Nuprl Lemma : three-cs-safety1

∀[V:Type]. ∀[eq:EqDecider(V)]. ∀[A:Id List]. ∀[t:ℕ⁺].
  (∀[f:(V List) ⟶ V]
     ∀[v,w:V]. ∀[s,s':ts-reachable(three-consensus-ts(V;A;t;f))].
       (v = w ∈ V) supposing
          (three-cs-decided(V;A;t;f;s';w) and
          three-cs-decided(V;A;t;f;s;v) and
          (s (ts-rel(three-consensus-ts(V;A;t;f))^*) s'))
     supposing ∀vs:V List. ∀v:V.
                 ((||vs|| = ((2 * t) + 1) ∈ ℤ)
                 ⇒ ((t + 1) ≤ ||filter(λx.(eqof(eq) x v);vs)||)
                 ⇒ ((f vs) = v ∈ V))) supposing
     ((||A|| = ((3 * t) + 1) ∈ ℤ) and
     no_repeats(Id;A))

Proof

Definitions occuring in Statement : three-cs-decided: three-cs-decided(V;A;t;f;s;v), three-consensus-ts: three-consensus-ts(V;A;t;f), Id: Id, no_repeats: no_repeats(T;l), length: ||as||, filter: filter(P;l), list: T List, eqof: eqof(d), deq: EqDecider(T), rel_star: R^*, nat_plus: ℕ⁺, uimplies: b supposing a, uall: ∀[x:A]. B[x], infix_ap: x f y, le: A ≤ B, all: ∀x:A. B[x], implies: P ⇒ Q, apply: f a, lambda: λx.A[x], function: x:A ⟶ B[x], multiply: n * m, add: n + m, natural_number: $n, int: ℤ, universe: Type, equal: s = t ∈ T, ts-reachable: ts-reachable(ts), ts-rel: ts-rel(ts), ts-type: ts-type(ts)
Definitions unfolded in proof : uall: ∀[x:A]. B[x], member: t ∈ T, uimplies: b supposing a, all: ∀x:A. B[x], subtype_rel: A ⊆r B, ts-reachable: ts-reachable(ts), three-consensus-ts: three-consensus-ts(V;A;t;f), ts-type: ts-type(ts), pi1: fst(t), prop: ℙ, so_lambda: λ₂x.t[x], so_apply: x[s], implies: P ⇒ Q, nat_plus: ℕ⁺, infix_ap: x f y, three-cs-decided: three-cs-decided(V;A;t;f;s;v), exists: ∃x:A. B[x], and: P ∧ Q, cand: A c∧ B, l_all: (∀x∈L.P[x]), int_seg: {i..j^-}, guard: {T}, iff: P ⇐⇒ Q, rev_implies: P ⇐ Q, lelt: i ≤ j < k, decidable: Dec(P), or: P ∨ Q, satisfiable_int_formula: satisfiable_int_formula(fmla), false: False, not: ¬A, top: Top, so_lambda: λ₂x y.t[x; y], so_apply: x[s1;s2], refl: Refl(T;x,y.E[x; y]), trans: Trans(T;x,y.E[x; y]), label: ...$L... t, iseg: l1 ≤ l2, ts-rel: ts-rel(ts), rel_implies: R1 => R2, pi2: snd(t), nat: ℕ, Id: Id, sq_type: SQType(T), ts-stable-rel: ts-stable-rel(ts;x,y.R[x; y]), ge: i ≥ j , less_than: a < b, squash: ↓T, less_than': less_than'(a;b), cons: [a / b], archive-condition: archive-condition(V;A;t;f;n;v;L), le: A ≤ B, subtract: n - m, eqof: eqof(d), uiff: uiff(P;Q), deq: EqDecider(T), inject: Inj(A;B;f), sq_stable: SqStable(P), no_repeats: no_repeats(T;l), true: True, two-intersection: two-intersection(A;W), compat: l1 || l2

Latex:
\mforall{}[V:Type]. \mforall{}[eq:EqDecider(V)]. \mforall{}[A:Id List]. \mforall{}[t:\mBbbN{}\msupplus{}]. (\mforall{}[f:(V List) {}\mrightarrow{} V] \mforall{}[v,w:V]. \mforall{}[s,s':ts-reachable(three-consensus-ts(V;A;t;f))]. (v = w) supposing (three-cs-decided(V;A;t;f;s';w) and three-cs-decided(V;A;t;f;s;v) and (s (ts-rel(three-consensus-ts(V;A;t;f))\^{}*) s')) supposing \mforall{}vs:V List. \mforall{}v:V. ((||vs|| = ((2 * t) + 1)) {}\mRightarrow{} ((t + 1) \mleq{} ||filter(\mlambda{}x.(eqof(eq) x v);vs)||) {}\mRightarrow{} ((f vs) = v))) supposing ((||A|| = ((3 * t) + 1)) and no\_repeats(Id;A)) Date html generated: 2016_05_16-PM-00_47_51 Last ObjectModification: 2016_01_17-PM-08_02_35 Theory : event-ordering Home Index