import TsmLean.Core.Semantics

namespace TsmLean.Core

/-! # Determinism of TSM step.

`step` is a total function `State → Option State`, so single-step
determinism is *immediate*: two transitions from the same state yield
the same successor (or both fail).

Multi-step determinism follows by induction on the chain. We prove
that any two `MultiStep` derivations of the same length collapse to
the same trace. -/

theorem step_deterministic
    {s s₁ s₂ : State}
    (h₁ : step s = some s₁) (h₂ : step s = some s₂) :
    s₁ = s₂ := by
  rw [h₁] at h₂
  exact Option.some.inj h₂

/-- Multi-step paths to halted states are deterministic. -/
theorem MultiStep.deterministic
    {s s_a s_b : State}
    (D_a : MultiStep s s_a) (D_b : MultiStep s s_b)
    (halt_a : step s_a = none) (halt_b : step s_b = none) :
    s_a = s_b := by
  induction D_a generalizing s_b with
  | refl =>
    cases D_b with
    | refl => rfl
    | cons h₁ _ => rw [halt_a] at h₁; cases h₁
  | cons h₁ _ ih =>
    cases D_b with
    | refl => rw [halt_b] at h₁; cases h₁
    | cons h₁' D_b' =>
      have heq := step_deterministic h₁ h₁'
      subst heq
      exact ih D_b' halt_a halt_b

end TsmLean.Core