Step
*
1
1
of Lemma
pv11_p1_acc_state_from_p2a
1. Cmd : {T:Type| valueall-type(T)} @i'
2. f : pv11_p1_headers_type{i:l}(Cmd)@i'
3. (f [decision]) = (ℤ × Cmd) ∈ Type
4. (f [propose]) = (ℤ × Cmd) ∈ Type
5. (f ``pv11_p1 adopted``) = (pv11_p1_Ballot_Num() × ((pv11_p1_Ballot_Num() × ℤ × Cmd) List)) ∈ Type
6. (f ``pv11_p1 preempted``) = pv11_p1_Ballot_Num() ∈ Type
7. (f ``pv11_p1 p2b``) = (Id × pv11_p1_Ballot_Num() × ℤ × pv11_p1_Ballot_Num()) ∈ Type
8. (f ``pv11_p1 p2a``) = (Id × pv11_p1_Ballot_Num() × ℤ × Cmd) ∈ Type
9. (f ``pv11_p1 p1b``)
= (Id × pv11_p1_Ballot_Num() × pv11_p1_Ballot_Num() × ((pv11_p1_Ballot_Num() × ℤ × Cmd) List))
∈ Type
10. (f ``pv11_p1 p1a``) = (Id × pv11_p1_Ballot_Num()) ∈ Type
11. f ∈ Name ─→ Type
12. es : EO+(Message(f))@i'
13. ldrs_uid : Id ─→ ℤ@i
14. Inj(Id;ℤ;ldrs_uid)@i
15. e : E@i
16. ∀e1:E
((e1 < e)
⇒ (∀v1:pv11_p1_Ballot_Num(). ∀v2:(pv11_p1_Ballot_Num() × ℤ × Cmd) List. ∀b:pv11_p1_Ballot_Num(). ∀s:ℤ. ∀c:Cmd.
(<v1, v2> ∈ pv11_p1_AcceptorState(Cmd;ldrs_uid;f)(e1)
⇒ (<b, s, c> ∈ v2)
⇒ (↓∃e':E
∃l:Id
(e' ≤loc e1
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e')
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E
(e' ≤loc e''
⇒ e'' ≤loc e1
⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e''))))))))))
17. v1 : pv11_p1_Ballot_Num()@i
18. v2 : (pv11_p1_Ballot_Num() × ℤ × Cmd) List@i
19. b : pv11_p1_Ballot_Num()@i
20. s : ℤ@i
21. c : Cmd@i
22. <v1, v2> ∈ pv11_p1_AcceptorState(Cmd;ldrs_uid;f)(e)@i
23. (<b, s, c> ∈ v2)@i
⊢ ↓∃e':E
∃l:Id
(e' ≤loc e
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e')
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E. (e' ≤loc e'' ⇒ e'' ≤loc e ⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e''))))))
BY
{ ((InstLemma `state-class2-inv` [⌈Message(f)⌉;⌈pv11_p1_Ballot_Num() × ((pv11_p1_Ballot_Num() × ℤ × Cmd) List)⌉;
⌈Id × pv11_p1_Ballot_Num()⌉;⌈Id × pv11_p1_Ballot_Num() × ℤ × Cmd⌉;⌈λloc.pv11_p1_init_acceptor(Cmd)⌉;
⌈pv11_p1_on_p1a(Cmd;ldrs_uid)⌉;⌈pv11_p1_on_p2a(Cmd;ldrs_uid)⌉;⌈pv11_p1_p1a'base(Cmd;f)⌉;⌈pv11_p1_p2a'base(Cmd;f)⌉;
⌈es⌉;⌈e⌉;⌈λe,v. let v1,v2 = v
in (<b, s, c> ∈ v2)
⇒ (↓∃e':E
∃l:Id
(e' ≤loc e
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e')
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E
(e' ≤loc e''
⇒ e'' ≤loc e
⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'')))))))⌉;⌈<v1, v2>⌉\000C]⋅
THENA (Auto THEN ProveFunctional THEN Auto)
)
THEN All(RepUR ``so_apply``)
) }
1
1. Cmd : {T:Type| valueall-type(T)} @i'
2. f : pv11_p1_headers_type{i:l}(Cmd)@i'
3. (f [decision]) = (ℤ × Cmd) ∈ Type
4. (f [propose]) = (ℤ × Cmd) ∈ Type
5. (f ``pv11_p1 adopted``) = (pv11_p1_Ballot_Num() × ((pv11_p1_Ballot_Num() × ℤ × Cmd) List)) ∈ Type
6. (f ``pv11_p1 preempted``) = pv11_p1_Ballot_Num() ∈ Type
7. (f ``pv11_p1 p2b``) = (Id × pv11_p1_Ballot_Num() × ℤ × pv11_p1_Ballot_Num()) ∈ Type
8. (f ``pv11_p1 p2a``) = (Id × pv11_p1_Ballot_Num() × ℤ × Cmd) ∈ Type
9. (f ``pv11_p1 p1b``)
= (Id × pv11_p1_Ballot_Num() × pv11_p1_Ballot_Num() × ((pv11_p1_Ballot_Num() × ℤ × Cmd) List))
∈ Type
10. (f ``pv11_p1 p1a``) = (Id × pv11_p1_Ballot_Num()) ∈ Type
11. f ∈ Name ─→ Type
12. es : EO+(Message(f))@i'
13. ldrs_uid : Id ─→ ℤ@i
14. Inj(Id;ℤ;ldrs_uid)@i
15. e : E@i
16. ∀e1:E
((e1 < e)
⇒ (∀v1:pv11_p1_Ballot_Num(). ∀v2:(pv11_p1_Ballot_Num() × ℤ × Cmd) List. ∀b:pv11_p1_Ballot_Num(). ∀s:ℤ. ∀c:Cmd.
(<v1, v2> ∈ pv11_p1_AcceptorState(Cmd;ldrs_uid;f)(e1)
⇒ (<b, s, c> ∈ v2)
⇒ (↓∃e':E
∃l:Id
(e' ≤loc e1
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e')
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E
(e' ≤loc e''
⇒ e'' ≤loc e1
⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e''))))))))))
17. v1 : pv11_p1_Ballot_Num()@i
18. v2 : (pv11_p1_Ballot_Num() × ℤ × Cmd) List@i
19. b : pv11_p1_Ballot_Num()@i
20. s : ℤ@i
21. c : Cmd@i
22. <v1, v2> ∈ pv11_p1_AcceptorState(Cmd;ldrs_uid;f)(e)@i
23. (<b, s, c> ∈ v2)@i
24. s@0 : pv11_p1_Ballot_Num() × ((pv11_p1_Ballot_Num() × ℤ × Cmd) List)@i
25. e' : E@i
26. e' ≤loc e @i
27. if first(e')
then s@0 = pv11_p1_init_acceptor(Cmd) ∈ (pv11_p1_Ballot_Num() × ((pv11_p1_Ballot_Num() × ℤ × Cmd) List))
else s@0 ∈ state-class2(λloc.pv11_p1_init_acceptor(Cmd);pv11_p1_on_p1a(Cmd;ldrs_uid);pv11_p1_p1a'base(Cmd;f);
pv11_p1_on_p2a(Cmd;ldrs_uid);pv11_p1_p2a'base(Cmd;f))(pred(e'))
∧ let v1,v2 = s@0
in (<b, s, c> ∈ v2)
⇒ (↓∃e'@0:E
∃l:Id
(e'@0 ≤loc pred(e')
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e'@0)
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'@0))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E
(e'@0 ≤loc e''
⇒ e'' ≤loc pred(e')
⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'')))))))
fi @i
⊢ if e' ∈b pv11_p1_p1a'base(Cmd;f)
then ∀a:Id × pv11_p1_Ballot_Num()
(a ∈ pv11_p1_p1a'base(Cmd;f)(e')
⇒ let v1,v2 = pv11_p1_on_p1a(Cmd;ldrs_uid) loc(e') a s@0
in (<b, s, c> ∈ v2)
⇒ (↓∃e'@0:E
∃l:Id
(e'@0 ≤loc e'
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e'@0)
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'@0))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E
(e'@0 ≤loc e''
⇒ e'' ≤loc e'
⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e''))))))))
if e' ∈b pv11_p1_p2a'base(Cmd;f)
then ∀a:Id × pv11_p1_Ballot_Num() × ℤ × Cmd
(a ∈ pv11_p1_p2a'base(Cmd;f)(e')
⇒ let v1,v2 = pv11_p1_on_p2a(Cmd;ldrs_uid) loc(e') a s@0
in (<b, s, c> ∈ v2)
⇒ (↓∃e'@0:E
∃l:Id
(e'@0 ≤loc e'
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e'@0)
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'@0))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E
(e'@0 ≤loc e''
⇒ e'' ≤loc e'
⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e''))))))))
else let v1,v2 = s@0
in (<b, s, c> ∈ v2)
⇒ (↓∃e'@0:E
∃l:Id
(e'@0 ≤loc e'
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e'@0)
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'@0))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E
(e'@0 ≤loc e''
⇒ e'' ≤loc e'
⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'')))))))
fi
2
1. Cmd : {T:Type| valueall-type(T)} @i'
2. f : pv11_p1_headers_type{i:l}(Cmd)@i'
3. (f [decision]) = (ℤ × Cmd) ∈ Type
4. (f [propose]) = (ℤ × Cmd) ∈ Type
5. (f ``pv11_p1 adopted``) = (pv11_p1_Ballot_Num() × ((pv11_p1_Ballot_Num() × ℤ × Cmd) List)) ∈ Type
6. (f ``pv11_p1 preempted``) = pv11_p1_Ballot_Num() ∈ Type
7. (f ``pv11_p1 p2b``) = (Id × pv11_p1_Ballot_Num() × ℤ × pv11_p1_Ballot_Num()) ∈ Type
8. (f ``pv11_p1 p2a``) = (Id × pv11_p1_Ballot_Num() × ℤ × Cmd) ∈ Type
9. (f ``pv11_p1 p1b``)
= (Id × pv11_p1_Ballot_Num() × pv11_p1_Ballot_Num() × ((pv11_p1_Ballot_Num() × ℤ × Cmd) List))
∈ Type
10. (f ``pv11_p1 p1a``) = (Id × pv11_p1_Ballot_Num()) ∈ Type
11. f ∈ Name ─→ Type
12. es : EO+(Message(f))@i'
13. ldrs_uid : Id ─→ ℤ@i
14. Inj(Id;ℤ;ldrs_uid)@i
15. e : E@i
16. ∀e1:E
((e1 < e)
⇒ (∀v1:pv11_p1_Ballot_Num(). ∀v2:(pv11_p1_Ballot_Num() × ℤ × Cmd) List. ∀b:pv11_p1_Ballot_Num(). ∀s:ℤ. ∀c:Cmd.
(<v1, v2> ∈ pv11_p1_AcceptorState(Cmd;ldrs_uid;f)(e1)
⇒ (<b, s, c> ∈ v2)
⇒ (↓∃e':E
∃l:Id
(e' ≤loc e1
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e')
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E
(e' ≤loc e''
⇒ e'' ≤loc e1
⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e''))))))))))
17. v1 : pv11_p1_Ballot_Num()@i
18. v2 : (pv11_p1_Ballot_Num() × ℤ × Cmd) List@i
19. b : pv11_p1_Ballot_Num()@i
20. s : ℤ@i
21. c : Cmd@i
22. <v1, v2> ∈ pv11_p1_AcceptorState(Cmd;ldrs_uid;f)(e)@i
23. (<b, s, c> ∈ v2)@i
24. (<b, s, c> ∈ v2)
⇒ (↓∃e':E
∃l:Id
(e' ≤loc e
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e')
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E. (e' ≤loc e'' ⇒ e'' ≤loc e ⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'')))))))
⊢ ↓∃e':E
∃l:Id
(e' ≤loc e
∧ <l, b, s, c> ∈ pv11_p1_p2a'base(Cmd;f)(e')
∧ (b = (fst(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e'))) ∈ pv11_p1_Ballot_Num())
∧ (∀e'':E. (e' ≤loc e'' ⇒ e'' ≤loc e ⇒ (<b, s, c> ∈ snd(pv11_p1_AcceptorStateFun(Cmd;ldrs_uid;f;es;e''))))))
Latex:
Latex:
1. Cmd : \{T:Type| valueall-type(T)\} @i'
2. f : pv11\_p1\_headers\_type\{i:l\}(Cmd)@i'
3. (f [decision]) = (\mBbbZ{} \mtimes{} Cmd)
4. (f [propose]) = (\mBbbZ{} \mtimes{} Cmd)
5. (f ``pv11\_p1 adopted``) = (pv11\_p1\_Ballot\_Num() \mtimes{} ((pv11\_p1\_Ballot\_Num() \mtimes{} \mBbbZ{} \mtimes{} Cmd) List))
6. (f ``pv11\_p1 preempted``) = pv11\_p1\_Ballot\_Num()
7. (f ``pv11\_p1 p2b``) = (Id \mtimes{} pv11\_p1\_Ballot\_Num() \mtimes{} \mBbbZ{} \mtimes{} pv11\_p1\_Ballot\_Num())
8. (f ``pv11\_p1 p2a``) = (Id \mtimes{} pv11\_p1\_Ballot\_Num() \mtimes{} \mBbbZ{} \mtimes{} Cmd)
9. (f ``pv11\_p1 p1b``)
= (Id \mtimes{} pv11\_p1\_Ballot\_Num() \mtimes{} pv11\_p1\_Ballot\_Num() \mtimes{} ((pv11\_p1\_Ballot\_Num() \mtimes{} \mBbbZ{} \mtimes{} Cmd) List))
10. (f ``pv11\_p1 p1a``) = (Id \mtimes{} pv11\_p1\_Ballot\_Num())
11. f \mmember{} Name {}\mrightarrow{} Type
12. es : EO+(Message(f))@i'
13. ldrs$_{uid}$ : Id {}\mrightarrow{} \mBbbZ{}@i
14. Inj(Id;\mBbbZ{};ldrs$_{uid}$)@i
15. e : E@i
16. \mforall{}e1:E
((e1 < e)
{}\mRightarrow{} (\mforall{}v1:pv11\_p1\_Ballot\_Num(). \mforall{}v2:(pv11\_p1\_Ballot\_Num() \mtimes{} \mBbbZ{} \mtimes{} Cmd) List.
\mforall{}b:pv11\_p1\_Ballot\_Num(). \mforall{}s:\mBbbZ{}. \mforall{}c:Cmd.
(<v1, v2> \mmember{} pv11\_p1\_AcceptorState(Cmd;ldrs$_{uid}$;f)(e1)
{}\mRightarrow{} (<b, s, c> \mmember{} v2)
{}\mRightarrow{} (\mdownarrow{}\mexists{}e':E
\mexists{}l:Id
(e' \mleq{}loc e1
\mwedge{} <l, b, s, c> \mmember{} pv11\_p1\_p2a'base(Cmd;f)(e')
\mwedge{} (b = (fst(pv11\_p1\_AcceptorStateFun(Cmd;ldrs$_{uid}$;f;es;e'\000C))))
\mwedge{} (\mforall{}e'':E
(e' \mleq{}loc e''
{}\mRightarrow{} e'' \mleq{}loc e1
{}\mRightarrow{} (<b, s, c> \mmember{} snd(pv11\_p1\_AcceptorStateFun(Cmd;ldrs$_{uid}\000C$;f;es;e''))))))))))
17. v1 : pv11\_p1\_Ballot\_Num()@i
18. v2 : (pv11\_p1\_Ballot\_Num() \mtimes{} \mBbbZ{} \mtimes{} Cmd) List@i
19. b : pv11\_p1\_Ballot\_Num()@i
20. s : \mBbbZ{}@i
21. c : Cmd@i
22. <v1, v2> \mmember{} pv11\_p1\_AcceptorState(Cmd;ldrs$_{uid}$;f)(e)@i
23. (<b, s, c> \mmember{} v2)@i
\mvdash{} \mdownarrow{}\mexists{}e':E
\mexists{}l:Id
(e' \mleq{}loc e
\mwedge{} <l, b, s, c> \mmember{} pv11\_p1\_p2a'base(Cmd;f)(e')
\mwedge{} (b = (fst(pv11\_p1\_AcceptorStateFun(Cmd;ldrs$_{uid}$;f;es;e'))))
\mwedge{} (\mforall{}e'':E
(e' \mleq{}loc e''
{}\mRightarrow{} e'' \mleq{}loc e
{}\mRightarrow{} (<b, s, c> \mmember{} snd(pv11\_p1\_AcceptorStateFun(Cmd;ldrs$_{uid}$;f;es;e''\000C))))))
By
Latex:
((InstLemma `state-class2-inv` [\mkleeneopen{}Message(f)\mkleeneclose{};\mkleeneopen{}pv11\_p1\_Ballot\_Num() \mtimes{} ((pv11\_p1\_Ballot\_Num()
\mtimes{} \mBbbZ{}
\mtimes{} Cmd) List)\mkleeneclose{};
\mkleeneopen{}Id \mtimes{} pv11\_p1\_Ballot\_Num()\mkleeneclose{};\mkleeneopen{}Id \mtimes{} pv11\_p1\_Ballot\_Num() \mtimes{} \mBbbZ{} \mtimes{} Cmd\mkleeneclose{};
\mkleeneopen{}\mlambda{}loc.pv11\_p1\_init\_acceptor(Cmd)\mkleeneclose{};\mkleeneopen{}pv11\_p1\_on\_p1a(Cmd;ldrs$_{uid}$)\mkleeneclose{};\mkleeneopen{}pv11\_p1\_\000Con\_p2a(Cmd;ldrs$_{uid}$)\mkleeneclose{};
\mkleeneopen{}pv11\_p1\_p1a'base(Cmd;f)\mkleeneclose{};\mkleeneopen{}pv11\_p1\_p2a'base(Cmd;f)\mkleeneclose{};\mkleeneopen{}es\mkleeneclose{};\mkleeneopen{}e\mkleeneclose{};
\mkleeneopen{}\mlambda{}e,v. let v1,v2 = v
in (<b, s, c> \mmember{} v2)
{}\mRightarrow{} (\mdownarrow{}\mexists{}e':E
\mexists{}l:Id
(e' \mleq{}loc e
\mwedge{} <l, b, s, c> \mmember{} pv11\_p1\_p2a'base(Cmd;f)(e')
\mwedge{} (b = (fst(pv11\_p1\_AcceptorStateFun(Cmd;ldrs$_{uid}$;f;es;e'\000C))))
\mwedge{} (\mforall{}e'':E
(e' \mleq{}loc e''
{}\mRightarrow{} e'' \mleq{}loc e
{}\mRightarrow{} (<b, s, c> \mmember{} snd(pv11\_p1\_AcceptorStateFun(Cmd;ldrs$_{uid}\000C$;f;es;e'')))))))\mkleeneclose{};\mkleeneopen{}<v1
, v2
>\mkleeneclose{}]\mcdot{}
THENA (Auto THEN ProveFunctional THEN Auto)
)
THEN All(RepUR ``so\_apply``)
)
Home
Index