Nuprl Lemma : consensus-safety

∀V:Type
  ((∀v1,v2:V.  Dec(v1 = v2 ∈ V))
  ⇒ {∃v,v':V. (¬(v = v' ∈ V))}
  ⇒ (∀L:V List. Dec(∃v:V. (¬(v ∈ L))))
  ⇒ (∀A:Id List. ∀W:{a:Id| (a ∈ A)}  List List.
        ((||W|| ≥ 1 )
        ⇒ two-intersection(A;W)
        ⇒ (∀s1,s2:ts-reachable(consensus-ts4(V;A;W)).
              ((s1 (ts-rel(consensus-ts4(V;A;W))^*) s2)
              ⇒ (∀v1,v2:V.
                    ((∃i:ℕ. in state s1, inning i has committed v1)
                    ⇒ (∃j:ℕ. in state s2, inning j has committed v2)
                    ⇒ (v1 = v2 ∈ V))))))))

Proof

Definitions occuring in Statement : two-intersection: two-intersection(A;W), cs-inning-committed: in state s, inning i has committed v, consensus-ts4: consensus-ts4(V;A;W), Id: Id, l_member: (x ∈ l), length: ||as||, list: T List, rel_star: R^*, nat: ℕ, decidable: Dec(P), guard: {T}, infix_ap: x f y, ge: i ≥ j , all: ∀x:A. B[x], exists: ∃x:A. B[x], not: ¬A, implies: P ⇒ Q, set: {x:A| B[x]} , natural_number: $n, universe: Type, equal: s = t ∈ T, ts-reachable: ts-reachable(ts), ts-rel: ts-rel(ts), ts-type: ts-type(ts)
Definitions unfolded in proof : all: ∀x:A. B[x], member: t ∈ T, implies: P ⇒ Q, exists: ∃x:A. B[x], and: P ∧ Q, prop: ℙ, uall: ∀[x:A]. B[x], so_lambda: λ₂x.t[x], subtype_rel: A ⊆r B, ts-reachable: ts-reachable(ts), infix_ap: x f y, so_apply: x[s], uimplies: b supposing a, ts-type: ts-type(ts), pi1: fst(t), consensus-ts4: consensus-ts4(V;A;W), consensus-state4: ConsensusState, nat: ℕ, ge: i ≥ j , iff: P ⇐⇒ Q, rev_implies: P ⇐ Q, consensus-state1: consensus-state1(V), consensus-ts1: consensus-ts1(T), ts-rel: ts-rel(ts), pi2: snd(t), rel_star: R^*, rel_exp: R^n, or: P ∨ Q, sq_type: SQType(T), guard: {T}, uiff: uiff(P;Q), ifthenelse: if b then t else f fi , btrue: tt, not: ¬A, bfalse: ff, cs-decided: Decided[v], outl: outl(x), isl: isl(x), assert: ↑b, true: True, cs-undecided: UNDECIDED, false: False

Latex:
\mforall{}V:Type ((\mforall{}v1,v2:V. Dec(v1 = v2)) {}\mRightarrow{} \{\mexists{}v,v':V. (\mneg{}(v = v'))\} {}\mRightarrow{} (\mforall{}L:V List. Dec(\mexists{}v:V. (\mneg{}(v \mmember{} L)))) {}\mRightarrow{} (\mforall{}A:Id List. \mforall{}W:\{a:Id| (a \mmember{} A)\} List List. ((||W|| \mgeq{} 1 ) {}\mRightarrow{} two-intersection(A;W) {}\mRightarrow{} (\mforall{}s1,s2:ts-reachable(consensus-ts4(V;A;W)). ((s1 rel\_star(ts-type(consensus-ts4(V;A;W)); ts-rel(consensus-ts4(V;A;W))) s2) {}\mRightarrow{} (\mforall{}v1,v2:V. ((\mexists{}i:\mBbbN{}. in state s1, inning i has committed v1) {}\mRightarrow{} (\mexists{}j:\mBbbN{}. in state s2, inning j has committed v2) {}\mRightarrow{} (v1 = v2)))))))) Date html generated: 2016_05_16-PM-00_15_52 Last ObjectModification: 2015_12_29-PM-01_26_44 Theory : event-ordering Home Index