Changeset 2840

Timestamp:

Mar 11, 2013, 12:18:26 PM (6 years ago)

Author:

campbell

Message:

Remove irrelevant stuff from RTLabs_partial_traces

File:

• src/RTLabs/RTLabs_partial_traces.ma (modified) (4 diffs)

src/RTLabs/RTLabs_partial_traces.ma

@@ -107 +107 @@
 qed.
 
-(* Need a way to choose whether a called function terminates.  Then,
-     if the initial function terminates we generate a purely inductive structured trace,
-     otherwise we start generating the coinductive one, and on every function call
-       use the choice method again to decide whether to step over or keep going.
-
-Not quite what we need - have to decide on seeing each label whether we will see
-another or hit a non-terminating call?
-
-Also - need the notion of well-labelled in order to break loops.
-
-
-
-outline:
-
- does function terminate?
- - yes, get (bound on the number of steps until return), generate finite
-        structure using bound as termination witness
- - no,  get (¬ bound on steps to return), start building infinite trace out of
-        finite steps.  At calls, check for termination, generate appr. form.
-
-generating the finite parts:
-
-We start with the status after the call has been executed; well-labelling tells
-us that this is a labelled state.  Now we want to generate a trace_label_return
-and also return the remainder of the flat trace.
-
-*)
 
 (* [will_return ge depth s trace] says that after a finite number of steps of
@@ -1009 +982 @@
  *)
 
-inductive inhabited (T:Type[0]) : Prop ≝
-| witness : T → inhabited T.
 
 
@@ -1322 +1293 @@
 ] qed.
 
-(* When constructing an infinite trace, we need to be able to grab the finite
-   portion of the trace for the next [trace_label_diverges] constructor.  We
-   use the fact that the trace is soundly labelled to achieve this. *)
-
-record remainder_ok (ge:genv) (s:RTLabs_ext_state ge) (t:flat_trace io_out io_in ge s) : Type[0] ≝ {
-  ro_well_cost_labelled: well_cost_labelled_state s;
-  ro_soundly_labelled: soundly_labelled_state s;
-  ro_no_termination: Not (∃depth. inhabited (will_return ge depth s t));
-  ro_not_final: RTLabs_is_final s = None ?
-}.
-
-inductive finite_prefix (ge:genv) : RTLabs_ext_state ge → Prop ≝
-| fp_tal : ∀s,s':RTLabs_ext_state ge.
-           trace_any_label (RTLabs_status ge) doesnt_end_with_ret s s' →
-           ∀t:flat_trace io_out io_in ge s'.
-           remainder_ok ge s' t →
-           finite_prefix ge s
-| fp_tac : ∀s1,s2,s3:RTLabs_ext_state ge.
-           trace_any_call (RTLabs_status ge) s1 s2 →
-           well_cost_labelled_state s2 →
-           as_execute (RTLabs_status ge) s2 s3 →
-           ∀t:flat_trace io_out io_in ge s3.
-           remainder_ok ge s3 t →
-           finite_prefix ge s1
-.
-
-definition fp_add_default : ∀ge. ∀s,s':RTLabs_ext_state ge.
-  RTLabs_classify s = cl_other →
-  finite_prefix ge s' →
-  as_execute (RTLabs_status ge) s s' →
-  RTLabs_cost s' = false →
-  finite_prefix ge s ≝
-λge,s,s',OTHER,fp.
-match fp return λs1.λfp1:finite_prefix ge s1. as_execute (RTLabs_status ge) ? s1 → RTLabs_cost s1 = false → finite_prefix ge s with
-[ fp_tal s' sf TAL rem rok ⇒ λEVAL, NOT_COST. fp_tal ge s sf 
-    (tal_step_default (RTLabs_status ge) doesnt_end_with_ret s s' sf EVAL TAL OTHER (RTLabs_not_cost … NOT_COST))
-    rem rok
-| fp_tac s1 s2 s3 TAC WCL2 EV rem rok ⇒ λEVAL, NOT_COST. fp_tac ge s s2 s3
-    (tac_step_default (RTLabs_status ge) ??? EVAL TAC OTHER (RTLabs_not_cost … NOT_COST))
-    WCL2 EV rem rok
-].
-
-definition fp_add_terminating_call : ∀ge.∀s,s1,s'':RTLabs_ext_state ge.
-  as_execute (RTLabs_status ge) s s1 →
-  ∀CALL:RTLabs_classify s = cl_call.
-  finite_prefix ge s'' →
-  trace_label_return (RTLabs_status ge) s1 s'' →
-  as_after_return (RTLabs_status ge) «s, CALL» s'' →
-  RTLabs_cost s'' = false →
-  finite_prefix ge s ≝
-λge,s,s1,s'',EVAL,CALL,fp.
-match fp return λs''.λfp:finite_prefix ge s''. trace_label_return (RTLabs_status ge) ? s'' → as_after_return (RTLabs_status ge) ? s'' → RTLabs_cost s'' = false → finite_prefix ge s with
-[ fp_tal s'' sf TAL rem rok ⇒ λTLR,RET,NOT_COST. fp_tal ge s sf
-    (tal_step_call (RTLabs_status ge) doesnt_end_with_ret s s1 s'' sf EVAL CALL RET TLR (RTLabs_not_cost … NOT_COST) TAL)
-    rem rok
-| fp_tac s'' s2 s3 TAC WCL2 EV rem rok ⇒ λTLR,RET,NOT_COST. fp_tac ge s s2 s3
-    (tac_step_call (RTLabs_status ge) s s'' s2 s1 EVAL (CALL) RET TLR (RTLabs_not_cost … NOT_COST) TAC)
-    WCL2 EV rem rok
-].
-
-lemma not_return_to_not_final : ∀ge,s,tr,s'.
-  eval_statement ge s = Value ??? 〈tr, s'〉 →
-  RTLabs_classify s ≠ cl_return →
-  RTLabs_is_final s' = None ?.
-#ge #s #tr #s' #EV
-inversion (eval_preserves … EV) //
-#H48 #H49 #H50 #H51 #H52 #H53 #H54 #H55 #CL
-@⊥ @(absurd ?? CL) @refl
-qed.
-(*
-definition termination_oracle ≝ ∀ge,depth,s,trace.
-  inhabited (will_return ge depth s trace) ∨ ¬ inhabited (will_return ge depth s trace).
-
-let rec finite_segment ge (s:RTLabs_ext_state ge) n trace
-  (ORACLE: termination_oracle)
-  (TRACE_OK: remainder_ok ge s trace)
-  (ENV_COSTLABELLED: well_cost_labelled_ge ge)
-  (ENV_SOUNDLY_LABELLED: soundly_labelled_ge ge)
-  (LABEL_LIMIT: state_bound_on_steps_to_cost s n)
-  on n : finite_prefix ge s ≝ 
-match n return λn. state_bound_on_steps_to_cost s n → finite_prefix ge s with
-[ O ⇒ λLABEL_LIMIT. ⊥
-| S n' ⇒ 
-  match s return λs:RTLabs_ext_state ge. ∀trace:flat_trace io_out io_in ge s. remainder_ok ge s trace → state_bound_on_steps_to_cost s (S n') → finite_prefix ge s with [ mk_RTLabs_ext_state s0 stk mtc0 ⇒ λtrace'.
-    match trace' return λs:state.λtrace:flat_trace io_out io_in ge s. ∀mtc:Ras_Fn_Match ge s stk. remainder_ok ge (mk_RTLabs_ext_state ge s ? mtc) trace → state_bound_on_steps_to_cost s (S n') → finite_prefix ge (mk_RTLabs_ext_state ge s ? mtc) with
-    [ ft_stop st FINAL ⇒ λmtc,TRACE_OK,LABEL_LIMIT. ⊥
-    | ft_step start tr next EV trace' ⇒ λmtc,TRACE_OK,LABEL_LIMIT.
-        let start' ≝ mk_RTLabs_ext_state ge start stk mtc in
-        let next' ≝ next_state ge start' next tr EV in
-        match RTLabs_classify start return λx. RTLabs_classify start = x → ? with
-        [ cl_other ⇒ λCL.
-            let TRACE_OK' ≝ ? in
-            match RTLabs_cost next return λx. RTLabs_cost next = x → ? with
-            [ true ⇒ λCS.
-                fp_tal ge start' next' (tal_base_not_return (RTLabs_status ge) start' next' ?? ((proj1 … (RTLabs_costed ge next')) … CS)) trace' TRACE_OK'
-            | false ⇒ λCS.
-                let fs ≝ finite_segment ge next' n' trace' ORACLE TRACE_OK' ENV_COSTLABELLED ENV_SOUNDLY_LABELLED ? in
-                fp_add_default ge start' next' CL fs ? CS
-            ] (refl ??)
-        | cl_jump ⇒ λCL.
-            fp_tal ge start' next' (tal_base_not_return (RTLabs_status ge) start' next' ?? ?) trace' ?
-        | cl_call ⇒ λCL.
-            match ORACLE ge O next trace' return λ_. finite_prefix ge start' with
-            [ or_introl TERMINATES ⇒
-              match TERMINATES with [ witness TERMINATES ⇒ 
-                let tlr ≝ make_label_return' ge O next' trace' ENV_COSTLABELLED ?? TERMINATES in
-                let TRACE_OK' ≝ ? in
-                match RTLabs_cost (new_state … tlr) return λx. RTLabs_cost (new_state … tlr) = x → finite_prefix ge start' with
-                [ true ⇒ λCS. fp_tal ge start' (new_state … tlr) (tal_base_call (RTLabs_status ge) start' next' (new_state … tlr) ? (CL) ? (new_trace … tlr) ((proj1 … (RTLabs_costed ge ?)) … CS)) (remainder … tlr) TRACE_OK'
-                | false ⇒ λCS. 
-                    let fs ≝ finite_segment ge (new_state … tlr) n' (remainder … tlr) ORACLE TRACE_OK' ENV_COSTLABELLED ENV_SOUNDLY_LABELLED ? in
-                    fp_add_terminating_call … fs (new_trace … tlr) ? CS
-                ] (refl ??)
-              ]
-            | or_intror NO_TERMINATION ⇒
-                fp_tac ge start' start' next' (tac_base (RTLabs_status ge) start' (or_introl … (CL))) ?? trace' ?
-            ]
-        | cl_return ⇒ λCL. ⊥
-        | cl_tailcall ⇒ λCL. ⊥
-        ] (refl ??)
-    ] mtc0
-  ] trace TRACE_OK
-] LABEL_LIMIT.
-[ cases (state_bound_on_steps_to_cost_zero s) /2/
-| @(absurd …  (ro_not_final … TRACE_OK) FINAL)
-| @(absurd ?? (ro_no_termination … TRACE_OK))
-     %{0} % @wr_base //
-| @(proj1 … (RTLabs_costed …)) @(well_cost_labelled_jump … EV) [ @(ro_well_cost_labelled … TRACE_OK) | // ]
-| %1 @(CL)
-| 6,9,10,11: /3/
-| cases TRACE_OK #H1 #H2 #H3 #H4
-  % [ @(well_cost_labelled_state_step … EV) //
-    | @(soundly_labelled_state_step … EV) //
-    | @(not_to_not … (ro_no_termination … TRACE_OK)) * #depth * #TM1 %{depth} % @wr_step /2/
-    | @(not_return_to_not_final … EV) >CL % #E destruct
-    ]
-| @(RTLabs_after_call ge start' next' … (stack_ok … tlr)) //
-| @(RTLabs_after_call ge start' next' … (stack_ok … tlr)) //
-| @(bound_after_call ge start' (new_state … tlr) ? LABEL_LIMIT CL ? CS)
-  @(RTLabs_after_call ge start' next' … (stack_ok … tlr)) //
-| % [ /2/
-    | @(soundly_labelled_state_preserved … (stack_ok … tlr))
-      @(soundly_labelled_state_step … EV) /2/ @(ro_soundly_labelled … TRACE_OK)
-    | @(not_to_not … (ro_no_termination … TRACE_OK)) * #depth * #TM1 %{depth} %
-      @wr_call //
-      @(will_return_prepend … TERMINATES … TM1)
-      cases (terminates … tlr) //
-    | (* By stack preservation we cannot be in the final state *)
-      inversion (stack_ok … tlr)
-      [ #H101 #H102 #H103 #H104 #H105 #H106 #H107 #H108 #H109 destruct
-      | #s1 #f #f' #fs #m #fn #S #M #N #F #S #E1 #E2 #E3 #E4 -TERMINATES destruct @refl
-      | #s1 #r #M #S #E1 #E2 #E3 #E4 change with (next_state ?????) in E2:(??%??); -TERMINATES destruct -next' -s0
-        cases (rtlabs_call_inv … CL) #vf * #fd * #args * #dst * #stk * #m #E destruct
-        inversion (eval_preserves … EV)
-        [ 1,2,4,5,6: #H111 #H112 #H113 #H114 #H115 #H116 #H117 #H118 try #H119 try #H120 try #H121 try #H122 try #H123 try #H124 @⊥ -next destruct ]
-        #ge' #vf' #fn #locals #nextx #nok #sp #fs #m' #args' #dst' #m'' #E1 #E2 #E3 #E4 -TRACE_OK destruct
-        inversion S
-        [ #f #fs0 #m #fn0 #S0 #M0 #E1 #E2 whd in ⊢ (??%?% → ?); generalize in ⊢ (??(????%)?? → ?); #M'' #E3 #_ destruct | *: #H123 #H124 #H125 #H126 #H127 #H128 #H129 #H1 #H2 #H3 try #H130 try #H4 try #H5 try #H6 [ whd in H6:(??%?%); | whd in H2:(??%?%); ] destruct ]
-        (* state_bound_on_steps_to_cost needs to know about the current stack frame,
-           so we can use it as a witness that at least one frame exists *)
-        inversion LABEL_LIMIT
-        #H141 #H142 #H143 #H144 #H145 #H146 #H147 #H148 try #H150 try #H151 destruct
-      | #H173 #H174 #H175 #H176 #H177 #H178 #H179 #H180 #H181 #H182 destruct
-      ]
-    ]
-| @(well_cost_labelled_state_step … EV) /2/ @(ro_well_cost_labelled … TRACE_OK)
-| @(well_cost_labelled_call … EV) [ @(ro_well_cost_labelled … TRACE_OK) | // ]
-| /2/
-| %{tr} %{EV} %
-| cases TRACE_OK #H1 #H2 #H3 #H4
-  % [ @(well_cost_labelled_state_step … EV) /2/
-    | @(soundly_labelled_state_step … EV) /2/
-    | @(not_to_not … NO_TERMINATION) * #depth * #TM %
-      @(will_return_lower … TM) //
-    | @(not_return_to_not_final … EV) >CL % #E destruct
-    ]
-| @(RTLabs_notail … CL)
-| %2 @(CL)
-| 21,22: %{tr} %{EV} %
-| cases (bound_after_step … LABEL_LIMIT EV ?)
-  [ * [ #TERMINATES @⊥ @(absurd ?? (ro_no_termination … TRACE_OK)) %{0} % @wr_step [ %1 // |
-    inversion trace'
-    [ #s0 #FINAL #E1 #E2 -TRACE_OK' destruct @⊥
-      @(absurd ?? FINAL) @(not_return_to_not_final … EV)
-      % >CL #E destruct
-    | #s1 #tr1 #s2 #EVAL' #trace'' #E1 #E2 -TRACE_OK' destruct
-      @wr_base //
-    ]
-    ]
-    | >CL #E destruct
-    ]
-  | //
-  | //
-  ]
-| cases (bound_after_step … LABEL_LIMIT EV ?)
-  [ * [ #TERMINATES @⊥ @(absurd ?? (ro_no_termination … TRACE_OK)) %{0} % @wr_step [ %1 // |
-    inversion trace'
-    [ #s0 #FINAL #E1 #E2 -TRACE_OK' destruct @⊥
-      @(absurd ?? FINAL) @(not_return_to_not_final … EV)
-      % >CL #E destruct
-    | #s1 #tr1 #s2 #EVAL' #trace'' #E1 #E2 -TRACE_OK' destruct
-      @wr_base //
-    ]
-    ]
-    | >CL #E destruct
-    ]
-  | //
-  | //
-  ]
-| cases TRACE_OK #H1 #H2 #H3 #H4
-  % [ @(well_cost_labelled_state_step … EV) //
-    | @(soundly_labelled_state_step … EV) //
-    | @(not_to_not … (ro_no_termination … TRACE_OK))
-      * #depth * #TERM %{depth} % @wr_step /2/
-    | @(not_return_to_not_final … EV) >CL % #E destruct
-    ]
-] qed.
-*)
 lemma simplify_cl : ∀ge,s,c.
   as_classifier (RTLabs_status ge) s c →
@@ -1891 +1644 @@
 [ tlc_base s1 s2 tac CS ⇒ flat_trace_of_any_call … tac
 ] EX''.
-(*
-(* Now reconstruct the flat_trace of a diverging execution.  Note that we need
-   to take care to satisfy the guardedness condition by witnessing the fact that
-   the partial traces are non-empty. *)
-let corec flat_trace_of_label_diverges ge (s:RTLabs_ext_state ge)
-  (tr:trace_label_diverges (RTLabs_status ge) s)
-: flat_trace io_out io_in ge s ≝
-match tr return λs:RTLabs_ext_state ge.λtr:trace_label_diverges (RTLabs_status ge) s. flat_trace io_out io_in ge s with
-[ tld_step sx sy tll tld ⇒ 
-  match sy in RTLabs_ext_state return λsy:RTLabs_ext_state ge. trace_label_label (RTLabs_status ge) ? sx sy → trace_label_diverges (RTLabs_status ge) sy → flat_trace io_out io_in ge ? with [ mk_RTLabs_ext_state sy' stk mtc0 ⇒
-    λtll.
-    match flat_trace_of_label_label ge … tll return λs1,s2:state.λ_:partial_flat_trace io_out io_in ge s1 s2. ∀mtc:Ras_Fn_Match ge s2 stk. trace_label_diverges (RTLabs_status ge) (mk_RTLabs_ext_state ge s2 stk mtc) → flat_trace ??? s1 with
-    [ pft_base s1 tr s2 EX ⇒ λmtc,tld. ft_step … EX (flat_trace_of_label_diverges ge ? tld)
-    | pft_step s1 et s2 s3 EX tr' ⇒ λmtc,tld. ft_step … EX (add_partial_flat_trace ge … (mk_RTLabs_ext_state ge s3 stk mtc) tr' tld)
-    ] mtc0 ] tll tld
-| tld_base s1 s2 s3 tlc EX CL tld ⇒ 
-  match s3 in RTLabs_ext_state return λs3:RTLabs_ext_state ge. as_execute (RTLabs_status ge) ? s3 → trace_label_diverges (RTLabs_status ge) s3 → flat_trace io_out io_in ge ? with [ mk_RTLabs_ext_state s3' stk mtc0 ⇒
-    λEX. match deprop_as_execute ge ?? EX with [ mk_Sig tr EX' ⇒
-      match flat_trace_of_label_call … tlc EX' return λs1,s3.λ_. ∀mtc:Ras_Fn_Match ge s3 stk. trace_label_diverges (RTLabs_status ge) (mk_RTLabs_ext_state ge s3 stk mtc) → flat_trace ??? s1 with
-      [ pft_base s1 tr s2 EX ⇒ λmtc,tld. ft_step … EX (flat_trace_of_label_diverges ge ? tld)
-      | pft_step s1 et s2 s3 EX tr' ⇒ λmtc,tld. ft_step … EX (add_partial_flat_trace ge … (mk_RTLabs_ext_state ge s3 stk mtc) tr' tld)
-      ] mtc0
-    ]
-  ] EX tld
-]
-(* Helper to keep adding the partial trace without violating the guardedness
-   condition. *)
-and add_partial_flat_trace ge (s:state) (s':RTLabs_ext_state ge)
-: partial_flat_trace io_out io_in ge s s' →
-  trace_label_diverges (RTLabs_status ge) s' →
-  flat_trace io_out io_in ge s ≝
-match s' return λs':RTLabs_ext_state ge. partial_flat_trace io_out io_in ge s s' → trace_label_diverges (RTLabs_status ge) s' → flat_trace io_out io_in ge s with [ mk_RTLabs_ext_state sx stk mtc ⇒ 
-λptr. match ptr return λs,s'.λ_. ∀mtc:Ras_Fn_Match ge s' stk. trace_label_diverges (RTLabs_status ge) (mk_RTLabs_ext_state ge s' ? mtc) → flat_trace io_out io_in ge s with
-[ pft_base s tr s' EX ⇒ λmtc,tr. ft_step … EX (flat_trace_of_label_diverges ge ? tr)
-| pft_step s1 et s2 s3 EX tr' ⇒ λmtc,tr. ft_step … EX (add_partial_flat_trace ge s2 (mk_RTLabs_ext_state ge s3 stk mtc) tr' tr)
-] mtc ]
-. 
-
-
-coinductive equal_flat_traces (ge:genv) : ∀s. flat_trace io_out io_in ge s → flat_trace io_out io_in ge s → Prop ≝
-| eft_stop : ∀s,F. equal_flat_traces ge s (ft_stop … F) (ft_stop … F)
-| eft_step : ∀s,tr,s',EX,tr1,tr2. equal_flat_traces ge s' tr1 tr2 → equal_flat_traces ge s (ft_step … EX tr1) (ft_step … s tr s' EX tr2).
-
-let corec flat_traces_are_determined_by_starting_point ge s tr1
-: ∀tr2. equal_flat_traces ge s tr1 tr2 ≝ 
-match tr1 return λs,tr1. flat_trace ??? s → equal_flat_traces ? s tr1 ? with
-[ ft_stop s F ⇒ λtr2. ?
-| ft_step s1 tr s2 EX0 tr1' ⇒ λtr2.
-    match tr2 return λs,tr2. ∀EX:eval_statement ge s = ?. equal_flat_traces ? s (ft_step ??? s ?? EX ?) tr2 with
-    [ ft_stop s F ⇒ λEX. ?
-    | ft_step s tr' s2' EX' tr2' ⇒ λEX. ?
-    ] EX0
-].
-[ inversion tr2 in tr1 F;
-  [ #s #F #_ #_ #tr1 #F' @eft_stop
-  | #s1 #tr #s2 #EX #tr' #E #_ #tr'' #F' @⊥ destruct
-    cases (final_cannot_move ge … F') #err #Er >Er in EX; #E destruct
-  ]
-| @⊥ cases (final_cannot_move ge … F) #err #Er >Er in EX; #E destruct
-| -EX0
-  cut (s2 = s2'). >EX in EX'; #E destruct @refl. #E (* Can't use destruct due to cofixpoint guardedness check *)
-  @(match E return λs2',E. ∀tr2':flat_trace ??? s2'. ∀EX':? = Value ??? 〈?,s2'〉. equal_flat_traces ??? (ft_step ????? s2' EX' tr2') with [ refl ⇒ ? ] tr2' EX')
-  -E -EX' -tr2' #tr2' #EX'
-  cut (tr = tr'). >EX in EX'; #E destruct @refl. #E (* Can't use destruct due to cofixpoint guardedness check *)
-  @(match E return λtr',E. ∀EX':? = Value ??? 〈tr',?〉. equal_flat_traces ??? (ft_step ???? tr' ? EX' ?) with [ refl ⇒ ? ] EX')
-  -E -EX' #EX'
-    @eft_step @flat_traces_are_determined_by_starting_point
-] qed.
-
-let corec diverging_traces_have_unique_flat_trace ge (s:RTLabs_ext_state ge)
-  (str:trace_label_diverges (RTLabs_status ge) s)
-  (tr:flat_trace io_out io_in ge s)
-: equal_flat_traces … (flat_trace_of_label_diverges … str) tr ≝ ?.
-@flat_traces_are_determined_by_starting_point
-qed. 
-
-let rec flat_trace_of_whole_program ge (s:RTLabs_ext_state ge)
-  (tr:trace_whole_program (RTLabs_status ge) s)
-on tr : flat_trace io_out io_in ge s ≝
-match tr return λs:RTLabs_ext_state ge.λtr. flat_trace io_out io_in ge s with
-[ twp_terminating s1 s2 sf CL EX tlr F ⇒
-    match deprop_as_execute ge ?? EX with [ mk_Sig tr EX' ⇒
-      ft_step … EX' (partial_to_flat_trace … (flat_trace_of_label_return … tlr) (ft_stop … F))
-    ]
-| twp_diverges s1 s2 CL EX tld ⇒
-    match deprop_as_execute ge ?? EX with [ mk_Sig tr EX' ⇒ 
-      ft_step … EX' (flat_trace_of_label_diverges … tld)
-    ]
-].
-
-let corec whole_traces_have_unique_flat_trace ge (s:RTLabs_ext_state ge)
-  (str:trace_whole_program (RTLabs_status ge) s)
-  (tr:flat_trace io_out io_in ge s)
-: equal_flat_traces … (flat_trace_of_whole_program … str) tr ≝ ?.
-@flat_traces_are_determined_by_starting_point
-qed.
-*)