Nuprl Lemma : consensus-safety1

V:Type
  ((∀v1,v2:V.  Dec(v1 v2 ∈ V))
   {∃v,v':V. (v v' ∈ V))}
   (∀L:V List. Dec(∃v:V. (v ∈ L))))
   (∀A:Id List. ∀W:{a:Id| (a ∈ A)}  List List.
        ((||W|| ≥ )
         two-intersection(A;W)
         (∃f:ConsensusState ─→ consensus-state1(V)
             ((∀v:V. ∀s:ts-reachable(consensus-ts4(V;A;W)).
                 ((f s) Decided[v] ∈ consensus-state1(V) ⇐⇒ ∃i:ℕin state s, inning has committed v))
             ∧ ts-refinement(consensus-ts1(V);consensus-ts4(V;A;W);f))))))


Proof



Definitions occuring in Statement :  two-intersection: two-intersection(A;W) cs-inning-committed: in state s, inning has committed v consensus-ts4: consensus-ts4(V;A;W) consensus-state4: ConsensusState consensus-ts1: consensus-ts1(T) cs-decided: Decided[v] consensus-state1: consensus-state1(V) Id: Id l_member: (x ∈ l) length: ||as|| list: List nat: decidable: Dec(P) guard: {T} ge: i ≥  all: x:A. B[x] exists: x:A. B[x] iff: ⇐⇒ Q not: ¬A implies:  Q and: P ∧ Q set: {x:A| B[x]}  apply: a function: x:A ─→ B[x] natural_number: $n universe: Type equal: t ∈ T ts-refinement: ts-refinement(ts1;ts2;f) ts-reachable: ts-reachable(ts)
Lemmas :  consensus-refinement3 consensus-ts4-ref-map consensus-refinement2 consensus-refinement1 two-intersection_wf ge_wf length_wf list_wf Id_wf l_member_wf all_wf decidable_wf exists_wf not_wf equal_wf ts-refinement-composition consensus-ts1_wf consensus-ts2_wf consensus-ts3_wf cs-ref-map3_wf consensus-state3_wf cs-is-decided_wf bool_wf eqtt_to_assert subtype_rel_sum top_wf eqff_to_assert bool_cases_sqequal subtype_base_sq bool_subtype_base assert-bnot cs-undecided_wf consensus-state2_wf consensus-ts4_wf compose_wf consensus-state1_wf consensus-state4_wf ts-reachable_wf subtype_rel_wf ts-type_wf iff_wf subtype_rel_set infix_ap_wf rel_star_wf ts-rel_wf ts-init_wf subtype_rel_self cs-decided_wf nat_wf cs-inning-committed_wf ts-refinement_wf subtype_rel_dep_function ts-refinement-reachable colist_wf has-value_wf-partial set-value-type le_wf int-value-type colength_wf uiff_transitivity equal-wf-T-base assert_wf bnot_wf assert_of_bnot consensus-state2-cases cs-decided_wf2 assert_functionality_wrt_uiff squash_wf true_wf bfalse_wf and_wf isl_wf btrue_wf btrue_neq_bfalse cs-ref-map3-decided two-intersection-one-intersection l_all_iff consensus-ts4-estimate-domain cs-inning_wf less_than_wf cs-commited_wf select_wf sq_stable__le equal-wf-base-T
\mforall{}V:Type
    ((\mforall{}v1,v2:V.    Dec(v1  =  v2))
    {}\mRightarrow{}  \{\mexists{}v,v':V.  (\mneg{}(v  =  v'))\}
    {}\mRightarrow{}  (\mforall{}L:V  List.  Dec(\mexists{}v:V.  (\mneg{}(v  \mmember{}  L))))
    {}\mRightarrow{}  (\mforall{}A:Id  List.  \mforall{}W:\{a:Id|  (a  \mmember{}  A)\}    List  List.
                ((||W||  \mgeq{}  1  )
                {}\mRightarrow{}  two-intersection(A;W)
                {}\mRightarrow{}  (\mexists{}f:ConsensusState  {}\mrightarrow{}  consensus-state1(V)
                          ((\mforall{}v:V.  \mforall{}s:ts-reachable(consensus-ts4(V;A;W)).
                                  ((f  s)  =  Decided[v]  \mLeftarrow{}{}\mRightarrow{}  \mexists{}i:\mBbbN{}.  in  state  s,  inning  i  has  committed  v))
                          \mwedge{}  ts-refinement(consensus-ts1(V);consensus-ts4(V;A;W);f))))))


Date html generated: 2015_07_17-AM-11_37_24
Last ObjectModification: 2015_01_28-AM-01_34_20

Home Index