Proof of Nuprl Lemma : consensus-safety1

Step * 1 1 1 of Lemma consensus-safety1

1. V : Type@i'
2. ∀v1,v2:V.  Dec(v1 = v2 ∈ V)@i
3. {∃v,v':V. (¬(v = v' ∈ V))}@i
4. ∀L:V List. Dec(∃v:V. (¬(v ∈ L)))@i
5. A : Id List@i
6. W : {a:Id| (a ∈ A)}  List List@i
7. ||W|| ≥ 1 @i
8. two-intersection(A;W)@i
9. f : ConsensusState ⟶ (consensus-state3(V) List)
10. cs-ref-map-constraints(V;A;W;f)
11. ts-refinement(consensus-ts1(V);consensus-ts3(V);(λx.if cs-is-decided(x) then x else UNDECIDED fi )
                   o (λL.cs-ref-map3(L)))
12. ts-refinement(consensus-ts3(V);consensus-ts4(V;A;W);f)
⊢ ∃f:ConsensusState ⟶ consensus-state1(V)
   ((∀v:V. ∀s:ts-reachable(consensus-ts4(V;A;W)).
       ((f s) = Decided[v] ∈ consensus-state1(V) ⇐⇒ ∃i:ℕ. in state s, inning i has committed v))
   ∧ ts-refinement(consensus-ts1(V);consensus-ts4(V;A;W);f))
BY

{ ((InstLemma `ts-refinement-composition` [⌜consensus-ts1(V)⌝;⌜consensus-ts3(V)⌝;⌜consensus-ts4(V;A;W)⌝]⋅ THENA Auto)

   THEN (FHyp (-1) [-3;-2]
         THENA (RepUR ``ts-type consensus-ts3 consensus-ts4 consensus-ts1`` 0
                THEN Auto
                THEN RepUR ``cs-is-decided consensus-state2 consensus-state1 cs-undecided`` 0
                THEN Auto)
         )
   THEN Thin (-2)) }

1
1. V : Type@i'
2. ∀v1,v2:V.  Dec(v1 = v2 ∈ V)@i
3. {∃v,v':V. (¬(v = v' ∈ V))}@i
4. ∀L:V List. Dec(∃v:V. (¬(v ∈ L)))@i
5. A : Id List@i
6. W : {a:Id| (a ∈ A)}  List List@i
7. ||W|| ≥ 1 @i
8. two-intersection(A;W)@i
9. f : ConsensusState ⟶ (consensus-state3(V) List)
10. cs-ref-map-constraints(V;A;W;f)
11. ts-refinement(consensus-ts1(V);consensus-ts3(V);(λx.if cs-is-decided(x) then x else UNDECIDED fi )
                   o (λL.cs-ref-map3(L)))
12. ts-refinement(consensus-ts3(V);consensus-ts4(V;A;W);f)
13. ts-refinement(consensus-ts1(V);consensus-ts4(V;A;W);((λx.if cs-is-decided(x) then x else UNDECIDED fi )
                   o (λL.cs-ref-map3(L))) o f)
⊢ ∃f:ConsensusState ⟶ consensus-state1(V)
   ((∀v:V. ∀s:ts-reachable(consensus-ts4(V;A;W)).
       ((f s) = Decided[v] ∈ consensus-state1(V) ⇐⇒ ∃i:ℕ. in state s, inning i has committed v))
   ∧ ts-refinement(consensus-ts1(V);consensus-ts4(V;A;W);f))

Latex:

Latex:
1. V : Type@i' 2. \mforall{}v1,v2:V. Dec(v1 = v2)@i 3. \{\mexists{}v,v':V. (\mneg{}(v = v'))\}@i 4. \mforall{}L:V List. Dec(\mexists{}v:V. (\mneg{}(v \mmember{} L)))@i 5. A : Id List@i 6. W : \{a:Id| (a \mmember{} A)\} List List@i 7. ||W|| \mgeq{} 1 @i 8. two-intersection(A;W)@i 9. f : ConsensusState {}\mrightarrow{} (consensus-state3(V) List) 10. cs-ref-map-constraints(V;A;W;f) 11. ts-refinement(consensus-ts1(V);consensus-ts3(V); (\mlambda{}x.if cs-is-decided(x) then x else UNDECIDED fi ) o (\mlambda{}L.cs-ref-map3(L))) 12. ts-refinement(consensus-ts3(V);consensus-ts4(V;A;W);f) \mvdash{} \mexists{}f:ConsensusState {}\mrightarrow{} consensus-state1(V) ((\mforall{}v:V. \mforall{}s:ts-reachable(consensus-ts4(V;A;W)). ((f s) = Decided[v] \mLeftarrow{}{}\mRightarrow{} \mexists{}i:\mBbbN{}. in state s, inning i has committed v)) \mwedge{} ts-refinement(consensus-ts1(V);consensus-ts4(V;A;W);f)) By Latex: ((InstLemma `ts-refinement-composition` [\mkleeneopen{}consensus-ts1(V)\mkleeneclose{};\mkleeneopen{}consensus-ts3(V)\mkleeneclose{}; \mkleeneopen{}consensus-ts4(V;A;W)\mkleeneclose{}]\mcdot{} THENA Auto ) THEN (FHyp (-1) [-3;-2] THENA (RepUR ``ts-type consensus-ts3 consensus-ts4 consensus-ts1`` 0 THEN Auto THEN RepUR ``cs-is-decided consensus-state2 consensus-state1 cs-undecided`` 0 THEN Auto) ) THEN Thin (-2)) Home Index