Nuprl Lemma : Paxos-spec6-NewBallot-invariant

[Info:Type].

[es:EO+(Info)].

[failset:Id List].

[T:Type].

[f:

].

[acceptors:Id List].

[Reserve,NoProposal,NewBallot:EClass(

)].

[VoteState:EClass(AcceptorState)].

[Proposal:EClass(

T)].

[AcceptOrReject:EClass(

T

)].

[leader:

Id].

[Decide,Input:EClass(T)].

[Vote:EClass(Id

)].

[Collect:EClass(

T)].

[nb1,nb2:E(NewBallot)].  nb1 = nb2 supposing NewBallot(nb1) = NewBallot(nb2)
  supposing Paxos-spec6-body{i:l}(Info;es;T;f;acceptors;
                                  Reserve;VoteState;Proposal;
                                  AcceptOrReject;leader;Decide;
                                  Vote;Input;Collect;NoProposal;
                                  NewBallot;failset)

Proof not projected

Definitions occuring in Statement : Paxos-spec6-body: Paxos-spec6-body, paxos-acceptor-state: AcceptorState, es-E-interface: E(X), eclass-val: X(e), eclass: EClass(A[eo; e]), event-ordering+: EO+(Info), es-E: E, Id: Id, bool:

, nat_plus:

, nat:

, uimplies: b supposing a, uall:

[x:A]. B[x], function: x:A

B[x], product: x:A

B[x], list: type List, int:

, universe: Type, equal: s = t
Definitions : multiply: n * m, add: n + m, lt_int: i <z j, it:

, inr: inr x , inl: inl x , le_int: i

z j, spreadn: spread3, es-filter-image: f[X], es-loc: loc(e), length: ||as||, fpf: a:A fp-> B[a], strong-subtype: strong-subtype(A;B), ge: i

j , uiff: uiff(P;Q), axiom: Ax, true: True, guard: {T}, btrue: tt, sq_type: SQType(T), isl: isl(x), can-apply: can-apply(f;x), in-eclass: e

X, grp_car: |g|, eclass-val: X(e), limited-type: LimitedType, decide: case b of inl(x) => s[x] | inr(y) => t[y], l_member: (x

l), alle-lt:

e<e'.P[e], es-le: e

loc e' , pair: <a, b>, or: P

Q, exists:

x:A. B[x], rev_implies: P

Q, iff: P

Q, es-class-causal-mrel-fail: es-class-causal-mrel-fail, es-class-def: es-class-def, es-class-causal-rel-fail: es-class-causal-rel-fail, no_repeats: no_repeats(T;l), and: P

Q, assert:

b, es-E-interface: E(X), natural_number: $n, void: Void, implies: P

Q, false: False, not:

A, le: A

B, real:

, rationals:

, less_than: a < b, prop:

, Paxos-spec6-body: Paxos-spec6-body, uimplies: b supposing a, int:

, bool:

, product: x:A

B[x], paxos-acceptor-state: AcceptorState, union: left + right, subtype: S

T, subtype_rel: A

r B, atom: Atom, apply: f a, top: Top, token: "$token", ifthenelse: if b then t else f fi , record-select: r.x, nat:

, event_ordering: EO, es-E: E, lambda:

x.A[x], so_lambda:

x y.t[x; y], eclass: EClass(A[eo; e]), set: {x:A| B[x]} , nat_plus:

, dep-isect: Error :dep-isect, eq_atom: x =a y, eq_atom: eq_atom$n(x;y), record+: record+, all:

x:A. B[x], function: x:A

B[x], isect:

x:A. B[x], uall:

[x:A]. B[x], list: type List, Id: Id, universe: Type, member: t

T, equal: s = t, event-ordering+: EO+(Info), tactic: Error :tactic, proper-iseg: L1 < L2, iseg: l1

l2, gt: i > j, infix_ap: x f y, es-causl: (e < e'), es-locl: (e <loc e'), IdLnk: IdLnk, append: as @ bs, locl: locl(a), Knd: Knd, so_apply: x[s], so_apply: x[s1;s2], so_lambda:

x.t[x], sqequal: s ~ t, squash:

T, MaAuto: Error :MaAuto, AssertBY: Error :AssertBY, CollapseTHEN: Error :CollapseTHEN, Complete: Error :Complete, ORELSE: Error :ORELSE, Auto: Error :Auto, CollapseTHENA: Error :CollapseTHENA
Lemmas : squash_wf, set_subtype_base, not_wf, true_wf, ifthenelse_wf, false_wf, uiff_inversion, es-locl-total, es-locl_wf, es-causl_wf, eclass_wf, event-ordering+_wf, event-ordering+_inc, subtype_rel_self, es-E_wf, Id_wf, nat_wf, bool_wf, paxos-acceptor-state_wf, nat_plus_wf, Paxos-spec6-body_wf, nat_plus_properties, le_wf, nat_plus_inc, es-E-interface_wf, member_wf, es-interface-top, eclass-val_wf, assert_wf, subtype_base_sq, bool_subtype_base, assert_elim, in-eclass_wf, subtype_rel_wf, length_wf_nat

\mforall{}[Info:Type]. \mforall{}[es:EO+(Info)]. \mforall{}[failset:Id List]. \mforall{}[T:Type]. \mforall{}[f:\mBbbN{}\msupplus{}]. \mforall{}[acceptors:Id List]. \mforall{}[Reserve,NoProposal,NewBallot:EClass(\mBbbN{})]. \mforall{}[VoteState:EClass(AcceptorState)]. \mforall{}[Proposal:EClass(\mBbbN{} \mtimes{} T)]. \mforall{}[AcceptOrReject:EClass(\mBbbN{} \mtimes{} T \mtimes{} \mBbbB{})]. \mforall{}[leader:\mBbbN{} {}\mrightarrow{} Id]. \mforall{}[Decide,Input:EClass(T)]. \mforall{}[Vote:EClass(Id \mtimes{} \mBbbN{} \mtimes{} \mBbbB{})]. \mforall{}[Collect:EClass(\mBbbN{} \mtimes{} \mBbbZ{} \mtimes{} T)]. \mforall{}[nb1,nb2:E(NewBallot)]. nb1 = nb2 supposing NewBallot(nb1) = NewBallot(nb2) supposing Paxos-spec6-body\{i:l\}(Info;es;T;f;acceptors; Reserve;VoteState;Proposal; AcceptOrReject;leader;Decide; Vote;Input;Collect;NoProposal; NewBallot;failset) Date html generated: 2011_10_20-PM-04_39_15 Last ObjectModification: 2011_06_18-PM-02_03_53 Home Index