| | Who Cites memoryless composable safety? |
|
| memoryless_composable_safety | Def MCS(E)(P)
== memorylessR(E) preserves P & (ternary) composableR(E) preserves P & safetyR(E) preserves P |
| | | Thm*  E:EventStruct. MCS(E)  TraceProperty(E)  Prop |
|
| R_safety |
Def safetyR(E)(tr_1,tr_2) == tr_2  tr_1 |
| | | Thm* E:EventStruct. safetyR(E) (|E| List)(|E| List)Prop |
|
| R_composable |
Def composableR(E)(L_1,L_2,L)
== (xL_1.(yL_2.  (x =msg=(E) y))) & L = (L_1 @ L_2) |E| List |
| | | Thm* E:EventStruct. composableR(E) (|E| List)(|E| List)(|E| List)Prop |
|
| R_memoryless |
Def memorylessR(E)(L_1,L_2)
==  a:|E|. L_2 = filter( b. (b =msg=(E) a);L_1) |E| List |
| | | Thm* E:EventStruct. memorylessR(E) (|E| List)(|E| List)Prop |
|
| carrier |
Def |S| == 1of(S) |
| | | Thm* S:Structure. |S| Type |
|
| preserved_by |
Def R preserves P == x,y:T. P(x)   (x R y) P(y) |
| | | Thm* T:Type, P:(TProp), R:(TTProp). R preserves P Prop |
|
| preserved_by2 |
Def (ternary) R preserves P == x,y,z:T. P(x) P(y) R(x,y,z) P(z) |
| | | Thm* T:Type, P:(TProp), R:(TTTProp). (ternary) R preserves P Prop |
|
| iseg |
Def l1 l2 == l:T List. l2 = (l1 @ l) |
| | | Thm* T:Type, l1,l2:T List. l1 l2 Prop |
|
| event_msg_eq |
Def =msg=(E)(e_1,e_2) == (msg(E)(e_1)) =(MS(E)) (msg(E)(e_2)) |
| | | Thm* E:EventStruct. =msg=(E) |E||E| |
|
| event_msg |
Def msg(E) == 1of(2of(2of(E))) |
| | |
Thm* E:EventStruct. msg(E) |E||MS(E)| |
|
| event_msg_str |
Def MS(E) == 1of(2of(E)) |
| | | Thm* E:EventStruct. MS(E) MessageStruct |
|
| msg_eq |
Def =(M)(m_1,m_2)
== ((content(M)(m_1)) =(cEQ(M)) (content(M)(m_2))) sender(M)(m_1) = sender(M)(m_2)
(uid(M)(m_1)=uid(M)(m_2)) |
| | | Thm* M:MessageStruct. =(M) |M||M| |
|
| msg_id |
Def uid(MS) == 1of(2of(2of(2of(2of(MS))))) |
| | |
Thm* M:MessageStruct. uid(M) |M| |
|
| msg_sender |
Def sender(MS) == 1of(2of(2of(2of(MS)))) |
| | |
Thm* M:MessageStruct. sender(M) |M|Label |
|
| msg_content |
Def content(MS) == 1of(2of(2of(MS))) |
| | |
Thm* M:MessageStruct. content(M) |M||cEQ(M)| |
|
| msg_content_eq |
Def cEQ(MS) == 1of(2of(MS)) |
| | | Thm* M:MessageStruct. cEQ(M) DecidableEquiv |
|
| eq_dequiv |
Def =(DE) == 1of(2of(DE)) |
| | | Thm* E:DecidableEquiv. =(E) |E||E| |
|
| pi1 |
Def 1of(t) == t.1 |
| | | Thm* A:Type, B:(AType), p:(a:A B(a)). 1of(p) A |
|
| append |
Def as @ bs == Case of as; nil  bs ; a.as' [a / (as' @ bs)] (recursive) |
| | |
Thm* T:Type, as,bs:T List. (as @ bs) T List |
|
| assert |
Def b == if b True else False fi |
| | | Thm* b:. b Prop |
|
| l_all |
Def (xL.P(x)) == x:T. (x L) P(x) |
| | | Thm* T:Type, L:T List, P:(TProp). (xL.P(x)) Prop |
|
| l_member |
Def (x l) == i: . i < ||l|| & x = l[i] T |
| | | Thm* T:Type, x:T, l:T List. (x l) Prop |
|
| nat |
Def == {i:| 0i } |
| | | Thm* Type |
|
| le |
Def AB == B < A |
| | | Thm* i,j:. (ij) Prop |
|
| not |
Def A == A False |
| | | Thm* A:Prop. (A) Prop |
|
| select |
Def l[i] == hd(nth_tl(i;l)) |
| | |
Thm* A:Type, l:A List, n:. 0n n < ||l|| l[n] A |
|
| nth_tl |
Def nth_tl(n;as) == if n0 as else nth_tl(n-1;tl(as)) fi (recursive) |
| | |
Thm* A:Type, as:A List, i:. nth_tl(i;as) A List |
|
| le_int |
Def ij == j < i |
| | | Thm* i,j:. (ij) |
|
| bnot |
Def b == if b false else true fi |
| | | Thm* b:. b |
|
| filter |
Def filter(P;l) == reduce(a,v. if P(a) [a / v] else v fi;nil;l) |
| | | Thm* T:Type, P:(T), l:T List. filter(P;l) T List |
|
| reduce |
Def reduce(f;k;as) == Case of as; nil k ; a.as' f(a,reduce(f;k;as')) (recursive) |
| | |
Thm* A,B:Type, f:(ABB), k:B, as:A List. reduce(f;k;as) B |
|
| pi2 |
Def 2of(t) == t.2 |
| | |
Thm* A:Type, B:(AType), p:(a:AB(a)). 2of(p) B(1of(p)) |
|
| eq_lbl |
Def l1 = l2
== Case(l1)
Case ptn_atom(x) = >
Case(l2)
Case ptn_atom(y) = >
x=yAtom
Default = > false
Case ptn_int(x) = >
Case(l2)
Case ptn_int(y) = >
x=y
Default = > false
Case ptn_var(x) = >
Case(l2)
Case ptn_var(y) = >
x=yAtom
Default = > false
Case ptn_pr( < x, y > ) = >
Case(l2)
Case ptn_pr( < u, v > ) = >
x = uy = v
Default = > false
Default = > false
(recursive) |
| | |
Thm* l1,l2:Pattern. l1 = l2 |
|
| eq_int |
Def i=j == if i=j true ; false fi |
| | | Thm* i,j:. (i=j) |
|
| band |
Def pq == if p q else false fi |
| | | Thm* p,q:. (pq) |
|
| length |
Def ||as|| == Case of as; nil 0 ; a.as' ||as'||+1 (recursive) |
| | |
Thm* A:Type, l:A List. ||l|| |
| | |
Thm* ||nil|| |
|
| case_default |
Def Default = > body(value,value) == body |
|
| case_lbl_pair |
Def Case ptn_pr( < x, y > ) = > body(x;y) cont(x1,z)
== InjCase(x1; _. cont(z,z); x2.
InjCase(x2; _. cont(z,z); x2@0. InjCase(x2@0; _. cont(z,z); x2@1. x2@1/x3,x2@2. body(x3;x2@2)))) |
|
| case |
Def Case(value) body == body(value,value) |
|
| eq_atom |
Def x=yAtom == if x=yAtomtrue; false fi |
| | | Thm* x,y:Atom. x=yAtom |
|
| case_ptn_var |
Def Case ptn_var(x) = > body(x) cont(x1,z)
== (x1.inr(x2) = >
(x1.inr(x2) = >
(x1.inl(x2) = > body(hd([x2 / tl(x1)])) cont(hd(x1),z))([x2 / tl(x1)])
cont
(hd(x1)
,z))
([x2 / tl(x1)])
cont
(hd(x1)
,z))
([x1]) |
|
| case_ptn_int |
Def Case ptn_int(x) = > body(x) cont(x1,z)
== (x1.inr(x2) = >
(x1.inl(x2) = > body(hd([x2 / tl(x1)])) cont(hd(x1),z))([x2 / tl(x1)])
cont
(hd(x1)
,z))
([x1]) |
|
| case_ptn_atom |
Def Case ptn_atom(x) = > body(x) cont(x1,z)
== InjCase(x1; x2. body(x2); _. cont(z,z)) |
|
| hd |
Def hd(l) == Case of l; nil "?" ; h.t h |
| | |
Thm* A:Type, l:A List. ||l|| 1 hd(l) A |
| | |
Thm* A:Type, l:A List . hd(l) A |
|
| tl |
Def tl(l) == Case of l; nil nil ; h.t t |
| | |
Thm* A:Type, l:A List. tl(l) A List |
|
| case_inl |
Def inl(x) = > body(x) cont(value,contvalue)
== InjCase(value; x. body(x); _. cont(contvalue,contvalue)) |
|
| case_inr |
Def inr(x) = > body(x) cont(value,contvalue)
== InjCase(value; _. cont(contvalue,contvalue); x. body(x)) |
|
| lt_int |
Def i < j == if i < j true ; false fi |
| | | Thm* i,j:. (i < j) |
