: state X
Hiv: InputValidation label_project state_project li
  si omi l s
s': state X
omo: option message
Ht: transition l (s, omi) = (s', omo)
∃ (lX : label X) (sX sX' : state X) (om' : option
                                             message),
  TransitionValidation label_project state_project li
    si omi lX sX sX' om'
  eexists l, s, s', omo; split with (tv_tiv := Hiv) (tv_transition := Ht).
Qed.

Lemma transition_validator_messages
  : transition_validator -> projection_validator_prop.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
transition_validator → projection_validator_prop
Proof.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
transition_validator → projection_validator_prop
  intros Hvalidator li si omi Hpvi.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalidator: transition_validator
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
Hpvi: input_constrained Y li (si, omi)
∃ (lX : label X) (sX : state X),
  InputValidation label_project state_project li si
    omi lX sX
  apply Hvalidator in Hpvi as (lX & sX & _ & _ & [? _ _]).message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Hvalidator: transition_validator
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
lX: label X
sX: state X
tv_tiv0: InputValidation label_project state_project
  li si omi lX sX
∃ (lX : label X) (sX : state X),
  InputValidation label_project state_project li si
    omi lX sX
  by eexists _, _.
Qed.

End sec_projection_validator.

Induced VLSM validators

Given an existing VLSM, a target VLSM_type, a state_projection map, and a partial label_projection map, and some corresponding reverse maps state_lift and label_lift we can build a new VLSM over the target type, induced by the source VLSM, its missing components being defined based on the source components.

If additionally some consistency (weak_projection_transition_consistency_None and weak_projection_transition_consistency_Some) properties are satisfied, then the induced VLSM is a VLSM_projection of the source one.

Section sec_projection_induced_validator.

Section sec_projection_induced_validator_pre_definitions.

Context
  {message : Type}
  {TX TY : VLSMType message}
  (label_project : label TX -> option (label TY))
  (state_project : state TX -> state TY)
  (label_lift : label TY -> label TX)
  (state_lift : state TY -> state TX)
  .

label_project is a left-inverse of label_lift

Definition induced_validator_label_lift_prop : Prop :=
  forall lY, label_project (label_lift lY) = Some lY.

state_project is a left-inverse of state_lift

Definition induced_validator_state_lift_prop : Prop :=
  forall sY, state_project (state_lift sY) = sY.

End sec_projection_induced_validator_pre_definitions.

Context
  {message : Type}
  (X : VLSM message)
  (TY : VLSMType message)
  .

Context
  (label_project : label X -> option (label TY))
  (state_project : state X -> state TY)
  (trace_project := pre_VLSM_projection_finite_trace_project _ _ label_project state_project)
  (label_lift : label TY -> label X)
  (state_lift : state TY -> state X)
  .

Definition projection_induced_initial_state_prop (sY : state TY) : Prop :=
  exists sX, state_project sX = sY /\ initial_state_prop X sX.

#[export] Program Instance projection_induced_initial_state_inh :
  Inhabited {sY : state TY | projection_induced_initial_state_prop sY} :=
    populate (exist _ (state_project (` (vs0 X))) _).
Next Obligation.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
(λ sY : state TY,
   projection_induced_initial_state_prop sY)
  (state_project (`(vs0 X)))
Proof.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
(λ sY : state TY,
   projection_induced_initial_state_prop sY)
  (state_project (`(vs0 X)))
  exists (` (vs0 X)).message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
state_project (`(vs0 X)) = state_project (`(vs0 X))
∧ initial_state_prop (`(vs0 X))
  split; [done |].message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
initial_state_prop (`(vs0 X))
  by destruct (`(vs0 X)); cbn.
Defined.

Definition projection_induced_initial_message_prop : message -> Prop := const False.

Definition projection_induced_transition
  (lY : label TY)
  (somY : state TY * option message)
  : state TY * option message :=
  let (sY, om) := somY in
  let (s'X, om') := transition X (label_lift lY) (state_lift sY, om) in
  (state_project s'X, om').

Definition projection_induced_valid
  (lY : label TY)
  (somY : state TY * option message)
  : Prop :=
  exists lX sX, InputValidation label_project state_project lY somY.1 somY.2 lX sX.

Definition projection_induced_validator_machine : VLSMMachine TY :=
  {| initial_message_prop := projection_induced_initial_message_prop
   ; initial_state_prop := projection_induced_initial_state_prop
   ; transition := projection_induced_transition
   ;  valid := projection_induced_valid
  |}.

Definition projection_induced_validator : VLSM message :=
  mk_vlsm projection_induced_validator_machine.

Definition pre_projection_induced_validator : VLSM message :=
  preloaded_with_all_messages_vlsm projection_induced_validator.

Lemma projection_induced_validator_is_validating :
  projection_validator_prop pre_projection_induced_validator label_project state_project.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
projection_validator_prop
  pre_projection_induced_validator label_project
  state_project
Proof.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
projection_validator_prop
  pre_projection_induced_validator label_project
  state_project by intros li si omi (_ & _ & Hv). Qed.

When we have a VLSM_projection to the projection_induced_validator, validity is input_validity.

Lemma induced_validator_valid_is_input_valid
  (Hproj : VLSM_projection X pre_projection_induced_validator label_project state_project)
  l s om
  : valid projection_induced_validator l (s, om) ->
      input_constrained projection_induced_validator l (s, om).message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hproj: VLSM_projection X
  pre_projection_induced_validator
  label_project state_project
l: label projection_induced_validator
s: state projection_induced_validator
om: option message
valid l (s, om)
→ input_constrained projection_induced_validator l
    (s, om)
Proof.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hproj: VLSM_projection X
  pre_projection_induced_validator
  label_project state_project
l: label projection_induced_validator
s: state projection_induced_validator
om: option message
valid l (s, om)
→ input_constrained projection_induced_validator l
    (s, om)
  intro Hv.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hproj: VLSM_projection X
  pre_projection_induced_validator
  label_project state_project
l: label projection_induced_validator
s: state projection_induced_validator
om: option message
Hv: valid l (s, om)
input_constrained projection_induced_validator l
  (s, om)
  destruct (id Hv) as (lX & sX & [HlX  HsX (Hps & Hopm & _)]); cbn in HsX; subst.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hproj: VLSM_projection X
  pre_projection_induced_validator
  label_project state_project
l: label projection_induced_validator
om: option message
sX: state X
Hv: valid l (state_project sX, om)
lX: label X
HlX: label_project lX = Some l
Hps: valid_state_prop X sX
Hopm: option_valid_message_prop X
  (state_project sX, om).2
input_constrained projection_induced_validator l
  (state_project sX, om)
  repeat split; [| | done].message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hproj: VLSM_projection X
  pre_projection_induced_validator
  label_project state_project
l: label projection_induced_validator
om: option message
sX: state X
Hv: valid l (state_project sX, om)
lX: label X
HlX: label_project lX = Some l
Hps: valid_state_prop X sX
Hopm: option_valid_message_prop X
  (state_project sX, om).2
valid_state_prop
  (preloaded_with_all_messages_vlsm
     projection_induced_validator) (state_project sX)
message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hproj: VLSM_projection X
  pre_projection_induced_validator
  label_project state_project
l: label projection_induced_validator
om: option message
sX: state X
Hv: valid l (state_project sX, om)
lX: label X
HlX: label_project lX = Some l
Hps: valid_state_prop X sX
Hopm: option_valid_message_prop X
  (state_project sX, om).2
option_valid_message_prop
  (preloaded_with_all_messages_vlsm
     projection_induced_validator) om
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hproj: VLSM_projection X
  pre_projection_induced_validator
  label_project state_project
l: label projection_induced_validator
om: option message
sX: state X
Hv: valid l (state_project sX, om)
lX: label X
HlX: label_project lX = Some l
Hps: valid_state_prop X sX
Hopm: option_valid_message_prop X
  (state_project sX, om).2
valid_state_prop
  (preloaded_with_all_messages_vlsm
     projection_induced_validator) (state_project sX) by eapply VLSM_projection_valid_state.
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hproj: VLSM_projection X
  pre_projection_induced_validator
  label_project state_project
l: label projection_induced_validator
om: option message
sX: state X
Hv: valid l (state_project sX, om)
lX: label X
HlX: label_project lX = Some l
Hps: valid_state_prop X sX
Hopm: option_valid_message_prop X
  (state_project sX, om).2
option_valid_message_prop
  (preloaded_with_all_messages_vlsm
     projection_induced_validator) om destruct om as [m |]; [| apply option_valid_message_None].message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hproj: VLSM_projection X
  pre_projection_induced_validator
  label_project state_project
l: label projection_induced_validator
m: message
sX: state X
Hv: valid l (state_project sX, Some m)
lX: label X
HlX: label_project lX = Some l
Hps: valid_state_prop X sX
Hopm: option_valid_message_prop X
  (state_project sX, Some m).2
option_valid_message_prop
  (preloaded_with_all_messages_vlsm
     projection_induced_validator) (Some m)
    by apply option_initial_message_is_valid; cbn; right.
Qed.

Section sec_projection_induced_validator_as_projection.

Transitions through states and labels with the same projections using the same message should lead to the same output message and states with the same projections.

Definition induced_validator_transition_consistency_Some : Prop :=
  forall lX1 lX2 lY, label_project lX1 = Some lY -> label_project lX2 = Some lY ->
  forall sX1 sX2, state_project sX1 = state_project sX2 ->
  forall iom sX1' oom1, transition X lX1 (sX1, iom) = (sX1', oom1) ->
  forall sX2' oom2, transition X lX2 (sX2, iom) = (sX2', oom2) ->
  state_project sX1' = state_project sX2' /\ oom1 = oom2.

A weaker version of induced_validator_transition_consistency_Some. Only used locally.

#[local] Definition weak_projection_transition_consistency_Some
  : Prop :=
  forall lX lY, label_project lX = Some lY ->
  forall s1 om s1' om1', input_valid_transition X lX (s1, om) (s1', om1') ->
  forall s2' om2', transition X (label_lift lY) (state_lift (state_project s1), om) = (s2', om2') ->
  state_project s1' = state_project s2' /\ om1' = om2'.

#[local] Lemma basic_weak_projection_transition_consistency_Some
  : induced_validator_label_lift_prop label_project label_lift ->
    induced_validator_state_lift_prop state_project state_lift ->
    induced_validator_transition_consistency_Some ->
    weak_projection_transition_consistency_Some.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
induced_validator_label_lift_prop label_project
  label_lift
→ induced_validator_state_lift_prop state_project
    state_lift
  → induced_validator_transition_consistency_Some
    → weak_projection_transition_consistency_Some
Proof.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
induced_validator_label_lift_prop label_project
  label_lift
→ induced_validator_state_lift_prop state_project
    state_lift
  → induced_validator_transition_consistency_Some
    → weak_projection_transition_consistency_Some
  intros Hlbl Hst Htrans lX lY HlX_pr sX1 iom sX1' oom1 [_ Ht1] sX2' oom2 Ht2.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlbl: induced_validator_label_lift_prop label_project
  label_lift
Hst: induced_validator_state_lift_prop state_project
  state_lift
Htrans: induced_validator_transition_consistency_Some
lX: label X
lY: label TY
HlX_pr: label_project lX = Some lY
sX1: state X
iom: option message
sX1': state X
oom1: option message
Ht1: transition lX (sX1, iom) = (sX1', oom1)
sX2': state X
oom2: option message
Ht2: transition (label_lift lY)
  (state_lift (state_project sX1), iom) =
(sX2', oom2)
state_project sX1' = state_project sX2' ∧ oom1 = oom2
  by eapply Htrans; [| auto | symmetry; auto | |].
Qed.

Context
  (Hlabel_lift : induced_validator_label_lift_prop label_project label_lift)
  (Hstate_lift : induced_validator_state_lift_prop state_project state_lift)
  (Htransition_consistency : induced_validator_transition_consistency_Some)
  (Htransition_Some : weak_projection_transition_consistency_Some :=
    basic_weak_projection_transition_consistency_Some
      Hlabel_lift Hstate_lift Htransition_consistency)
  .

Under transition-consistency assumptions, valid messages of the projection_induced_validator coincide with those of the source VLSM.

Lemma projection_induced_valid_message_char
  : forall om, option_valid_message_prop projection_induced_validator om ->
    option_valid_message_prop X om.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
∀ om : option message,
  option_valid_message_prop
    projection_induced_validator om
  → option_valid_message_prop X om
Proof.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
∀ om : option message,
  option_valid_message_prop
    projection_induced_validator om
  → option_valid_message_prop X om
  intros om [s Hsom].message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
om: option message
s: state projection_induced_validator
Hsom: valid_state_message_prop
  projection_induced_validator s om
option_valid_message_prop X om
  induction Hsom.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
s: state projection_induced_validator
Hs: initial_state_prop s
om: option message
Hom: option_initial_message_prop
  projection_induced_validator om
option_valid_message_prop X om
message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
s: state projection_induced_validator
_om: option message
Hsom1: valid_state_message_prop
  projection_induced_validator s _om
_s: state projection_induced_validator
om: option message
Hsom2: valid_state_message_prop
  projection_induced_validator _s om
l: label projection_induced_validator
Hv: valid l (s, om)
s': state projection_induced_validator
om': option message
Ht: transition l (s, om) = (s', om')
IHHsom1: option_valid_message_prop X _om
IHHsom2: option_valid_message_prop X om
option_valid_message_prop X om'
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
s: state projection_induced_validator
Hs: initial_state_prop s
om: option message
Hom: option_initial_message_prop
  projection_induced_validator om
option_valid_message_prop X om by destruct om as [m |]; [done |]; apply option_valid_message_None.
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
s: state projection_induced_validator
_om: option message
Hsom1: valid_state_message_prop
  projection_induced_validator s _om
_s: state projection_induced_validator
om: option message
Hsom2: valid_state_message_prop
  projection_induced_validator _s om
l: label projection_induced_validator
Hv: valid l (s, om)
s': state projection_induced_validator
om': option message
Ht: transition l (s, om) = (s', om')
IHHsom1: option_valid_message_prop X _om
IHHsom2: option_valid_message_prop X om
option_valid_message_prop X om' destruct Hv as (lX & sX & [HlX_pr [=] (HsX & HomX & Hv)]).message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
s: state projection_induced_validator
_om: option message
Hsom1: valid_state_message_prop
  projection_induced_validator s _om
_s: state projection_induced_validator
om: option message
Hsom2: valid_state_message_prop
  projection_induced_validator _s om
l: label projection_induced_validator
lX: label X
sX: state X
HlX_pr: label_project lX = Some l
H: state_project sX = s
HsX: valid_state_prop X sX
HomX: option_valid_message_prop X (s, om).2
Hv: valid lX (sX, (s, om).2)
s': state projection_induced_validator
om': option message
Ht: transition l (s, om) = (s', om')
IHHsom1: option_valid_message_prop X _om
IHHsom2: option_valid_message_prop X om
option_valid_message_prop X om'
    cbn in Ht; destruct (transition _ _ _) as [_s'X __om'] eqn: H_tX
    ; inversion Ht; subst; clear Ht.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
_om: option message
sX: state X
Hsom1: valid_state_message_prop
  projection_induced_validator
  (state_project sX) _om
_s: state projection_induced_validator
om: option message
Hsom2: valid_state_message_prop
  projection_induced_validator _s om
l: label projection_induced_validator
lX: label X
HlX_pr: label_project lX = Some l
HsX: valid_state_prop X sX
Hv: valid lX (sX, (state_project sX, om).2)
HomX: option_valid_message_prop X
  (state_project sX, om).2
om': option message
_s'X: state X
H_tX: transition (label_lift l)
  (state_lift (state_project sX), om) =
(_s'X, om')
IHHsom1: option_valid_message_prop X _om
IHHsom2: option_valid_message_prop X om
option_valid_message_prop X om'
    destruct (transition X lX (sX, om)) as [s'X _om'] eqn: HtX.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
_om: option message
sX: state X
Hsom1: valid_state_message_prop
  projection_induced_validator
  (state_project sX) _om
_s: state projection_induced_validator
om: option message
Hsom2: valid_state_message_prop
  projection_induced_validator _s om
l: label projection_induced_validator
lX: label X
HlX_pr: label_project lX = Some l
HsX: valid_state_prop X sX
Hv: valid lX (sX, (state_project sX, om).2)
HomX: option_valid_message_prop X
  (state_project sX, om).2
om': option message
_s'X: state X
H_tX: transition (label_lift l)
  (state_lift (state_project sX), om) =
(_s'X, om')
IHHsom1: option_valid_message_prop X _om
IHHsom2: option_valid_message_prop X om
s'X: state X
_om': option message
HtX: transition lX (sX, om) = (s'X, _om')
option_valid_message_prop X om'
    assert (HivtX : input_valid_transition X lX (sX, om) (s'X, _om'))
        by (split_and!; done).message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
_om: option message
sX: state X
Hsom1: valid_state_message_prop
  projection_induced_validator
  (state_project sX) _om
_s: state projection_induced_validator
om: option message
Hsom2: valid_state_message_prop
  projection_induced_validator _s om
l: label projection_induced_validator
lX: label X
HlX_pr: label_project lX = Some l
HsX: valid_state_prop X sX
Hv: valid lX (sX, (state_project sX, om).2)
HomX: option_valid_message_prop X
  (state_project sX, om).2
om': option message
_s'X: state X
H_tX: transition (label_lift l)
  (state_lift (state_project sX), om) =
(_s'X, om')
IHHsom1: option_valid_message_prop X _om
IHHsom2: option_valid_message_prop X om
s'X: state X
_om': option message
HtX: transition lX (sX, om) = (s'X, _om')
HivtX: input_valid_transition X lX (
  sX, om) (s'X, _om')
option_valid_message_prop X om'
    replace om' with _om' by (eapply Htransition_Some; done).message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
_om: option message
sX: state X
Hsom1: valid_state_message_prop
  projection_induced_validator
  (state_project sX) _om
_s: state projection_induced_validator
om: option message
Hsom2: valid_state_message_prop
  projection_induced_validator _s om
l: label projection_induced_validator
lX: label X
HlX_pr: label_project lX = Some l
HsX: valid_state_prop X sX
Hv: valid lX (sX, (state_project sX, om).2)
HomX: option_valid_message_prop X
  (state_project sX, om).2
om': option message
_s'X: state X
H_tX: transition (label_lift l)
  (state_lift (state_project sX), om) =
(_s'X, om')
IHHsom1: option_valid_message_prop X _om
IHHsom2: option_valid_message_prop X om
s'X: state X
_om': option message
HtX: transition lX (sX, om) = (s'X, _om')
HivtX: input_valid_transition X lX (
  sX, om) (s'X, _om')
option_valid_message_prop X _om'
    by eapply input_valid_transition_out.
Qed.

Context
  (Htransition_None : weak_projection_transition_consistency_None _ _ label_project state_project)
  .

Lemma projection_induced_validator_is_projection
  : VLSM_projection X pre_projection_induced_validator label_project state_project.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
VLSM_projection X pre_projection_induced_validator
  label_project state_project
Proof.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
VLSM_projection X pre_projection_induced_validator
  label_project state_project
  apply basic_VLSM_projection; intro; intros.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
lX: label X
lY: label pre_projection_induced_validator
HlX: label_project lX = Some lY
s: state X
om: option message
Hv: input_valid X lX (s, om)
HsY: valid_state_prop
  pre_projection_induced_validator
  (state_project s)
HomY: option_valid_message_prop
  pre_projection_induced_validator om
valid lY (state_project s, om)
message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
lX: label X
lY: label pre_projection_induced_validator
H: label_project lX = Some lY
s: state X
om: option message
s': state X
om': option message
H0: input_valid_transition X lX (s, om) (s', om')
transition lY (state_project s, om) =
(state_project s', om')
message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
lX: label X
H: label_project lX = None
s: state X
om: option message
s': state X
om': option message
H0: input_valid_transition X lX (s, om) (s', om')
state_project s' = state_project s
message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
s: state X
H: initial_state_prop s
initial_state_prop (state_project s)
message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
lX: label X
lY: label pre_projection_induced_validator
HlX: label_project lX = Some lY
s: state X
m: message
Hv: input_valid X lX (s, Some m)
HsY: valid_state_prop
  pre_projection_induced_validator
  (state_project s)
valid_message_prop pre_projection_induced_validator m
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
lX: label X
lY: label pre_projection_induced_validator
HlX: label_project lX = Some lY
s: state X
om: option message
Hv: input_valid X lX (s, om)
HsY: valid_state_prop
  pre_projection_induced_validator
  (state_project s)
HomY: option_valid_message_prop
  pre_projection_induced_validator om
valid lY (state_project s, om) by exists lX, s.
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
lX: label X
lY: label pre_projection_induced_validator
H: label_project lX = Some lY
s: state X
om: option message
s': state X
om': option message
H0: input_valid_transition X lX (s, om) (s', om')
transition lY (state_project s, om) =
(state_project s', om') specialize (Htransition_Some _ _ H _ _ _ _ H0); cbn.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
lY: label pre_projection_induced_validator
s: state X
om: option message
s': state X
om': option message
Htransition_Some: ∀ (s2' : state X) (om2' : 
                   option message),
  transition (label_lift lY)
    (state_lift (state_project s),
     om) = (s2', om2')
  → state_project s' =
    state_project s2' ∧ 
    om' = om2'
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
lX: label X
H: label_project lX = Some lY
H0: input_valid_transition X lX (s, om) (s', om')
(let (s'X, om') :=
   transition (label_lift lY)
     (state_lift (state_project s), om) in
 (state_project s'X, om')) = (state_project s', om')
    destruct (transition _ _ _) as [s2' om2'].message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
lY: label pre_projection_induced_validator
s: state X
om: option message
s': state X
om': option message
s2': state X
om2': option message
Htransition_Some: ∀ (s2'0 : state X) (om2'0 : 
                    option message),
  (s2', om2') = (s2'0, om2'0)
  → state_project s' =
    state_project s2'0
    ∧ om' = om2'0
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
lX: label X
H: label_project lX = Some lY
H0: input_valid_transition X lX (s, om) (s', om')
(state_project s2', om2') = (state_project s', om')
    by specialize (Htransition_Some _ _ eq_refl) as [-> ->].
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
lX: label X
H: label_project lX = None
s: state X
om: option message
s': state X
om': option message
H0: input_valid_transition X lX (s, om) (s', om')
state_project s' = state_project s by eapply Htransition_None.
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
s: state X
H: initial_state_prop s
initial_state_prop (state_project s) by exists s.
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
lX: label X
lY: label pre_projection_induced_validator
HlX: label_project lX = Some lY
s: state X
m: message
Hv: input_valid X lX (s, Some m)
HsY: valid_state_prop
  pre_projection_induced_validator
  (state_project s)
valid_message_prop pre_projection_induced_validator m by destruct Hv as [_ [Hm _]]; apply initial_message_is_valid; cbn; right.
Qed.

Section sec_projection_induced_friendliness.

Lemma induced_validator_transition_item_lift
  (item : transition_item TY)
  : pre_VLSM_projection_transition_item_project _ _ label_project state_project
    (pre_VLSM_embedding_transition_item_project _ _ label_lift state_lift item)
    = Some item.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
item: transition_item
pre_VLSM_projection_transition_item_project X TY
  label_project state_project
  (pre_VLSM_embedding_transition_item_project TY X
     label_lift state_lift item) = Some item
Proof.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
item: transition_item
pre_VLSM_projection_transition_item_project X TY
  label_project state_project
  (pre_VLSM_embedding_transition_item_project TY X
     label_lift state_lift item) = Some item
  destruct item.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
l: label TY
input: option message
destination: state TY
output: option message
pre_VLSM_projection_transition_item_project X TY
  label_project state_project
  (pre_VLSM_embedding_transition_item_project TY X
     label_lift state_lift
     {|
       l := l;
       input := input;
       destination := destination;
       output := output
     |}) =
Some
  {|
    l := l;
    input := input;
    destination := destination;
    output := output
  |}
  unfold pre_VLSM_embedding_transition_item_project,
         pre_VLSM_projection_transition_item_project.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
l: label TY
input: option message
destination: state TY
output: option message
match
  label_project
    (VLSM.l
       {|
         l :=
           label_lift
             (VLSM.l
                {|
                  l := l;
                  input := input;
                  destination := destination;
                  output := output
                |});
         input :=
           VLSM.input
             {|
               l := l;
               input := input;
               destination := destination;
               output := output
             |};
         destination :=
           state_lift
             (VLSM.destination
                {|
                  l := l;
                  input := input;
                  destination := destination;
                  output := output
                |});
         output :=
           VLSM.output
             {|
               l := l;
               input := input;
               destination := destination;
               output := output
             |}
       |})
with
| Some lY =>
    Some
      {|
        l := lY;
        input :=
          VLSM.input
            {|
              l :=
                label_lift
                  (VLSM.l
                     {|
                       l := l;
                       input := input;
                       destination := destination;
                       output := output
                     |});
              input :=
                VLSM.input
                  {|
                    l := l;
                    input := input;
                    destination := destination;
                    output := output
                  |};
              destination :=
                state_lift
                  (VLSM.destination
                     {|
                       l := l;
                       input := input;
                       destination := destination;
                       output := output
                     |});
              output :=
                VLSM.output
                  {|
                    l := l;
                    input := input;
                    destination := destination;
                    output := output
                  |}
            |};
        destination :=
          state_project
            (VLSM.destination
               {|
                 l :=
                   label_lift
                     (VLSM.l
                        {|
                          l := l;
                          input := input;
                          destination := destination;
                          output := output
                        |});
                 input :=
                   VLSM.input
                     {|
                       l := l;
                       input := input;
                       destination := destination;
                       output := output
                     |};
                 destination :=
                   state_lift
                     (VLSM.destination
                        {|
                          l := l;
                          input := input;
                          destination := destination;
                          output := output
                        |});
                 output :=
                   VLSM.output
                     {|
                       l := l;
                       input := input;
                       destination := destination;
                       output := output
                     |}
               |});
        output :=
          VLSM.output
            {|
              l :=
                label_lift
                  (VLSM.l
                     {|
                       l := l;
                       input := input;
                       destination := destination;
                       output := output
                     |});
              input :=
                VLSM.input
                  {|
                    l := l;
                    input := input;
                    destination := destination;
                    output := output
                  |};
              destination :=
                state_lift
                  (VLSM.destination
                     {|
                       l := l;
                       input := input;
                       destination := destination;
                       output := output
                     |});
              output :=
                VLSM.output
                  {|
                    l := l;
                    input := input;
                    destination := destination;
                    output := output
                  |}
            |}
      |}
| None => None
end =
Some
  {|
    l := l;
    input := input;
    destination := destination;
    output := output
  |}
  by cbn; rewrite Hlabel_lift, Hstate_lift.
Qed.

Lemma induced_validator_trace_lift
  (tr : list (transition_item TY))
  : pre_VLSM_projection_finite_trace_project _ _ label_project state_project
    (pre_VLSM_embedding_finite_trace_project _ _ label_lift state_lift tr)
    = tr.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
tr: list transition_item
pre_VLSM_projection_finite_trace_project X TY
  label_project state_project
  (pre_VLSM_embedding_finite_trace_project TY X
     label_lift state_lift tr) = tr
Proof.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
tr: list transition_item
pre_VLSM_projection_finite_trace_project X TY
  label_project state_project
  (pre_VLSM_embedding_finite_trace_project TY X
     label_lift state_lift tr) = tr
  induction tr; cbn; [done |].message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
a: transition_item
tr: list transition_item
IHtr: pre_VLSM_projection_finite_trace_project X TY
  label_project state_project
  (pre_VLSM_embedding_finite_trace_project TY X
     label_lift state_lift tr) = tr
match
  pre_VLSM_projection_transition_item_project X TY
    label_project state_project
    (pre_VLSM_embedding_transition_item_project TY X
       label_lift state_lift a)
with
| Some y =>
    y
    :: pre_VLSM_projection_finite_trace_project X TY
         label_project state_project
         (pre_VLSM_embedding_finite_trace_project TY X
            label_lift state_lift tr)
| None =>
    pre_VLSM_projection_finite_trace_project X TY
      label_project state_project
      (pre_VLSM_embedding_finite_trace_project TY X
         label_lift state_lift tr)
end = a :: tr
  by rewrite induced_validator_transition_item_lift; f_equal.
Qed.

If there is a way to "lift" valid traces of the projection_induced_validator to the original VLSM, then the induced VLSM_projection is friendly.

Lemma basic_projection_induces_friendliness
  : VLSM_embedding pre_projection_induced_validator X label_lift state_lift ->
    projection_friendly_prop projection_induced_validator_is_projection.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
VLSM_embedding pre_projection_induced_validator X
  label_lift state_lift
→ projection_friendly_prop
    projection_induced_validator_is_projection
Proof.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
VLSM_embedding pre_projection_induced_validator X
  label_lift state_lift
→ projection_friendly_prop
    projection_induced_validator_is_projection
  intros Hfull_proj isY trY HtrY.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
Hfull_proj: VLSM_embedding
  pre_projection_induced_validator X
  label_lift state_lift
isY: state pre_projection_induced_validator
trY: list transition_item
HtrY: finite_valid_trace
  pre_projection_induced_validator isY trY
∃ (sX : state X) (trX : list transition_item),
  finite_valid_trace X sX trX
  ∧ state_project sX = isY
    ∧ VLSM_projection_finite_trace_project
        projection_induced_validator_is_projection trX =
      trY
  exists (state_lift isY), (VLSM_embedding_finite_trace_project Hfull_proj trY).message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
Hfull_proj: VLSM_embedding
  pre_projection_induced_validator X
  label_lift state_lift
isY: state pre_projection_induced_validator
trY: list transition_item
HtrY: finite_valid_trace
  pre_projection_induced_validator isY trY
finite_valid_trace X (state_lift isY)
  (VLSM_embedding_finite_trace_project Hfull_proj trY)
∧ state_project (state_lift isY) = isY
  ∧ VLSM_projection_finite_trace_project
      projection_induced_validator_is_projection
      (VLSM_embedding_finite_trace_project Hfull_proj
         trY) = trY
  split_and!.message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
Hfull_proj: VLSM_embedding
  pre_projection_induced_validator X
  label_lift state_lift
isY: state pre_projection_induced_validator
trY: list transition_item
HtrY: finite_valid_trace
  pre_projection_induced_validator isY trY
finite_valid_trace X (state_lift isY)
  (VLSM_embedding_finite_trace_project Hfull_proj trY)
message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
Hfull_proj: VLSM_embedding
  pre_projection_induced_validator X
  label_lift state_lift
isY: state pre_projection_induced_validator
trY: list transition_item
HtrY: finite_valid_trace
  pre_projection_induced_validator isY trY
state_project (state_lift isY) = isY
message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
Hfull_proj: VLSM_embedding
  pre_projection_induced_validator X
  label_lift state_lift
isY: state pre_projection_induced_validator
trY: list transition_item
HtrY: finite_valid_trace
  pre_projection_induced_validator isY trY
VLSM_projection_finite_trace_project
  projection_induced_validator_is_projection
  (VLSM_embedding_finite_trace_project Hfull_proj trY) =
trY
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
Hfull_proj: VLSM_embedding
  pre_projection_induced_validator X
  label_lift state_lift
isY: state pre_projection_induced_validator
trY: list transition_item
HtrY: finite_valid_trace
  pre_projection_induced_validator isY trY
finite_valid_trace X (state_lift isY)
  (VLSM_embedding_finite_trace_project Hfull_proj trY) by apply (VLSM_embedding_finite_valid_trace Hfull_proj).
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
Hfull_proj: VLSM_embedding
  pre_projection_induced_validator X
  label_lift state_lift
isY: state pre_projection_induced_validator
trY: list transition_item
HtrY: finite_valid_trace
  pre_projection_induced_validator isY trY
state_project (state_lift isY) = isY done.
  -message: Type
X: VLSM message
TY: VLSMType message
label_project: label X → option (label TY)
state_project: state X → state TY
trace_project:= pre_VLSM_projection_finite_trace_project
  X TY label_project state_project: list transition_item
→ list transition_item
label_lift: label TY → label X
state_lift: state TY → state X
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
Htransition_Some:= basic_weak_projection_transition_consistency_Some
  Hlabel_lift Hstate_lift
  Htransition_consistency: weak_projection_transition_consistency_Some
Htransition_None: weak_projection_transition_consistency_None
  X TY label_project state_project
Hfull_proj: VLSM_embedding
  pre_projection_induced_validator X
  label_lift state_lift
isY: state pre_projection_induced_validator
trY: list transition_item
HtrY: finite_valid_trace
  pre_projection_induced_validator isY trY
VLSM_projection_finite_trace_project
  projection_induced_validator_is_projection
  (VLSM_embedding_finite_trace_project Hfull_proj trY) =
trY by apply induced_validator_trace_lift.
Qed.

End sec_projection_induced_friendliness.

End sec_projection_induced_validator_as_projection.

End sec_projection_induced_validator.

Section sec_projection_induced_validator_incl.

Context
  {message : Type}
  {TX : VLSMType message}
  (TY : VLSMType message)
  (label_project : label TX -> option (label TY))
  (state_project : state TX -> state TY)
  (label_lift : label TY -> label TX)
  (state_lift : state TY -> state TX)
  (Hlabel_lift : induced_validator_label_lift_prop label_project label_lift)
  (Hstate_lift : induced_validator_state_lift_prop state_project state_lift)
  .

Under weak_projection_transition_consistency_Some assumptions, VLSM_inclusion between source VLSMs implies VLSM_inclusion between their projections induced by the same maps.

Lemma projection_induced_validator_incl
  (MX1 MX2 : VLSMMachine TX)
  (X1 := mk_vlsm MX1) (X2 := mk_vlsm MX2)
  (XY1 : VLSM message :=
    pre_projection_induced_validator X1 TY label_project state_project label_lift state_lift)
  (XY2 : VLSM message :=
    pre_projection_induced_validator X2 TY label_project state_project label_lift state_lift)
  (Htransition_consistency1 :
    induced_validator_transition_consistency_Some X1 TY label_project state_project)
  (Htransition_consistency2 :
    induced_validator_transition_consistency_Some X2 TY label_project state_project)
  : VLSM_incl X1 X2 -> VLSM_incl XY1 XY2.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
VLSM_incl X1 X2 → VLSM_incl XY1 XY2
Proof.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
VLSM_incl X1 X2 → VLSM_incl XY1 XY2
  pose (Htransition_Some1 :=
    basic_weak_projection_transition_consistency_Some
      X1 TY _ _ _ _ Hlabel_lift Hstate_lift Htransition_consistency1).message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
VLSM_incl X1 X2 → VLSM_incl XY1 XY2
  pose (Htransition_Some2 :=
    basic_weak_projection_transition_consistency_Some
      X2 TY _ _ _ _ Hlabel_lift Hstate_lift Htransition_consistency2).message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
VLSM_incl X1 X2 → VLSM_incl XY1 XY2
  intros Hincl.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
VLSM_incl XY1 XY2
  apply VLSM_incl_finite_traces_characterization.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
∀ (s : state
         {|
           vlsm_type := XY1;
           vlsm_machine :=
             preloaded_vlsm_machine
               (projection_induced_validator X1 TY
                  label_project state_project
                  label_lift state_lift)
               (λ _ : message, True)
         |}) (tr : list transition_item),
  finite_valid_trace
    {|
      vlsm_type := XY1;
      vlsm_machine :=
        preloaded_vlsm_machine
          (projection_induced_validator X1 TY
             label_project state_project label_lift
             state_lift) (λ _ : message, True)
    |} s tr
  → finite_valid_trace
      {|
        vlsm_type := XY1;
        vlsm_machine :=
          preloaded_vlsm_machine
            (projection_induced_validator X2 TY
               label_project state_project label_lift
               state_lift) (λ _ : message, True)
      |} s tr
  assert (His : forall s, initial_state_prop XY1 s -> initial_state_prop XY2 s).message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
∀ (s : state
         {|
           vlsm_type := XY1;
           vlsm_machine :=
             preloaded_vlsm_machine
               (projection_induced_validator X1 TY
                  label_project state_project
                  label_lift state_lift)
               (λ _ : message, True)
         |}) (tr : list transition_item),
  finite_valid_trace
    {|
      vlsm_type := XY1;
      vlsm_machine :=
        preloaded_vlsm_machine
          (projection_induced_validator X1 TY
             label_project state_project label_lift
             state_lift) 
          (λ _ : message, True)
    |} s tr
  → finite_valid_trace
      {|
        vlsm_type := XY1;
        vlsm_machine :=
          preloaded_vlsm_machine
            (projection_induced_validator X2 TY
               label_project state_project label_lift
               state_lift) 
            (λ _ : message, True)
      |} s tr
  {message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
    intros is (s1 & Hs1_pr & Hs1).message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
is: state XY1
s1: state X1
Hs1_pr: state_project s1 = is
Hs1: initial_state_prop s1
initial_state_prop is
    by exists s1; split; [| apply VLSM_incl_initial_state].
  }message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
∀ (s : state
         {|
           vlsm_type := XY1;
           vlsm_machine :=
             preloaded_vlsm_machine
               (projection_induced_validator X1 TY
                  label_project state_project
                  label_lift state_lift)
               (λ _ : message, True)
         |}) (tr : list transition_item),
  finite_valid_trace
    {|
      vlsm_type := XY1;
      vlsm_machine :=
        preloaded_vlsm_machine
          (projection_induced_validator X1 TY
             label_project state_project label_lift
             state_lift) (λ _ : message, True)
    |} s tr
  → finite_valid_trace
      {|
        vlsm_type := XY1;
        vlsm_machine :=
          preloaded_vlsm_machine
            (projection_induced_validator X2 TY
               label_project state_project label_lift
               state_lift) (λ _ : message, True)
      |} s tr
  intros is tr Htr.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
is: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} is tr
finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project label_lift
           state_lift) (λ _ : message, True)
  |} is tr
  split; [| apply His, Htr].message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
is: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} is tr
finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project label_lift
           state_lift) (λ _ : message, True)
  |} is tr
  induction Htr using finite_valid_trace_rev_ind
  ; [by apply (finite_valid_trace_from_empty XY2), initial_state_is_valid, His |].message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project label_lift
           state_lift) (λ _ : message, True)
  |} si (tr ++ [x])
  apply (finite_valid_trace_from_app_iff XY2).message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
finite_valid_trace_from XY2 si tr
∧ finite_valid_trace_from XY2
    (finite_trace_last si tr) [x]
  split; [by apply IHHtr |].message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
finite_valid_trace_from XY2 (finite_trace_last si tr)
  [x]
  apply (finite_valid_trace_singleton XY2).message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
input_valid_transition XY2 l
  (finite_trace_last si tr, iom) (sf, oom)
  destruct Hx as [(_ & _ & lX & sX & [HlX_pr HsX_pr HpvX1]) Ht].message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX =
(finite_trace_last si tr, iom).1
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
Ht: transition l (finite_trace_last si tr, iom) =
(sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
input_valid_transition XY2 l
  (finite_trace_last si tr, iom) (sf, oom)
  cbn in Ht; destruct (transition _ _ _) as [_s'X _oom] eqn: H_tX1.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX =
(finite_trace_last si tr, iom).1
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
_oom: option message
H_tX1: transition (label_lift l)
  (state_lift (finite_trace_last si tr), iom) =
(_s'X, _oom)
Ht: (state_project _s'X, _oom) = (sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
input_valid_transition XY2 l
  (finite_trace_last si tr, iom) (sf, oom)
  inversion Ht; subst; clear Ht.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX =
(finite_trace_last si tr, iom).1
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
H_tX1: transition (label_lift l)
  (state_lift (finite_trace_last si tr), iom) =
(_s'X, oom)
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
input_valid_transition XY2 l
  (finite_trace_last si tr, iom)
  (state_project _s'X, oom)
  destruct (transition X1 lX (sX, iom)) as [s'X _oom] eqn: HtX1.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX =
(finite_trace_last si tr, iom).1
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
H_tX1: transition (label_lift l)
  (state_lift (finite_trace_last si tr), iom) =
(_s'X, oom)
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
s'X: state X1
_oom: option message
HtX1: transition lX (sX, iom) = (s'X, _oom)
input_valid_transition XY2 l
  (finite_trace_last si tr, iom)
  (state_project _s'X, oom)
  assert (HivtX1 : input_valid_transition X1 lX (sX, iom) (s'X, _oom)) by done.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX =
(finite_trace_last si tr, iom).1
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
H_tX1: transition (label_lift l)
  (state_lift (finite_trace_last si tr), iom) =
(_s'X, oom)
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
s'X: state X1
_oom: option message
HtX1: transition lX (sX, iom) = (s'X, _oom)
HivtX1: input_valid_transition X1 lX (
  sX, iom) (s'X, _oom)
input_valid_transition XY2 l
  (finite_trace_last si tr, iom)
  (state_project _s'X, oom)
  simpl in HsX_pr, H_tX1; rewrite <- HsX_pr in H_tX1.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
H_tX1: transition (label_lift l)
  (state_lift (state_project sX), iom) =
(_s'X, oom)
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
s'X: state X1
_oom: option message
HtX1: transition lX (sX, iom) = (s'X, _oom)
HivtX1: input_valid_transition X1 lX (
  sX, iom) (s'X, _oom)
input_valid_transition XY2 l
  (finite_trace_last si tr, iom)
  (state_project _s'X, oom)
  apply (Htransition_Some1 _ _ HlX_pr _ _ _ _ HivtX1) in H_tX1 as [Heq_s'X_pr ->].message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
s'X: state X1
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition X1 lX (
  sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
input_valid_transition XY2 l
  (finite_trace_last si tr, iom)
  (state_project _s'X, oom)
  apply (VLSM_incl_input_valid_transition Hincl) in HivtX1.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
s'X: state X1
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := X1; vlsm_machine := X2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
input_valid_transition XY2 l
  (finite_trace_last si tr, iom)
  (state_project _s'X, oom)
  repeat split.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
s'X: state X1
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := X1; vlsm_machine := X2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
valid_state_prop XY2 (finite_trace_last si tr)
message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
s'X: state X1
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := X1; vlsm_machine := X2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
option_valid_message_prop XY2 iom
message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
s'X: state X1
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := X1; vlsm_machine := X2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
valid l (finite_trace_last si tr, iom)
message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
s'X: state X1
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := X1; vlsm_machine := X2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
transition l (finite_trace_last si tr, iom) =
(state_project _s'X, oom)
  -message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
s'X: state X1
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := X1; vlsm_machine := X2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
valid_state_prop XY2 (finite_trace_last si tr) by eapply finite_valid_trace_last_pstate.
  -message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
s'X: state X1
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := X1; vlsm_machine := X2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
option_valid_message_prop XY2 iom by apply any_message_is_valid_in_preloaded.
  -message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
s'X: state X1
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := X1; vlsm_machine := X2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
valid l (finite_trace_last si tr, iom) by exists lX, sX; split; [| | apply HivtX1]; itauto.
  -message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl X1 X2
His: ∀ s : state XY1,
  initial_state_prop s → initial_state_prop s
si: state
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
lX: label X1
sX: state X1
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: input_valid X1 lX
  (sX, (finite_trace_last si tr, iom).2)
_s'X: state TX
s'X: state X1
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := XY1;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := X1; vlsm_machine := X2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
transition l (finite_trace_last si tr, iom) =
(state_project _s'X, oom) cbn in *; rewrite <- HsX_pr.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl_part MX1 MX2
His: ∀ s : state TY,
  projection_induced_initial_state_prop X1 TY
    state_project s
  → projection_induced_initial_state_prop X2 TY
      state_project s
si: state TY
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := TY;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label TY
lX: label TX
sX: state TX
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: valid_state_prop X1 sX
∧ option_valid_message_prop X1 iom
  ∧ valid lX (sX, iom)
_s'X, s'X: state TX
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := TY;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := TX; vlsm_machine := MX2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
(let (s'X, om') :=
   transition (label_lift l)
     (state_lift (state_project sX), iom) in
 (state_project s'X, om')) = (state_project _s'X, oom)
    destruct (transition (label_lift l) _) as [_s'X2 _oom] eqn: H_tX2.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl_part MX1 MX2
His: ∀ s : state TY,
  projection_induced_initial_state_prop X1 TY
    state_project s
  → projection_induced_initial_state_prop X2 TY
      state_project s
si: state TY
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := TY;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom, oom: option message
l: label TY
lX: label TX
sX: state TX
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: valid_state_prop X1 sX
∧ option_valid_message_prop X1 iom
  ∧ valid lX (sX, iom)
_s'X, s'X: state TX
Heq_s'X_pr: state_project s'X = state_project _s'X
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := TY;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HivtX1: input_valid_transition
  {| vlsm_type := TX; vlsm_machine := MX2 |}
  lX (sX, iom) (s'X, oom)
HtX1: transition lX (sX, iom) = (s'X, oom)
_s'X2: state TX
_oom: option message
H_tX2: transition (label_lift l)
  (state_lift (state_project sX), iom) =
(_s'X2, _oom)
(state_project _s'X2, _oom) =
(state_project _s'X, oom)
    apply (Htransition_Some2 _ _ HlX_pr _ _ _ _ HivtX1) in H_tX2 as [? ->].message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Htransition_Some1:= basic_weak_projection_transition_consistency_Some
  X1 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency1: weak_projection_transition_consistency_Some
  X1 TY label_project
  state_project label_lift
  state_lift
Htransition_Some2:= basic_weak_projection_transition_consistency_Some
  X2 TY label_project state_project
  label_lift state_lift Hlabel_lift
  Hstate_lift
  Htransition_consistency2: weak_projection_transition_consistency_Some
  X2 TY label_project
  state_project label_lift
  state_lift
Hincl: VLSM_incl_part MX1 MX2
His: ∀ s : state TY,
  projection_induced_initial_state_prop X1 TY
    state_project s
  → projection_induced_initial_state_prop X2 TY
      state_project s
si: state TY
tr: list transition_item
Htr: finite_valid_trace
  {|
    vlsm_type := TY;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X1 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
iom: option message
l: label TY
lX: label TX
sX: state TX
HlX_pr: label_project lX = Some l
HsX_pr: state_project sX = finite_trace_last si tr
HpvX1: valid_state_prop X1 sX
∧ option_valid_message_prop X1 iom
  ∧ valid lX (sX, iom)
_s'X, s'X: state TX
Heq_s'X_pr: state_project s'X = state_project _s'X
_oom: option message
x:= {|
  l := l;
  input := iom;
  destination := state_project _s'X;
  output := _oom
|}: transition_item
IHHtr: finite_valid_trace_from
  {|
    vlsm_type := TY;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X2 TY
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
HtX1: transition lX (sX, iom) = (s'X, _oom)
HivtX1: input_valid_transition
  {| vlsm_type := TX; vlsm_machine := MX2 |}
  lX (sX, iom) (s'X, _oom)
_s'X2: state TX
H: state_project s'X = state_project _s'X2
(state_project _s'X2, _oom) =
(state_project _s'X, _oom)
    by congruence.
Qed.

Under weak_projection_transition_consistency_Some assumptions, VLSM_equality between source VLSMs implies VLSM_equality between their projections induced by the same maps.

Lemma projection_induced_validator_eq
  (MX1 MX2 : VLSMMachine TX)
  (X1 := mk_vlsm MX1) (X2 := mk_vlsm MX2)
  (XY1 : VLSM message :=
    pre_projection_induced_validator X1 TY label_project state_project label_lift state_lift)
  (XY2 : VLSM message :=
    pre_projection_induced_validator X2 TY label_project state_project label_lift state_lift)
  (Htransition_consistency1 :
    induced_validator_transition_consistency_Some X1 TY label_project state_project)
  (Htransition_consistency2 :
    induced_validator_transition_consistency_Some X2 TY label_project state_project)
  : VLSM_eq X1 X2 -> VLSM_eq XY1 XY2.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
VLSM_eq X1 X2 → VLSM_eq XY1 XY2
Proof.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
VLSM_eq X1 X2 → VLSM_eq XY1 XY2
  intro Heq; split.message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Heq: VLSM_eq X1 X2
VLSM_incl {| vlsm_type := XY1; vlsm_machine := XY1 |}
  {| vlsm_type := XY1; vlsm_machine := XY2 |}
message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Heq: VLSM_eq X1 X2
VLSM_incl {| vlsm_type := XY1; vlsm_machine := XY2 |}
  {| vlsm_type := XY1; vlsm_machine := XY1 |}
  -message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Heq: VLSM_eq X1 X2
VLSM_incl {| vlsm_type := XY1; vlsm_machine := XY1 |}
  {| vlsm_type := XY1; vlsm_machine := XY2 |} by apply (projection_induced_validator_incl MX1 MX2); [.. | apply Heq].
  -message: Type
TX, TY: VLSMType message
label_project: label TX → option (label TY)
state_project: state TX → state TY
label_lift: label TY → label TX
state_lift: state TY → state TX
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
MX1, MX2: VLSMMachine TX
X1:= {| vlsm_type := TX; vlsm_machine := MX1 |}: VLSM message
X2:= {| vlsm_type := TX; vlsm_machine := MX2 |}: VLSM message
XY1:= pre_projection_induced_validator X1 TY
  label_project state_project label_lift
  state_lift: VLSM message
XY2:= pre_projection_induced_validator X2 TY
  label_project state_project label_lift
  state_lift: VLSM message
Htransition_consistency1: induced_validator_transition_consistency_Some
  X1 TY label_project
  state_project
Htransition_consistency2: induced_validator_transition_consistency_Some
  X2 TY label_project
  state_project
Heq: VLSM_eq X1 X2
VLSM_incl {| vlsm_type := XY1; vlsm_machine := XY2 |}
  {| vlsm_type := XY1; vlsm_machine := XY1 |} by apply (projection_induced_validator_incl MX2 MX1); [.. | apply Heq].
Qed.

End sec_projection_induced_validator_incl.

Projection validators and Byzantine behavior

In the sequel we assume that the projection_induced_validator_is_projection and that initial states of Y can be lifted to X.

Section sec_induced_validator_validators.

Context
  `{X : VLSM message}
  (Y : VLSM message)
  (label_project : label X -> option (label Y))
  (state_project : state X -> state Y)
  (Htransition_None : weak_projection_transition_consistency_None _ _ label_project state_project)
  (label_lift : label Y -> label X)
  (state_lift : state Y -> state X)
  (Xi := pre_projection_induced_validator X Y label_project state_project label_lift state_lift)
  (Hlabel_lift : induced_validator_label_lift_prop label_project label_lift)
  (Hstate_lift : induced_validator_state_lift_prop state_project state_lift)
  (Hinitial_lift : strong_projection_initial_state_preservation Y X state_lift)
  (Htransition_consistency :
    induced_validator_transition_consistency_Some _ _ label_project state_project)
  (Hproji :=
    projection_induced_validator_is_projection
      _ _ _ _ _ _ Hlabel_lift Hstate_lift Htransition_consistency Htransition_None)
  (Hproj : VLSM_projection X (preloaded_with_all_messages_vlsm Y) label_project state_project)
  .

If there is a VLSM_projection from X to preloaded Y and the projection_induced_validator_is_projection, then a transition valid for the projection_induced_validator has the same output as the transition on Y.

Lemma projection_induced_valid_transition_eq
  : forall l s om, valid Xi l (s, om) ->
    transition Xi l (s, om) = transition Y l (s, om).message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
∀ (l : label Xi) (s : state Xi) (om : option message),
  valid l (s, om)
  → transition l (s, om) = transition l (s, om)
Proof.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
∀ (l : label Xi) (s : state Xi) (om : option message),
  valid l (s, om)
  → transition l (s, om) = transition l (s, om)
  intros l s im (lX & sX & [Hlx HsX Hv]); cbn in HsX; subst s.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label Xi
im: option message
lX: label X
sX: state X
Hlx: label_project lX = Some l
Hv: input_valid X lX (sX, (state_project sX, im).2)
transition l (state_project sX, im) =
transition l (state_project sX, im)
  replace (transition Y _ _) with
    (state_project (transition X lX (sX, im)).1, (transition X lX (sX, im)).2).message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label Xi
im: option message
lX: label X
sX: state X
Hlx: label_project lX = Some l
Hv: input_valid X lX (sX, (state_project sX, im).2)
transition l (state_project sX, im) =
(state_project (transition lX (sX, im)).1,
 (transition lX (sX, im)).2)
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label Xi
im: option message
lX: label X
sX: state X
Hlx: label_project lX = Some l
Hv: input_valid X lX (sX, (state_project sX, im).2)
(state_project (transition lX (sX, im)).1,
 (transition lX (sX, im)).2) =
transition l (state_project sX, im)
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label Xi
im: option message
lX: label X
sX: state X
Hlx: label_project lX = Some l
Hv: input_valid X lX (sX, (state_project sX, im).2)
transition l (state_project sX, im) =
(state_project (transition lX (sX, im)).1,
 (transition lX (sX, im)).2) eapply (VLSM_projection_input_valid_transition Hproji); [done |].message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label Xi
im: option message
lX: label X
sX: state X
Hlx: label_project lX = Some l
Hv: input_valid X lX (sX, (state_project sX, im).2)
input_valid_transition X lX (sX, im)
  ((transition lX (sX, im)).1,
   (transition lX (sX, im)).2)
    by erewrite injective_projections.
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label Xi
im: option message
lX: label X
sX: state X
Hlx: label_project lX = Some l
Hv: input_valid X lX (sX, (state_project sX, im).2)
(state_project (transition lX (sX, im)).1,
 (transition lX (sX, im)).2) =
transition l (state_project sX, im) symmetry.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label Xi
im: option message
lX: label X
sX: state X
Hlx: label_project lX = Some l
Hv: input_valid X lX (sX, (state_project sX, im).2)
transition l (state_project sX, im) =
(state_project (transition lX (sX, im)).1,
 (transition lX (sX, im)).2)
    eapply (VLSM_projection_input_valid_transition Hproj); [done |].message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label Xi
im: option message
lX: label X
sX: state X
Hlx: label_project lX = Some l
Hv: input_valid X lX (sX, (state_project sX, im).2)
input_valid_transition X lX (sX, im)
  ((transition lX (sX, im)).1,
   (transition lX (sX, im)).2)
    by erewrite injective_projections.
Qed.

Lemma induced_validator_incl_preloaded_with_all_messages
  : VLSM_incl Xi (preloaded_with_all_messages_vlsm Y).message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
VLSM_incl Xi (preloaded_with_all_messages_vlsm Y)
Proof.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
VLSM_incl Xi (preloaded_with_all_messages_vlsm Y)
  apply basic_VLSM_incl.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
strong_incl_initial_state_preservation
  (preloaded_vlsm_machine
     (projection_induced_validator X Y label_project
        state_project label_lift state_lift)
     (λ _ : message, True))
  (preloaded_vlsm_machine Y (λ _ : message, True))
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
weak_incl_initial_message_preservation
  (preloaded_vlsm_machine
     (projection_induced_validator X Y label_project
        state_project label_lift state_lift)
     (λ _ : message, True))
  (preloaded_vlsm_machine Y (λ _ : message, True))
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
weak_incl_valid_preservation
  (preloaded_vlsm_machine
     (projection_induced_validator X Y label_project
        state_project label_lift state_lift)
     (λ _ : message, True))
  (preloaded_vlsm_machine Y (λ _ : message, True))
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
weak_incl_transition_preservation
  (preloaded_vlsm_machine
     (projection_induced_validator X Y label_project
        state_project label_lift state_lift)
     (λ _ : message, True))
  (preloaded_vlsm_machine Y (λ _ : message, True))
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
strong_incl_initial_state_preservation
  (preloaded_vlsm_machine
     (projection_induced_validator X Y label_project
        state_project label_lift state_lift)
     (λ _ : message, True))
  (preloaded_vlsm_machine Y (λ _ : message, True)) by intros is (s & <- & Hs); apply (VLSM_projection_initial_state Hproj).
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
weak_incl_initial_message_preservation
  (preloaded_vlsm_machine
     (projection_induced_validator X Y label_project
        state_project label_lift state_lift)
     (λ _ : message, True))
  (preloaded_vlsm_machine Y (λ _ : message, True)) by intros l s m Hv HsY HmX; apply initial_message_is_valid; cbn; right.
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
weak_incl_valid_preservation
  (preloaded_vlsm_machine
     (projection_induced_validator X Y label_project
        state_project label_lift state_lift)
     (λ _ : message, True))
  (preloaded_vlsm_machine Y (λ _ : message, True)) intros l s om (_ & _ & lX & sX & [Hlx Heq Hv]) _ _.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label
  {|
    vlsm_type :=
      projection_induced_validator X Y
        label_project state_project label_lift
        state_lift;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
s: state
  {|
    vlsm_type :=
      projection_induced_validator X Y
        label_project state_project label_lift
        state_lift;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
om: option message
lX: label X
sX: state X
Hlx: label_project lX = Some l
Heq: state_project sX = (s, om).1
Hv: input_valid X lX (sX, (s, om).2)
valid (id l) (id s, om)
    cbn in Heq; subst; simpl.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label
  {|
    vlsm_type :=
      projection_induced_validator X Y
        label_project state_project label_lift
        state_lift;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
om: option message
lX: label X
sX: state X
Hlx: label_project lX = Some l
Hv: input_valid X lX (sX, (state_project sX, om).2)
valid l (state_project sX, om)
    by eapply VLSM_projection_input_valid in Hproj as (_ & _ & ?).
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
weak_incl_transition_preservation
  (preloaded_vlsm_machine
     (projection_induced_validator X Y label_project
        state_project label_lift state_lift)
     (λ _ : message, True))
  (preloaded_vlsm_machine Y (λ _ : message, True)) intros l s im s' om [(_ & _ & HvXi) HtXi]; cbn.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
l: label
  {|
    vlsm_type :=
      projection_induced_validator X Y
        label_project state_project label_lift
        state_lift;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
s: state
  {|
    vlsm_type :=
      projection_induced_validator X Y
        label_project state_project label_lift
        state_lift;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
im: option message
s': state
  {|
    vlsm_type :=
      projection_induced_validator X Y
        label_project state_project label_lift
        state_lift;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |}
om: option message
HvXi: valid l (s, im)
HtXi: transition l (s, im) = (s', om)
transition l (s, im) = (s', om)
    by setoid_rewrite <- HtXi; rewrite <- projection_induced_valid_transition_eq.
Qed.

An alternative formulation of the projection_validator_property with a seemingly stronger hypothesis, states that Y is a validator for X if for any li, si, iom such that li valid (si, iom) in Y and si is a valid state in the induced projection Xi, implies that li valid (si, om) in the induced projection Xi (i.e., projection_induced_validity).

Definition projection_validator_prop_alt :=
  forall li si iom,
    valid Y li (si, iom) ->
    valid_state_prop Xi si ->
    valid Xi li (si, iom).

Under validator assumptions, all reachable states for component Y are valid states in the induced projection Xi.

Lemma validator_alt_free_states_are_projection_states
  : projection_validator_prop_alt ->
    forall s, constrained_state_prop Y s -> valid_state_prop Xi s.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
projection_validator_prop_alt
→ ∀ s : state (preloaded_with_all_messages_vlsm Y),
    constrained_state_prop Y s → valid_state_prop Xi s
Proof.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
projection_validator_prop_alt
→ ∀ s : state (preloaded_with_all_messages_vlsm Y),
    constrained_state_prop Y s → valid_state_prop Xi s
  intros Hvalidator sY Hs.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop_alt
sY: state (preloaded_with_all_messages_vlsm Y)
Hs: constrained_state_prop Y sY
valid_state_prop Xi sY
  induction Hs using valid_state_prop_ind.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop_alt
s: state (preloaded_with_all_messages_vlsm Y)
Hs: initial_state_prop s
valid_state_prop Xi s
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop_alt
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm Y) l (
  s, om) (s', om')
IHHs: valid_state_prop Xi s
valid_state_prop Xi s'
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop_alt
s: state (preloaded_with_all_messages_vlsm Y)
Hs: initial_state_prop s
valid_state_prop Xi s apply initial_state_is_valid.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop_alt
s: state (preloaded_with_all_messages_vlsm Y)
Hs: initial_state_prop s
initial_state_prop s
    by exists (state_lift s); auto.
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop_alt
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Ht: input_valid_transition
  (preloaded_with_all_messages_vlsm Y) l (
  s, om) (s', om')
IHHs: valid_state_prop Xi s
valid_state_prop Xi s' destruct Ht as [[_ [_ Hvalid]] Htrans].message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop_alt
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
valid_state_prop Xi s'
    specialize (Hvalidator _ _ _ Hvalid IHHs)
      as (lX & sX & [HlX HsX HvX]).message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
valid_state_prop Xi s'
    replace s' with (state_project (transition X lX (sX, om)).1).message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
valid_state_prop Xi
  (state_project (transition lX (sX, om)).1)
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
state_project (transition lX (sX, om)).1 = s'
    +message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
valid_state_prop Xi
  (state_project (transition lX (sX, om)).1) eapply input_valid_transition_destination,
        (VLSM_projection_input_valid_transition Hproji); [done |].message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
input_valid_transition X lX (?s, ?om)
  ((transition lX (sX, om)).1, ?om')
      by split; [| apply injective_projections].
    +message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
state_project (transition lX (sX, om)).1 = s' assert (HivtX : input_valid_transition X lX (sX, om) (transition X lX (sX, om)))
        by firstorder.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
HivtX: input_valid_transition X lX (
  sX, om) (transition lX (sX, om))
state_project (transition lX (sX, om)).1 = s'
      destruct (transition X _ _) as (sX', _om').message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
sX': state X
_om': option message
HivtX: input_valid_transition X lX (
  sX, om) (sX', _om')
state_project (sX', _om').1 = s'
      eapply (VLSM_projection_input_valid_transition Hproj) in HivtX as [_ Hs']; [| done].message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
sX': state X
_om': option message
Hs': transition l (state_project sX, om) =
(state_project sX', _om')
state_project (sX', _om').1 = s'
      rewrite HsX in Hs'.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
s': state (preloaded_with_all_messages_vlsm Y)
l: label (preloaded_with_all_messages_vlsm Y)
om, om': option message
s: state (preloaded_with_all_messages_vlsm Y)
Hvalid: valid l (s, om)
Htrans: transition l (s, om) = (s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
sX': state X
_om': option message
Hs': transition l ((s, om).1, om) =
(state_project sX', _om')
state_project (sX', _om').1 = s'
      destruct Y as (TY & MY); cbv in Htrans, Hs'.message: Type
X, Y: VLSM message
TY: VLSMType message
MY: VLSMMachine TY
label_project: label X
→ option
    (label
       {|
         vlsm_type := TY;
         vlsm_machine := MY
       |})
state_project: state X
→ state
    {|
      vlsm_type := TY;
      vlsm_machine := MY
    |}
Htransition_None: weak_projection_transition_consistency_None
  X
  {|
    vlsm_type := TY;
    vlsm_machine := MY
  |} label_project state_project
label_lift: label
  {|
    vlsm_type := TY; vlsm_machine := MY
  |} → label X
state_lift: state
  {|
    vlsm_type := TY; vlsm_machine := MY
  |} → state X
Xi:= pre_projection_induced_validator X
  {| vlsm_type := TY; vlsm_machine := MY |}
  label_project state_project label_lift
  state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  {|
    vlsm_type := TY;
    vlsm_machine := MY
  |} X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X
  {|
    vlsm_type := TY;
    vlsm_machine := MY
  |} label_project
  state_project
Hproji:= projection_induced_validator_is_projection X
  {| vlsm_type := TY; vlsm_machine := MY |}
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X
     {|
       vlsm_type := TY; vlsm_machine := MY
     |} label_project state_project
     label_lift state_lift) label_project
  state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm
     {| vlsm_type := TY; vlsm_machine := MY |})
  label_project state_project
s': state
  (preloaded_with_all_messages_vlsm
     {| vlsm_type := TY; vlsm_machine := MY |})
l: label
  (preloaded_with_all_messages_vlsm
     {| vlsm_type := TY; vlsm_machine := MY |})
om, om': option message
s: state
  (preloaded_with_all_messages_vlsm
     {| vlsm_type := TY; vlsm_machine := MY |})
Hvalid: valid l (s, om)
Htrans: (let
   (initial_state_prop, initial_state, _,
    initial_message_prop, initial_message,
    transition, _) := MY in
 transition) l (s, om) = (
s', om')
IHHs: valid_state_prop Xi s
lX: label X
sX: state X
HlX: label_project lX = Some l
HsX: state_project sX = (s, om).1
HvX: input_valid X lX (sX, (s, om).2)
sX': state X
_om': option message
Hs': (let
   (initial_state_prop, initial_state, _,
    initial_message_prop, initial_message,
    transition, _) := MY in
 transition) l (s, om) =
(state_project sX', _om')
state_project (sX', _om').1 = s'
      by rewrite Htrans in Hs'; inversion Hs'.
Qed.

Below we show that the two definitions above are actually equivalent.

Lemma projection_validator_prop_alt_iff
  : projection_validator_prop_alt <-> projection_validator_prop Y label_project state_project.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
projection_validator_prop_alt
↔ projection_validator_prop Y label_project
    state_project
Proof.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
projection_validator_prop_alt
↔ projection_validator_prop Y label_project
    state_project
  split; intros Hvalidator l si om Hvalid.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop_alt
l: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
om: option message
Hvalid: input_constrained Y l (si, om)
∃ (lX : label X) (sX : state X),
  InputValidation label_project state_project l si om
    lX sX
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
l: label Y
si: state Y
om: option message
Hvalid: valid l (si, om)
valid_state_prop Xi si → valid l (si, om)
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop_alt
l: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
om: option message
Hvalid: input_constrained Y l (si, om)
∃ (lX : label X) (sX : state X),
  InputValidation label_project state_project l si om
    lX sX apply Hvalidator; [by apply Hvalid |].message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop_alt
l: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
om: option message
Hvalid: input_constrained Y l (si, om)
valid_state_prop Xi si
    by apply validator_alt_free_states_are_projection_states; [.. | apply Hvalid].
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
l: label Y
si: state Y
om: option message
Hvalid: valid l (si, om)
valid_state_prop Xi si → valid l (si, om) intro HXisi; cbn.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
l: label Y
si: state Y
om: option message
Hvalid: valid l (si, om)
HXisi: valid_state_prop Xi si
projection_induced_valid X Y label_project
  state_project l (si, om)
    apply Hvalidator.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
l: label Y
si: state Y
om: option message
Hvalid: valid l (si, om)
HXisi: valid_state_prop Xi si
input_constrained Y l ((si, om).1, (si, om).2)
    repeat split; [| apply any_message_is_valid_in_preloaded | done].message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
l: label Y
si: state Y
om: option message
Hvalid: valid l (si, om)
HXisi: valid_state_prop Xi si
valid_state_prop (preloaded_with_all_messages_vlsm Y)
  (si, om).1
    by revert HXisi; apply VLSM_incl_valid_state,
      induced_validator_incl_preloaded_with_all_messages.
Qed.

Lemma validator_free_states_are_projection_states
  : projection_validator_prop Y label_project state_project ->
    forall s, constrained_state_prop Y s -> valid_state_prop Xi s.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
projection_validator_prop Y label_project
  state_project
→ ∀ s : state (preloaded_with_all_messages_vlsm Y),
    constrained_state_prop Y s → valid_state_prop Xi s
Proof.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
projection_validator_prop Y label_project
  state_project
→ ∀ s : state (preloaded_with_all_messages_vlsm Y),
    constrained_state_prop Y s → valid_state_prop Xi s
  rewrite <- projection_validator_prop_alt_iff by done.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
projection_validator_prop_alt
→ ∀ s : state (preloaded_with_all_messages_vlsm Y),
    constrained_state_prop Y s → valid_state_prop Xi s
  by apply validator_alt_free_states_are_projection_states.
Qed.

Section sec_preloaded_with_all_messages_validator_proj.

Context
  (Hvalidator : projection_validator_prop Y label_project state_project)
  .

We can show that preloaded Y is included in Xi by applying the meta-lemma VLSM_incl_finite_traces_characterization, and by induction on the length of a trace. The projection_validator_property is used to translate input_validity for the preloaded machine into the pre_projection_induced_validator.

Lemma preloaded_with_all_messages_validator_proj_incl
  : VLSM_incl (preloaded_with_all_messages_vlsm Y) Xi.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
VLSM_incl (preloaded_with_all_messages_vlsm Y) Xi
Proof.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
VLSM_incl (preloaded_with_all_messages_vlsm Y) Xi
  (* reduce inclusion to inclusion of finite traces. *)
  apply VLSM_incl_finite_traces_characterization.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
∀ (s : state
         {|
           vlsm_type :=
             preloaded_with_all_messages_vlsm Y;
           vlsm_machine :=
             preloaded_vlsm_machine Y
               (λ _ : message, True)
         |}) (tr : list transition_item),
  finite_valid_trace
    {|
      vlsm_type := preloaded_with_all_messages_vlsm Y;
      vlsm_machine :=
        preloaded_vlsm_machine Y (λ _ : message, True)
    |} s tr
  → finite_valid_trace
      {|
        vlsm_type :=
          preloaded_with_all_messages_vlsm Y;
        vlsm_machine :=
          preloaded_vlsm_machine
            (projection_induced_validator X Y
               label_project state_project label_lift
               state_lift) (λ _ : message, True)
      |} s tr
  intros sY trY HtrY.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
sY: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
trY: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} sY trY
finite_valid_trace
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) (λ _ : message, True)
  |} sY trY
  split; cycle 1.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
sY: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
trY: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} sY trY
initial_state_prop sY
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
sY: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
trY: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} sY trY
finite_valid_trace_from
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |} sY trY
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
sY: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
trY: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} sY trY
initial_state_prop sY exists (state_lift sY).message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
sY: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
trY: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} sY trY
state_project (state_lift sY) = sY
∧ initial_state_prop (state_lift sY)
    split; [by apply Hstate_lift |].message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
sY: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
trY: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} sY trY
initial_state_prop (state_lift sY)
    by apply Hinitial_lift, HtrY.
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
sY: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
trY: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} sY trY
finite_valid_trace_from
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) (λ _ : message, True)
  |} sY trY induction HtrY using finite_valid_trace_rev_ind.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hsi: initial_state_prop si
finite_valid_trace_from
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) (λ _ : message, True)
  |} si []
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
tr: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrY: finite_valid_trace_from
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
finite_valid_trace_from
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) 
        (λ _ : message, True)
  |} si (tr ++ [x])
    +message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hsi: initial_state_prop si
finite_valid_trace_from
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) (λ _ : message, True)
  |} si [] apply (finite_valid_trace_from_empty Xi), initial_state_is_valid.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hsi: initial_state_prop si
initial_state_prop si
      by exists (state_lift si); auto.
    +message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
tr: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrY: finite_valid_trace_from
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
finite_valid_trace_from
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project label_lift
           state_lift) (λ _ : message, True)
  |} si (tr ++ [x]) apply (extend_right_finite_trace_from Xi); [done |].message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
tr: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrY: finite_valid_trace_from
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
input_valid_transition Xi l
  (finite_trace_last si tr, iom) (sf, oom)
      split.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
tr: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrY: finite_valid_trace_from
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
input_valid Xi l (finite_trace_last si tr, iom)
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
tr: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrY: finite_valid_trace_from
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
transition l (finite_trace_last si tr, iom) =
(sf, oom)
      *message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
tr: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrY: finite_valid_trace_from
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
input_valid Xi l (finite_trace_last si tr, iom) apply induced_validator_valid_is_input_valid; cbn; [done |].message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
tr: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrY: finite_valid_trace_from
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
projection_induced_valid X Y label_project
  state_project l (finite_trace_last si tr, iom)
        by apply Hvalidator, Hx.
      *message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
tr: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrY: finite_valid_trace_from
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
transition l (finite_trace_last si tr, iom) =
(sf, oom) replace (sf, _) with (transition Y l (finite_trace_last si tr, iom))
          by apply Hx.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
tr: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrY: finite_valid_trace_from
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
transition l (finite_trace_last si tr, iom) =
transition l (finite_trace_last si tr, iom)
        apply projection_induced_valid_transition_eq; cbn.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
si: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
tr: list transition_item
HtrY: finite_valid_trace
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} si tr
sf: state
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
iom, oom: option message
l: label
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |}
Hx: input_valid_transition
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine Y
        (λ _ : message, True)
  |} l (finite_trace_last si tr, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHtrY: finite_valid_trace_from
  {|
    vlsm_type :=
      preloaded_with_all_messages_vlsm Y;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator X Y
           label_project state_project
           label_lift state_lift)
        (λ _ : message, True)
  |} si tr
projection_induced_valid X Y label_project
  state_project l (finite_trace_last si tr, iom)
        by apply Hvalidator, Hx.
Qed.

Given that any projection is included in the preloaded_with_all_messages_vlsm of its component (Lemma proj_preloaded_with_all_messages_incl), we conclude that preloaded Y and Xi are trace-equal. This means that all the byzantine behavior of a component which is a validator is exhibited by its corresponding projection.

Lemma preloaded_with_all_messages_validator_proj_eq
  : VLSM_eq (preloaded_with_all_messages_vlsm Y) Xi.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
VLSM_eq (preloaded_with_all_messages_vlsm Y) Xi
Proof.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
VLSM_eq (preloaded_with_all_messages_vlsm Y) Xi
  split.message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
VLSM_incl
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine := preloaded_with_all_messages_vlsm Y
  |}
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine := Xi
  |}
message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
VLSM_incl
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine := Xi
  |}
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine := preloaded_with_all_messages_vlsm Y
  |}
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
VLSM_incl
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine := preloaded_with_all_messages_vlsm Y
  |}
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine := Xi
  |} by apply preloaded_with_all_messages_validator_proj_incl.
  -message: Type
X, Y: VLSM message
label_project: label X → option (label Y)
state_project: state X → state Y
Htransition_None: weak_projection_transition_consistency_None
  X Y label_project state_project
label_lift: label Y → label X
state_lift: state Y → state X
Xi:= pre_projection_induced_validator X Y label_project
  state_project label_lift state_lift: VLSM message
Hlabel_lift: induced_validator_label_lift_prop
  label_project label_lift
Hstate_lift: induced_validator_state_lift_prop
  state_project state_lift
Hinitial_lift: strong_projection_initial_state_preservation
  Y X state_lift
Htransition_consistency: induced_validator_transition_consistency_Some
  X Y label_project
  state_project
Hproji:= projection_induced_validator_is_projection X Y
  label_project state_project label_lift
  state_lift Hlabel_lift Hstate_lift
  Htransition_consistency Htransition_None: VLSM_projection X
  (pre_projection_induced_validator X Y
     label_project state_project label_lift
     state_lift) label_project state_project
Hproj: VLSM_projection X
  (preloaded_with_all_messages_vlsm Y)
  label_project state_project
Hvalidator: projection_validator_prop Y label_project
  state_project
VLSM_incl
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine := Xi
  |}
  {|
    vlsm_type := preloaded_with_all_messages_vlsm Y;
    vlsm_machine := preloaded_with_all_messages_vlsm Y
  |} by apply induced_validator_incl_preloaded_with_all_messages.
Qed.

End sec_preloaded_with_all_messages_validator_proj.

End sec_induced_validator_validators.

Transporting validator properties through VLSM embeddings/inclusions

Lemma VLSM_embedding_projection_validator
  {message : Type}
  (X X' Y : VLSM message)
  (pr_label : label X' -> option (label Y))
  (pr_state : state X' -> state Y)
  `(Hembedding : VLSM_embedding X X' em_label em_state) :
  projection_validator_prop Y (pr_label ∘ em_label) (pr_state ∘ em_state) ->
  projection_validator_prop Y pr_label pr_state.message: Type
X, X', Y: VLSM message
pr_label: label X' → option (label Y)
pr_state: state X' → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
projection_validator_prop Y (pr_label ∘ em_label)
  (pr_state ∘ em_state)
→ projection_validator_prop Y pr_label pr_state
Proof.message: Type
X, X', Y: VLSM message
pr_label: label X' → option (label Y)
pr_state: state X' → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
projection_validator_prop Y (pr_label ∘ em_label)
  (pr_state ∘ em_state)
→ projection_validator_prop Y pr_label pr_state
  intros Hvalidator ? * Hvalid.message: Type
X, X', Y: VLSM message
pr_label: label X' → option (label Y)
pr_state: state X' → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
Hvalidator: projection_validator_prop Y
  (pr_label ∘ em_label)
  (pr_state ∘ em_state)
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
Hvalid: input_constrained Y li (si, omi)
∃ (lX : label X') (sX : state X'),
  InputValidation pr_label pr_state li si omi lX sX
  apply Hvalidator in Hvalid as (lX & sX & [HlX HsX Hvalid]).message: Type
X, X', Y: VLSM message
pr_label: label X' → option (label Y)
pr_state: state X' → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
Hvalidator: projection_validator_prop Y
  (pr_label ∘ em_label)
  (pr_state ∘ em_state)
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
lX: label X
sX: state X
HlX: (pr_label ∘ em_label) lX = Some li
HsX: (pr_state ∘ em_state) sX = si
Hvalid: input_valid X lX (sX, omi)
∃ (lX : label X') (sX : state X'),
  InputValidation pr_label pr_state li si omi lX sX
  exists (em_label lX), (em_state sX).message: Type
X, X', Y: VLSM message
pr_label: label X' → option (label Y)
pr_state: state X' → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
Hvalidator: projection_validator_prop Y
  (pr_label ∘ em_label)
  (pr_state ∘ em_state)
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
lX: label X
sX: state X
HlX: (pr_label ∘ em_label) lX = Some li
HsX: (pr_state ∘ em_state) sX = si
Hvalid: input_valid X lX (sX, omi)
InputValidation pr_label pr_state li si omi
  (em_label lX) (em_state sX)
  constructor; [done.. |].message: Type
X, X', Y: VLSM message
pr_label: label X' → option (label Y)
pr_state: state X' → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
Hvalidator: projection_validator_prop Y
  (pr_label ∘ em_label)
  (pr_state ∘ em_state)
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
lX: label X
sX: state X
HlX: (pr_label ∘ em_label) lX = Some li
HsX: (pr_state ∘ em_state) sX = si
Hvalid: input_valid X lX (sX, omi)
input_valid X' (em_label lX) (em_state sX, omi)
  by apply VLSM_embedding_input_valid.
Qed.

Lemma VLSM_canceling_embedding_projection_validator
  {message : Type}
  (X X' Y : VLSM message)
  (pr_label : label X -> option (label Y))
  (pr_state : state X -> state Y)
  `(Hembedding : VLSM_embedding X X' em_label em_state)
  `{!Cancel (=) em_label' em_label}
  `{!Cancel (=) em_state' em_state} :
  projection_validator_prop Y pr_label pr_state ->
  projection_validator_prop Y (pr_label ∘ em_label') (pr_state ∘ em_state').message: Type
X, X', Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
em_label': label X' → label X
Cancel0: Cancel eq em_label' em_label
em_state': state X' → state X
Cancel1: Cancel eq em_state' em_state
projection_validator_prop Y pr_label pr_state
→ projection_validator_prop Y (pr_label ∘ em_label')
    (pr_state ∘ em_state')
Proof.message: Type
X, X', Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
em_label': label X' → label X
Cancel0: Cancel eq em_label' em_label
em_state': state X' → state X
Cancel1: Cancel eq em_state' em_state
projection_validator_prop Y pr_label pr_state
→ projection_validator_prop Y (pr_label ∘ em_label')
    (pr_state ∘ em_state')
  intros Hvalidator ? * Hvalid.message: Type
X, X', Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
em_label': label X' → label X
Cancel0: Cancel eq em_label' em_label
em_state': state X' → state X
Cancel1: Cancel eq em_state' em_state
Hvalidator: projection_validator_prop Y pr_label
  pr_state
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
Hvalid: input_constrained Y li (si, omi)
∃ (lX : label X') (sX : state X'),
  InputValidation (pr_label ∘ em_label')
    (pr_state ∘ em_state') li si omi lX sX
  apply Hvalidator in Hvalid as (lX & sX & [HlX HsX Hvalid]).message: Type
X, X', Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
em_label': label X' → label X
Cancel0: Cancel eq em_label' em_label
em_state': state X' → state X
Cancel1: Cancel eq em_state' em_state
Hvalidator: projection_validator_prop Y pr_label
  pr_state
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
lX: label X
sX: state X
HlX: pr_label lX = Some li
HsX: pr_state sX = si
Hvalid: input_valid X lX (sX, omi)
∃ (lX : label X') (sX : state X'),
  InputValidation (pr_label ∘ em_label')
    (pr_state ∘ em_state') li si omi lX sX
  exists (em_label lX), (em_state sX).message: Type
X, X', Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
em_label': label X' → label X
Cancel0: Cancel eq em_label' em_label
em_state': state X' → state X
Cancel1: Cancel eq em_state' em_state
Hvalidator: projection_validator_prop Y pr_label
  pr_state
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
lX: label X
sX: state X
HlX: pr_label lX = Some li
HsX: pr_state sX = si
Hvalid: input_valid X lX (sX, omi)
InputValidation (pr_label ∘ em_label')
  (pr_state ∘ em_state') li si omi (em_label lX)
  (em_state sX)
  constructor; [by cbn; rewrite cancel.. |].message: Type
X, X', Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
em_label': label X' → label X
Cancel0: Cancel eq em_label' em_label
em_state': state X' → state X
Cancel1: Cancel eq em_state' em_state
Hvalidator: projection_validator_prop Y pr_label
  pr_state
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
omi: option message
lX: label X
sX: state X
HlX: pr_label lX = Some li
HsX: pr_state sX = si
Hvalid: input_valid X lX (sX, omi)
input_valid X' (em_label lX) (em_state sX, omi)
  by apply VLSM_embedding_input_valid.
Qed.

Lemma VLSM_incl_projection_validator
  {message : Type}
  (T : VLSMType message)
  (MX MX' : VLSMMachine T)
  (X := mk_vlsm MX)
  (X' := mk_vlsm MX')
  (Y : VLSM message)
  (pr_label : label X -> option (label Y))
  (pr_state : state X -> state Y)
  `(Hincl : VLSM_incl X X') :
  projection_validator_prop (X := X) Y pr_label pr_state ->
  projection_validator_prop (X := X') Y pr_label pr_state.message: Type
T: VLSMType message
MX, MX': VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
X':= {| vlsm_type := T; vlsm_machine := MX' |}: VLSM message
Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
Hincl: VLSM_incl X X'
projection_validator_prop Y pr_label pr_state
→ projection_validator_prop Y pr_label pr_state
Proof.message: Type
T: VLSMType message
MX, MX': VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
X':= {| vlsm_type := T; vlsm_machine := MX' |}: VLSM message
Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
Hincl: VLSM_incl X X'
projection_validator_prop Y pr_label pr_state
→ projection_validator_prop Y pr_label pr_state
  eapply VLSM_canceling_embedding_projection_validator; [| done..].message: Type
T: VLSMType message
MX, MX': VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
X':= {| vlsm_type := T; vlsm_machine := MX' |}: VLSM message
Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
Hincl: VLSM_incl X X'
VLSM_embedding X X' (λ x : label X, x)
  (λ x : state X, x)
  by apply VLSM_incl_embedding_iff.
Qed.

Lemma VLSM_embedding_message_validator
  {message : Type}
  (X X' Y : VLSM message)
  (pr_label : label X -> option (label Y))
  (pr_state : state X -> state Y)
  `(Hembedding : VLSM_embedding X X' em_label em_state)
  (Hinit : strong_embedding_initial_message_preservation X X') :
  message_validator_prop (X := X) Y ->
  message_validator_prop (X := X') Y.message: Type
X, X', Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
Hinit: strong_embedding_initial_message_preservation
  X X'
message_validator_prop Y → message_validator_prop Y
Proof.message: Type
X, X', Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
Hinit: strong_embedding_initial_message_preservation
  X X'
message_validator_prop Y → message_validator_prop Y
  intros Hvalidator ? * Hvalid.message: Type
X, X', Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
Hinit: strong_embedding_initial_message_preservation
  X X'
Hvalidator: message_validator_prop Y
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
im: message
Hvalid: input_constrained Y li (si, Some im)
valid_message_prop X' im
  eapply VLSM_embedding_valid_message; [done.. |].message: Type
X, X', Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
em_label: label X → label X'
em_state: state X → state X'
Hembedding: VLSM_embedding X X' em_label em_state
Hinit: strong_embedding_initial_message_preservation
  X X'
Hvalidator: message_validator_prop Y
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
im: message
Hvalid: input_constrained Y li (si, Some im)
valid_message_prop X im
  by apply Hvalidator in Hvalid.
Qed.

Lemma VLSM_incl_message_validator
  {message : Type}
  (T : VLSMType message)
  (MX MX' : VLSMMachine T)
  (X := mk_vlsm MX)
  (X' := mk_vlsm MX')
  (Y : VLSM message)
  (pr_label : label X -> option (label Y))
  (pr_state : state X -> state Y)
  `(Hincl : VLSM_incl X X')
  (Hinit : strong_incl_initial_message_preservation X X') :
  message_validator_prop (X := X) Y ->
  message_validator_prop (X := X') Y.message: Type
T: VLSMType message
MX, MX': VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
X':= {| vlsm_type := T; vlsm_machine := MX' |}: VLSM message
Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
Hincl: VLSM_incl X X'
Hinit: strong_incl_initial_message_preservation X X'
message_validator_prop Y → message_validator_prop Y
Proof.message: Type
T: VLSMType message
MX, MX': VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
X':= {| vlsm_type := T; vlsm_machine := MX' |}: VLSM message
Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
Hincl: VLSM_incl X X'
Hinit: strong_incl_initial_message_preservation X X'
message_validator_prop Y → message_validator_prop Y
  intros Hvalidator ? * Hvalid.message: Type
T: VLSMType message
MX, MX': VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
X':= {| vlsm_type := T; vlsm_machine := MX' |}: VLSM message
Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
Hincl: VLSM_incl X X'
Hinit: strong_incl_initial_message_preservation X X'
Hvalidator: message_validator_prop Y
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
im: message
Hvalid: input_constrained Y li (si, Some im)
valid_message_prop X' im
  eapply VLSM_incl_valid_message; [done.. |].message: Type
T: VLSMType message
MX, MX': VLSMMachine T
X:= {| vlsm_type := T; vlsm_machine := MX |}: VLSM message
X':= {| vlsm_type := T; vlsm_machine := MX' |}: VLSM message
Y: VLSM message
pr_label: label X → option (label Y)
pr_state: state X → state Y
Hincl: VLSM_incl X X'
Hinit: strong_incl_initial_message_preservation X X'
Hvalidator: message_validator_prop Y
li: label (preloaded_with_all_messages_vlsm Y)
si: state (preloaded_with_all_messages_vlsm Y)
im: message
Hvalid: input_constrained Y li (si, Some im)
valid_message_prop
  {| vlsm_type := T; vlsm_machine := X |} im
  by apply Hvalidator in Hvalid.
Qed.

Validator properties for the component_projection.

In this section we specialize the validator-related results to the components of a composition.

Section sec_component_projection_validator.

Context
  {message : Type}
  `{EqDecision index}
  (IM : index -> VLSM message)
  (constraint : composite_label IM -> composite_state IM * option message -> Prop)
  (X := composite_vlsm IM constraint)
  (i : index)
  .

Definition composite_project_label (l : composite_label IM)
  : option (label (IM i)) :=
  match decide (i = (projT1 l)) with
  | left e => Some (eq_rect_r _ (projT2 l) e)
  | _ => None
  end.

The specialization of the more abstract projection_induced_validator to the projection from a composition to a component.

Definition composite_vlsm_induced_validator : VLSM message :=
  projection_induced_validator X (IM i)
    composite_project_label (fun s => s i)
    (lift_to_composite_label IM i) (lift_to_composite_state' IM i).

Definition pre_composite_vlsm_induced_validator : VLSM message :=
  pre_projection_induced_validator X (IM i)
    composite_project_label (fun s => s i)
    (lift_to_composite_label IM i) (lift_to_composite_state' IM i).

Lemma composite_project_label_eq lj
  : composite_project_label (existT i lj) = Some lj.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj: (λ n : index, label (IM n)) i
composite_project_label (existT i lj) = Some lj
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj: (λ n : index, label (IM n)) i
composite_project_label (existT i lj) = Some lj
  unfold composite_project_label; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj: (λ n : index, label (IM n)) i
match decide (i = i) with
| left e =>
    Some (eq_rect_r (λ n : index, label (IM n)) lj e)
| right _ => None
end = Some lj
  by rewrite (decide_True_pi eq_refl).
Qed.

Lemma component_label_projection_lift
  : induced_validator_label_lift_prop composite_project_label
    (lift_to_composite_label IM i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_label_lift_prop
  composite_project_label
  (lift_to_composite_label IM i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_label_lift_prop
  composite_project_label
  (lift_to_composite_label IM i) by intros lj; apply composite_project_label_eq. Qed.

Lemma component_state_projection_lift
  : induced_validator_state_lift_prop (fun s : composite_state IM => s i)
    (lift_to_composite_state' IM i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_state_lift_prop
  (λ s : composite_state IM, s i)
  (lift_to_composite_state' IM i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_state_lift_prop
  (λ s : composite_state IM, s i)
  (lift_to_composite_state' IM i) by intros sj; apply state_update_eq. Qed.

Lemma component_transition_projection_None
  : weak_projection_transition_consistency_None X (IM i)
    composite_project_label (fun s : state X => s i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
weak_projection_transition_consistency_None X (IM i)
  composite_project_label (λ s : state X, s i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
weak_projection_transition_consistency_None X (IM i)
  composite_project_label (λ s : state X, s i)
  intros [j lj] HlX sX iom s'X oom [_ Ht]; cbn in Ht.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i, j: index
lj: label (IM j)
HlX: composite_project_label (existT j lj) = None
sX: state X
iom: option message
s'X: state X
oom: option message
Ht: (let (si', om') := transition lj (sX j, iom) in
 (state_update IM sX j si', om')) = (
s'X, oom)
s'X i = sX i
  destruct (transition _ _ _) as (si', om'); inversion Ht; subst.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i, j: index
lj: label (IM j)
HlX: composite_project_label (existT j lj) = None
sX: state X
iom, oom: option message
si': state (IM j)
Ht: (state_update IM sX j si', oom) =
(state_update IM sX j si', oom)
state_update IM sX j si' i = sX i
  destruct (decide (i = j)); subst; state_update_simpl; [| done].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj: label (IM i)
HlX: composite_project_label (existT i lj) = None
sX: state X
iom, oom: option message
si': state (IM i)
Ht: (state_update IM sX i si', oom) =
(state_update IM sX i si', oom)
si' = sX i
  unfold composite_project_label in HlX; cbn in HlX.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj: label (IM i)
HlX: match decide (i = i) with
| left e =>
    Some
      (eq_rect_r (λ n : index, label (IM n)) lj
         e)
| right _ => None
end = None
sX: state X
iom, oom: option message
si': state (IM i)
Ht: (state_update IM sX i si', oom) =
(state_update IM sX i si', oom)
si' = sX i
  by case_decide.
Qed.

Lemma component_transition_projection_Some
  : induced_validator_transition_consistency_Some X (IM i)
    composite_project_label (fun s : state X => s i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_transition_consistency_Some X (IM i)
  composite_project_label (λ s : state X, s i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_transition_consistency_Some X (IM i)
  composite_project_label (λ s : state X, s i)
  intros [j1 lj1] [j2 lj2] lj; unfold composite_project_label; cbn.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i, j1: index
lj1: label (IM j1)
j2: index
lj2: label (IM j2)
lj: label (IM i)
match decide (i = j1) with
| left e =>
    Some (eq_rect_r (λ n : index, label (IM n)) lj1 e)
| right _ => None
end = Some lj
→ match decide (i = j2) with
  | left e =>
      Some
        (eq_rect_r (λ n : index, label (IM n)) lj2 e)
  | right _ => None
  end = Some lj
  → ∀ sX1 sX2 : composite_state IM,
      sX1 i = sX2 i
      → ∀ (iom : option message) (sX1' : composite_state
                                           IM) (oom1 : 
                                                option
                                                 message),
          (let (si', om') :=
             transition lj1 (sX1 j1, iom) in
           (state_update IM sX1 j1 si', om')) =
          (sX1', oom1)
          → ∀ (sX2' : composite_state IM) (oom2 : 
                                           option
                                             message),
              (let (si', om') :=
                 transition lj2 (sX2 j2, iom) in
               (state_update IM sX2 j2 si', om')) =
              (sX2', oom2)
              → sX1' i = sX2' i ∧ oom1 = oom2
  case_decide as Hj1; [| done]; subst j1.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj1: label (IM i)
j2: index
lj2: label (IM j2)
lj: label (IM i)
Some
  (eq_rect_r (λ n : index, label (IM n)) lj1 eq_refl) =
Some lj
→ match decide (i = j2) with
  | left e =>
      Some
        (eq_rect_r (λ n : index, label (IM n)) lj2 e)
  | right _ => None
  end = Some lj
  → ∀ sX1 sX2 : composite_state IM,
      sX1 i = sX2 i
      → ∀ (iom : option message) (sX1' : composite_state
                                           IM) (oom1 : 
                                                option
                                                 message),
          (let (si', om') :=
             transition lj1 (sX1 i, iom) in
           (state_update IM sX1 i si', om')) =
          (sX1', oom1)
          → ∀ (sX2' : composite_state IM) (oom2 : 
                                           option
                                             message),
              (let (si', om') :=
                 transition lj2 (sX2 j2, iom) in
               (state_update IM sX2 j2 si', om')) =
              (sX2', oom2)
              → sX1' i = sX2' i ∧ oom1 = oom2
  intros Hlj1; cbv in Hlj1;  apply Some_inj in Hlj1; subst lj1.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i, j2: index
lj2: label (IM j2)
lj: label (IM i)
match decide (i = j2) with
| left e =>
    Some (eq_rect_r (λ n : index, label (IM n)) lj2 e)
| right _ => None
end = Some lj
→ ∀ sX1 sX2 : composite_state IM,
    sX1 i = sX2 i
    → ∀ (iom : option message) (sX1' : composite_state
                                         IM) (oom1 : 
                                              option
                                                message),
        (let (si', om') :=
           transition lj (sX1 i, iom) in
         (state_update IM sX1 i si', om')) =
        (sX1', oom1)
        → ∀ (sX2' : composite_state IM) (oom2 : option
                                                 message),
            (let (si', om') :=
               transition lj2 (sX2 j2, iom) in
             (state_update IM sX2 j2 si', om')) =
            (sX2', oom2)
            → sX1' i = sX2' i ∧ oom1 = oom2
  case_decide as Hj2; [| done]; subst j2.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj2, lj: label (IM i)
Some
  (eq_rect_r (λ n : index, label (IM n)) lj2 eq_refl) =
Some lj
→ ∀ sX1 sX2 : composite_state IM,
    sX1 i = sX2 i
    → ∀ (iom : option message) (sX1' : composite_state
                                         IM) (oom1 : 
                                              option
                                                message),
        (let (si', om') :=
           transition lj (sX1 i, iom) in
         (state_update IM sX1 i si', om')) =
        (sX1', oom1)
        → ∀ (sX2' : composite_state IM) (oom2 : option
                                                 message),
            (let (si', om') :=
               transition lj2 (sX2 i, iom) in
             (state_update IM sX2 i si', om')) =
            (sX2', oom2)
            → sX1' i = sX2' i ∧ oom1 = oom2
  intros Hlj2; cbv in Hlj2; apply Some_inj in Hlj2; subst lj2.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj: label (IM i)
∀ sX1 sX2 : composite_state IM,
  sX1 i = sX2 i
  → ∀ (iom : option message) (sX1' : composite_state
                                       IM) (oom1 : 
                                            option
                                              message),
      (let (si', om') := transition lj (sX1 i, iom) in
       (state_update IM sX1 i si', om')) =
      (sX1', oom1)
      → ∀ (sX2' : composite_state IM) (oom2 : option
                                                message),
          (let (si', om') :=
             transition lj (sX2 i, iom) in
           (state_update IM sX2 i si', om')) =
          (sX2', oom2) → sX1' i = sX2' i ∧ oom1 = oom2
  intros sX1 sX2 <- iom.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj: label (IM i)
sX1, sX2: composite_state IM
iom: option message
∀ (sX1' : composite_state IM) (oom1 : option message),
  (let (si', om') := transition lj (sX1 i, iom) in
   (state_update IM sX1 i si', om')) = (sX1', oom1)
  → ∀ (sX2' : composite_state IM) (oom2 : option
                                            message),
      (let (si', om') := transition lj (sX1 i, iom) in
       (state_update IM sX2 i si', om')) =
      (sX2', oom2) → sX1' i = sX2' i ∧ oom1 = oom2
  destruct (transition _ _ _) as [si' om'].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj: label (IM i)
sX1, sX2: composite_state IM
iom: option message
si': state (IM i)
om': option message
∀ (sX1' : composite_state IM) (oom1 : option message),
  (state_update IM sX1 i si', om') = (sX1', oom1)
  → ∀ (sX2' : composite_state IM) (oom2 : option
                                            message),
      (state_update IM sX2 i si', om') = (sX2', oom2)
      → sX1' i = sX2' i ∧ oom1 = oom2
  intros sX1' oom1 Ht1; inversion Ht1; subst; clear Ht1.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj: label (IM i)
sX1, sX2: composite_state IM
iom: option message
si': state (IM i)
oom1: option message
∀ (sX2' : composite_state IM) (oom2 : option message),
  (state_update IM sX2 i si', oom1) = (sX2', oom2)
  → state_update IM sX1 i si' i = sX2' i ∧ oom1 = oom2
  intros sX2' oom2 Ht2; inversion Ht2; subst; clear Ht2.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
lj: label (IM i)
sX1, sX2: composite_state IM
iom: option message
si': state (IM i)
oom2: option message
state_update IM sX1 i si' i =
state_update IM sX2 i si' i ∧ oom2 = oom2
  by state_update_simpl.
Qed.

The projection_induced_validator by the composite_project_label and the projection of the state to the component is indeed a VLSM_projection.

Lemma composite_projection_induced_validator_is_projection :
  VLSM_projection X pre_composite_vlsm_induced_validator
    composite_project_label (fun s => s i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_projection X pre_composite_vlsm_induced_validator
  composite_project_label (λ s : state X, s i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_projection X pre_composite_vlsm_induced_validator
  composite_project_label (λ s : state X, s i)
  apply projection_induced_validator_is_projection.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_label_lift_prop
  composite_project_label
  (lift_to_composite_label IM i)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_state_lift_prop 
  (λ s : state X, s i) 
  (lift_to_composite_state' IM i)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_transition_consistency_Some X 
  (IM i) composite_project_label 
  (λ s : state X, s i)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
weak_projection_transition_consistency_None X 
  (IM i) composite_project_label 
  (λ s : state X, s i)
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_label_lift_prop
  composite_project_label
  (lift_to_composite_label IM i) by apply component_label_projection_lift.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_state_lift_prop (λ s : state X, s i)
  (lift_to_composite_state' IM i) by apply component_state_projection_lift.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
induced_validator_transition_consistency_Some X (IM i)
  composite_project_label (λ s : state X, s i) by apply component_transition_projection_Some.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
weak_projection_transition_consistency_None X (IM i)
  composite_project_label (λ s : state X, s i) by apply component_transition_projection_None.
Qed.

End sec_component_projection_validator.

Section sec_component_projection_validator_alt.

Direct definition of induced validator from composition to component

In this section, we provide a definition of the induced validator from a composition to a component obtained by strengthening the component instead of deriving its elements via the projection composite_vlsm_induced_projection_validator.

We then show this VLSM and some of its preloaded variants are VLSM_equal (trace-equivalent) to the corresponding variants of the composite_vlsm_induced_validator.

Context
  {message : Type}
  `{EqDecision index}
  (IM : index -> VLSM message)
  (constraint : composite_label IM -> composite_state IM * option message -> Prop)
  (X := composite_vlsm IM constraint)
  (i : index)
  .

The composite_vlsm_induced_projection_validity is defined as the projection of the input_validity of X.

Definition composite_vlsm_induced_projection_valid
  (li : label (IM i))
  (siomi : state (IM i) * option message)
  :=
  let (si, omi) := siomi in
  exists s : state X,
    s i = si /\ input_valid X (existT i li) (s, omi).

Since the composite_vlsm_induced_projection_validity is derived from input_validity, which in turn depends on validity in the component, it is easy to see that it implies validity in the component.

Lemma projection_valid_implies_valid
  (li : label (IM i))
  (siomi : state (IM i) * option message)
  (Hcomposite : composite_vlsm_induced_projection_valid li siomi)
  : valid (IM i) li siomi.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
siomi: (state (IM i) * option message)%type
Hcomposite: composite_vlsm_induced_projection_valid
  li siomi
valid li siomi
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
li: label (IM i)
siomi: (state (IM i) * option message)%type
Hcomposite: composite_vlsm_induced_projection_valid
  li siomi
valid li siomi by destruct siomi, Hcomposite as (? & <- & _ & _ & []). Qed.

We define the induced projection validator of X to index i as the VLSM obtained by changing the validity predicate of IM i to composite_vlsm_induced_projection_valid.

Definition composite_vlsm_induced_projection_validator_machine
  : VLSMMachine (IM i) :=
{|
  initial_state_prop := @initial_state_prop _ _ (IM i);
  initial_message_prop := @initial_message_prop _ _ (IM i);
  s0 := populate (vs0 (IM i));
  transition := @transition _ _ (IM i);
  valid := composite_vlsm_induced_projection_valid;
|}.

Definition composite_vlsm_induced_projection_validator : VLSM message :=
  mk_vlsm composite_vlsm_induced_projection_validator_machine.

Definition pre_composite_vlsm_induced_projection_validator : VLSM message :=
  preloaded_with_all_messages_vlsm composite_vlsm_induced_projection_validator.

Lemma preloaded_composite_vlsm_induced_projection_validator_iff
  (P : message -> Prop)
  (Hinits : forall m,  initial_message_prop (IM i) m -> P m)
  : VLSM_eq
      (preloaded_vlsm composite_vlsm_induced_projection_validator P)
      (preloaded_vlsm (composite_vlsm_induced_validator IM constraint i) P).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
VLSM_eq
  (preloaded_vlsm
     composite_vlsm_induced_projection_validator P)
  (preloaded_vlsm
     (composite_vlsm_induced_validator IM constraint i)
     P)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
VLSM_eq
  (preloaded_vlsm
     composite_vlsm_induced_projection_validator P)
  (preloaded_vlsm
     (composite_vlsm_induced_validator IM constraint i)
     P)
  split; cbn; apply basic_VLSM_strong_incl.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_initial_state_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_initial_message_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_valid_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_transition_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_initial_state_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_initial_message_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_valid_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_transition_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_initial_state_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} intros s Hs; cbn in *; red.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
s: state (let (vlsm_type, _) := IM i in vlsm_type)
Hs: initial_state_prop s
∃ sX : state (composite_vlsm IM constraint),
  sX i = s ∧ initial_state_prop sX
    exists (lift_to_composite_state' IM i s).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
s: state (let (vlsm_type, _) := IM i in vlsm_type)
Hs: initial_state_prop s
lift_to_composite_state' IM i s i = s
∧ initial_state_prop (lift_to_composite_state' IM i s)
    split; [by state_update_simpl |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
s: state (let (vlsm_type, _) := IM i in vlsm_type)
Hs: initial_state_prop s
initial_state_prop (lift_to_composite_state' IM i s)
    by apply (composite_initial_state_prop_lift IM).
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_initial_message_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} by intros m [Him | Hpm]; right; [by apply Hinits |].
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_valid_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} intros l s iom [sX [<- Hv]].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
iom: option message
sX: state X
Hv: input_valid X (existT i l) (sX, iom)
valid (id l) (id (sX i), iom)
    exists (existT i l), sX.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
iom: option message
sX: state X
Hv: input_valid X (existT i l) (sX, iom)
InputValidation (composite_project_label IM i)
  (λ s : state (composite_vlsm IM constraint), s i)
  (id l) (id (sX i), iom).1 (id (sX i), iom).2
  (existT i l) sX
    by split; [apply composite_project_label_eq | ..].
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_transition_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} intros l s iom s' oom.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
s: state
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
iom: option message
s': state
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
oom: option message
transition l (s, iom) = (s', oom)
→ transition (id l) (id s, iom) = (id s', oom)
    cbn; unfold lift_to_composite_state' at 1.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
s: state
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
iom: option message
s': state
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
oom: option message
transition l (s, iom) = (s', oom)
→ (let (s'X, om') :=
     let (si', om') :=
       transition l
         (lift_to_composite_state IM
            (`(composite_s0 IM)) i s i, iom) in
     (state_update IM
        (lift_to_composite_state' IM i s) i si', om') in
   (s'X i, om')) = (s', oom)
    state_update_simpl.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
s: state
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
iom: option message
s': state
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
oom: option message
transition l (s, iom) = (s', oom)
→ (let (s'X, om') :=
     let (si', om') := transition l (s, iom) in
     (state_update IM
        (state_update IM (`(composite_s0 IM)) i s) i
        si', om') in
   (s'X i, om')) = (s', oom)
    intros Ht; setoid_rewrite Ht.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
s: state
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
iom: option message
s': state
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            composite_vlsm_induced_projection_validator
            composite_vlsm_induced_projection_validator;
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
oom: option message
Ht: transition l (s, iom) = (s', oom)
(state_update IM
   (state_update IM (`(composite_s0 IM)) i s) i s' i,
 oom) = (s', oom)
    by state_update_simpl.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_initial_state_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} by intros s [sX [<- HsX]]; cbn.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_initial_message_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} by intros m [| Hm]; [| right].
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_valid_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} intros l s iom ([j li] & sX & [HlX [=] Hv]).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            (composite_vlsm_induced_validator IM
               constraint i)
            (composite_vlsm_induced_validator IM
               constraint i);
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
s: state
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            (composite_vlsm_induced_validator IM
               constraint i)
            (composite_vlsm_induced_validator IM
               constraint i);
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
iom: option message
j: index
li: label (IM j)
sX: state (composite_vlsm IM constraint)
HlX: composite_project_label IM i (existT j li) =
Some l
H: sX i = s
Hv: input_valid (composite_vlsm IM constraint)
  (existT j li) (sX, (s, iom).2)
valid (id l) (id s, iom)
    exists sX; split; [done |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            (composite_vlsm_induced_validator IM
               constraint i)
            (composite_vlsm_induced_validator IM
               constraint i);
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
s: state
  {|
    vlsm_type :=
      let (vlsm_type, _) := IM i in vlsm_type;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            (composite_vlsm_induced_validator IM
               constraint i)
            (composite_vlsm_induced_validator IM
               constraint i);
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ P m;
        transition := transition;
        valid := valid
      |}
  |}
iom: option message
j: index
li: label (IM j)
sX: state (composite_vlsm IM constraint)
HlX: composite_project_label IM i (existT j li) =
Some l
H: sX i = s
Hv: input_valid (composite_vlsm IM constraint)
  (existT j li) (sX, (s, iom).2)
input_valid X (existT i (id l)) (sX, iom)
    unfold composite_project_label in HlX; cbn in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label (let (vlsm_type, _) := IM i in vlsm_type)
s: state (let (vlsm_type, _) := IM i in vlsm_type)
iom: option message
j: index
li: label (IM j)
sX: composite_state IM
HlX: match decide (i = j) with
| left e =>
    Some
      (eq_rect_r (λ n : index, label (IM n)) li
         e)
| right _ => None
end = Some l
H: sX i = s
Hv: valid_state_prop (composite_vlsm IM constraint)
  sX
∧ option_valid_message_prop
    (composite_vlsm IM constraint) iom
  ∧ valid li (sX j, iom)
    ∧ constraint (existT j li) (sX, iom)
valid_state_prop X sX
∧ option_valid_message_prop X iom
  ∧ valid l (sX i, iom)
    ∧ constraint (existT i l) (sX, iom)
    case_decide; [| congruence].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label (let (vlsm_type, _) := IM i in vlsm_type)
s: state (let (vlsm_type, _) := IM i in vlsm_type)
iom: option message
j: index
li: label (IM j)
sX: composite_state IM
H0: i = j
HlX: Some
  (eq_rect_r (λ n : index, label (IM n)) li H0) =
Some l
H: sX i = s
Hv: valid_state_prop (composite_vlsm IM constraint)
  sX
∧ option_valid_message_prop
    (composite_vlsm IM constraint) iom
  ∧ valid li (sX j, iom)
    ∧ constraint (existT j li) (sX, iom)
valid_state_prop X sX
∧ option_valid_message_prop X iom
  ∧ valid l (sX i, iom)
    ∧ constraint (existT i l) (sX, iom)
    by inversion HlX; subst.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
strong_incl_transition_preservation
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0
        (composite_vlsm_induced_validator IM
           constraint i)
        (composite_vlsm_induced_validator IM
           constraint i);
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |}
  {|
    initial_state_prop := initial_state_prop;
    s0 :=
      s0 composite_vlsm_induced_projection_validator
        composite_vlsm_induced_projection_validator;
    initial_message_prop :=
      λ m : message, initial_message_prop m ∨ P m;
    transition := transition;
    valid := valid
  |} intros l s iom s' oom Ht; cbn in *.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label (let (vlsm_type, _) := IM i in vlsm_type)
s: state (let (vlsm_type, _) := IM i in vlsm_type)
iom: option message
s': state (let (vlsm_type, _) := IM i in vlsm_type)
oom: option message
Ht: (let (s'X, om') :=
   let (si', om') :=
     transition l
       (lift_to_composite_state' IM i s i, iom) in
   (state_update IM
      (lift_to_composite_state' IM i s) i si',
    om') in
 (s'X i, om')) = (s', oom)
transition l (s, iom) = (s', oom)
    unfold lift_to_composite_state' in Ht;
      state_update_simpl;
      destruct (transition _ _ _) as (si', om').message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
P: message → Prop
Hinits: ∀ m : message, initial_message_prop m → P m
l: label (let (vlsm_type, _) := IM i in vlsm_type)
s: state (let (vlsm_type, _) := IM i in vlsm_type)
iom: option message
s': state (let (vlsm_type, _) := IM i in vlsm_type)
oom: option message
si': state (IM i)
om': option message
Ht: (state_update IM
   (state_update IM (`(composite_s0 IM)) i s) i
   si' i, om') = (s', oom)
(si', om') = (s', oom)
    by state_update_simpl.
Qed.

Lemma pre_composite_vlsm_induced_projection_validator_iff
  : VLSM_eq
      pre_composite_vlsm_induced_projection_validator
      (pre_composite_vlsm_induced_validator IM constraint i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_eq
  pre_composite_vlsm_induced_projection_validator
  (pre_composite_vlsm_induced_validator IM constraint
     i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_eq
  pre_composite_vlsm_induced_projection_validator
  (pre_composite_vlsm_induced_validator IM constraint
     i)
  by apply preloaded_composite_vlsm_induced_projection_validator_iff.
Qed.

Lemma component_projection :
  VLSM_projection X pre_composite_vlsm_induced_projection_validator
    (composite_project_label IM i) (fun s => s i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_projection X
  pre_composite_vlsm_induced_projection_validator
  (composite_project_label IM i) (λ s : state X, s i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_projection X
  pre_composite_vlsm_induced_projection_validator
  (composite_project_label IM i) (λ s : state X, s i)
  eapply VLSM_projection_eq_trans.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_projection X
  {|
    vlsm_type :=
      composite_vlsm_induced_projection_validator;
    vlsm_machine := ?MY
  |} (composite_project_label IM i)
  (λ s : state X, s i)
message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_eq
  {|
    vlsm_type :=
      composite_vlsm_induced_projection_validator;
    vlsm_machine := ?MY
  |}
  {|
    vlsm_type :=
      composite_vlsm_induced_projection_validator;
    vlsm_machine :=
      preloaded_vlsm_machine
        composite_vlsm_induced_projection_validator
        (λ _ : message, True)
  |}
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_projection X
  {|
    vlsm_type :=
      composite_vlsm_induced_projection_validator;
    vlsm_machine := ?MY
  |} (composite_project_label IM i)
  (λ s : state X, s i) by apply composite_projection_induced_validator_is_projection.
  -message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_eq
  {|
    vlsm_type :=
      composite_vlsm_induced_projection_validator;
    vlsm_machine :=
      preloaded_vlsm_machine
        (projection_induced_validator
           (composite_vlsm IM constraint) (IM i)
           (composite_project_label IM i)
           (λ s : state (composite_vlsm IM constraint),
              s i) (lift_to_composite_label IM i)
           (lift_to_composite_state' IM i))
        (λ _ : message, True)
  |}
  {|
    vlsm_type :=
      composite_vlsm_induced_projection_validator;
    vlsm_machine :=
      preloaded_vlsm_machine
        composite_vlsm_induced_projection_validator
        (λ _ : message, True)
  |} by apply VLSM_eq_sym, pre_composite_vlsm_induced_projection_validator_iff.
Qed.

Lemma composite_vlsm_induced_projection_validator_iff
  (Hno_inits : forall m, ~ initial_message_prop (IM i) m)
  : VLSM_eq
      composite_vlsm_induced_projection_validator
      (composite_vlsm_induced_validator IM constraint i).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hno_inits: ∀ m : message, ¬ initial_message_prop m
VLSM_eq composite_vlsm_induced_projection_validator
  (composite_vlsm_induced_validator IM constraint i)
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hno_inits: ∀ m : message, ¬ initial_message_prop m
VLSM_eq composite_vlsm_induced_projection_validator
  (composite_vlsm_induced_validator IM constraint i)
  eapply VLSM_eq_trans;
    [by apply (vlsm_is_preloaded_with_False composite_vlsm_induced_projection_validator) |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hno_inits: ∀ m : message, ¬ initial_message_prop m
VLSM_eq
  {|
    vlsm_type := IM i;
    vlsm_machine :=
      preloaded_vlsm_machine
        composite_vlsm_induced_projection_validator
        (λ _ : message, False)
  |}
  {|
    vlsm_type := IM i;
    vlsm_machine :=
      projection_induced_validator_machine
        (composite_vlsm IM constraint) (IM i)
        (composite_project_label IM i)
        (λ s : state (composite_vlsm IM constraint),
           s i) (lift_to_composite_label IM i)
        (lift_to_composite_state' IM i)
  |}
  eapply VLSM_eq_trans;
    [by apply preloaded_composite_vlsm_induced_projection_validator_iff |].message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
Hno_inits: ∀ m : message, ¬ initial_message_prop m
VLSM_eq
  {|
    vlsm_type := IM i;
    vlsm_machine :=
      preloaded_vlsm_machine
        (composite_vlsm_induced_validator IM
           constraint i) (λ _ : message, False)
  |}
  {|
    vlsm_type := IM i;
    vlsm_machine :=
      projection_induced_validator_machine
        (composite_vlsm IM constraint) (IM i)
        (composite_project_label IM i)
        (λ s : state (composite_vlsm IM constraint),
           s i) (lift_to_composite_label IM i)
        (lift_to_composite_state' IM i)
  |}
  by apply VLSM_eq_sym,
    (vlsm_is_preloaded_with_False
      (composite_vlsm_induced_validator IM constraint i)).
Qed.

Definition valid_preloaded_composite_vlsm_induced_projection_validator
  : VLSM message :=
  preloaded_vlsm composite_vlsm_induced_projection_validator (valid_message_prop X).

Lemma valid_preloaded_composite_vlsm_induced_projection_validator_iff
  : VLSM_eq
      valid_preloaded_composite_vlsm_induced_projection_validator
      pre_composite_vlsm_induced_projection_validator.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_eq
  valid_preloaded_composite_vlsm_induced_projection_validator
  pre_composite_vlsm_induced_projection_validator
Proof.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
VLSM_eq
  valid_preloaded_composite_vlsm_induced_projection_validator
  pre_composite_vlsm_induced_projection_validator
  apply VLSM_eq_sym, preloaded_with_all_messages_eq_validating_preloaded_vlsm.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
∀ (l : label
         (preloaded_with_all_messages_vlsm
            composite_vlsm_induced_projection_validator)) 
  (s : state
         (preloaded_with_all_messages_vlsm
            composite_vlsm_induced_projection_validator)) 
  (m : message),
  input_constrained
    composite_vlsm_induced_projection_validator l
    (s, Some m)
  → valid_message_prop
      (preloaded_vlsm
         composite_vlsm_induced_projection_validator
         (valid_message_prop X)) m
  intros _ _ m (_ & _ & _ & _ & _ & Hm & _).message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
constraint: composite_label IM
→ composite_state IM * option message
  → Prop
X:= composite_vlsm IM constraint: VLSM message
i: index
m: message
Hm: option_valid_message_prop X (Some m)
valid_message_prop
  (preloaded_vlsm
     composite_vlsm_induced_projection_validator
     (valid_message_prop X)) m
  by apply initial_message_is_valid; right.
Qed.

End sec_component_projection_validator_alt.

VLSM self-validation

Section sec_self_validator_vlsm.

Context
  {message : Type}
  (X : VLSM message)
  .

Let us fix a (regular) VLSM X. X is a self-validator if for any arguments satisfying valid where the state is reachable in the preloaded_with_all_messages_vlsm, the arguments are also a valid_state and valid_message for the original VLSM.

Definition self_validator_vlsm_prop :=
  forall (l : label _) (s : state _) (om : option message),
    input_constrained X l (s, om) ->
    input_valid X l (s, om).

In the sequel we will show that a VLSM with the self_validator_vlsm_property is trace-equal to its associated preloaded_with_all_messages_vlsm, basically meaning (due to Lemma byzantine_preloaded_with_all_messages) that all traces with the byzantine_trace_property associated to self-validator VLSMs are also valid_traces for that VLSM, meaning that the VLSM cannot exhibit byzantine behavior.

Context
  (Hvalidator : self_validator_vlsm_prop)
  .

From Lemma vlsm_incl_preloaded_with_all_messages_vlsm we know that X is included in preloaded X.

To prove the converse we use the self_validator_vlsm_property to verify the conditions of meta-lemma VLSM_incl_finite_traces_characterization.

Lemma preloaded_with_all_messages_self_validator_vlsm_incl :
  VLSM_incl (preloaded_with_all_messages_vlsm X) X.message: Type
X: VLSM message
Hvalidator: self_validator_vlsm_prop
VLSM_incl (preloaded_with_all_messages_vlsm X) X
Proof.message: Type
X: VLSM message
Hvalidator: self_validator_vlsm_prop
VLSM_incl (preloaded_with_all_messages_vlsm X) X
  unfold self_validator_vlsm_prop  in Hvalidator.message: Type
X: VLSM message
Hvalidator: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            X)) (s : state
                      (preloaded_with_all_messages_vlsm
                      X)) 
  (om : option message),
  input_constrained X l (s, om)
  → input_valid X l (s, om)
VLSM_incl (preloaded_with_all_messages_vlsm X) X
  destruct X as (T & M).message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label
         (preloaded_with_all_messages_vlsm
            {|
              vlsm_type := T;
              vlsm_machine := M
            |})) (s : state
                      (preloaded_with_all_messages_vlsm
                      {|
                      vlsm_type := T;
                      vlsm_machine := M
                      |})) 
  (om : option message),
  input_constrained
    {|
      vlsm_type := T; vlsm_machine := M
    |} l (s, om)
  → input_valid
      {|
        vlsm_type := T; vlsm_machine := M
      |} l (s, om)
VLSM_incl
  (preloaded_with_all_messages_vlsm
     {| vlsm_type := T; vlsm_machine := M |})
  {| vlsm_type := T; vlsm_machine := M |} simpl in *.message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
VLSM_incl_part
  (preloaded_vlsm_machine
     {| vlsm_type := T; vlsm_machine := M |}
     (λ _ : message, True)) M
  (* redcuction to inclusion of finite traces. *)
  apply VLSM_incl_finite_traces_characterization.message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
∀ (s : state
         {|
           vlsm_type := T;
           vlsm_machine :=
             {|
               initial_state_prop :=
                 initial_state_prop;
               s0 :=
                 s0
                   {|
                     vlsm_type := T; vlsm_machine := M
                   |}
                   {|
                     vlsm_type := T; vlsm_machine := M
                   |};
               initial_message_prop :=
                 λ m : message,
                   initial_message_prop m ∨ True;
               transition := transition;
               valid := valid
             |}
         |}) (tr : list transition_item),
  finite_valid_trace
    {|
      vlsm_type := T;
      vlsm_machine :=
        {|
          initial_state_prop := initial_state_prop;
          s0 :=
            s0 {| vlsm_type := T; vlsm_machine := M |}
              {| vlsm_type := T; vlsm_machine := M |};
          initial_message_prop :=
            λ m : message,
              initial_message_prop m ∨ True;
          transition := transition;
          valid := valid
        |}
    |} s tr
  → finite_valid_trace
      {| vlsm_type := T; vlsm_machine := M |} s tr
  intros s tr [Htr Hs].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
tr: list transition_item
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
Hs: initial_state_prop s
finite_valid_trace
  {| vlsm_type := T; vlsm_machine := M |} s tr
  split; [| done].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
tr: list transition_item
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
Hs: initial_state_prop s
finite_valid_trace_from
  {| vlsm_type := T; vlsm_machine := M |} s tr
  (* reverse induction on the length of a trace. *)
  induction tr using rev_ind.message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s []
Hs: initial_state_prop s
finite_valid_trace_from
  {| vlsm_type := T; vlsm_machine := M |} s []
message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
x: transition_item
tr: list transition_item
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s (tr ++ [x])
Hs: initial_state_prop s
IHtr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop :=
          initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
→ finite_valid_trace_from
    {| vlsm_type := T; vlsm_machine := M |} s
    tr
finite_valid_trace_from
  {| vlsm_type := T; vlsm_machine := M |} s
  (tr ++ [x])
  -message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s []
Hs: initial_state_prop s
finite_valid_trace_from
  {| vlsm_type := T; vlsm_machine := M |} s [] by cbn in s |- *; constructor; apply initial_state_is_valid.
  -message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
x: transition_item
tr: list transition_item
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s (tr ++ [x])
Hs: initial_state_prop s
IHtr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop :=
          initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
→ finite_valid_trace_from
    {| vlsm_type := T; vlsm_machine := M |} s
    tr
finite_valid_trace_from
  {| vlsm_type := T; vlsm_machine := M |} s
  (tr ++ [x]) apply finite_valid_trace_from_app_iff in Htr as [Htr Hx].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
x: transition_item
tr: list transition_item
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
Hx: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} (finite_trace_last s tr) [x]
Hs: initial_state_prop s
IHtr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop :=
          initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
→ finite_valid_trace_from
    {| vlsm_type := T; vlsm_machine := M |} s
    tr
finite_valid_trace_from
  {| vlsm_type := T; vlsm_machine := M |} s
  (tr ++ [x])
    apply (finite_valid_trace_from_app_iff (mk_vlsm M)).message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
x: transition_item
tr: list transition_item
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
Hx: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} (finite_trace_last s tr) [x]
Hs: initial_state_prop s
IHtr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop :=
          initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
→ finite_valid_trace_from
    {| vlsm_type := T; vlsm_machine := M |} s
    tr
finite_valid_trace_from
  {| vlsm_type := T; vlsm_machine := M |} s tr
∧ finite_valid_trace_from
    {| vlsm_type := T; vlsm_machine := M |}
    (finite_trace_last s tr) [x]
    split; [by apply IHtr |].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
x: transition_item
tr: list transition_item
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
Hx: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} (finite_trace_last s tr) [x]
Hs: initial_state_prop s
IHtr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop :=
          initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
→ finite_valid_trace_from
    {| vlsm_type := T; vlsm_machine := M |} s
    tr
finite_valid_trace_from
  {| vlsm_type := T; vlsm_machine := M |}
  (finite_trace_last s tr) [x]
    apply (first_transition_valid (mk_vlsm M)).message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
x: transition_item
tr: list transition_item
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
Hx: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} (finite_trace_last s tr) [x]
Hs: initial_state_prop s
IHtr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop :=
          initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
→ finite_valid_trace_from
    {| vlsm_type := T; vlsm_machine := M |} s
    tr
input_valid_transition
  {| vlsm_type := T; vlsm_machine := M |} (l x)
  (finite_trace_last s tr, input x)
  (destination x, output x)
    apply first_transition_valid in Hx as [Hvx Htx].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
x: transition_item
tr: list transition_item
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
Hvx: input_valid
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} (l x) (finite_trace_last s tr, input x)
Htx: transition (l x)
  (finite_trace_last s tr, input x) =
(destination x, output x)
Hs: initial_state_prop s
IHtr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop :=
          initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
→ finite_valid_trace_from
    {| vlsm_type := T; vlsm_machine := M |} s
    tr
input_valid_transition
  {| vlsm_type := T; vlsm_machine := M |} (l x)
  (finite_trace_last s tr, input x)
  (destination x, output x)
    split; [| done].message: Type
X: VLSM message
T: VLSMType message
M: VLSMMachine T
Hvalidator: ∀ (l : label T) (s : state T) 
  (om : option message),
  valid_state_prop
    (preloaded_with_all_messages_vlsm
       {|
         vlsm_type := T;
         vlsm_machine := M
       |}) s
  ∧ option_valid_message_prop
      (preloaded_with_all_messages_vlsm
         {|
           vlsm_type := T;
           vlsm_machine := M
         |}) om ∧ valid l (s, om)
  → valid_state_prop
      {|
        vlsm_type := T; vlsm_machine := M
      |} s
    ∧ option_valid_message_prop
        {|
          vlsm_type := T;
          vlsm_machine := M
        |} om ∧ valid l (s, om)
s: state
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |}
x: transition_item
tr: list transition_item
Htr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
Hvx: input_valid
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop := initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} (l x) (finite_trace_last s tr, input x)
Htx: transition (l x)
  (finite_trace_last s tr, input x) =
(destination x, output x)
Hs: initial_state_prop s
IHtr: finite_valid_trace_from
  {|
    vlsm_type := T;
    vlsm_machine :=
      {|
        initial_state_prop :=
          initial_state_prop;
        s0 :=
          s0
            {|
              vlsm_type := T; vlsm_machine := M
            |}
            {|
              vlsm_type := T; vlsm_machine := M
            |};
        initial_message_prop :=
          λ m : message,
            initial_message_prop m ∨ True;
        transition := transition;
        valid := valid
      |}
  |} s tr
→ finite_valid_trace_from
    {| vlsm_type := T; vlsm_machine := M |} s
    tr
input_valid {| vlsm_type := T; vlsm_machine := M |}
  (l x) (finite_trace_last s tr, input x)
    (* using the [self_validator_vlsm_prop]erty. *)
    by eapply Hvalidator.
Qed.

We conclude that X and preloaded X are trace-equal.

Lemma preloaded_with_all_messages_self_validator_vlsm_eq
  : VLSM_eq (preloaded_with_all_messages_vlsm X) X.message: Type
X: VLSM message
Hvalidator: self_validator_vlsm_prop
VLSM_eq (preloaded_with_all_messages_vlsm X) X
Proof.message: Type
X: VLSM message
Hvalidator: self_validator_vlsm_prop
VLSM_eq (preloaded_with_all_messages_vlsm X) X
  split.message: Type
X: VLSM message
Hvalidator: self_validator_vlsm_prop
VLSM_incl
  {|
    vlsm_type := preloaded_with_all_messages_vlsm X;
    vlsm_machine := preloaded_with_all_messages_vlsm X
  |}
  {|
    vlsm_type := preloaded_with_all_messages_vlsm X;
    vlsm_machine := X
  |}
message: Type
X: VLSM message
Hvalidator: self_validator_vlsm_prop
VLSM_incl
  {|
    vlsm_type := preloaded_with_all_messages_vlsm X;
    vlsm_machine := X
  |}
  {|
    vlsm_type := preloaded_with_all_messages_vlsm X;
    vlsm_machine := preloaded_with_all_messages_vlsm X
  |}
  -message: Type
X: VLSM message
Hvalidator: self_validator_vlsm_prop
VLSM_incl
  {|
    vlsm_type := preloaded_with_all_messages_vlsm X;
    vlsm_machine := preloaded_with_all_messages_vlsm X
  |}
  {|
    vlsm_type := preloaded_with_all_messages_vlsm X;
    vlsm_machine := X
  |} by apply preloaded_with_all_messages_self_validator_vlsm_incl.
  -message: Type
X: VLSM message
Hvalidator: self_validator_vlsm_prop
VLSM_incl
  {|
    vlsm_type := preloaded_with_all_messages_vlsm X;
    vlsm_machine := X
  |}
  {|
    vlsm_type := preloaded_with_all_messages_vlsm X;
    vlsm_machine := preloaded_with_all_messages_vlsm X
  |} by apply (vlsm_incl_preloaded_with_all_messages_vlsm X).
Qed.

End sec_self_validator_vlsm.