Nuprl Lemma : consensus-safety

∀V:Type
  ((∀v1,v2:V.  Dec(v1 = v2 ∈ V))
  ⇒ {∃v,v':V. (¬(v = v' ∈ V))}
  ⇒ (∀L:V List. Dec(∃v:V. (¬(v ∈ L))))
  ⇒ (∀A:Id List. ∀W:{a:Id| (a ∈ A)}  List List.
        ((||W|| ≥ 1 )
        ⇒ two-intersection(A;W)
        ⇒ (∀s1,s2:ts-reachable(consensus-ts4(V;A;W)).
              ((s1 (ts-rel(consensus-ts4(V;A;W))^*) s2)
              ⇒ (∀v1,v2:V.
                    ((∃i:ℕ. in state s1, inning i has committed v1)
                    ⇒ (∃j:ℕ. in state s2, inning j has committed v2)
                    ⇒ (v1 = v2 ∈ V))))))))

Proof

Definitions occuring in Statement : two-intersection: two-intersection(A;W), cs-inning-committed: in state s, inning i has committed v, consensus-ts4: consensus-ts4(V;A;W), Id: Id, l_member: (x ∈ l), length: ||as||, list: T List, rel_star: R^*, nat: ℕ, decidable: Dec(P), guard: {T}, infix_ap: x f y, ge: i ≥ j , all: ∀x:A. B[x], exists: ∃x:A. B[x], not: ¬A, implies: P ⇒ Q, set: {x:A| B[x]} , natural_number: $n, universe: Type, equal: s = t ∈ T, ts-reachable: ts-reachable(ts), ts-rel: ts-rel(ts), ts-type: ts-type(ts)
Lemmas : consensus-safety1, exists_wf, nat_wf, cs-inning-committed_wf, subtype_rel_set, ts-type_wf, consensus-ts4_wf, consensus-state4_wf, infix_ap_wf, rel_star_wf, ts-rel_wf, ts-init_wf, subtype_rel_self, ts-reachable_wf, subtype_rel_wf, subtype_rel_dep_function, two-intersection_wf, ge_wf, length_wf, list_wf, Id_wf, l_member_wf, all_wf, decidable_wf, not_wf, equal_wf, ts-refinement-reachable2, consensus-ts1_wf, consensus-state1_wf, top_wf, equal-wf-T-base, cs-decided_wf, eq_int_wf, assert_wf, bnot_wf, bool_cases, subtype_base_sq, bool_wf, bool_subtype_base, eqtt_to_assert, assert_of_eq_int, eqff_to_assert, iff_transitivity, iff_weakening_uiff, assert_of_bnot, and_wf, outl_wf, isl_wf, btrue_wf, bfalse_wf, btrue_neq_bfalse
\mforall{}V:Type ((\mforall{}v1,v2:V. Dec(v1 = v2)) {}\mRightarrow{} \{\mexists{}v,v':V. (\mneg{}(v = v'))\} {}\mRightarrow{} (\mforall{}L:V List. Dec(\mexists{}v:V. (\mneg{}(v \mmember{} L)))) {}\mRightarrow{} (\mforall{}A:Id List. \mforall{}W:\{a:Id| (a \mmember{} A)\} List List. ((||W|| \mgeq{} 1 ) {}\mRightarrow{} two-intersection(A;W) {}\mRightarrow{} (\mforall{}s1,s2:ts-reachable(consensus-ts4(V;A;W)). ((s1 rel\_star(ts-type(consensus-ts4(V;A;W)); ts-rel(consensus-ts4(V;A;W))) s2) {}\mRightarrow{} (\mforall{}v1,v2:V. ((\mexists{}i:\mBbbN{}. in state s1, inning i has committed v1) {}\mRightarrow{} (\mexists{}j:\mBbbN{}. in state s2, inning j has committed v2) {}\mRightarrow{} (v1 = v2)))))))) Date html generated: 2015_07_17-AM-11_37_30 Last ObjectModification: 2015_01_28-AM-01_32_06 Home Index