Nuprl - mb_state_machine Citations of trace

mb state machine Sections GenAutomata Doc

Def (M |= always s,t.P(s;t)) ==

t:M.action List, s0,s:M.state. M.init(s0)

trace_reachable(M;s0;t;s)

P(s;t)

is mentioned by

Thm* M:sm{i:l}(), P:(M.state(M.action List)Prop). (M |= always s,t.P(s,t)) (M |= s,t.P(s,t) while True) & (M |= initially s,t.P(s,t)) [trace_inv_as_while]

Thm* M:sm{i:l}(), I:(M.state(M.action List)Prop). (x:M.state. M.init(x) I(x,nil)) (s0,x:M.state, act:M.action, x':M.state, l:M.action List. M.init(s0) trace_reachable(M;s0;l;x) I(x,l) M.trans(x,act,x') I(x',l @ [act])) (M |= always s,t.I(s,t)) [trace_inv_induction]

Try larger context: GenAutomata

mb state machine Sections GenAutomata Doc

`Thm* M:sm{i:l}(), P:(M.state(M.action List)Prop). (M \|= always s,t.P(s,t)) (M \|= s,t.P(s,t) while True) & (M \|= initially s,t.P(s,t))`	[trace_inv_as_while]
`Thm* M:sm{i:l}(), I:(M.state(M.action List)Prop). (x:M.state. M.init(x) I(x,nil)) (s0,x:M.state, act:M.action, x':M.state, l:M.action List. M.init(s0) trace_reachable(M;s0;l;x) I(x,l) M.trans(x,act,x') I(x',l @ [act])) (M \|= always s,t.I(s,t))`	[trace_inv_induction]