Nuprl Lemma : Paxos-spec6-Proposals-increase

[Info:Type].

[es:EO+(Info)].

[failset:Id List].

[T:Type].

[f:

].

[acceptors:Id List].

[Reserve,NoProposal,NewBallot:EClass(

)].

[VoteState:EClass(AcceptorState)].

[Proposal:EClass(

T)].

[AcceptOrReject:EClass(

T

)].

[leader:

Id].

[Decide,Input:EClass(T)].

[Vote:EClass(Id

)].

[Collect:EClass(

T)].

[p1,p2:E(Proposal)].  (fst(Proposal(p1))) < (fst(Proposal(p2))) supposing (p1 <loc p2)
  supposing Paxos-spec6-body{i:l}(Info;es;T;f;acceptors;
                                  Reserve;VoteState;Proposal;
                                  AcceptOrReject;leader;Decide;
                                  Vote;Input;Collect;NoProposal;
                                  NewBallot;failset)

Proof not projected

Definitions occuring in Statement : Paxos-spec6-body: Paxos-spec6-body, paxos-acceptor-state: AcceptorState, es-E-interface: E(X), eclass-val: X(e), eclass: EClass(A[eo; e]), event-ordering+: EO+(Info), es-locl: (e <loc e'), Id: Id, bool:

, nat_plus:

, nat:

, uimplies: b supposing a, uall:

[x:A]. B[x], pi1: fst(t), less_than: a < b, function: x:A

B[x], product: x:A

B[x], list: type List, int:

, universe: Type
Definitions : squash:

T, bag_only_single: bag_only_single{bag_only_single_compseq_tag_def:o}(x), bag_size_single: bag_size_single{bag_size_single_compseq_tag_def:o}(x), bag-only: only(bs), bag-size: bag-size(bs), bag_size_empty: bag_size_empty{bag_size_empty_compseq_tag_def:o}, limited-type: LimitedType, bfalse: ff, eq_bool: p =b q, le_int: i

z j, eq_int: (i =

j), null: null(as), set_blt: a <

b, grp_blt: a <

b, dcdr-to-bool: [d]

, bl-all: (

x

L.P[x])_b, bl-exists: (

x

L.P[x])_b, b-exists: (

i<n.P[i])_b, eq_type: eq_type(T;T'), qeq: qeq(r;s), q_less: q_less(r;s), q_le: q_le(r;s), deq-member: deq-member(eq;x;L), deq-disjoint: deq-disjoint(eq;as;bs), deq-all-disjoint: deq-all-disjoint(eq;ass;bs), eq_id: a = b, eq_lnk: a = b, es-eq-E: e = e', es-bless: e <loc e', es-ble: e

loc e', bimplies: p

q, band: p

q, bor: p

q, bnot:

b, unit: Unit, eclass-compose1: f o X, grp_car: |g|, cand: A c

B, guard: {T}, btrue: tt, sq_type: SQType(T), true: True, real:

, rationals:

, atom: Atom, es-base-E: es-base-E(es), token: "$token", bag: bag(T), record-select: r.x, infix_ap: x f y, es-causl: (e < e'), alle-lt:

e<e'.P[e], es-le: e

loc e' , es-causle: e c

e', l_all: (

x

L.P[x]), natural_number: $n, add: n + m, length: ||as||, apply: f a, es-loc: loc(e), fpf: a:A fp-> B[a], l_member: (x

l), rev_implies: P

Q, iff: P

Q, union: left + right, or: P

Q, void: Void, false: False, eq_atom: x =a y, eq_atom: eq_atom$n(x;y), exists:

x:A. B[x], decide: case b of inl(x) => s[x] | inr(y) => t[y], es-class-causal-mrel-fail: es-class-causal-mrel-fail, es-class-def: es-class-def, es-class-causal-rel-fail: es-class-causal-rel-fail, implies: P

Q, no_repeats: no_repeats(T;l), dep-isect: Error :dep-isect, record+: record+, strong-subtype: strong-subtype(A;B), le: A

B, ge: i

j , not:

A, uiff: uiff(P;Q), paxos-acceptor-state: AcceptorState, bool:

, subtype_rel: A

r B, int:

, set: {x:A| B[x]} , es-E: E, subtype: S

T, all:

x:A. B[x], axiom: Ax, prop:

, member: t

T, universe: Type, nat_plus:

, list: type List, Id: Id, function: x:A

B[x], so_lambda:

x y.t[x; y], uall:

[x:A]. B[x], so_lambda:

x.t[x], uimplies: b supposing a, isect:

x:A. B[x], es-locl: (e <loc e'), event-ordering+: EO+(Info), event_ordering: EO, es-E-interface: E(X), top: Top, Paxos-spec6-body: Paxos-spec6-body, RepeatFor: Error :RepeatFor, D: Error :D, MaAuto: Error :MaAuto, AssertBY: Error :AssertBY, assert:

b, in-eclass: e

X, and: P

Q, less_than: a < b, pi2: snd(t), pi1: fst(t), eclass-val: X(e), CollapseTHEN: Error :CollapseTHEN, CollapseTHENA: Error :CollapseTHENA, equal: s = t, eclass: EClass(A[eo; e]), product: x:A

B[x], nat:

, es-filter-image: f[X], lambda:

x.A[x], spreadn: spread3, ifthenelse: if b then t else f fi , lt_int: i <z j, single-bag: {x}, pair: <a, b>, empty-bag: {}, multiply: n * m, it:

, paxos-state-reservation: Reservation(s), es-interface-predecessors:

(X)(e), filter: filter(P;l), es-first-at: e is first@ i s.t. e.P[e], IdLnk: IdLnk, proper-iseg: L1 < L2, iseg: l1

l2, l_exists: (

x

L. P[x]), gt: i > j, map: map(f;as), eq_knd: a = b, fpf-dom: x

dom(f), intensional-universe: IType, nil: [], list_ind: list_ind def, int_eq: if a=b then c else d, atom_eq: atomeqn def, sqequal: s ~ t, so_apply: x[s], append: as @ bs, locl: locl(a), Knd: Knd, atom: Atom$n, id-deq: IdDeq, paxos-state-info: Info(s), es-tagged-true-class: Tagged_tt(X), MaxVote: MaxVote(es;T;Vote;e;s), paxos-state-name: Name(s), paxos-state-value: Value(s), es-prior-val: (X)', minus: -n, mapfilter: mapfilter(f;P;L), paxos-state-ballot: Ballot(s), list-max: list-max(x.f[x];L), spread: spread def, let: let, l_contains: A

B, inject: Inj(A;B;f), reducible: reducible(a), prime: prime(a), fun-connected: y is f*(x), qle: r

s, qless: r < s, q-rel: q-rel(r;x), sq_exists:

x:{A| B[x]}, i-finite: i-finite(I), i-closed: i-closed(I), p-outcome: Outcome, dstype: dstype(TypeNames; d; a), fset-member: a

s, f-subset: xs

ys, fset: FSet{T}, fset-closed: (s closed under fs), MaName: MaName, l_disjoint: l_disjoint(T;l1;l2), consensus-state3: consensus-state3(T), cs-not-completed: in state s, a has not completed inning i, cs-archived: by state s, a archived v in inning i, cs-passed: by state s, a passed inning i without archiving a value, cs-inning-committed: in state s, inning i has committed v, cs-inning-committable: in state s, inning i could commit v , cs-archive-blocked: in state s, ws' blocks ws from archiving v in inning i, cs-precondition: state s may consider v in inning i, consensus-rcv: consensus-rcv(V;A), existse-before:

e<e'.P[e], existse-le:

e

e'.P[e], alle-le:

e

e'.P[e], alle-between1:

e

[e1,e2).P[e], existse-between1:

e

[e1,e2).P[e], alle-between2:

e

[e1,e2].P[e], existse-between2:

e

[e1,e2].P[e], existse-between3:

e

(e1,e2].P[e], es-fset-loc: i

locs(s), es-r-immediate-pred: es-r-immediate-pred(es;R;e';e), same-thread: same-thread(es;p;e;e'), collect-event: collect-event(es;X;n;v.num[v];L.P[L];e), cut-order: a

(X;f) b, path-goes-thru: x-f*-y thru i, ses-legal-sequence: Legal(pas) given prvt, ses-action: Action(e), runEvents: runEvents(r), decidable: Dec(P), lg-edge: lg-edge(g;a;b), int_nzero:

Lemmas : length_wf1, es-locl_irreflexivity, es-le_weakening_eq, es-locl_transitivity2, es-first-at-unique, int_sq, decidable__equal_int, first-at-filter-interface-predecessors1, alle-lt_wf, set_subtype_base, int_subtype_base, es-loc_wf, paxos-state-reservation_wf, es-interface-predecessors_wf, mapfilter_wf, paxos-state-ballot_wf, list-max_wf, pos_length2, length_wf_nat, list-subtype, l_member_wf, uiff_wf, assert-eq-id, nat_properties, btrue_wf, bfalse_wf, unit_wf, intensional-universe_wf, es-interface-val_wf2, pos-length, equal-nil-sq-nil, filter_wf, length-map, filter_type, list-max-property2, es-prior-val_wf, paxos-state-value_wf, assert_of_eq_int, not_functionality_wrt_uiff, es-E_wf, event-ordering+_inc, es-locl_wf, es-E-interface_wf, Paxos-spec6-body_wf, eclass_wf, nat_wf, Id_wf, nat_plus_wf, event-ordering+_wf, uall_wf, Paxos-spec6-Collect-invariant, member_wf, subtype_rel_wf, es-interface-top, nat_plus_inc, bool_wf, paxos-acceptor-state_wf, es-base-E_wf, subtype_rel_self, nat_plus_properties, le_wf, assert_wf, false_wf, ifthenelse_wf, in-eclass_wf, true_wf, subtype_base_sq, bool_subtype_base, assert_elim, pi1_wf_top, eclass-val_wf, top_wf, pi2_wf, eqtt_to_assert, not_wf, uiff_transitivity, eqff_to_assert, assert_of_bnot, bnot_wf, pi1_wf, eq_int_wf, bag-size_wf, assert_of_lt_int, assert_functionality_wrt_uiff, bnot_of_lt_int, assert_of_le_int, le_int_wf, lt_int_wf

\mforall{}[Info:Type]. \mforall{}[es:EO+(Info)]. \mforall{}[failset:Id List]. \mforall{}[T:Type]. \mforall{}[f:\mBbbN{}\msupplus{}]. \mforall{}[acceptors:Id List]. \mforall{}[Reserve,NoProposal,NewBallot:EClass(\mBbbN{})]. \mforall{}[VoteState:EClass(AcceptorState)]. \mforall{}[Proposal:EClass(\mBbbN{} \mtimes{} T)]. \mforall{}[AcceptOrReject:EClass(\mBbbN{} \mtimes{} T \mtimes{} \mBbbB{})]. \mforall{}[leader:\mBbbN{} {}\mrightarrow{} Id]. \mforall{}[Decide,Input:EClass(T)]. \mforall{}[Vote:EClass(Id \mtimes{} \mBbbN{} \mtimes{} \mBbbB{})]. \mforall{}[Collect:EClass(\mBbbN{} \mtimes{} \mBbbZ{} \mtimes{} T)]. \mforall{}[p1,p2:E(Proposal)]. (fst(Proposal(p1))) < (fst(Proposal(p2))) supposing (p1 <loc p2) supposing Paxos-spec6-body\{i:l\}(Info;es;T;f;acceptors; Reserve;VoteState;Proposal; AcceptOrReject;leader;Decide; Vote;Input;Collect;NoProposal; NewBallot;failset) Date html generated: 2011_10_20-PM-04_40_17 Last ObjectModification: 2011_06_18-PM-02_06_15 Home Index