Proof of Nuprl Lemma : consensus-refinement4

Step * 2 1 2 2 1 of Lemma consensus-refinement4

1. [V] : Type
2. ∀v1,v2:V.  Dec(v1 = v2 ∈ V)@i
3. v1 : V@i
4. v' : V@i
5. ¬(v1 = v' ∈ V)@i
6. A : Id List@i
7. W : {a:Id| (a ∈ A)}  List List@i
8. 1 < ||W||@i
9. two-intersection(A;W)@i
10. x1 : ConsensusState@i
11. x2 : Knowledge(ConsensusState)@i
12. y1 : ConsensusState@i
13. y2 : Knowledge(ConsensusState)@i
14. a : {a:Id| (a ∈ A)} @i
15. ∀b:{a:Id| (a ∈ A)}
      ((¬(b = a ∈ Id))
      ⇒ ((Inning(y1;b) = Inning(x1;b) ∈ ℤ)
         ∧ (Estimate(y1;b) = Estimate(x1;b) ∈ i:ℤ fp-> V)
         ∧ (Knowledge(y2;b) = Knowledge(x2;b) ∈ b:Id fp-> ℤ × (ℤ × V + Top))))@i
16. Inning(y1;a) = Inning(x1;a) ∈ ℤ@i
17. Knowledge(y2;a) = Knowledge(x2;a) ∈ b:Id fp-> ℤ × (ℤ × V + Top)@i
18. ¬(Inning(x1;a) ∈ fpf-domain(Estimate(x1;a)))@i
19. v : V@i
20. b : {a:Id| (a ∈ A)} @i
21. ↑b ∈ dom(Knowledge(x2;a))@i
22. let j,z = Knowledge(x2;a)(b)

    in case z of inl(p) => let j',v' = p in (j' = Inning(x1;a) ∈ ℤ) ∧ (v' = v ∈ V) | inr(x) => False@i

23. Estimate(y1;a) = Estimate(x1;a) ⊕ Inning(x1;a) : v ∈ i:ℤ fp-> V@i
24. <x1, x2> ∈ ts-reachable(consensus-ts5(V;A;W))
25. <y1, y2> ∈ ts-reachable(consensus-ts5(V;A;W))
⊢ x1 ((λx,y. CR[x,y])^*) y1
BY
{ (Assert Inning(x1;a) < Inning(x1;b)
         ∧ (↑Inning(x1;a) ∈ dom(Estimate(x1;b)))
         ∧ (Estimate(x1;b)(Inning(x1;a)) = v ∈ V) BY
         (ThinVar `y1'

          THEN ((InstLemma `consensus-ts5-true-knowledge` [⌈V⌉;⌈A⌉;⌈W⌉;⌈<x1, x2>⌉]⋅ THENA Auto)

                THEN Reduce (-1)
                THEN (InstHyp [⌈a⌉;⌈b⌉] (-1)⋅ THENA Auto)
                THEN Thin (-2))
          THEN MoveToConcl (-1)
          THEN MoveToConcl (-2)
          THEN DVar `b'
          THEN (GenConclAtAddr [1;1] THENA Auto)
          THEN RepeatFor 2 (D -2)
          THEN Reduce 0
          THEN Try (Complete (Auto))
          THEN D -2
          THEN Reduce 0
          THEN RepeatFor 2 (Auto))) }

1
1. [V] : Type
2. ∀v1,v2:V.  Dec(v1 = v2 ∈ V)@i
3. v1 : V@i
4. v' : V@i
5. ¬(v1 = v' ∈ V)@i
6. A : Id List@i
7. W : {a:Id| (a ∈ A)}  List List@i
8. 1 < ||W||@i
9. two-intersection(A;W)@i
10. x1 : ConsensusState@i
11. x2 : Knowledge(ConsensusState)@i
12. y1 : ConsensusState@i
13. y2 : Knowledge(ConsensusState)@i
14. a : {a:Id| (a ∈ A)} @i
15. ∀b:{a:Id| (a ∈ A)}
      ((¬(b = a ∈ Id))
      ⇒ ((Inning(y1;b) = Inning(x1;b) ∈ ℤ)
         ∧ (Estimate(y1;b) = Estimate(x1;b) ∈ i:ℤ fp-> V)
         ∧ (Knowledge(y2;b) = Knowledge(x2;b) ∈ b:Id fp-> ℤ × (ℤ × V + Top))))@i
16. Inning(y1;a) = Inning(x1;a) ∈ ℤ@i
17. Knowledge(y2;a) = Knowledge(x2;a) ∈ b:Id fp-> ℤ × (ℤ × V + Top)@i
18. ¬(Inning(x1;a) ∈ fpf-domain(Estimate(x1;a)))@i
19. v : V@i
20. b : {a:Id| (a ∈ A)} @i
21. ↑b ∈ dom(Knowledge(x2;a))@i
22. let j,z = Knowledge(x2;a)(b)

    in case z of inl(p) => let j',v' = p in (j' = Inning(x1;a) ∈ ℤ) ∧ (v' = v ∈ V) | inr(x) => False@i

23. Estimate(y1;a) = Estimate(x1;a) ⊕ Inning(x1;a) : v ∈ i:ℤ fp-> V@i
24. <x1, x2> ∈ ts-reachable(consensus-ts5(V;A;W))
25. <y1, y2> ∈ ts-reachable(consensus-ts5(V;A;W))

26. Inning(x1;a) < Inning(x1;b) ∧ (↑Inning(x1;a) ∈ dom(Estimate(x1;b))) ∧ (Estimate(x1;b)(Inning(x1;a)) = v ∈ V)

⊢ x1 ((λx,y. CR[x,y])^*) y1

Latex:

1. [V] : Type 2. \mforall{}v1,v2:V. Dec(v1 = v2)@i 3. v1 : V@i 4. v' : V@i 5. \mneg{}(v1 = v')@i 6. A : Id List@i 7. W : \{a:Id| (a \mmember{} A)\} List List@i 8. 1 < ||W||@i 9. two-intersection(A;W)@i 10. x1 : ConsensusState@i 11. x2 : Knowledge(ConsensusState)@i 12. y1 : ConsensusState@i 13. y2 : Knowledge(ConsensusState)@i 14. a : \{a:Id| (a \mmember{} A)\} @i 15. \mforall{}b:\{a:Id| (a \mmember{} A)\} ((\mneg{}(b = a)) {}\mRightarrow{} ((Inning(y1;b) = Inning(x1;b)) \mwedge{} (Estimate(y1;b) = Estimate(x1;b)) \mwedge{} (Knowledge(y2;b) = Knowledge(x2;b))))@i 16. Inning(y1;a) = Inning(x1;a)@i 17. Knowledge(y2;a) = Knowledge(x2;a)@i 18. \mneg{}(Inning(x1;a) \mmember{} fpf-domain(Estimate(x1;a)))@i 19. v : V@i 20. b : \{a:Id| (a \mmember{} A)\} @i 21. \muparrow{}b \mmember{} dom(Knowledge(x2;a))@i 22. let j,z = Knowledge(x2;a)(b) in case z of inl(p) => let j',v' = p in (j' = Inning(x1;a)) \mwedge{} (v' = v) | inr(x) => False@i 23. Estimate(y1;a) = Estimate(x1;a) \moplus{} Inning(x1;a) : v@i 24. <x1, x2> \mmember{} ts-reachable(consensus-ts5(V;A;W)) 25. <y1, y2> \mmember{} ts-reachable(consensus-ts5(V;A;W)) \mvdash{} x1 rel\_star(ConsensusState; \mlambda{}x,y. CR[x,y]) y1 By (Assert Inning(x1;a) < Inning(x1;b) \mwedge{} (\muparrow{}Inning(x1;a) \mmember{} dom(Estimate(x1;b))) \mwedge{} (Estimate(x1;b)(Inning(x1;a)) = v) BY (ThinVar `y1' THEN ((InstLemma `consensus-ts5-true-knowledge` [\mkleeneopen{}V\mkleeneclose{};\mkleeneopen{}A\mkleeneclose{};\mkleeneopen{}W\mkleeneclose{};\mkleeneopen{}<x1, x2>\mkleeneclose{}]\mcdot{} THENA Auto) THEN Reduce (-1) THEN (InstHyp [\mkleeneopen{}a\mkleeneclose{};\mkleeneopen{}b\mkleeneclose{}] (-1)\mcdot{} THENA Auto) THEN Thin (-2)) THEN MoveToConcl (-1) THEN MoveToConcl (-2) THEN DVar `b' THEN (GenConclAtAddr [1;1] THENA Auto) THEN RepeatFor 2 (D -2) THEN Reduce 0 THEN Try (Complete (Auto)) THEN D -2 THEN Reduce 0 THEN RepeatFor 2 (Auto))) Home Index