This file implements a finite-window reduction for local TLA obligations.
The older simp_finite_exec_goal tactic unfolds a TLA formula on an explicit
trace, then tries to discover and generalize the finitely many trace cells that
remain. That is fragile: the tactic has to rediscover finite dependence from
the unfolded goal shape.
Here the finite dependence is part of the certificate. A FiniteWindow p n
contains a curried finite predicate core over exactly n states, together
with a theorem saying that evaluating p on a trace is equivalent to evaluating
core on the first n states of that trace. The tactic uses instance search to
find a HasFiniteWindow p n, applies the certificate theorem, introduces the
n state variables, and simplifies the resulting core.
For sequents, tlaFiniteWindow first changes p |-tla- q by definitional
equality into |-tla- p → q, so the rest of the pipeline only handles validity
goals.
A curried predicate over n consecutive states.
For example, IteratedHomPred 2 σ reduces to σ → σ → ULift Prop. The ULift
in the base case is deliberate: for universe-polymorphic σ : Type u, the
successor case lives in Type u, so the base proposition also has to be lifted
into Type u. The user-facing goals are later simplified through .down.
Equations
- TLA.IteratedHomPred 0 x✝ = ULift Prop
- TLA.IteratedHomPred n.succ x✝ = (x✝ → TLA.IteratedHomPred n x✝)
Instances For
Evaluate a curried finite predicate on the first n states of a trace.
Equations
- TLA.IteratedHomPred.evalExec 0 p x✝ = p.down
- TLA.IteratedHomPred.evalExec n.succ p x✝ = TLA.IteratedHomPred.evalExec n (p (x✝ 0)) (TLA.exec.drop 1 x✝)
Instances For
View an n-state core as an m-state core when n ≤ m, ignoring the
additional trailing states. This is used to combine two formulas with different
window sizes into a common max window.
Equations
- TLA.IteratedHomPred.weaken 0 0 x_4 p = p
- TLA.IteratedHomPred.weaken 0 m.succ x_4 p = fun (x : σ) => TLA.IteratedHomPred.weaken 0 m ⋯ p
- TLA.IteratedHomPred.weaken n.succ 0 h x_4 = ⋯.elim
- TLA.IteratedHomPred.weaken n.succ m.succ h p = fun (s : σ) => TLA.IteratedHomPred.weaken n m ⋯ (p s)
Instances For
Negate an iterated finite-window predicate.
Equations
- TLA.IteratedHomPred.mkNot 0 p = { down := ¬p.down }
- TLA.IteratedHomPred.mkNot n.succ p = fun (s : σ) => TLA.IteratedHomPred.mkNot n (p s)
Instances For
Combine two iterated finite-window predicates with a binary connective.
Equations
- TLA.IteratedHomPred.mkBinary op 0 p q = { down := op p.down q.down }
- TLA.IteratedHomPred.mkBinary op n.succ p q = fun (s : σ) => TLA.IteratedHomPred.mkBinary op n (p s) (q s)
Instances For
Conjoin two iterated finite-window predicates.
Equations
- TLA.IteratedHomPred.mkAnd = TLA.IteratedHomPred.mkBinary fun (p q : Prop) => p ∧ q
Instances For
Disjoin two iterated finite-window predicates.
Equations
- TLA.IteratedHomPred.mkOr = TLA.IteratedHomPred.mkBinary fun (p q : Prop) => p ∨ q
Instances For
Form the implication of two iterated finite-window predicates.
Equations
- TLA.IteratedHomPred.mkImplies = TLA.IteratedHomPred.mkBinary fun (p q : Prop) => p → q
Instances For
Bind a quantifier over an iterated finite-window predicate.
Equations
- TLA.IteratedHomPred.mkBinder op 0 p = { down := op fun (x : α) => (p x).down }
- TLA.IteratedHomPred.mkBinder op n.succ p = fun (s : σ) => TLA.IteratedHomPred.mkBinder op n fun (x : α) => p x s
Instances For
Universally quantify an iterated finite-window predicate.
Equations
- TLA.IteratedHomPred.mkForall = TLA.IteratedHomPred.mkBinder fun (p : α → Prop) => ∀ (x : α), p x
Instances For
Existentially quantify an iterated finite-window predicate.
Equations
- TLA.IteratedHomPred.mkExists = TLA.IteratedHomPred.mkBinder fun (p : α → Prop) => ∃ (x : α), p x
Instances For
Universal closure of a finite core over all its state arguments.
Equations
- TLA.IteratedForall 0 p = p.down
- TLA.IteratedForall n.succ p = ∀ (s : σ), TLA.IteratedForall n (p s)
Instances For
A universally closed finite core holds on the first n states of every
trace.
FiniteWindow p n means that p can be represented as a predicate over
the first n states of a trace.
- core : IteratedHomPred n σ
The curried finite core over
nstates.
Instances For
A computable finite-window certificate.
The window is an output parameter so that instance synthesis can compute a
canonical bound for p. The certificate itself is data, because tlaFiniteWindow
uses its core field to produce the finite-state goal.
- finite : FiniteWindow p n
The finite-window certificate for the predicate.
Instances
Extract the semantic certificate from the tactic-facing class. Keeping this
as a definition, not an instance for FiniteWindow, prevents arbitrary
FiniteWindow facts from becoming part of instance search.
Instances For
Soundness theorem used by tlaFiniteWindow: proving the finite core for
all choices of its state arguments proves validity of the original predicate.
Finite-window certificate for a pure predicate.
Instances For
Equations
- TLA.hasFiniteWindowPure P = { finite := TLA.finiteWindowPure P }
Finite-window certificate for ⊤.
Instances For
Equations
- TLA.hasFiniteWindowTrue = { finite := TLA.finiteWindowTrue }
Finite-window certificate for ⊥.
Instances For
Equations
- TLA.hasFiniteWindowFalse = { finite := TLA.finiteWindowFalse }
Finite-window certificate for a state predicate.
Instances For
Equations
- TLA.hasFiniteWindowState p = { finite := TLA.finiteWindowState p }
Finite-window certificate for an action predicate.
Equations
Instances For
Equations
- TLA.hasFiniteWindowAction a = { finite := TLA.finiteWindowAction a }
Finite-window certificate for an enabledness predicate.
Equations
Instances For
Equations
- TLA.hasFiniteWindowEnabled a = { finite := TLA.finiteWindowEnabled a }
Finite-window certificate for a binary connective of predicates.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Finite-window certificate for a conjunction.
Equations
- TLA.finiteWindowAnd p q n m hp hq = TLA.finiteWindowBinary (fun (p q : Prop) => p ∧ q) p q n m hp hq
Instances For
Equations
- TLA.hasFiniteWindowAnd p q n m = { finite := TLA.finiteWindowAnd p q n m TLA.finiteWindowOfHasFiniteWindow TLA.finiteWindowOfHasFiniteWindow }
Finite-window certificate for a disjunction.
Equations
- TLA.finiteWindowOr p q n m hp hq = TLA.finiteWindowBinary (fun (p q : Prop) => p ∨ q) p q n m hp hq
Instances For
Equations
- TLA.hasFiniteWindowOr p q n m = { finite := TLA.finiteWindowOr p q n m TLA.finiteWindowOfHasFiniteWindow TLA.finiteWindowOfHasFiniteWindow }
Finite-window certificate for a negation.
Equations
- TLA.finiteWindowNot p n hp = { core := TLA.IteratedHomPred.mkNot n hp.core, iff_of_eval := ⋯ }
Instances For
Equations
- TLA.hasFiniteWindowNot p n = { finite := TLA.finiteWindowNot p n TLA.finiteWindowOfHasFiniteWindow }
Finite-window certificate for an implication.
Equations
- TLA.finiteWindowImplies p q n m hp hq = TLA.finiteWindowBinary (fun (p q : Prop) => p → q) p q n m hp hq
Instances For
Equations
- TLA.hasFiniteWindowImplies p q n m = { finite := TLA.finiteWindowImplies p q n m TLA.finiteWindowOfHasFiniteWindow TLA.finiteWindowOfHasFiniteWindow }
Finite-window certificate for the ◯ modality.
Equations
- TLA.finiteWindowLater p n hp = { core := fun (x : σ) => hp.core, iff_of_eval := ⋯ }
Instances For
Equations
- TLA.hasFiniteWindowLater p n = { finite := TLA.finiteWindowLater p n TLA.finiteWindowOfHasFiniteWindow }
Finite-window certificate for a quantifier binder.
Equations
- TLA.finiteWindowBinder op op_congr p n hp = { core := TLA.IteratedHomPred.mkBinder op n fun (x : α) => (hp x).core, iff_of_eval := ⋯ }
Instances For
Finite-window certificate for a universal quantifier.
Equations
- TLA.finiteWindowForall p n hp = TLA.finiteWindowBinder (fun (r : α → Prop) => ∀ (x : α), r x) ⋯ p n hp
Instances For
Finite-window certificate for an existential quantifier.
Equations
- TLA.finiteWindowExists p n hp = TLA.finiteWindowBinder (fun (r : α → Prop) => ∃ (x : α), r x) ⋯ p n hp
Instances For
Equations
- TLA.hasFiniteWindowForall p n = { finite := TLA.finiteWindowForall p n fun (x : α) => TLA.finiteWindowOfHasFiniteWindow }
Equations
- TLA.hasFiniteWindowExists p n = { finite := TLA.finiteWindowExists p n fun (x : α) => TLA.finiteWindowOfHasFiniteWindow }
tlaFiniteWindow reduces a finite-window TLA sequent to an ordinary Lean
goal over finitely many states.
The tactic uses HasFiniteWindow instances for every predicate in the sequent.
It supports local formulas built from state predicates, action predicates, pure
predicates, Boolean connectives, implication, negation, and ◯. It deliberately
does not peel genuinely temporal structure such as □; use sequent/modal rules
first to expose a finite local obligation.
Equations
- TLA.tacticTlaFiniteWindow = Lean.ParserDescr.node `TLA.tacticTlaFiniteWindow 1024 (Lean.ParserDescr.nonReservedSymbol "tlaFiniteWindow" false)