WhoCites Definitions GenAutomata Sections NuprlLIB Doc

Who Cites trace inv?
trace_invDef (M |= always s,t.P(s;t)) == t:M.action List, s0,s:M.state. M.init(s0) trace_reachable(M;s0;t;s) P(s;t)
Thm* M:sm{i:l}(), P:(M.state(M.action List)Prop). (M |= always s,t.P(s,t)) Prop
trace_reachable Def trace_reachable(M;s;l;s') == Case of l; nil s = s' M.state ; a.l' x:M.state. M.trans(s,a,x) & trace_reachable(M;x;l';s') (recursive)
Thm* M:sm{i:l}(), l:M.action List, s,s':M.state. trace_reachable(M;s;l;s') Prop
sm_init Def t.init == 1of(2of(2of(t)))
Thm* M:sm{i:l}(). M.init M.stateProp
sm_state Def M.state == {M.ds}
Thm* M:sm{i:l}(). M.state Type
sm_action Def M.action == (M.da)
Thm* M:sm{i:l}(). M.action Type
sm_trans Def t.trans == 2of(2of(2of(t)))
Thm* M:sm{i:l}(). M.trans M.stateM.actionM.stateProp
sm_ds Def t.ds == 1of(2of(t))
Thm* t:sm{i:l}(). t.ds Decl
pi2 Def 2of(t) == t.2
Thm* A:Type, B:(AType), p:(a:AB(a)). 2of(p) B(1of(p))
sm_da Def t.da == 1of(t)
Thm* t:sm{i:l}(). t.da Decl
pi1 Def 1of(t) == t.1
Thm* A:Type, B:(AType), p:(a:AB(a)). 1of(p) A
record Def {d} == l:Labeldecl_type(d;l)
Thm* d:Decl. {d} Type
sigma Def (d) == l:Labeldecl_type(d;l)
Thm* d:Decl. (d) Type
decl_type Def decl_type(d;x) == d(x)
Thm* dec:Decl, x:Label. decl_type(dec;x) Type
lbl Def Label == {p:Pattern| ground_ptn(p) }
Thm* Label Type
ground_ptn Def ground_ptn(p) == Case(p) Case ptn_var(v) = > false Case ptn_pr( < x, y > ) = > ground_ptn(x)ground_ptn(y) Default = > true (recursive)
Thm* p:Pattern. ground_ptn(p)
assert Def b == if b True else False fi
Thm* b:. b Prop
ptn Def Pattern == rec(T.ptn_con(T))
Thm* Pattern Type
case_default Def Default = > body(value,value) == body
band Def pq == if p q else false fi
Thm* p,q:. (pq)
case_lbl_pair Def Case ptn_pr( < x, y > ) = > body(x;y) cont(x1,z) == InjCase(x1; _. cont(z,z); x2. InjCase(x2; _. cont(z,z); x2@0. InjCase(x2@0; _. cont(z,z); x2@1. x2@1/x3,x2@2. body(x3;x2@2))))
case_ptn_var Def Case ptn_var(x) = > body(x) cont(x1,z) == (x1.inr(x2) = > (x1.inr(x2) = > (x1.inl(x2) = > body(hd([x2 / tl(x1)])) cont(hd(x1),z))([x2 / tl(x1)]) cont(hd(x1),z))([x2 / tl(x1)]) cont(hd(x1),z))([x1])
case Def Case(value) body == body(value,value)
ptn_con Def ptn_con(T) == Atom++Atom+(TT)
Thm* T:Type. ptn_con(T) Type
hd Def hd(l) == Case of l; nil "?" ; h.t h
Thm* A:Type, l:A List. ||l||1 hd(l) A
Thm* A:Type, l:A List. hd(l) A
tl Def tl(l) == Case of l; nil nil ; h.t t
Thm* A:Type, l:A List. tl(l) A List
case_inl Def inl(x) = > body(x) cont(value,contvalue) == InjCase(value; x. body(x); _. cont(contvalue,contvalue))
case_inr Def inr(x) = > body(x) cont(value,contvalue) == InjCase(value; _. cont(contvalue,contvalue); x. body(x))

Syntax:(M |= always s,t.P(s;t)) has structure: trace_inv(M; s,t.P(s;t))

About:
spreadspreadspreadproductproductlistconsconsnil
list_indboolbfalsebtrueifthenelse
assertintnatural_numberatomtokenuniondecide
setlambdaapplyfunctionrecursive_def_noticerec
universeequalmemberpropimpliesandfalsetrueallexists
!abstraction

WhoCites Definitions GenAutomata Sections NuprlLIB Doc