Proof of Nuprl Lemma : consensus-safety

Step * 1 1 of Lemma consensus-safety

1. V : Type@i'
2. ∀v1,v2:V.  Dec(v1 = v2 ∈ V)@i
3. {∃v,v':V. (¬(v = v' ∈ V))}@i
4. ∀L:V List. Dec(∃v:V. (¬(v ∈ L)))@i
5. A : Id List@i
6. W : {a:Id| (a ∈ A)}  List List@i
7. ||W|| ≥ 1 @i
8. two-intersection(A;W)@i
9. f : ConsensusState ─→ consensus-state1(V)
10. ∀v:V. ∀s:ts-reachable(consensus-ts4(V;A;W)).
      ((f s) = Decided[v] ∈ consensus-state1(V) ⇐⇒ ∃i:ℕ. in state s, inning i has committed v)
11. ts-refinement(consensus-ts1(V);consensus-ts4(V;A;W);f)
12. s1 : ts-reachable(consensus-ts4(V;A;W))@i
13. s2 : ts-reachable(consensus-ts4(V;A;W))@i
14. s1 (ts-rel(consensus-ts4(V;A;W))^*) s2@i
15. v1 : V@i
16. v2 : V@i
17. i : ℕ@i
18. in state s1, inning i has committed v1@i
19. j : ℕ@i
20. in state s2, inning j has committed v2@i
21. (f s1) = Decided[v1] ∈ consensus-state1(V)
22. (f s2) = Decided[v2] ∈ consensus-state1(V)
⊢ v1 = v2 ∈ V
BY
{ Assert ⌈(f s1) (ts-rel(consensus-ts1(V))^*) (f s2)⌉⋅ }

1
.....assertion.....
1. V : Type@i'
2. ∀v1,v2:V.  Dec(v1 = v2 ∈ V)@i
3. {∃v,v':V. (¬(v = v' ∈ V))}@i
4. ∀L:V List. Dec(∃v:V. (¬(v ∈ L)))@i
5. A : Id List@i
6. W : {a:Id| (a ∈ A)}  List List@i
7. ||W|| ≥ 1 @i
8. two-intersection(A;W)@i
9. f : ConsensusState ─→ consensus-state1(V)
10. ∀v:V. ∀s:ts-reachable(consensus-ts4(V;A;W)).
      ((f s) = Decided[v] ∈ consensus-state1(V) ⇐⇒ ∃i:ℕ. in state s, inning i has committed v)
11. ts-refinement(consensus-ts1(V);consensus-ts4(V;A;W);f)
12. s1 : ts-reachable(consensus-ts4(V;A;W))@i
13. s2 : ts-reachable(consensus-ts4(V;A;W))@i
14. s1 (ts-rel(consensus-ts4(V;A;W))^*) s2@i
15. v1 : V@i
16. v2 : V@i
17. i : ℕ@i
18. in state s1, inning i has committed v1@i
19. j : ℕ@i
20. in state s2, inning j has committed v2@i
21. (f s1) = Decided[v1] ∈ consensus-state1(V)
22. (f s2) = Decided[v2] ∈ consensus-state1(V)
⊢ (f s1) (ts-rel(consensus-ts1(V))^*) (f s2)

2
1. V : Type@i'
2. ∀v1,v2:V.  Dec(v1 = v2 ∈ V)@i
3. {∃v,v':V. (¬(v = v' ∈ V))}@i
4. ∀L:V List. Dec(∃v:V. (¬(v ∈ L)))@i
5. A : Id List@i
6. W : {a:Id| (a ∈ A)}  List List@i
7. ||W|| ≥ 1 @i
8. two-intersection(A;W)@i
9. f : ConsensusState ─→ consensus-state1(V)
10. ∀v:V. ∀s:ts-reachable(consensus-ts4(V;A;W)).
      ((f s) = Decided[v] ∈ consensus-state1(V) ⇐⇒ ∃i:ℕ. in state s, inning i has committed v)
11. ts-refinement(consensus-ts1(V);consensus-ts4(V;A;W);f)
12. s1 : ts-reachable(consensus-ts4(V;A;W))@i
13. s2 : ts-reachable(consensus-ts4(V;A;W))@i
14. s1 (ts-rel(consensus-ts4(V;A;W))^*) s2@i
15. v1 : V@i
16. v2 : V@i
17. i : ℕ@i
18. in state s1, inning i has committed v1@i
19. j : ℕ@i
20. in state s2, inning j has committed v2@i
21. (f s1) = Decided[v1] ∈ consensus-state1(V)
22. (f s2) = Decided[v2] ∈ consensus-state1(V)
23. (f s1) (ts-rel(consensus-ts1(V))^*) (f s2)
⊢ v1 = v2 ∈ V

Latex:

1. V : Type@i' 2. \mforall{}v1,v2:V. Dec(v1 = v2)@i 3. \{\mexists{}v,v':V. (\mneg{}(v = v'))\}@i 4. \mforall{}L:V List. Dec(\mexists{}v:V. (\mneg{}(v \mmember{} L)))@i 5. A : Id List@i 6. W : \{a:Id| (a \mmember{} A)\} List List@i 7. ||W|| \mgeq{} 1 @i 8. two-intersection(A;W)@i 9. f : ConsensusState {}\mrightarrow{} consensus-state1(V) 10. \mforall{}v:V. \mforall{}s:ts-reachable(consensus-ts4(V;A;W)). ((f s) = Decided[v] \mLeftarrow{}{}\mRightarrow{} \mexists{}i:\mBbbN{}. in state s, inning i has committed v) 11. ts-refinement(consensus-ts1(V);consensus-ts4(V;A;W);f) 12. s1 : ts-reachable(consensus-ts4(V;A;W))@i 13. s2 : ts-reachable(consensus-ts4(V;A;W))@i 14. s1 rel\_star(ts-type(consensus-ts4(V;A;W)); ts-rel(consensus-ts4(V;A;W))) s2@i 15. v1 : V@i 16. v2 : V@i 17. i : \mBbbN{}@i 18. in state s1, inning i has committed v1@i 19. j : \mBbbN{}@i 20. in state s2, inning j has committed v2@i 21. (f s1) = Decided[v1] 22. (f s2) = Decided[v2] \mvdash{} v1 = v2 By Assert \mkleeneopen{}(f s1) rel\_star(ts-type(consensus-ts1(V)); ts-rel(consensus-ts1(V))) (f s2)\mkleeneclose{}\mcdot{} Home Index