Proof of Nuprl Lemma : consensus-reachable

Step * 1 1 2 1 2 1 2 1 of Lemma consensus-reachable

1. [V] : Type
2. ∀v1,v2:V.  Dec(v1 = v2 ∈ V)@i
3. {∃v,v':V. (¬(v = v' ∈ V))}@i
4. A : Id List@i
5. W : {a:Id| (a ∈ A)}  List List@i
6. three-intersection(A;W)@i
7. two-intersection(A;W)
8. one-intersection(A;W)
9. ws : {a:Id| (a ∈ A)}  List@i
10. (ws ∈ W)@i
11. a : {a:Id| (a ∈ A)}
12. (a ∈ ws)
13. 0 < ||ws||
14. i : ℤ
15. x : ConsensusState
16. ∀a:{a:Id| (a ∈ A)} . ((a ∈ ws) ⇒ ((Inning(x;a) = i ∈ ℤ) ∧ (¬(i ∈ fpf-domain(Estimate(x;a))))))
17. v : V
18. state x may consider v in inning i

⊢ (x ((λx,y. CR(in ws)[x, y] )^*) (λa.if a ∈_b ws) then <i, Estimate(x;a) ⊕ i : v> else x a fi ))

∧ (∃v@0:V. ∃i@0:ℤ. in state λa.if a ∈_b ws) then <i, Estimate(x;a) ⊕ i : v> else x a fi , inning i@0 has committed v@0)

BY
{ (ThinVar `a'
   THEN Assert ⌈∀n:ℕ
                  (x
                   ((λx,y. CR(in ws)[x, y] )^*)

                   (λa.if a ∈_b firstn(n;A)) ∧_b a ∈_b ws) then <i, Estimate(x;a) ⊕ i : v> else x a fi ))⌉⋅

   ) }

1
.....assertion.....
1. [V] : Type
2. ∀v1,v2:V.  Dec(v1 = v2 ∈ V)@i
3. {∃v,v':V. (¬(v = v' ∈ V))}@i
4. A : Id List@i
5. W : {a:Id| (a ∈ A)}  List List@i
6. three-intersection(A;W)@i
7. two-intersection(A;W)
8. one-intersection(A;W)
9. ws : {a:Id| (a ∈ A)}  List@i
10. (ws ∈ W)@i
11. 0 < ||ws||
12. i : ℤ
13. x : ConsensusState
14. ∀a:{a:Id| (a ∈ A)} . ((a ∈ ws) ⇒ ((Inning(x;a) = i ∈ ℤ) ∧ (¬(i ∈ fpf-domain(Estimate(x;a))))))
15. v : V
16. state x may consider v in inning i

⊢ ∀n:ℕ. (x ((λx,y. CR(in ws)[x, y] )^*) (λa.if a ∈_b firstn(n;A)) ∧_b a ∈_b ws) then <i, Estimate(x;a) ⊕ i : v> else x a fi\000C ))

2
1. [V] : Type
2. ∀v1,v2:V.  Dec(v1 = v2 ∈ V)@i
3. {∃v,v':V. (¬(v = v' ∈ V))}@i
4. A : Id List@i
5. W : {a:Id| (a ∈ A)}  List List@i
6. three-intersection(A;W)@i
7. two-intersection(A;W)
8. one-intersection(A;W)
9. ws : {a:Id| (a ∈ A)}  List@i
10. (ws ∈ W)@i
11. 0 < ||ws||
12. i : ℤ
13. x : ConsensusState
14. ∀a:{a:Id| (a ∈ A)} . ((a ∈ ws) ⇒ ((Inning(x;a) = i ∈ ℤ) ∧ (¬(i ∈ fpf-domain(Estimate(x;a))))))
15. v : V
16. state x may consider v in inning i
17. ∀n:ℕ

      (x ((λx,y. CR(in ws)[x, y] )^*) (λa.if a ∈_b firstn(n;A)) ∧_b a ∈_b ws) then <i, Estimate(x;a) ⊕ i : v> else x a fi )\000C)

⊢ (x ((λx,y. CR(in ws)[x, y] )^*) (λa.if a ∈_b ws) then <i, Estimate(x;a) ⊕ i : v> else x a fi ))

∧ (∃v@0:V. ∃i@0:ℤ. in state λa.if a ∈_b ws) then <i, Estimate(x;a) ⊕ i : v> else x a fi , inning i@0 has committed v@0)

Latex:

1. [V] : Type 2. \mforall{}v1,v2:V. Dec(v1 = v2)@i 3. \{\mexists{}v,v':V. (\mneg{}(v = v'))\}@i 4. A : Id List@i 5. W : \{a:Id| (a \mmember{} A)\} List List@i 6. three-intersection(A;W)@i 7. two-intersection(A;W) 8. one-intersection(A;W) 9. ws : \{a:Id| (a \mmember{} A)\} List@i 10. (ws \mmember{} W)@i 11. a : \{a:Id| (a \mmember{} A)\} 12. (a \mmember{} ws) 13. 0 < ||ws|| 14. i : \mBbbZ{} 15. x : ConsensusState 16. \mforall{}a:\{a:Id| (a \mmember{} A)\} . ((a \mmember{} ws) {}\mRightarrow{} ((Inning(x;a) = i) \mwedge{} (\mneg{}(i \mmember{} fpf-domain(Estimate(x;a)))))) 17. v : V 18. state x may consider v in inning i \mvdash{} (x ((\mlambda{}x,y. CR(in ws)[x, y] )\^{}*) (\mlambda{}a.if a \mmember{}\msubb{} ws) then <i, Estimate(x;a) \moplus{} i : v> else x a fi )) \mwedge{} (\mexists{}v@0:V \mexists{}i@0:\mBbbZ{} in state \mlambda{}a.if a \mmember{}\msubb{} ws) then <i, Estimate(x;a) \moplus{} i : v> else x a fi , inning i@0 has committed v@0) By (ThinVar `a' THEN Assert \mkleeneopen{}\mforall{}n:\mBbbN{} (x rel\_star(ConsensusState; \mlambda{}x,y. CR(in ws)[x, y] ) (\mlambda{}a.if a \mmember{}\msubb{} firstn(n;A)) \mwedge{}\msubb{} a \mmember{}\msubb{} ws) then <i, Estimate(x;a) \moplus{} i : v> else x a fi ))\mkleeneclose{}\mcdot{} ) Home Index