Bisimulation for modal team logics #
Bisimulation is the canonical equivalence relation on Kripke models that
abstracts away from the choice of world-carrier and identifies models no
modal formula can distinguish. This file provides the carrier-level
bisimulation substrate shared by every team-semantic modal logic in
Core/Logic/Modal/: bounded-depth world bisimulation (Definition 3.1 of
[AAY24]), state bisimulation lifted to teams
(Definition 3.6), and the structural lemmas (Lemma 3.7) that each logic's
invariance theorem (BSML Theorem 3.8, the MDL analogue, …) consumes.
Nothing here mentions a Formula type or an eval relation — everything
is stated over the bare KripkeModel carrier (access + val). Each
logic states its own bisim_invariant_eval against its own evaluation,
recursing through these carrier lemmas at the modal step. This file is the
genus-level home the per-logic invariance proofs were extracted to once a
second consumer (MDL) landed; see Core/Logic/Modal/README.md.
Main declarations #
WorldBisim k M w M' w'— boundedk-bisimulation between pointed worlds.StateBisim k M s M' s'— state bisimulation lifting it to teams.WorldBisim.refl/.symm/.mono_succ/.mono_leand theStateBisimanalogues — the equivalence-relation and depth-monotonicity properties.WorldBisim.val_eq,WorldBisim.accessStateBisim— valuation and accessibility-image transfer.StateBisim.eq_empty_iff,StateBisim.nonempty_iff— emptiness transfer.StateBisim.accessImage— Lemma 3.7(i): per-world accessibility-image bisim.StateBisim.splitPreserve— Lemma 3.7(ii): team-split preservation.StateBisim.exists_image_subset— sub-team transport (BSML's per-world ◇).StateBisim.biUnionAccess— union-of-images preservation (MDL's anti-◇).StateBisim.possWitness— single-witness team transport (MDL's ◇-support).
Implementation notes #
WorldBisim recurses on k: base case is atom invariance, inductive case
adds back/forth on accessibility. The split- and witness-transport lemmas
(splitPreserve, exists_image_subset, possWitness) construct the
other-side team by Finset.filter over the bisim's existential witnesses,
using Classical.choice only inside pure-Prop existentials.
World bisimulation #
Bounded-depth bisimulation between pointed worlds across two
KripkeModels (Definition 3.1 of [AAY24]). At
depth 0, requires only that atoms match. At depth k+1, additionally
requires the standard back/forth conditions on accessibility relating
depth-k bisimilar successors.
Equations
- One or more equations did not get rendered due to their size.
- Core.Logic.Modal.WorldBisim 0 x✝³ x✝² x✝¹ x✝ = ∀ (p : Atom), x✝³.val p x✝² = x✝¹.val p x✝
Instances For
World bisimulation is reflexive at every depth.
World bisimulation is symmetric (swap models).
Bisimilarity at depth k+1 implies bisimilarity at depth k:
higher depths are stricter.
Bisimilarity is monotone in depth: m ≤ n → WorldBisim n → WorldBisim m.
State bisimulation #
State bisimulation (Definition 3.6 of [AAY24]):
every world in s is k-bisimilar to some world in s', and every
world in s' is k-bisimilar to some world in s. Lifts world
bisimulation from points to teams.
Equations
- Core.Logic.Modal.StateBisim k M s M' s' = ((∀ w ∈ s, ∃ w' ∈ s', Core.Logic.Modal.WorldBisim k M w M' w') ∧ ∀ w' ∈ s', ∃ w ∈ s, Core.Logic.Modal.WorldBisim k M w M' w')
Instances For
Helpers for the invariance theorems #
World bisimilarity at any depth preserves atom valuations.
World bisim at depth k+1 yields state bisim of the accessibility
images at depth k.
State bisim preserves emptiness: s = ∅ ↔ s' = ∅. The back/forth
conditions force any worlds on one side to have partners on the
other, so emptiness is mutually determined.
State bisim preserves nonemptiness.
Given s ⇌_k s' and a sub-team t ⊆ s, there exists a corresponding
sub-team t' ⊆ s' such that t ⇌_k t'. Non-emptiness transfers.
Used by the per-world poss-support case of BSML's invariance proof.
Lemma 3.7: state bisimulation preserves modal step and team splits #
Lemma 3.7(i) of [AAY24]: at depth k+1, state
bisim provides for each w ∈ s a witness w' ∈ s' such that the
accessibility images R[w] and R'[w'] are state-bisimilar at
depth k.
Lemma 3.7(ii) of [AAY24]: state bisim preserves
binary team splits. Given s = t ∪ u and s ⇌_k s', there exist
t', u' ⊆ s' with s' = t' ∪ u', t ⇌_k t', and u ⇌_k u'.
Constructed via classical choice over the bisim's existential
witnesses: t' collects all of s''s witnesses for t, and u'
likewise for u.
Single-relation modal step (Väänänen-style ◇) #
The MDL modality uses the union of accessibility images (anti-support) and a single witness team (support), rather than BSML's per-world sub-witness. These two lemmas are the Lemma 3.7 analogues for that modality.
State bisim at depth k+1 preserves the union of accessibility images
at depth k: s.biUnion R ⇌_k s'.biUnion R'. The MDL anti-◇ clause
([Vaa08] (T9)) evaluates the inner formula on this union.
Single-witness team transport. Given s ⇌_{k+1} s' and a witness team
Y ⊆ s.biUnion R that every world in s reaches (∀ w ∈ s, ∃ y ∈ Y ∩ R[w]), there is a corresponding Y' ⊆ s'.biUnion R' that every world in
s' reaches, with Y ⇌_k Y'. This is the Lemma 3.7 analogue for the MDL
◇-support clause ([Vaa08] (T8)). The Y ⊆ s.biUnion R
hypothesis is supplied by the caller via downward closure (shrinking a raw
witness to its reachable part).