Nuprl - mb_hybrid Citations of and

Def P & Q == P

is mentioned by

Thm* E:TaggedEventStruct, tr:Trace(E). (switch_inv(E) No-dup-send(E))(tr) (tr':Trace(E). switch_inv(E)(tr') & AD-normal(E)(tr') & (tr adR(E) tr')) [switch_normal_exists]

Thm* E:EventStruct, a,b:|E|, tr:|E| List. a somewhere delivered before b (k:||tr||. a delivered at time k (k':||tr||. k' < k & b delivered at time k' & loc(E)(tr[k']) = loc(E)(tr[k]))) [not_delivered_before_somewhere]

Thm* E:TaggedEventStruct, P,I,J,K:TraceProperty(E) , R:(Trace(E)Trace(E)Prop). tag_splitable(E;R) (tr_1,tr_2:Trace(E). (tr_1 R tr_2) (tr_2 R tr_1)) R preserves P R preserves K (tr:Trace(E). (I K)(tr) (tr':Trace(E). I(tr') & J(tr') & (tr R tr'))) (((I J) K) fuses P) ((I K) fuses P) [normal_form_fusion]

Thm* E:EventStruct, tr:|E| List. Causal(E)(tr) (tr':|E| List. tr' tr (xtr'.(ytr'.is-send(E)(y) & (y =msg=(E) x)))) [P_causal_iff]

Def full_switch_inv(E;A;evt;tg;tr_u;tr_l) == tr_m:A List. (tr_l R(tg) tr_m) & (map(evt;tr_m) layerR(E) tr_u) & switch_inv( < A,evt,tg > (E))(tr_m) [full_switch_inv]

Def switchable(E)(P) == safetyR(E) preserves P & memorylessR(E) preserves P & (ternary) composableR(E) preserves P & send-enabledR(E) preserves P & asyncR(E) preserves P & delayableR(E) preserves P & (P refines Causal(E)) & (P refines No-dup-deliver(E)) [b_switchable]

Def switchable0(E)(P) == safetyR(E) preserves P & memorylessR(E) preserves P & (ternary) composableR(E) preserves P & send-enabledR(E) preserves P & asyncR(E) preserves P & delayableR(E) preserves P [switchable0]

Def switchR(tr)(i,j) == (is-send(E)(tr[i])) & (is-send(E)(tr[j])) & i < j & tr[j] somewhere delivered before tr[i] j < i & tr[i] somewhere delivered before tr[j] [switch_inv_rel]

Def switch_inv(E)(tr) == i,j,k:||tr||. i < j (is-send(E)(tr[i])) (is-send(E)(tr[j])) tag(E)(tr[i]) = tag(E)(tr[j]) tr[j] delivered at time k (k':||tr||. k' < k & tr[i] delivered at time k' & loc(E)(tr[k']) = loc(E)(tr[k])) [switch_inv]

Def asyncR(E) == swap adjacent[loc(E)(x) = loc(E)(y) & (is-send(E)(x)) & (is-send(E)(y)) (is-send(E)(x)) & (is-send(E)(y))] [R_async]

Def delayableR(E) == swap adjacent[(x =msg=(E) y) & (is-send(E)(x)) & (is-send(E)(y)) (is-send(E)(x)) & (is-send(E)(y))] [R_delayable]

Def MCS(E)(P) == memorylessR(E) preserves P & (ternary) composableR(E) preserves P & safetyR(E) preserves P [memoryless_composable_safety]

Def switch-decomposable(E)(L) == L = nil |E| List (Q:(||L||Prop). (i:||L||. Dec(Q(i))) & (i:||L||. Q(i)) & (i:||L||. Q(i) (is-send(E)(L[i]))) & (i,j:||L||. Q(i) Q(j) tag(E)(L[i]) = tag(E)(L[j])) & (i,j:||L||. Q(i) ij C(Q)(j))) [switch_decomposable]

Def AD-normal(E)(tr) == i:(||tr||-1). ((is-send(E)(tr[i])) (is-send(E)(tr[(i+1)])) (tr[i] =msg=(E) tr[(i+1)])) & ((x,y:||tr||. x < y & (is-send(E)(tr[x])) & (is-send(E)(tr[y])) & tr[x] delivered at time i+1 & tr[y] delivered at time i) loc(E)(tr[i]) = loc(E)(tr[(i+1)])) [switch_normal]

Def x somewhere delivered before y == k:||tr||. x delivered at time k & (k':||tr||. y delivered at time k' loc(E)(tr[k']) = loc(E)(tr[k]) kk') [delivered_before_somewhere]

Def swap adjacent[P(x;y)](L1,L2) == i:(||L1||-1). P(L1[i];L1[(i+1)]) & L2 = swap(L1;i;i+1) A List [swap_adjacent]

Def Macro x R_del(E) y == (x =msg=(E) y) & is-deliver(E)(x) & (is-send(E)(y)) (is-send(E)(x)) & is-deliver(E)(y) [R_del]

Def send-enabledR(E)(L_1,L_2) == x:|E|. (is-send(E)(x)) & L_2 = (L_1 @ [x]) [R_send_enabled]

Def composableR(E)(L_1,L_2,L) == (xL_1.(yL_2.(x =msg=(E) y))) & L = (L_1 @ L_2) |E| List [R_composable]

Def R_ad_normal(tr)(a,b) == ((is-send(E)(a)) (is-send(E)(b)) (a =msg=(E) b)) & ((is-send(E)(a)) (is-send(E)(b)) (x,y:||tr||. x < y & (is-send(E)(tr[x])) & (is-send(E)(tr[y])) & (tr[x] =msg=(E) b) & (tr[y] =msg=(E) a)) loc(E)(a) = loc(E)(b)) [R_ad_normal]

Def single-tag-decomposable(E)(L) == L = nil |E| List (L_1,L_2:Trace(E). L = (L_1 @ L_2) |E| List & L_2 = nil |E| List & (xL_1.(yL_2.(x =msg=(E) y))) & (m:Label. (xL_2.tag(E)(x) = m))) [single_tag_decomposable]

Def C(Q)(i) == k:||L||. Q(k) & (L[k] =msg=(E) L[i]) [message_closure]

Def Causal(E)(tr) == i:||tr||. j:||tr||. ji & (is-send(E)(tr[j])) & (tr[j] =msg=(E) tr[i]) [P_causal]

Def x delivered at time k == (x =msg=(E) tr[k]) & (is-send(E)(tr[k])) [delivered_at]

Def switch_inv(E; tr) == i,j,k:||tr||. i < j (is-send(E)(tr[i])) (is-send(E)(tr[j])) tag(E)(tr[i]) = tag(E)(tr[j]) (tr[j] =msg=(E) tr[k]) (is-send(E)(tr[k])) (k':||tr||. k' < k & loc(E)(tr[k']) = loc(E)(tr[k]) & (tr[i] =msg=(E) tr[k']) & (is-send(E)(tr[k']))) [switch_inv2001_03_15_DASH_PM_DASH_12_53_21]

In prior sections: core int 1 bool 1 int 2 mb nat num thy 1 mb list 1 mb list 2 mb structures mb collection fun 1 rel 1

Try larger context: GenAutomata

mb hybrid Sections GenAutomata Doc

`Thm* E:TaggedEventStruct, tr:Trace(E). (switch_inv(E) No-dup-send(E))(tr) (tr':Trace(E). switch_inv(E)(tr') & AD-normal(E)(tr') & (tr adR(E) tr'))`	[switch_normal_exists]
`Thm* E:EventStruct, a,b:\|E\|, tr:\|E\| List. a somewhere delivered before b (k:\|\|tr\|\|. a delivered at time k (k':\|\|tr\|\|. k' < k & b delivered at time k' & loc(E)(tr[k']) = loc(E)(tr[k])))`	[not_delivered_before_somewhere]
`Thm* E:TaggedEventStruct, P,I,J,K:TraceProperty(E) , R:(Trace(E)Trace(E)Prop). tag_splitable(E;R) (tr_1,tr_2:Trace(E). (tr_1 R tr_2) (tr_2 R tr_1)) R preserves P R preserves K (tr:Trace(E). (I K)(tr) (tr':Trace(E). I(tr') & J(tr') & (tr R tr'))) (((I J) K) fuses P) ((I K) fuses P)`	[normal_form_fusion]
`Thm* E:EventStruct, tr:\|E\| List. Causal(E)(tr) (tr':\|E\| List. tr' tr (xtr'.(ytr'.is-send(E)(y) & (y =msg=(E) x))))`	[P_causal_iff]
`Def full_switch_inv(E;A;evt;tg;tr_u;tr_l) == tr_m:A List. (tr_l R(tg) tr_m) & (map(evt;tr_m) layerR(E) tr_u) & switch_inv( < A,evt,tg > (E))(tr_m)`	[full_switch_inv]
`Def switchable(E)(P) == safetyR(E) preserves P & memorylessR(E) preserves P & (ternary) composableR(E) preserves P & send-enabledR(E) preserves P & asyncR(E) preserves P & delayableR(E) preserves P & (P refines Causal(E)) & (P refines No-dup-deliver(E))`	[b_switchable]
`Def switchable0(E)(P) == safetyR(E) preserves P & memorylessR(E) preserves P & (ternary) composableR(E) preserves P & send-enabledR(E) preserves P & asyncR(E) preserves P & delayableR(E) preserves P`	[switchable0]
`Def switchR(tr)(i,j) == (is-send(E)(tr[i])) & (is-send(E)(tr[j])) & i < j & tr[j] somewhere delivered before tr[i] j < i & tr[i] somewhere delivered before tr[j]`	[switch_inv_rel]
`Def switch_inv(E)(tr) == i,j,k:\|\|tr\|\|. i < j (is-send(E)(tr[i])) (is-send(E)(tr[j])) tag(E)(tr[i]) = tag(E)(tr[j]) tr[j] delivered at time k (k':\|\|tr\|\|. k' < k & tr[i] delivered at time k' & loc(E)(tr[k']) = loc(E)(tr[k]))`	[switch_inv]
`Def asyncR(E) == swap adjacent[loc(E)(x) = loc(E)(y) & (is-send(E)(x)) & (is-send(E)(y)) (is-send(E)(x)) & (is-send(E)(y))]`	[R_async]
`Def delayableR(E) == swap adjacent[(x =msg=(E) y) & (is-send(E)(x)) & (is-send(E)(y)) (is-send(E)(x)) & (is-send(E)(y))]`	[R_delayable]
`Def MCS(E)(P) == memorylessR(E) preserves P & (ternary) composableR(E) preserves P & safetyR(E) preserves P`	[memoryless_composable_safety]
`Def switch-decomposable(E)(L) == L = nil \|E\| List (Q:(\|\|L\|\|Prop). (i:\|\|L\|\|. Dec(Q(i))) & (i:\|\|L\|\|. Q(i)) & (i:\|\|L\|\|. Q(i) (is-send(E)(L[i]))) & (i,j:\|\|L\|\|. Q(i) Q(j) tag(E)(L[i]) = tag(E)(L[j])) & (i,j:\|\|L\|\|. Q(i) ij C(Q)(j)))`	[switch_decomposable]
`Def AD-normal(E)(tr) == i:(\|\|tr\|\|-1). ((is-send(E)(tr[i])) (is-send(E)(tr[(i+1)])) (tr[i] =msg=(E) tr[(i+1)])) & ((x,y:\|\|tr\|\|. x < y & (is-send(E)(tr[x])) & (is-send(E)(tr[y])) & tr[x] delivered at time i+1 & tr[y] delivered at time i) loc(E)(tr[i]) = loc(E)(tr[(i+1)]))`	[switch_normal]
`Def x somewhere delivered before y == k:\|\|tr\|\|. x delivered at time k & (k':\|\|tr\|\|. y delivered at time k' loc(E)(tr[k']) = loc(E)(tr[k]) kk')`	[delivered_before_somewhere]
`Def swap adjacent[P(x;y)](L1,L2) == i:(\|\|L1\|\|-1). P(L1[i];L1[(i+1)]) & L2 = swap(L1;i;i+1) A List`	[swap_adjacent]
`Def Macro x R_del(E) y == (x =msg=(E) y) & is-deliver(E)(x) & (is-send(E)(y)) (is-send(E)(x)) & is-deliver(E)(y)`	[R_del]
`Def send-enabledR(E)(L_1,L_2) == x:\|E\|. (is-send(E)(x)) & L_2 = (L_1 @ [x])`	[R_send_enabled]
`Def composableR(E)(L_1,L_2,L) == (xL_1.(yL_2.(x =msg=(E) y))) & L = (L_1 @ L_2) \|E\| List`	[R_composable]
`Def R_ad_normal(tr)(a,b) == ((is-send(E)(a)) (is-send(E)(b)) (a =msg=(E) b)) & ((is-send(E)(a)) (is-send(E)(b)) (x,y:\|\|tr\|\|. x < y & (is-send(E)(tr[x])) & (is-send(E)(tr[y])) & (tr[x] =msg=(E) b) & (tr[y] =msg=(E) a)) loc(E)(a) = loc(E)(b))`	[R_ad_normal]
`Def single-tag-decomposable(E)(L) == L = nil \|E\| List (L_1,L_2:Trace(E). L = (L_1 @ L_2) \|E\| List & L_2 = nil \|E\| List & (xL_1.(yL_2.(x =msg=(E) y))) & (m:Label. (xL_2.tag(E)(x) = m)))`	[single_tag_decomposable]
`Def C(Q)(i) == k:\|\|L\|\|. Q(k) & (L[k] =msg=(E) L[i])`	[message_closure]
`Def Causal(E)(tr) == i:\|\|tr\|\|. j:\|\|tr\|\|. ji & (is-send(E)(tr[j])) & (tr[j] =msg=(E) tr[i])`	[P_causal]
`Def x delivered at time k == (x =msg=(E) tr[k]) & (is-send(E)(tr[k]))`	[delivered_at]
`Def switch_inv(E; tr) == i,j,k:\|\|tr\|\|. i < j (is-send(E)(tr[i])) (is-send(E)(tr[j])) tag(E)(tr[i]) = tag(E)(tr[j]) (tr[j] =msg=(E) tr[k]) (is-send(E)(tr[k])) (k':\|\|tr\|\|. k' < k & loc(E)(tr[k']) = loc(E)(tr[k]) & (tr[i] =msg=(E) tr[k']) & (is-send(E)(tr[k'])))`	[switch_inv2001_03_15_DASH_PM_DASH_12_53_21]