Nuprl Lemma : Paxos-spec6-implies-Paxos-spec5

[Info:Type]

es:EO+(Info)

[T:Type]

leader:

Id.

failset:Id List.

Reserve:EClass(

).

Decide,Input:EClass(T).
(Paxos-spec6{i:l}(Info; es; T; leader; failset; Reserve; Decide; Input)

Paxos-spec5{i:l}(Info; es; T; Decide; Input))

Proof not projected

Definitions occuring in Statement : Paxos-spec6: Paxos-spec6{i:l}(Info; es; T; leader; failset; Reserve; Decide; Input), Paxos-spec5: Paxos-spec5{i:l}(Info; es; T; Decide; Input), eclass: EClass(A[eo; e]), event-ordering+: EO+(Info), Id: Id, nat:

, uall:

[x:A]. B[x], all:

x:A. B[x], implies: P

Q, function: x:A

B[x], list: type List, universe: Type
Definitions : paxos-state-ballot: Ballot(s), map: map(f;as), imax-list: imax-list(L), inl: inl x , minus: -n, es-interface-predecessors:

(X)(e), eq_int: (i =

j), filter: filter(P;l), l_all: (

x

L.P[x]), in-eclass: e

X, bfalse: ff, pi2: snd(t), pi1: fst(t), paxos-state-info: Info(s), paxos-state-name: Name(s), paxos-state-reservation: Reservation(s), eclass-val: X(e), es-loc: loc(e), multiply: n * m, add: n + m, length: ||as||, atom: Atom, es-base-E: es-base-E(es), token: "$token", record-select: r.x, natural_number: $n, real:

, rationals:

, decide: case b of inl(x) => s[x] | inr(y) => t[y], ifthenelse: if b then t else f fi , void: Void, MaxVote: MaxVote(es;T;Vote;e;s), unit: Unit, l_exists: (

x

L. P[x]), apply: f a, let: let, es-causle: e c

e', so_lambda:

x.t[x], es-first-at: e is first@ i s.t. e.P[e], top: Top, es-E-interface: E(X), es-locl: (e <loc e'), bag: bag(T), false: False, l_member: (x

l), alle-lt:

e<e'.P[e], es-le: e

loc e' , pair: <a, b>, union: left + right, or: P

Q, rev_implies: P

Q, iff: P

Q, es-class-causal-mrel-fail: es-class-causal-mrel-fail, es-class-def: es-class-def, es-class-causal-rel-fail: es-class-causal-rel-fail, no_repeats: no_repeats(T;l), assert:

b, Paxos-spec6-body: Paxos-spec6-body, int:

, bool:

, paxos-acceptor-state: AcceptorState, nat_plus:

, subtype: S

T, event_ordering: EO, es-E: E, lambda:

x.A[x], equal: s = t, member: t

T, eq_atom: x =a y, eq_atom: eq_atom$n(x;y), dep-isect: Error :dep-isect, record+: record+, strong-subtype: strong-subtype(A;B), le: A

B, ge: i

j , not:

A, less_than: a < b, uimplies: b supposing a, and: P

Q, uiff: uiff(P;Q), subtype_rel: A

r B, Paxos-spec5-body: Paxos-spec5-body{i:l}(Info; es; T; f; acceptors; Reserve; VoteState; Proposal; Accept; leader; Decide; OK; Input), prop:

, Paxos-spec6: Paxos-spec6{i:l}(Info; es; T; leader; failset; Reserve; Decide; Input), event-ordering+: EO+(Info), uall:

[x:A]. B[x], isect:

x:A. B[x], implies: P

Q, Paxos-spec5: Paxos-spec5{i:l}(Info; es; T; Decide; Input), exists:

x:A. B[x], product: x:A

B[x], set: {x:A| B[x]} , universe: Type, nat:

, list: type List, Id: Id, eclass: EClass(A[eo; e]), so_lambda:

x y.t[x; y], function: x:A

B[x], all:

x:A. B[x], Try: Error :Try, CollapseTHEN: Error :CollapseTHEN, D: Error :D, Unfolds: Error :Unfolds, AllHyps: Error :AllHyps, Auto: Error :Auto, MaAuto: Error :MaAuto, es-tagged-true-class: Tagged_tt(X), ExRepD: Error :ExRepD, RepeatFor: Error :RepeatFor, Unfold: Error :Unfold, tactic: Error :tactic, infix_ap: x f y, es-causl: (e < e'), id-deq: IdDeq, deq-member: deq-member(eq;x;L), paxos-state-value: Value(s), list-max: list-max(x.f[x];L), spread: spread def, mapfilter: mapfilter(f;P;L), es-prior-val: (X)', eq_bool: p =b q, band: p

q, bnot:

b, squash:

T, guard: {T}, btrue: tt, sq_type: SQType(T), true: True, cand: A c

B, fpf: a:A fp-> B[a], lt_int: i <z j, empty-bag: {}, single-bag: {x}, le_int: i

z j, spreadn: spread3, es-filter-image: f[X], Complete: Error :Complete, ParallelOp: Error :ParallelOp, it:

, atom: Atom$n, sqequal: s ~ t, so_apply: x[s], permutation: permutation(T;L1;L2), quotient: x,y:A//B[x; y], grp_car: |g|, axiom: Ax, bag-size: bag-size(bs), record: record(x.T[x]), is_list_splitting: is_list_splitting(T;L;LL;L2;f), is_accum_splitting: is_accum_splitting(T;A;L;LL;L2;f;g;x), req: x = y, rnonneg: rnonneg(r), rleq: x

y, i-member: r

I, partitions: partitions(I;p), modulus-of-ccontinuity: modulus-of-ccontinuity(omega;I;f), fpf-sub: f

g, sq_stable: SqStable(P), so_apply: x[s1;s2], bag-only: only(bs), proper-iseg: L1 < L2, iseg: l1

l2, nil: [], gt: i > j, listp: A List

, combination: Combination(n;T), limited-type: LimitedType, set_car: |p|, rng_car: |r|, int_seg: {i..j

}, divides: b | a, assoced: a ~ b, set_leq: a

b, set_lt: a <p b, grp_lt: a < b, dstype: dstype(TypeNames; d; a), fset: FSet{T}, MaName: MaName, consensus-state3: consensus-state3(T), consensus-rcv: consensus-rcv(V;A), runEvents: runEvents(r), l_contains: A

B, inject: Inj(A;B;f), reducible: reducible(a), prime: prime(a), fun-connected: y is f*(x), qle: r

s, qless: r < s, q-rel: q-rel(r;x), sq_exists:

x:{A| B[x]}, i-finite: i-finite(I), i-closed: i-closed(I), p-outcome: Outcome, fset-member: a

s, f-subset: xs

ys, fset-closed: (s closed under fs), l_disjoint: l_disjoint(T;l1;l2), cs-not-completed: in state s, a has not completed inning i, cs-archived: by state s, a archived v in inning i, cs-passed: by state s, a passed inning i without archiving a value, cs-archive-blocked: in state s, ws' blocks ws from archiving v in inning i, cs-precondition: state s may consider v in inning i, cs-inning-committed: in state s, inning i has committed v, cs-inning-committable: in state s, inning i could commit v , existse-before:

e<e'.P[e], existse-le:

e

e'.P[e], alle-le:

e

e'.P[e], alle-between1:

e

[e1,e2).P[e], existse-between1:

e

[e1,e2).P[e], alle-between2:

e

[e1,e2].P[e], existse-between2:

e

[e1,e2].P[e], existse-between3:

e

(e1,e2].P[e], es-fset-loc: i

locs(s), es-r-immediate-pred: es-r-immediate-pred(es;R;e';e), same-thread: same-thread(es;p;e;e'), collect-event: collect-event(es;X;n;v.num[v];L.P[L];e), cut-order: a

(X;f) b, path-goes-thru: x-f*-y thru i, lg-edge: lg-edge(g;a;b), ses-action: Action(e), ses-legal-sequence: Legal(pas) given prvt, decidable: Dec(P), append: as @ bs, locl: locl(a), IdLnk: IdLnk, Knd: Knd, bag_size_empty: bag_size_empty{bag_size_empty_compseq_tag_def:o}, bag_only_single: bag_only_single{bag_only_single_compseq_tag_def:o}(x), bag_size_single: bag_size_single{bag_size_single_compseq_tag_def:o}(x), null: null(as), set_blt: a <

b, grp_blt: a <

b, dcdr-to-bool: [d]

, bl-all: (

x

L.P[x])_b, bl-exists: (

x

L.P[x])_b, b-exists: (

i<n.P[i])_b, eq_type: eq_type(T;T'), qeq: qeq(r;s), q_less: q_less(r;s), q_le: q_le(r;s), deq-disjoint: deq-disjoint(eq;as;bs), deq-all-disjoint: deq-all-disjoint(eq;ass;bs), eq_id: a = b, eq_lnk: a = b, es-eq-E: e = e', es-bless: e <loc e', es-ble: e

loc e', bimplies: p

q, bor: p

q, intensional-universe: IType, compose: f o g, fpf-dom: x

dom(f), RepUR: Error :RepUR, CollapseTHENM: Error :CollapseTHENM, Subst': Error :Subst', inr: inr x , outl: outl(x), base: Base, ma-state: State(ds), es-interface-part: (X|g=i), class-program: ClassProgram(T), es-empty-interface: Empty, cond-class: [X?Y], es-prior-interface: prior(X), tag-by: z

T, ldag: LabeledDAG(T), labeled-graph: LabeledGraph(T), dataflow: dataflow(A;B), isect2: T1

T2, b-union: A

B, fpf-cap: f(x)?z, imax-class: (maximum f[v]

lb with v from X), es-prior-class-when: (X'?d) when Y, map-class: (f[v] where v from X), es-interface-at: X@i, eclass-compose1: f o X, CollapseTHENA: Error :CollapseTHENA, rev_uimplies: rev_uimplies(P;Q), eq_knd: a = b, deq: EqDecider(T), int_nzero:

, THENM: Error :THENM, list_ind: list_ind def, uni_sat: a = !x:T. Q[x], inv_funs: InvFuns(A;B;f;g), eqfun_p: IsEqFun(T;eq), refl: Refl(T;x,y.E[x; y]), urefl: UniformlyRefl(T;x,y.E[x; y]), sym: Sym(T;x,y.E[x; y]), usym: UniformlySym(T;x,y.E[x; y]), trans: Trans(T;x,y.E[x; y]), utrans: UniformlyTrans(T;x,y.E[x; y]), anti_sym: AntiSym(T;x,y.R[x; y]), uanti_sym: UniformlyAntiSym(T;x,y.R[x; y]), connex: Connex(T;x,y.R[x; y]), uconnex: uconnex(T; x,y.R[x; y]), coprime: CoPrime(a,b), ident: Ident(T;op;id), assoc: Assoc(T;op), comm: Comm(T;op), inverse: Inverse(T;op;id;inv), bilinear: BiLinear(T;pl;tm), bilinear_p: IsBilinear(A;B;C;+a;+b;+c;f), action_p: IsAction(A;x;e;S;f), dist_1op_2op_lr: Dist1op2opLR(A;1op;2op), fun_thru_1op: fun_thru_1op(A;B;opa;opb;f), fun_thru_2op: FunThru2op(A;B;opa;opb;f), cancel: Cancel(T;S;op), monot: monot(T;x,y.R[x; y];f), monoid_p: IsMonoid(T;op;id), group_p: IsGroup(T;op;id;inv), monoid_hom_p: IsMonHom{M1,M2}(f), grp_leq: a

b, integ_dom_p: IsIntegDom(r), prime_ideal_p: IsPrimeIdeal(R;P), value-type: value-type(T), valueall-type: valueall-type(T), atom_eq: atomeqn def, int_eq: if a=b then c else d, cons: [car / cdr], HypSubst: Error :HypSubst, AssertBY: Error :AssertBY
Lemmas : assert_of_eq_bool, and_functionality_wrt_uiff, assert_of_band, btrue_neq_bfalse, eq_int_eq_true, band_wf, filter-sq, eq_bool_wf, btrue_wf, property-from-l_member, sq_stable_wf, sq_stable_from_decidable, list-subtype, list-set-type2, l_all_wf, decidable__l_all-better-extract, decidable__equal_Id, bfalse_wf, sq_stable__iff, sq_stable__and, filter-filter, interface-predecessors-tagged-true, uiff_wf, assert-eq-id, sq_stable__all, sq_stable__equal, es-interface-val_wf2, es-interface-val_wf, event_ordering_wf, pair_eta_rw, subtype_rel_set, subtype_rel_sets, is-tagged-true, es-interface-at_wf, member-interface-at, tagged-true-subtype, tagged-true-property, tagged-true-val, pair_wf, member_map, bool_cases, prior-val-val, es-le_weakening, member_null, map-map, iff_wf, rev_implies_wf, list-max-imax-list, intensional-universe_wf, atom2_subtype_base, pi1_wf, alle-lt_wf, bnot_wf, le_int_wf, assert_of_le_int, bnot_of_lt_int, assert_functionality_wrt_uiff, eqff_to_assert, uiff_transitivity, assert_of_lt_int, eqtt_to_assert, paxos-state-value_wf, pi2_wf, bag-only_wf, assert_of_eq_int, assert_of_bnot, not_functionality_wrt_uiff, decidable__cand, decidable__equal_int, decidable__le, decidable__lt, decidable__l_exists_better-extract, decidable__equal_union, decidable__equal_product, decidable__equal_nat, decidable__equal_unit, int_subtype_base, list-max_wf, map_length, list-max-property2, list_subtype_base, set_subtype_base, pos_length2, imax-list_wf, map_wf, paxos-state-ballot_wf, length-map, pos-length, not_wf, equal-nil-sq-nil, non_neg_length, es-interface-subtype_rel2, es-filter-image-val, sq_stable__assert, bag-size_wf, eq_int_wf, es-interface-predecessors_wf, filter_wf, length_wf1, assert_witness, es-prior-val_wf, es-is-filter-image, permutation_wf, lt_int_wf, nat_properties, bag_wf, single-bag_wf, empty-bag_wf, squash_wf, top_wf, pi1_wf_top, es-interface-top, subtype_rel_wf, member_wf, es-loc_wf, eclass-val_wf, paxos-state-info_wf, paxos-state-reservation_wf, length_wf_nat, assert_wf, false_wf, ifthenelse_wf, in-eclass_wf, true_wf, bool_wf, subtype_base_sq, bool_subtype_base, assert_elim, eclass_wf, nat_wf, Id_wf, Paxos-spec5-body_wf, nat_plus_inc, event-ordering+_wf, event-ordering+_inc, es-E_wf, Paxos-spec6_wf, Paxos-spec5_wf, paxos-acceptor-state_wf, es-tagged-true-class_wf, es-locl_wf, es-E-interface_wf, es-first-at_wf, es-causle_wf, le_wf, es-le_wf, l_member_wf, unit_wf, l_exists_wf, MaxVote_wf, no_repeats_wf, nat_plus_properties, es-base-E_wf, subtype_rel_self

\mforall{}[Info:Type] \mforall{}es:EO+(Info) \mforall{}[T:Type] \mforall{}leader:\mBbbN{} {}\mrightarrow{} Id. \mforall{}failset:Id List. \mforall{}Reserve:EClass(\mBbbN{}). \mforall{}Decide,Input:EClass(T). (Paxos-spec6\{i:l\}(Info; es; T; leader; failset; Reserve; Decide; Input) {}\mRightarrow{} Paxos-spec5\{i:l\}(Info; es; T; Decide; Input)) Date html generated: 2011_10_20-PM-04_36_52 Last ObjectModification: 2011_06_18-PM-02_02_27 Home Index