Who Cites delivered at?
delivered_at	Def x delivered at time k == (x =msg=(E) tr[k]) & (is-send(E)(tr[k]))
	Thm* E:EventStruct, tr:|E| List, x:|E|, k:||tr||. x delivered at time k Prop
select	Def l[i] == hd(nth_tl(i;l))
	Thm* A:Type, l:A List, n:. 0n n < ||l|| l[n] A
event_is_snd	Def is-send(E) == 1of(2of(2of(2of(2of(E)))))
	Thm* E:EventStruct. is-send(E) |E|
assert	Def b == if b True else False fi
	Thm* b:. b Prop
not	Def A == A False
	Thm* A:Prop. (A) Prop
event_msg_eq	Def =msg=(E)(e_1,e_2) == (msg(E)(e_1)) =(MS(E)) (msg(E)(e_2))
	Thm* E:EventStruct. =msg=(E) |E||E|
nth_tl	Def nth_tl(n;as) == if n0 as else nth_tl(n-1;tl(as)) fi (recursive)
	Thm* A:Type, as:A List, i:. nth_tl(i;as) A List
msg_eq	Def =(M)(m_1,m_2) == ((content(M)(m_1)) =(cEQ(M)) (content(M)(m_2)))sender(M)(m_1) = sender(M)(m_2)(uid(M)(m_1)=uid(M)(m_2))
	Thm* M:MessageStruct. =(M) |M||M|
eq_lbl	Def l1 = l2 == Case(l1) Case ptn_atom(x) = > Case(l2) Case ptn_atom(y) = > x=yAtom Default = > false Case ptn_int(x) = > Case(l2) Case ptn_int(y) = > x=y Default = > false Case ptn_var(x) = > Case(l2) Case ptn_var(y) = > x=yAtom Default = > false Case ptn_pr( < x, y > ) = > Case(l2) Case ptn_pr( < u, v > ) = > x = uy = v Default = > false Default = > false (recursive)
	Thm* l1,l2:Pattern. l1 = l2
case_ptn_var	Def Case ptn_var(x) = > body(x) cont(x1,z) == (x1.inr(x2) = > (x1.inr(x2) = > (x1.inl(x2) = > body(hd([x2 / tl(x1)])) cont(hd(x1),z))([x2 / tl(x1)]) cont(hd(x1),z))([x2 / tl(x1)]) cont(hd(x1),z))([x1])
case_ptn_int	Def Case ptn_int(x) = > body(x) cont(x1,z) == (x1.inr(x2) = > (x1.inl(x2) = > body(hd([x2 / tl(x1)])) cont(hd(x1),z))([x2 / tl(x1)]) cont(hd(x1),z))([x1])
hd	Def hd(l) == Case of l; nil "?" ; h.t h
	Thm* A:Type, l:A List. ||l||1 hd(l) A
	Thm* A:Type, l:A List. hd(l) A
event_msg	Def msg(E) == 1of(2of(2of(E)))
	Thm* E:EventStruct. msg(E) |E||MS(E)|
event_msg_str	Def MS(E) == 1of(2of(E))
	Thm* E:EventStruct. MS(E) MessageStruct
msg_id	Def uid(MS) == 1of(2of(2of(2of(2of(MS)))))
	Thm* M:MessageStruct. uid(M) |M|
msg_sender	Def sender(MS) == 1of(2of(2of(2of(MS))))
	Thm* M:MessageStruct. sender(M) |M|Label
msg_content	Def content(MS) == 1of(2of(2of(MS)))
	Thm* M:MessageStruct. content(M) |M||cEQ(M)|
msg_content_eq	Def cEQ(MS) == 1of(2of(MS))
	Thm* M:MessageStruct. cEQ(M) DecidableEquiv
eq_dequiv	Def =(DE) == 1of(2of(DE))
	Thm* E:DecidableEquiv. =(E) |E||E|
pi2	Def 2of(t) == t.2
	Thm* A:Type, B:(AType), p:(a:AB(a)). 2of(p) B(1of(p))
pi1	Def 1of(t) == t.1
	Thm* A:Type, B:(AType), p:(a:AB(a)). 1of(p) A
tl	Def tl(l) == Case of l; nil nil ; h.t t
	Thm* A:Type, l:A List. tl(l) A List
le_int	Def ij == j < i
	Thm* i,j:. (ij)
eq_int	Def i=j == if i=j true ; false fi
	Thm* i,j:. (i=j)
band	Def pq == if p q else false fi
	Thm* p,q:. (pq)
lt_int	Def i < j == if i < j true ; false fi
	Thm* i,j:. (i < j)
bnot	Def b == if b false else true fi
	Thm* b:. b
case_default	Def Default = > body(value,value) == body
case_lbl_pair	Def Case ptn_pr( < x, y > ) = > body(x;y) cont(x1,z) == InjCase(x1; _. cont(z,z); x2. InjCase(x2; _. cont(z,z); x2@0. InjCase(x2@0; _. cont(z,z); x2@1. x2@1/x3,x2@2. body(x3;x2@2))))
case	Def Case(value) body == body(value,value)
eq_atom	Def x=yAtom == if x=yAtomtrue; false fi
	Thm* x,y:Atom. x=yAtom
case_ptn_atom	Def Case ptn_atom(x) = > body(x) cont(x1,z) == InjCase(x1; x2. body(x2); _. cont(z,z))
case_inl	Def inl(x) = > body(x) cont(value,contvalue) == InjCase(value; x. body(x); _. cont(contvalue,contvalue))
case_inr	Def inr(x) = > body(x) cont(value,contvalue) == InjCase(value; _. cont(contvalue,contvalue); x. body(x))

Syntax:

x delivered at time k

has structure:

delivered_at(E; tr; x; k)

About: