41 lines
1.2 KiB
Text
41 lines
1.2 KiB
Text
import TsmLean.Core.Semantics
|
|
|
|
namespace TsmLean.Core
|
|
|
|
/-! # Determinism of TSM step.
|
|
|
|
`step` is a total function `State → Option State`, so single-step
|
|
determinism is *immediate*: two transitions from the same state yield
|
|
the same successor (or both fail).
|
|
|
|
Multi-step determinism follows by induction on the chain. We prove
|
|
that any two `MultiStep` derivations of the same length collapse to
|
|
the same trace. -/
|
|
|
|
theorem step_deterministic
|
|
{s s₁ s₂ : State}
|
|
(h₁ : step s = some s₁) (h₂ : step s = some s₂) :
|
|
s₁ = s₂ := by
|
|
rw [h₁] at h₂
|
|
exact Option.some.inj h₂
|
|
|
|
/-- Multi-step paths to halted states are deterministic. -/
|
|
theorem MultiStep.deterministic
|
|
{s s_a s_b : State}
|
|
(D_a : MultiStep s s_a) (D_b : MultiStep s s_b)
|
|
(halt_a : step s_a = none) (halt_b : step s_b = none) :
|
|
s_a = s_b := by
|
|
induction D_a generalizing s_b with
|
|
| refl =>
|
|
cases D_b with
|
|
| refl => rfl
|
|
| cons h₁ _ => rw [halt_a] at h₁; cases h₁
|
|
| cons h₁ _ ih =>
|
|
cases D_b with
|
|
| refl => rw [halt_b] at h₁; cases h₁
|
|
| cons h₁' D_b' =>
|
|
have heq := step_deterministic h₁ h₁'
|
|
subst heq
|
|
exact ih D_b' halt_a halt_b
|
|
|
|
end TsmLean.Core
|