Nuprl Lemma : Paxos-spec8-spec7

[Info:Type]

es:EO+(Info)

[T:Type]

leader:

Id.

failset:Id List.

1a:EClass(Id

).

X,Y:EClass(T).
(Paxos-spec8{i:l}(Info; es; T; leader; failset; 1a; X; Y)

Paxos-spec7{i:l}(Info; es; T; leader; failset; (snd(p) where p from 1a); X; Y))

Proof not projected

Definitions occuring in Statement : Paxos-spec8: Paxos-spec8{i:l}(Info; es; T; leader; failset; 1a; Decide; Input), Paxos-spec7: Paxos-spec7{i:l}(Info; es; T; leader; failset; Reserve; Decide; Input), map-class: (f[v] where v from X), eclass: EClass(A[eo; e]), event-ordering+: EO+(Info), Id: Id, nat:

, uall:

[x:A]. B[x], pi2: snd(t), all:

x:A. B[x], implies: P

Q, function: x:A

B[x], product: x:A

B[x], list: type List, universe: Type
Definitions : btrue: tt, es-collect-filter-max: Collect(size v's from X with maximum num[v] such that P[v] return <num[v],n,v> with n = maximum f[v]), paxos-state-value: Value(s), paxos-state-ballot: Ballot(s), spreadn: spread4, paxos-state-name: Name(s), paxos-state-reservation: Reservation(s), MaxVote: MaxVote(es;T;Vote;e;s), es-class-causal-rel-fail: es-class-causal-rel-fail, so_lambda: so_lambda(x,y,z.t[x; y; z]), es-class-causal-mrel-fail: es-class-causal-mrel-fail, l_all: (

x

L.P[x]), es-causle: e c

e', decision: Decision, accum_list: accum_list(a,x.f[a; x];x.base[x];L), max-f-class: (v from X with maximum f[v]), so_apply: x[s], list_accum: list_accum(x,a.f[x; a];y;l), rev_implies: P

Q, iff: P

Q, p-outcome: Outcome, less: if (a) < (b) then c else d, base: Base, grp_car: |g|, es-prior-val: (X)', es-interface-predecessors:

(X)(e), outl: outl(x), isl: isl(x), list-max: list-max(x.f[x];L), int_nzero:

, es-first-at: e is first@ i s.t. e.P[e], id-deq: IdDeq, deq-member: deq-member(eq;x;L), filter: filter(P;l), es-locl: (e <loc e'), alle-lt:

e<e'.P[e], bfalse: ff, es-le: e

loc e' , or: P

Q, es-collect-filter: Collect(size v's from X with maximum num[v] such that P[v]), es-interface-pair-prior: X;Y, eq_int: (i =

j), mapfilter-class: (f[v] where v from X such that P[v]), es-class-mcast-fail: es-class-mcast-fail, es-class-reply-or-fail: es-class-reply-or-fail, accum-class: accum-class(a,x.f[a; x];x.base[x];X), es-tagged-true-class: Tagged_tt(X), minus: -n, es-prior-class-when: (X'?d) when Y, imax: imax(a;b), es-interface-accum: es-interface-accum(f;x;X), le_int: i

z j, it:

, inr: inr x , inl: inl x , lt_int: i <z j, es-filter-image: f[X], in-eclass: e

X, eclass-val: X(e), es-loc: loc(e), multiply: n * m, length: ||as||, add: n + m, es-collect-opt-max: es-collect-opt-max, decide: case b of inl(x) => s[x] | inr(y) => t[y], sqequal: s ~ t, natural_number: $n, real:

, rationals:

, atom: Atom, top: Top, es-base-E: es-base-E(es), token: "$token", ifthenelse: if b then t else f fi , record-select: r.x, es-E-interface: E(X), guard: {T}, sq_type: SQType(T), l_member: (x

l), spread: spread def, fpf: a:A fp-> B[a], void: Void, atom: Atom$n, false: False, apply: f a, let: let, no_repeats: no_repeats(T;l), assert:

b, Paxos-spec8-body: Paxos-spec8-body{i:l}(es; Info; T; f; acceptors; leader; Input; Decide; 1a; 1b; 2a; 2b; failset), subtype: S

T, event_ordering: EO, es-E: E, lambda:

x.A[x], equal: s = t, member: t

T, strong-subtype: strong-subtype(A;B), eq_atom: x =a y, eq_atom: eq_atom$n(x;y), dep-isect: Error :dep-isect, record+: record+, le: A

B, ge: i

j , not:

A, less_than: a < b, uimplies: b supposing a, and: P

Q, uiff: uiff(P;Q), subtype_rel: A

r B, Paxos-spec7-body: Paxos-spec7-body, so_lambda:

x.t[x], prop:

, Paxos-spec8: Paxos-spec8{i:l}(Info; es; T; leader; failset; 1a; Decide; Input), event-ordering+: EO+(Info), uall:

[x:A]. B[x], isect:

x:A. B[x], implies: P

Q, Paxos-spec7: Paxos-spec7{i:l}(Info; es; T; leader; failset; Reserve; Decide; Input), exists:

x:A. B[x], nat_plus:

, set: {x:A| B[x]} , universe: Type, list: type List, so_lambda:

x y.t[x; y], all:

x:A. B[x], function: x:A

B[x], Try: Error :Try, tactic: Error :tactic, RepeatFor: Error :RepeatFor, ParallelOp: Error :ParallelOp, spreadn: spread3, paxos-acceptor-state: AcceptorState, abbreviation: VoteState, Auto: Error :Auto, D: Error :D, int:

, abbreviation: Collect1, abbreviation: NoProposal, abbreviation: Proposal, abbreviation: MaxReserve, abbreviation: AcceptOrReject, MaAuto: Error :MaAuto, abbreviation: AcceptOrRejectTaggedTrue, abbreviation: Accept, abbreviation: MaxAccept, union: left + right, unit: Unit, abbreviation: Vote, ExRepD: Error :ExRepD, CollapseTHEN: Error :CollapseTHEN, eclass: EClass(A[eo; e]), product: x:A

B[x], Id: Id, nat:

, bool:

, abbreviation: Vote', CollapseTHENA: Error :CollapseTHENA, map-class: (f[v] where v from X), pair: <a, b>, pi2: snd(t), pi1: fst(t), sum-map:

f[x] for x

L, sum:

(f[x] | x < k), true: True, rev_uimplies: rev_uimplies(P;Q), cand: A c

B, squash:

T, p-compose: f o g, paxos-state-info: Info(s), infix_ap: x f y, es-causl: (e < e'), can-apply: can-apply(f;x), fpf-cap: f(x)?z, limited-type: LimitedType, decide_bfalse: decide_bfalse{decide_bfalse_compseq_tag_def:o}(v11.g[v11]; v21.f[v21]), eq_bool: p =b q, null: null(as), set_blt: a <

b, grp_blt: a <

b, dcdr-to-bool: [d]

, bl-all: (

x

L.P[x])_b, bl-exists: (

x

L.P[x])_b, b-exists: (

i<n.P[i])_b, eq_type: eq_type(T;T'), qeq: qeq(r;s), q_less: q_less(r;s), q_le: q_le(r;s), deq-disjoint: deq-disjoint(eq;as;bs), deq-all-disjoint: deq-all-disjoint(eq;ass;bs), eq_str: Error :eq_str, eq_id: a = b, eq_lnk: a = b, es-eq-E: e = e', es-bless: e <loc e', es-ble: e

loc e', bimplies: p

q, band: p

q, bor: p

q, max-fst-class: MaxFst(X), bnot:

b, map: map(f;as), imax-list: imax-list(L), es-init: es-init(es;e), es-pred: pred(e), existse-before:

e<e'.P[e], existse-le:

e

e'.P[e], alle-le:

e

e'.P[e], alle-between1:

e

[e1,e2).P[e], existse-between1:

e

[e1,e2).P[e], alle-between2:

e

[e1,e2].P[e], existse-between2:

e

[e1,e2].P[e], existse-between3:

e

(e1,e2].P[e], es-fset-loc: i

locs(s), es-r-immediate-pred: es-r-immediate-pred(es;R;e';e), same-thread: same-thread(es;p;e;e'), collect-event: collect-event(es;X;n;v.num[v];L.P[L];e), cut-order: a

(X;f) b, path-goes-thru: x-f*-y thru i, ses-legal-sequence: Legal(pas) given prvt, ses-action: Action(e), decidable: Dec(P), lg-edge: lg-edge(g;a;b), record: record(x.T[x]), is_list_splitting: is_list_splitting(T;L;LL;L2;f), is_accum_splitting: is_accum_splitting(T;A;L;LL;L2;f;g;x), req: x = y, rnonneg: rnonneg(r), rleq: x

y, i-member: r

I, partitions: partitions(I;p), modulus-of-ccontinuity: modulus-of-ccontinuity(omega;I;f), fpf-sub: f

g, sq_stable: SqStable(P), imax-class: (maximum f[v]

lb with v from X), deq: EqDecider(T), ma-state: State(ds), fpf-dom: x

dom(f), es-interface-at: X@i, es-interface-part: (X|g=i), class-program: ClassProgram(T), es-empty-interface: Empty, cond-class: [X?Y], es-prior-interface: prior(X), intensional-universe: IType, tag-by: z

T, ldag: LabeledDAG(T), labeled-graph: LabeledGraph(T), fset: FSet{T}, isect2: T1

T2, b-union: A

B, bag: bag(T), axiom: Ax, IdLnk: IdLnk, append: as @ bs, locl: locl(a), Knd: Knd, eq_knd: a = b, so_apply: x[s1;s2], Subst': Error :Subst', AssertBY: Error :AssertBY, Repeat: Error :Repeat, int_seg: {i..j

}, divides: b | a, assoced: a ~ b, set_leq: a

b, set_lt: a <p b, grp_lt: a < b, l_contains: A

B, inject: Inj(A;B;f), reducible: reducible(a), prime: prime(a), l_exists: (

x

L. P[x]), fun-connected: y is f*(x), qle: r

s, qless: r < s, q-rel: q-rel(r;x), i-finite: i-finite(I), i-closed: i-closed(I), fset-member: a

s, f-subset: xs

ys, fset-closed: (s closed under fs), l_disjoint: l_disjoint(T;l1;l2), cs-not-completed: in state s, a has not completed inning i, cs-archived: by state s, a archived v in inning i, cs-passed: by state s, a passed inning i without archiving a value, cs-archive-blocked: in state s, ws' blocks ws from archiving v in inning i, cs-precondition: state s may consider v in inning i, cs-inning-committed: in state s, inning i has committed v, cs-inning-committable: in state s, inning i could commit v
Lemmas : bfalse_wf, es-collect-filter_functionality, es-collect-filter_wf, mapfilter-class_wf, E-prior-class-when, prior-imax-class-lb2, uall_wf, imax-class_wf, assert_of_le_int, iff_functionality_wrt_iff, l_all_wf, l_all_wf2, not_functionality_wrt_iff, iff_transitivity, outl_wf, isl_wf, pair-prior-val, es-interface-pair-prior_wf, eq_int_wf, paxos-state-value_wf, assert_of_eq_int, not_functionality_wrt_uiff, is-pair-prior, es-interface-subtype_rel, es-collect-filter-max_wf, collect-filter-max-map-class, paxos-state-ballot_wf, btrue_wf, es-collect-filter-max_functionality, es-interface-val_wf2, intensional-universe_wf, es-interface-at_wf, member-interface-at, E-map-class, sq_stable__assert, is-prior-val, is-max-fst, es-le-not-locl, decidable__es-locl, decidable__es-le, es-causle-le, prior-val-val, max-fst-property, es-causl_wf, es-locl_transitivity1, es-causl_weakening, max-fst-class_wf, es-prior-val_wf, bnot_wf, assert_of_bnot, eqff_to_assert, uiff_transitivity, eqtt_to_assert, unit_subtype_base, int_subtype_base, set_subtype_base, product_subtype_base, union_subtype_base, es-E-interface_functionality, paxos-state-reservation_wf, paxos-state-name_wf, paxos-state-info_wf, bool_subtype_base, assert_elim, es-causle_wf, l_member_wf, squash_wf, iff_weakening_uiff, es-interface-extensionality, true_wf, atom2_subtype_base, uiff_inversion, in-eclass_wf, rev_implies_wf, es-loc_wf, eclass-val_wf, Paxos-spec8_wf, nat_plus_wf, Id_wf, eclass_wf, Paxos-spec7-body_wf, map-class_wf, nat_wf, pi2_wf, Paxos-spec7_wf, event-ordering+_wf, es-E_wf, event-ordering+_inc, paxos-acceptor-state_wf, bool_wf, nat_plus_inc, unit_wf, member_wf, es-base-E_wf, subtype_rel_self, nat_plus_properties, le_wf, is-map-class, subtype_rel_wf, es-interface-top, assert_wf, map-class-val, Paxos-spec8-locations, es-collect-opt-max_wf, pi1_wf_top, top_wf, alle-lt_wf, es-first-at_wf, uiff_wf, is-collect-opt-max, collect-opt-max-val, es-filter-image_wf, length_wf_nat, ifthenelse_wf, lt_int_wf, nat_properties, is-mapfilter-class, mapfilter-class-val, pi1_wf, subtype_base_sq, le_int_wf, es-interface-accum_wf, not_wf, false_wf, imax_wf, imax_ub, is-interface-accum, es-interface-accum-val, es-prior-class-when_wf, es-interface-subtype_rel2, es-tagged-true-class_wf, is-tagged-true, tagged-true-val, max-f-class_wf, accum-class_wf, is-max-f-class, max-f-class-val, it_wf, is-prior-class-when, prior-class-when-val, es-E-interface_wf, es-le_wf, es-locl_wf, es-class-causal-mrel-fail_wf, iff_wf, es-class-causal-rel-fail_wf, MaxVote_wf, no_repeats_wf

\mforall{}[Info:Type] \mforall{}es:EO+(Info) \mforall{}[T:Type] \mforall{}leader:\mBbbN{} {}\mrightarrow{} Id. \mforall{}failset:Id List. \mforall{}1a:EClass(Id \mtimes{} \mBbbN{}). \mforall{}X,Y:EClass(T). (Paxos-spec8\{i:l\}(Info; es; T; leader; failset; 1a; X; Y) {}\mRightarrow{} Paxos-spec7\{i:l\}(Info; es; T; leader; failset; (snd(p) where p from 1a); X; Y)) Date html generated: 2011_10_20-PM-04_49_13 Last ObjectModification: 2010_12_22-PM-06_39_52 Home Index