Nuprl Lemma : Paxos-partial-spec8-locations

[Info:Type].

[es:EO+(Info)].

[T:Type].

[leader:

Id].

[failset:Id List].

[1a:EClass(Id

)].

[Decide,Input:EClass(T)].

[f:

].

[acceptors:Id List].

[1b:EClass(Id

(

T?))].

[2a:EClass(Id

T)].

[2b:EClass(Id

)].
(

[e:E(1a)]. ((fst(1a(e))) = (leader (snd(1a(e))))))

(

[e:E(1b)]. (loc(e) = (leader (fst(snd(1b(e)))))))

(

[e:E(2a)]. ((fst(2a(e))) = (leader (fst(snd(2a(e)))))))

(

[e:E(2b)]. (loc(e) = (leader (fst(snd(2b(e)))))))
supposing Paxos-partial-spec8{i:l}(Info; es; T; f; acceptors; leader; Input; Decide; 1a; 1b; 2a; 2b; failset)

Proof not projected

Definitions occuring in Statement : Paxos-partial-spec8: Paxos-partial-spec8{i:l}(Info; es; T; f; acceptors; leader; Input; Decide; 1a; 1b; 2a; 2b; failset), es-E-interface: E(X), eclass-val: X(e), eclass: EClass(A[eo; e]), event-ordering+: EO+(Info), es-loc: loc(e), Id: Id, bool:

, nat_plus:

, nat:

, uimplies: b supposing a, uall:

[x:A]. B[x], pi1: fst(t), pi2: snd(t), and: P

Q, unit: Unit, apply: f a, function: x:A

B[x], product: x:A

B[x], union: left + right, list: type List, universe: Type, equal: s = t
Definitions : es-class-reply-or-fail: es-class-reply-or-fail, so_lambda: so_lambda(x,y,z.t[x; y; z]), es-class-mcast-fail: es-class-mcast-fail, exists:

x:A. B[x], it:

, inr: inr x , inl: inl x , accum-class: accum-class(a,x.f[a; x];x.base[x];X), es-tagged-true-class: Tagged_tt(X), decide: case b of inl(x) => s[x] | inr(y) => t[y], assert:

b, guard: {T}, sq_type: SQType(T), minus: -n, es-prior-class-when: (X'?d) when Y, le_int: i

z j, map-class: (f[v] where v from X), rev_implies: P

Q, iff: P

Q, or: P

Q, multiply: n * m, grp_car: |g|, atom: Atom$n, p-outcome: Outcome, false: False, imax: imax(a;b), es-interface-accum: es-interface-accum(f;x;X), spread: spread def, permutation: permutation(T;L1;L2), quotient: x,y:A//B[x; y], empty-bag: {}, single-bag: {x}, lt_int: i <z j, spreadn: spread3, es-filter-image: f[X], atom: Atom, es-base-E: es-base-E(es), token: "$token", ifthenelse: if b then t else f fi , record-select: r.x, bag: bag(T), int_nzero:

, void: Void, length: ||as||, real:

, rationals:

, so_lambda:

x.t[x], natural_number: $n, add: n + m, es-collect-opt-max: es-collect-opt-max, implies: P

Q, event_ordering: EO, es-E: E, lambda:

x.A[x], subtype: S

T, fpf: a:A fp-> B[a], strong-subtype: strong-subtype(A;B), eq_atom: x =a y, eq_atom: eq_atom$n(x;y), let: let, dep-isect: Error :dep-isect, record+: record+, le: A

B, ge: i

j , not:

A, less_than: a < b, uiff: uiff(P;Q), subtype_rel: A

r B, set: {x:A| B[x]} , all:

x:A. B[x], es-loc: loc(e), axiom: Ax, pi2: snd(t), apply: f a, eclass-val: X(e), pi1: fst(t), top: Top, es-E-interface: E(X), pair: <a, b>, prop:

, Paxos-partial-spec8: Paxos-partial-spec8{i:l}(Info; es; T; f; acceptors; leader; Input; Decide; 1a; 1b; 2a; 2b; failset), nat_plus:

, so_lambda:

x y.t[x; y], list: type List, uimplies: b supposing a, and: P

Q, equal: s = t, event-ordering+: EO+(Info), universe: Type, uall:

[x:A]. B[x], function: x:A

B[x], member: t

T, isect:

x:A. B[x], D: Error :D, unit: Unit, nat:

, product: x:A

B[x], union: left + right, Id: Id, eclass: EClass(A[eo; e]), CollapseTHEN: Error :CollapseTHEN, int:

, bool:

, MaAuto: Error :MaAuto, CollapseTHENA: Error :CollapseTHENA, Try: Error :Try, Complete: Error :Complete, Auto: Error :Auto, cand: A c

B, btrue: tt, in-eclass: e

X, true: True, squash:

T, es-causle: e c

e', l_member: (x

l), limited-type: LimitedType, sqequal: s ~ t, l_all: (

x

L.P[x]), ExRepD: Error :ExRepD, ParallelOp: Error :ParallelOp, RepeatFor: Error :RepeatFor, BHyp: Error :BHyp, es-prior-val: (X)', es-prior-interface: prior(X), es-interface-at: X@i, intensional-universe: IType, tag-by: z

T, ldag: LabeledDAG(T), labeled-graph: LabeledGraph(T), fset: FSet{T}, dataflow: dataflow(A;B), isect2: T1

T2, b-union: A

B, fpf-cap: f(x)?z, record: record(x.T[x]), is_list_splitting: is_list_splitting(T;L;LL;L2;f), is_accum_splitting: is_accum_splitting(T;A;L;LL;L2;f;g;x), req: x = y, rnonneg: rnonneg(r), rleq: x

y, i-member: r

I, partitions: partitions(I;p), modulus-of-ccontinuity: modulus-of-ccontinuity(omega;I;f), fpf-sub: f

g, sq_stable: SqStable(P), fpf-dom: x

dom(f), infix_ap: x f y, es-causl: (e < e'), tactic: Error :tactic, ext-eq: A

B, rev_subtype_rel: A

r B, rev_uimplies: rev_uimplies(P;Q), eclass-compose1: f o X, so_apply: x[s], ma-state: State(ds), es-interface-part: (X|g=i), class-program: ClassProgram(T), es-empty-interface: Empty, cond-class: [X?Y], base: Base, imax-class: (maximum f[v]

lb with v from X), es-interface-val: val(X,e), bag_size_empty: bag_size_empty{bag_size_empty_compseq_tag_def:o}, bag_only_single: bag_only_single{bag_only_single_compseq_tag_def:o}(x), bag_size_single: bag_size_single{bag_size_single_compseq_tag_def:o}(x), bfalse: ff, eq_int: (i =

j), null: null(as), set_blt: a <

b, grp_blt: a <

b, dcdr-to-bool: [d]

, bl-all: (

x

L.P[x])_b, bl-exists: (

x

L.P[x])_b, b-exists: (

i<n.P[i])_b, eq_type: eq_type(T;T'), qeq: qeq(r;s), q_less: q_less(r;s), q_le: q_le(r;s), deq-member: deq-member(eq;x;L), deq-disjoint: deq-disjoint(eq;as;bs), deq-all-disjoint: deq-all-disjoint(eq;ass;bs), eq_id: a = b, eq_lnk: a = b, es-eq-E: e = e', es-bless: e <loc e', es-ble: e

loc e', bimplies: p

q, band: p

q, bor: p

q, bnot:

b, bag-only: only(bs), bag-size: bag-size(bs), es-interface-predecessors:

(X)(e), filter: filter(P;l), alle-lt:

e<e'.P[e], es-first-at: e is first@ i s.t. e.P[e], outl: outl(x), isl: isl(x), list-max: list-max(x.f[x];L), skip: Error :skip, HypSubst: Error :HypSubst
Lemmas : map-class-val, is-map-class, collect-opt-max-val, rev_implies_wf, iff_wf, es-interface-predecessors_wf, filter_wf, list-max_wf, outl_wf, is-collect-opt-max, assert_functionality_wrt_uiff, eqff_to_assert, uiff_transitivity, assert_of_lt_int, eqtt_to_assert, es-filter-image-val, es-is-filter-image, bnot_of_lt_int, assert_of_le_int, bnot_wf, member-interface-at, es-interface-at_wf, es-interface-val_wf2, squash_wf, es-E-filter-image, ext-eq_inversion, subtype_rel_functionality_wrt_implies, subtype_rel_weakening, ext-eq_weakening, true_wf, is-prior-class-when, prior-class-when-val, sq_stable__assert, intensional-universe_wf, product_subtype_base, unit_subtype_base, union_subtype_base, pi1_wf, atom2_subtype_base, set_subtype_base, int_subtype_base, assert_wf, subtype_base_sq, bool_subtype_base, assert_elim, in-eclass_wf, es-loc_wf, eclass-val_wf, Paxos-partial-spec8_wf, eclass_wf, Id_wf, nat_plus_wf, es-E-interface_wf, nat_wf, event-ordering+_wf, member_wf, subtype_rel_wf, es-interface-top, unit_wf, bool_wf, nat_plus_inc, es-E_wf, event-ordering+_inc, es-collect-opt-max_wf, pi1_wf_top, pi2_wf, top_wf, es-base-E_wf, subtype_rel_self, es-filter-image_wf, permutation_wf, bag_wf, ifthenelse_wf, lt_int_wf, nat_properties, single-bag_wf, empty-bag_wf, es-interface-accum_wf, le_wf, not_wf, false_wf, imax_wf, imax_ub, es-prior-class-when_wf, map-class_wf, le_int_wf, es-interface-subtype_rel2, es-tagged-true-class_wf, accum-class_wf, it_wf, uall_wf, es-class-mcast-fail_wf, es-class-reply-or-fail_wf

\mforall{}[Info:Type]. \mforall{}[es:EO+(Info)]. \mforall{}[T:Type]. \mforall{}[leader:\mBbbN{} {}\mrightarrow{} Id]. \mforall{}[failset:Id List]. \mforall{}[1a:EClass(Id \mtimes{} \mBbbN{})]. \mforall{}[Decide,Input:EClass(T)]. \mforall{}[f:\mBbbN{}\msupplus{}]. \mforall{}[acceptors:Id List]. \mforall{}[1b:EClass(Id \mtimes{} \mBbbN{} \mtimes{} (\mBbbN{} \mtimes{} T?))]. \mforall{}[2a:EClass(Id \mtimes{} \mBbbN{} \mtimes{} T)]. \mforall{}[2b:EClass(Id \mtimes{} \mBbbN{} \mtimes{} \mBbbB{})]. (\mforall{}[e:E(1a)]. ((fst(1a(e))) = (leader (snd(1a(e)))))) \mwedge{} (\mforall{}[e:E(1b)]. (loc(e) = (leader (fst(snd(1b(e))))))) \mwedge{} (\mforall{}[e:E(2a)]. ((fst(2a(e))) = (leader (fst(snd(2a(e))))))) \mwedge{} (\mforall{}[e:E(2b)]. (loc(e) = (leader (fst(snd(2b(e))))))) supposing Paxos-partial-spec8\{i:l\}(Info; es; T; f; acceptors; leader; Input; Decide; 1a; 1b; 2a; 2b; failset) Date html generated: 2011_10_20-PM-04_47_51 Last ObjectModification: 2011_06_18-PM-02_14_11 Home Index