Step
*
of Lemma
pv11_p1-ilf
(∀[loc:Id]. ∀[accpts:bag(Id)]. ∀[Cmd:{T:Type| valueall-type(T)} ]. ∀[mf:pv11_p1_headers_type{i:l}(Cmd)].
∀[es:EO+(Message(mf))]. ∀[e:E]. ∀[d:ℤ]. ∀[i:Id]. ∀[m:Message(mf)].
{<d, i, m> ∈ ((pv11_p1_scout_output(Cmd;accpts;mf) (pv11_p1_init_ballot_num() loc) o pv11_p1_p1b'base(Cmd;mf)) o
pv11_p1_ScoutState(Cmd;accpts;mf) (pv11_p1_init_ballot_num() loc))(e)
⇐⇒ ((header(e) = ``pv11_p1 p1b`` ∈ Name)
∧ has-es-info-type(es;e;mf;Id
× pv11_p1_Ballot_Num()
× pv11_p1_Ballot_Num()
× ((pv11_p1_Ballot_Num() × ℤ × Cmd) List)))
∧ ((pv11_p1_init_ballot_num() loc) = (fst(snd(msgval(e)))) ∈ pv11_p1_Ballot_Num())
∧ (d = 0 ∈ ℤ)
∧ (i = loc(e) ∈ Id)
∧ (↓(((pv11_p1_init_ballot_num() loc) = (fst(snd(snd(msgval(e))))) ∈ pv11_p1_Ballot_Num())
∧ #(fst(pv11_p1_ScoutStateFun(Cmd;accpts;mf;pv11_p1_init_ballot_num() loc;es;e))) < pv11_p1_threshold(accpts)
∧ (m
= make-Msg(``pv11_p1 adopted``;<pv11_p1_init_ballot_num() loc
, snd(pv11_p1_ScoutStateFun(Cmd;accpts;mf;pv11_p1_init_ballot_num()
loc;es;e))
>)
∈ Message(mf)))
∨ ((¬((pv11_p1_init_ballot_num() loc) = (fst(snd(snd(msgval(e))))) ∈ pv11_p1_Ballot_Num()))
∧ (m = make-Msg(``pv11_p1 preempted``;fst(snd(snd(msgval(e))))) ∈ Message(mf))))})
∧ (∀[z3:ℤ]. ∀[z1:pv11_p1_Ballot_Num()]. ∀[reps,accpts:bag(Id)]. ∀[Cmd:{T:Type| valueall-type(T)} ]. ∀[z4:Cmd].
∀[mf:pv11_p1_headers_type{i:l}(Cmd)]. ∀[es:EO+(Message(mf))]. ∀[e:E]. ∀[d:ℤ]. ∀[i:Id]. ∀[m:Message(mf)].
{<d, i, m> ∈ ((pv11_p1_commander_output(Cmd;accpts;reps;mf) <z1, z3, z4> o pv11_p1_p2b'base(Cmd;mf)) o pv11_p1_Comm\000CanderState(Cmd;accpts;mf) z1 z3)(e)
⇐⇒ ((header(e) = ``pv11_p1 p2b`` ∈ Name)
∧ has-es-info-type(es;e;mf;Id × pv11_p1_Ballot_Num() × ℤ × pv11_p1_Ballot_Num()))
∧ ((z1 = (fst(snd(msgval(e)))) ∈ pv11_p1_Ballot_Num()) ∧ (z3 = (fst(snd(snd(msgval(e))))) ∈ ℤ))
∧ (d = 0 ∈ ℤ)
∧ (↓((z1 = (snd(snd(snd(msgval(e))))) ∈ pv11_p1_Ballot_Num())
∧ #(pv11_p1_CommanderStateFun(Cmd;accpts;mf;z1;z3;es;e)) < pv11_p1_threshold(accpts)
∧ i ↓∈ reps
∧ (m = make-Msg([decision];<z3, z4>) ∈ Message(mf)))
∨ ((¬(z1 = (snd(snd(snd(msgval(e))))) ∈ pv11_p1_Ballot_Num()))
∧ (i = loc(e) ∈ Id)
∧ (m = make-Msg(``pv11_p1 preempted``;snd(snd(snd(msgval(e))))) ∈ Message(mf))))})
∧ (∀[loc:Id]. ∀[param:pv11_p1_Ballot_Num()]. ∀[accpts:bag(Id)]. ∀[Cmd:{T:Type| valueall-type(T)} ].
∀[mf:pv11_p1_headers_type{i:l}(Cmd)]. ∀[es:EO+(Message(mf))]. ∀[e:E]. ∀[d:ℤ]. ∀[i:Id]. ∀[m:Message(mf)].
{<d, i, m> ∈ ((pv11_p1_scout_output(Cmd;accpts;mf) (pv11_p1_upd_bnum() param loc) o pv11_p1_p1b'base(Cmd;mf)) o
pv11_p1_ScoutState(Cmd;accpts;mf) (pv11_p1_upd_bnum() param loc))(e)
⇐⇒ ((header(e) = ``pv11_p1 p1b`` ∈ Name)
∧ has-es-info-type(es;e;mf;Id
× pv11_p1_Ballot_Num()
× pv11_p1_Ballot_Num()
× ((pv11_p1_Ballot_Num() × ℤ × Cmd) List)))
∧ ((pv11_p1_upd_bnum() param loc) = (fst(snd(msgval(e)))) ∈ pv11_p1_Ballot_Num())
∧ (d = 0 ∈ ℤ)
∧ (i = loc(e) ∈ Id)
∧ (↓(((pv11_p1_upd_bnum() param loc) = (fst(snd(snd(msgval(e))))) ∈ pv11_p1_Ballot_Num())
∧ #(fst(pv11_p1_ScoutStateFun(Cmd;accpts;mf;pv11_p1_upd_bnum() param
loc;es;e))) < pv11_p1_threshold(accpts)
∧ (m
= make-Msg(``pv11_p1 adopted``;<pv11_p1_upd_bnum() param loc
, snd(pv11_p1_ScoutStateFun(Cmd;accpts;mf;pv11_p1_upd_bnum() param
loc;es;e))
>)
∈ Message(mf)))
∨ ((¬((pv11_p1_upd_bnum() param loc) = (fst(snd(snd(msgval(e))))) ∈ pv11_p1_Ballot_Num()))
∧ (m = make-Msg(``pv11_p1 preempted``;fst(snd(snd(msgval(e))))) ∈ Message(mf))))})
∧ (∀[Cmd:{T:Type| valueall-type(T)} ]. ∀[accpts,ldrs:bag(Id)]. ∀[ldrs_uid:Id ─→ ℤ]. ∀[reps:bag(Id)].
∀[mf:pv11_p1_headers_type{i:l}(Cmd)]. ∀[es:EO+(Message(mf))]. ∀[e:E]. ∀[d:ℤ]. ∀[i:Id]. ∀[m:Message(mf)].
{<d, i, m> ∈ pv11_p1_main(Cmd;accpts;ldrs;ldrs_uid;reps;mf)(e)
⇐⇒ ↓(loc(e) ↓∈ ldrs
∧ ((((((d = 0 ∈ ℤ) ∧ (m = make-Msg(``pv11_p1 p1a``;<loc(e), pv11_p1_init_ballot_num() loc(e)>) ∈ Message(mf)) \000C∧ i ↓∈ accpts)
∧ (↑first(e)))
∨ ((no ((pv11_p1_scout_output(Cmd;accpts;mf) (pv11_p1_init_ballot_num() loc(e)) o
pv11_p1_p1b'base(Cmd;mf)) o pv11_p1_ScoutState(Cmd;accpts;mf)
(pv11_p1_init_ballot_num() loc(e))) prior to e)
∧ <d, i, m> ∈ {((pv11_p1_scout_output(Cmd;accpts;mf) (pv11_p1_init_ballot_num() loc(e)) o
pv11_p1_p1b'base(Cmd;mf)) o pv11_p1_ScoutState(Cmd;accpts;mf)
(pv11_p1_init_ballot_num() loc(e)))}(e)))
∨ (∃e':{e':E| e' ≤loc e }
∃z1:pv11_p1_Ballot_Num()
∃z3:ℤ
∃z4:Cmd
(((((header(e') = [propose] ∈ Name) ∧ has-es-info-type(es;e';mf;ℤ × Cmd))
∧ ((↑(fst(snd(pv11_p1_LeaderStateFun(Cmd;ldrs_uid;mf;es;e')))))
∧ (¬↑(pv11_p1_in_domain(Cmd) (fst(msgval(e')))
(snd(snd(pv11_p1_LeaderStateFun(Cmd;ldrs_uid;mf;es;e')))))))
∧ (z1 = (fst(pv11_p1_LeaderStateFun(Cmd;ldrs_uid;mf;es;e'))) ∈ pv11_p1_Ballot_Num())
∧ (<z3, z4> = msgval(e') ∈ (ℤ × Cmd)))
∨ (((header(e') = ``pv11_p1 adopted`` ∈ Name)
∧ has-es-info-type(es;e';mf;pv11_p1_Ballot_Num() × ((pv11_p1_Ballot_Num() × ℤ × Cmd) List)))
∧ ((fst(msgval(e'))) = (fst(pv11_p1_LeaderStateFun(Cmd;ldrs_uid;mf;es;e'))) ∈ pv11_p1_Ballot_Num())
∧ ((<z3, z4> ↓∈ snd(snd(pv11_p1_LeaderStateFun(Cmd;ldrs_uid;...;...;...))) ∧ ...) ∨ ...)
∧ ...))
∧ ...)))
∨ ...))
∨ ...})
BY
{ ProveILF_lemma paxos-v11-part1.esh }
Latex:
Latex:
(\mforall{}[loc:Id]. \mforall{}[accpts:bag(Id)]. \mforall{}[Cmd:\{T:Type| valueall-type(T)\} ].
\mforall{}[mf:pv11\_p1\_headers\_type\{i:l\}(Cmd)]. \mforall{}[es:EO+(Message(mf))]. \mforall{}[e:E]. \mforall{}[d:\mBbbZ{}]. \mforall{}[i:Id].
\mforall{}[m:Message(mf)].
\{<d, i, m> \mmember{} ((pv11\_p1\_scout\_output(Cmd;accpts;mf) (pv11\_p1\_init\_ballot\_num() loc) o
pv11\_p1\_p1b'base(Cmd;mf)) o pv11\_p1\_ScoutState(Cmd;accpts;mf)
(pv11\_p1\_init\_ballot\_num() loc))(e)
\mLeftarrow{}{}\mRightarrow{} ((header(e) = ``pv11\_p1 p1b``)
\mwedge{} has-es-info-type(es;e;mf;Id
\mtimes{} pv11\_p1\_Ballot\_Num()
\mtimes{} pv11\_p1\_Ballot\_Num()
\mtimes{} ((pv11\_p1\_Ballot\_Num() \mtimes{} \mBbbZ{} \mtimes{} Cmd) List)))
\mwedge{} ((pv11\_p1\_init\_ballot\_num() loc) = (fst(snd(msgval(e)))))
\mwedge{} (d = 0)
\mwedge{} (i = loc(e))
\mwedge{} (\mdownarrow{}(((pv11\_p1\_init\_ballot\_num() loc) = (fst(snd(snd(msgval(e))))))
\mwedge{} \#(fst(pv11\_p1\_ScoutStateFun(Cmd;accpts;mf;pv11\_p1\_init\_ballot\_num()
loc;es;e))) < pv11\_p1\_threshold(accpts)
\mwedge{} (m
= make-Msg(``pv11\_p1 adopted``;<pv11\_p1\_init\_ballot\_num() loc
, snd(pv11\_p1\_ScoutStateFun(Cmd;accpts;mf;...
loc;es;e))
>)))
\mvee{} ((\mneg{}((pv11\_p1\_init\_ballot\_num() loc) = (fst(snd(snd(msgval(e)))))))
\mwedge{} (m = make-Msg(``pv11\_p1 preempted``;fst(snd(snd(msgval(e))))))))\})
\mwedge{} (\mforall{}[z3:\mBbbZ{}]. \mforall{}[z1:pv11\_p1\_Ballot\_Num()]. \mforall{}[reps,accpts:bag(Id)]. \mforall{}[Cmd:\{T:Type| valueall-type(T)\} ].
\mforall{}[z4:Cmd]. \mforall{}[mf:pv11\_p1\_headers\_type\{i:l\}(Cmd)]. \mforall{}[es:EO+(Message(mf))]. \mforall{}[e:E]. \mforall{}[d:\mBbbZ{}]. \mforall{}[i:Id].
\mforall{}[m:Message(mf)].
\{<d, i, m> \mmember{} ((pv11\_p1\_commander\_output(Cmd;accpts;reps;mf)
<z1, z3, z4> o pv11\_p1\_p2b'base(Cmd;mf)) o
pv11\_p1\_CommanderState(Cmd;accpts;mf) z1 z3)(e)
\mLeftarrow{}{}\mRightarrow{} ((header(e) = ``pv11\_p1 p2b``)
\mwedge{} has-es-info-type(es;e;mf;Id \mtimes{} pv11\_p1\_Ballot\_Num() \mtimes{} \mBbbZ{} \mtimes{} pv11\_p1\_Ballot\_Num()))
\mwedge{} ((z1 = (fst(snd(msgval(e))))) \mwedge{} (z3 = (fst(snd(snd(msgval(e)))))))
\mwedge{} (d = 0)
\mwedge{} (\mdownarrow{}((z1 = (snd(snd(snd(msgval(e))))))
\mwedge{} \#(pv11\_p1\_CommanderStateFun(Cmd;accpts;mf;z1;z3;es;e)) < pv11\_p1\_threshold(accpts)
\mwedge{} i \mdownarrow{}\mmember{} reps
\mwedge{} (m = make-Msg([decision];<z3, z4>)))
\mvee{} ((\mneg{}(z1 = (snd(snd(snd(msgval(e)))))))
\mwedge{} (i = loc(e))
\mwedge{} (m = make-Msg(``pv11\_p1 preempted``;snd(snd(snd(msgval(e))))))))\})
\mwedge{} (\mforall{}[loc:Id]. \mforall{}[param:pv11\_p1\_Ballot\_Num()]. \mforall{}[accpts:bag(Id)]. \mforall{}[Cmd:\{T:Type| valueall-type(T)\} ].
\mforall{}[mf:pv11\_p1\_headers\_type\{i:l\}(Cmd)]. \mforall{}[es:EO+(Message(mf))]. \mforall{}[e:E]. \mforall{}[d:\mBbbZ{}]. \mforall{}[i:Id].
\mforall{}[m:Message(mf)].
\{<d, i, m> \mmember{} ((pv11\_p1\_scout\_output(Cmd;accpts;mf) (pv11\_p1\_upd\_bnum() param loc) o
pv11\_p1\_p1b'base(Cmd;mf)) o pv11\_p1\_ScoutState(Cmd;accpts;mf)
(pv11\_p1\_upd\_bnum() param loc))(e)
\mLeftarrow{}{}\mRightarrow{} ((header(e) = ``pv11\_p1 p1b``)
\mwedge{} has-es-info-type(es;e;mf;Id
\mtimes{} pv11\_p1\_Ballot\_Num()
\mtimes{} pv11\_p1\_Ballot\_Num()
\mtimes{} ((pv11\_p1\_Ballot\_Num() \mtimes{} \mBbbZ{} \mtimes{} Cmd) List)))
\mwedge{} ((pv11\_p1\_upd\_bnum() param loc) = (fst(snd(msgval(e)))))
\mwedge{} (d = 0)
\mwedge{} (i = loc(e))
\mwedge{} (\mdownarrow{}(((pv11\_p1\_upd\_bnum() param loc) = (fst(snd(snd(msgval(e))))))
\mwedge{} \#(fst(pv11\_p1\_ScoutStateFun(Cmd;accpts;mf;pv11\_p1\_upd\_bnum() param
loc;es;e))) < pv11\_p1\_threshold(accpts)
\mwedge{} (m
= make-Msg(``pv11\_p1 adopted``;<pv11\_p1\_upd\_bnum() param loc
, snd(pv11\_p1\_ScoutStateFun(Cmd;accpts;mf;...
param
loc;es;e))
>)))
\mvee{} ((\mneg{}((pv11\_p1\_upd\_bnum() param loc) = (fst(snd(snd(msgval(e)))))))
\mwedge{} (m = make-Msg(``pv11\_p1 preempted``;fst(snd(snd(msgval(e))))))))\})
\mwedge{} (\mforall{}[Cmd:\{T:Type| valueall-type(T)\} ]. \mforall{}[accpts,ldrs:bag(Id)]. \mforall{}[ldrs$_{uid}$:Id\000C {}\mrightarrow{} \mBbbZ{}]. \mforall{}[reps:bag(Id)].
\mforall{}[mf:pv11\_p1\_headers\_type\{i:l\}(Cmd)]. \mforall{}[es:EO+(Message(mf))]. \mforall{}[e:E]. \mforall{}[d:\mBbbZ{}]. \mforall{}[i:Id].
\mforall{}[m:Message(mf)].
\{<d, i, m> \mmember{} pv11\_p1\_main(Cmd;accpts;ldrs;ldrs$_{uid}$;reps;mf)(e)
\mLeftarrow{}{}\mRightarrow{} \mdownarrow{}(loc(e) \mdownarrow{}\mmember{} ldrs
\mwedge{} ((((((d = 0) \mwedge{} (m = make-Msg(``pv11\_p1 p1a``;<loc(e), pv11\_p1\_init\_ballot\_num() loc(e)>)\000C) \mwedge{} i \mdownarrow{}\mmember{} accpts)
\mwedge{} (\muparrow{}first(e)))
\mvee{} ((no ((pv11\_p1\_scout\_output(Cmd;accpts;mf) (pv11\_p1\_init\_ballot\_num() loc(e)) o
pv11\_p1\_p1b'base(Cmd;mf)) o pv11\_p1\_ScoutState(Cmd;accpts;mf)
(pv11\_p1\_init\_ballot\_num() loc(e))) prior to e)
\mwedge{} <d, i, m> \mmember{} \{((pv11\_p1\_scout\_output(Cmd;accpts;mf)
(pv11\_p1\_init\_ballot\_num() loc(e)) o pv11\_p1\_p1b'base(Cmd;mf)) o
pv11\_p1\_ScoutState(Cmd;accpts;mf) (pv11\_p1\_init\_ballot\_num() loc(e)))\}(
e)))
\mvee{} (\mexists{}e':\{e':E| e' \mleq{}loc e \}
\mexists{}z1:pv11\_p1\_Ballot\_Num()
\mexists{}z3:\mBbbZ{}
\mexists{}z4:Cmd
(((((header(e') = [propose]) \mwedge{} has-es-info-type(es;e';mf;\mBbbZ{} \mtimes{} Cmd))
\mwedge{} ((\muparrow{}(fst(snd(pv11\_p1\_LeaderStateFun(Cmd;ldrs$_{uid}$;mf;es;e\000C')))))
\mwedge{} (\mneg{}\muparrow{}(pv11\_p1\_in\_domain(Cmd) (fst(msgval(e')))
(snd(snd(pv11\_p1\_LeaderStateFun(Cmd;ldrs$_{uid}$;mf;e\000Cs;e')))))))
\mwedge{} (z1 = (fst(pv11\_p1\_LeaderStateFun(Cmd;ldrs$_{uid}$;mf;es;e'\000C))))
\mwedge{} (<z3, z4> = msgval(e')))
\mvee{} (((header(e') = ``pv11\_p1 adopted``)
\mwedge{} has-es-info-type(es;e';mf;pv11\_p1\_Ballot\_Num() \mtimes{} ((pv11\_p1\_Ballot\_Num()
\mtimes{} \mBbbZ{}
\mtimes{} Cmd) List)))
\mwedge{} ((fst(msgval(e'))) = (fst(pv11\_p1\_LeaderStateFun(Cmd;ldrs$_{uid\mbackslash{}f\000Cf7d$;mf;es;e'))))
\mwedge{} ((<z3, z4> \mdownarrow{}\mmember{} snd(snd(pv11\_p1\_LeaderStateFun(Cmd;ldrs$_{uid}\mbackslash{}\000Cff24;mf;es;e')))
\mwedge{} (\mneg{}(\mexists{}p2:Cmd. (<z3, p2> \mmember{} pv11\_p1\_pmax(Cmd;ldrs$_{uid}$) \000C(snd(msgval(e')))))))
\mvee{} (\mexists{}v2:pv11\_p1\_Ballot\_Num()
(<v2, z3, z4> \mdownarrow{}\mmember{} snd(msgval(e'))
\mwedge{} (\mneg{}(\mexists{}z5:pv11\_p1\_Ballot\_Num(). \mexists{}z8:Cmd. ((\muparrow{}(v2 ... ...)) \mwedge{} ...))))))
\mwedge{} ...))
\mwedge{} ...)))
\mvee{} ...))
\mvee{} ...\})
By
Latex:
ProveILF\_lemma paxos-v11-part1.esh
Home
Index