Proof of Nuprl Lemma : CLK-prop

Step * 4 of Lemma CLK-prop

1. MsgType : {T:Type| valueall-type(T)} @i'
2. locs : bag(Id)@i
3. reply : Id ─→ MsgType ─→ (MsgType × Id)@i
4. f : CLK_headers_type{i:l}(MsgType)@i'
5. (f ``CLK msg``) = (MsgType × ℤ) ∈ Type
6. f ∈ Name ─→ Type
7. es : EO+(Message(f))@i'
8. e1 : E@i
9. CLK_message-constraint{i:l}(MsgType;locs;reply;f)@i'
10. ∀e:E. (↑e ∈_b CLK_msg'base(MsgType;f))@i
11. e2 : E@i
12. ∀e3:E
      ((e3 < e2)
      ⇒ (∀clock1,clock2:ℤ.
            (e1 ─→ e3 ⇒ clock1 ∈ CLK_Clock(MsgType;f)(e1) ⇒ clock2 ∈ CLK_Clock(MsgType;f)(e3) ⇒ clock1 < clock2)))
13. clock1 : ℤ@i
14. clock2 : ℤ@i
15. e : E@i
16. (e < e2)@i
17. (¬(loc(e) = loc(e2) ∈ Id)) ⇒ e2 caused by e in CLK_main(MsgType;locs;reply;f)@i
18. e1 ─→ e@i
19. clock1 ∈ CLK_Clock(MsgType;f)(e1)@i
20. clock2 ∈ CLK_Clock(MsgType;f)(e2)@i
21. ¬(loc(e) = loc(e2) ∈ Id)
⊢ clock1 < clock2
BY

{ ((InstHyp [⌈e⌉;⌈clock1⌉;⌈CLK_ClockVal(MsgType;f)@e⌉] (-10)⋅ THENA (Auto THEN RWO "CLK_Clock-classrel" 0 THEN Auto))

   THEN Assert ⌈CLK_ClockVal(MsgType;f)@e < clock2⌉⋅
   THEN Auto
   THEN D (-1)
   THEN RepUR ``make-msg-interface`` (-1)
   THEN (RWO "CLK-ilf" (-1) THENA Auto)
   THEN RepD
   THEN (RWO "CLK_Clock-classrel" (-10) THENA Auto)
   THEN SimpleSubstVar `clock2' 0
   THEN (RW (AddrC [2] (LemmaC `CLK_ClockFun-eq`)) 0 THENA Auto)
   THEN AutoSplit
   THEN If (\p.opid_of_term(h (-1) p) = `assert`) (Thin (-1)) Id
   THEN RepUR ``CLK_msg'base`` 0
   THEN (RWO "classfun-res-member-base" 0 THENA Auto)

   THEN Try (Complete (((InstHyp [⌈e2⌉] 10⋅ THENA Auto) THEN RepUR ``CLK_msg'base`` (-1) THEN Auto)))

   THEN (Assert ⌈msgval(e2) = <fst((reply loc(e) (fst(msgval(e))))), CLK_ClockVal(MsgType;f)@e> ∈ (MsgType × ℤ)⌉⋅

   THENM ((HypSubst (-1) 0 THENA Auto) THEN Reduce 0 THEN BLemma `le_to_lt` THEN Auto')
   )
   THEN StrengthenEquation (-1)
   THEN ApFunToHypEquands `Z' ⌈msg-body(Z)⌉ ⌈MsgType × ℤ⌉ (-1)⋅
   THEN Reduce (-1)
   THEN Try (Fold `es-info-body` (-1) )
   THEN Try (Complete (Auto))
   THEN Fold `member` 0
   THEN D -1
   THEN Assert ⌈msg-header(Z) = ``CLK msg`` ∈ Name⌉⋅
   THEN Auto
   THEN ApFunToHypEquands `X' ⌈msg-header(X)⌉ ⌈Name⌉ (-1)⋅
   THEN Auto) }

Latex:

Latex:
1. MsgType : \{T:Type| valueall-type(T)\} @i' 2. locs : bag(Id)@i 3. reply : Id {}\mrightarrow{} MsgType {}\mrightarrow{} (MsgType \mtimes{} Id)@i 4. f : CLK\_headers\_type\{i:l\}(MsgType)@i' 5. (f ``CLK msg``) = (MsgType \mtimes{} \mBbbZ{}) 6. f \mmember{} Name {}\mrightarrow{} Type 7. es : EO+(Message(f))@i' 8. e1 : E@i 9. CLK\_message-constraint\{i:l\}(MsgType;locs;reply;f)@i' 10. \mforall{}e:E. (\muparrow{}e \mmember{}\msubb{} CLK\_msg'base(MsgType;f))@i 11. e2 : E@i 12. \mforall{}e3:E ((e3 < e2) {}\mRightarrow{} (\mforall{}clock1,clock2:\mBbbZ{}. (e1 {}\mrightarrow{} e3 {}\mRightarrow{} clock1 \mmember{} CLK\_Clock(MsgType;f)(e1) {}\mRightarrow{} clock2 \mmember{} CLK\_Clock(MsgType;f)(e3) {}\mRightarrow{} clock1 < clock2))) 13. clock1 : \mBbbZ{}@i 14. clock2 : \mBbbZ{}@i 15. e : E@i 16. (e < e2)@i 17. (\mneg{}(loc(e) = loc(e2))) {}\mRightarrow{} e2 caused by e in CLK\_main(MsgType;locs;reply;f)@i 18. e1 {}\mrightarrow{} e@i 19. clock1 \mmember{} CLK\_Clock(MsgType;f)(e1)@i 20. clock2 \mmember{} CLK\_Clock(MsgType;f)(e2)@i 21. \mneg{}(loc(e) = loc(e2)) \mvdash{} clock1 < clock2 By Latex: ((InstHyp [\mkleeneopen{}e\mkleeneclose{};\mkleeneopen{}clock1\mkleeneclose{};\mkleeneopen{}CLK\_ClockVal(MsgType;f)@e\mkleeneclose{}] (-10)\mcdot{} THENA (Auto THEN RWO "CLK\_Clock-classrel" 0 THEN Auto) ) THEN Assert \mkleeneopen{}CLK\_ClockVal(MsgType;f)@e < clock2\mkleeneclose{}\mcdot{} THEN Auto THEN D (-1) THEN RepUR ``make-msg-interface`` (-1) THEN (RWO "CLK-ilf" (-1) THENA Auto) THEN RepD THEN (RWO "CLK\_Clock-classrel" (-10) THENA Auto) THEN SimpleSubstVar `clock2' 0 THEN (RW (AddrC [2] (LemmaC `CLK\_ClockFun-eq`)) 0 THENA Auto) THEN AutoSplit THEN If (\mbackslash{}p.opid\_of\_term(h (-1) p) = `assert`) (Thin (-1)) Id THEN RepUR ``CLK\_msg'base`` 0 THEN (RWO "classfun-res-member-base" 0 THENA Auto) THEN Try (Complete (((InstHyp [\mkleeneopen{}e2\mkleeneclose{}] 10\mcdot{} THENA Auto) THEN RepUR ``CLK\_msg'base`` (-1) THEN Auto))) THEN (Assert \mkleeneopen{}msgval(e2) = <fst((reply loc(e) (fst(msgval(e))))), CLK\_ClockVal(MsgType;f)@e>\mkleeneclose{}\mcdot{} THENM ((HypSubst (-1) 0 THENA Auto) THEN Reduce 0 THEN BLemma `le\_to\_lt` THEN Auto') ) THEN StrengthenEquation (-1) THEN ApFunToHypEquands `Z' \mkleeneopen{}msg-body(Z)\mkleeneclose{} \mkleeneopen{}MsgType \mtimes{} \mBbbZ{}\mkleeneclose{} (-1)\mcdot{} THEN Reduce (-1) THEN Try (Fold `es-info-body` (-1) ) THEN Try (Complete (Auto)) THEN Fold `member` 0 THEN D -1 THEN Assert \mkleeneopen{}msg-header(Z) = ``CLK msg``\mkleeneclose{}\mcdot{} THEN Auto THEN ApFunToHypEquands `X' \mkleeneopen{}msg-header(X)\mkleeneclose{} \mkleeneopen{}Name\mkleeneclose{} (-1)\mcdot{} THEN Auto) Home Index