{ 
es:event_system{i:l}. failset:Id List. T:Type. leaders:Id List.
Decide,Input:Temporary AbsInterface(es;T). tag1a,tg1b,tg2a,tg2b,tgpaxos:Id.
f:
. acceptors:Id List.
(Paxos-spec9-body(es;T;f;acceptors;leaders;...;...;...;tg1b;...;...;...;...)
...) }
{ Proof }
Definitions occuring in Statement :
Paxos-spec9-body: Paxos-spec9-body(es;T;f;acceptors;leaders;Input;Decide;...;...;...;...;...;...),
Paxos-spec8: Paxos-spec8{i:l}(Info; es; T; leader; failset; 1a; Decide; Input),
es-interface: Temporary AbsInterface(es;A),
rcvs-on: Rcvs(tg) on links,
links-from-to: links(tg) from srclocs to dstlocs,
Id: Id,
nat_plus: ,
all: x:A. B[x],
implies: P Q,
list: type List,
universe: Type,
round-robin: round-robin(L)
Definitions :
unit: Unit,
nat: ,
product: x:A 
B[x],
union: left + right,
es-valtype: Error :es-valtype,
subtype_rel: A 
r B,
Knd: Knd,
es-kind: Error :es-kind,
l_member: (x 
l),
function: x:A 
B[x],
implies: P Q,
es-E: E,
all: x:A. B[x],
bool: 
,
not: 
A,
apply: f a,
let: let,
nat_plus: ,
list: type List,
es-interface: Temporary AbsInterface(es;A),
no_repeats: no_repeats(T;l),
less_than: a < b,
le: A 
B,
member: t T,
universe: Type,
prop: 
,
equal: s = t,
isrcv: isrcv(k),
assert: 
b,
set: {x:A| B[x]} ,
event_ordering: EO,
Id: Id,
subtype: S T,
round-robin: round-robin(L),
Paxos-spec8-body: Paxos-spec8-body,
exists: 
x:A. B[x],
natural_number: $n,
multiply: n * m,
add: n + m,
length: ||as||,
int: 
,
Paxos-spec8: Paxos-spec8{i:l}(Info; es; T; leader; failset; 1a; Decide; Input),
and: P 
Q,
Paxos-spec9-body: Paxos-spec9-body(es;T;f;acceptors;leaders;Input;Decide;...;...;...;...;...;...),
strong-subtype: strong-subtype(A;B),
atom: Atom$n,
links-from-to: links(tg) from srclocs to dstlocs,
rcvs-on: Rcvs(tg) on links,
es-in-ports: Error :es-in-ports,
Paxos-partial-spec8: Paxos-partial-spec8,
es-filtered-propagate-iff1: Error :es-filtered-propagate-iff1,
l_all: (xL.P[x]),
es-class-reply-or-fail: Error :es-class-reply-or-fail,
es-class-mcast-fail: es-class-mcast-fail,
pi2: snd(t),
pi1: fst(t),
pair: <a, b>,
src-class: Error :src-class,
es-is-interface: (e in X),
es-collect-opt-max: es-collect-opt-max,
it: 
,
inr: inr x ,
inl: inl x ,
lt_int: i <z j,
ifthenelse: if b then t else f fi ,
spreadn: spread3,
lambda: 
x.A[x],
es-filter-image: f[X],
le_int: i z j,
imax: imax(a;b),
es-interface-accum: es-interface-accum(f;x;X),
minus: -n,
es-prior-class-when: (X'?d) when Y,
spread: spread def,
map-class: (f[v] where v from X),
es-tagged-true-class: Tagged_tt(X),
accum-class: accum-class(a,x.f[a; x]; x.base[x]; X),
es-collect-filter: Collect(size v's from X with maximum num[v] such that P[v]),
es-interface-pair-prior: X;Y,
eq_int: (i =
j),
mapfilter-class: (f[v] where v from X such that P[v]),
fpf: a:A fp-> B[a],
top: Top,
es-interface-val: val(X,e),
es-loc: loc(e),
es-E-interface: E(X),
es-le: e loc e' ,
alle-lt: e<e'.P[e],
bfalse: ff,
or: P 
Q,
es-locl: (e <loc e'),
isect: 
x:A. B[x],
es-propagate-iff1: X 
Y:T,
void: Void,
false: False,
ge: i 
j ,
surject: Surj(A;B;f),
es-filtered-propagation: Error :es-filtered-propagation,
id-deq: IdDeq,
deq-member: deq-member(eq;x;L),
filter: filter(P;l),
lnk: lnk(k),
lsrc: source(l),
ldst: destination(l),
eq_id: a = b,
band: p 
q,
nil: [],
cons: [car / cdr],
es-interface-at: X@i,
intensional-universe: IType,
IdLnk: IdLnk,
limited-type: LimitedType,
guard: {T},
sqequal: s ~ t,
sq_type: SQType(T),
cand: A c B,
so_lambda: so_lambda(x,y,z.t[x; y; z]),
so_lambda: 
x.t[x],
real: 
,
grp_car: Error :grp_car,
so_lambda: x y.t[x; y],
fpf-cap: f(x)?z,
rev_implies: P Q,
iff: P Q,
rationals: 
,
p-outcome: Outcome,
imax-class: (maximum f[v] lb with v from X),
decide: case b of inl(x) => s[x] | inr(y) => t[y],
isl: isl(x),
can-apply: can-apply(f;x),
b-union: A 
B,
fset: fset(T),
fpf-sub: f g,
es-vartype: Error :es-vartype,
es-state: Error :es-state,
deq: EqDecider(T),
decl-state: Error :decl-state,
ma-state: State(ds),
es-causle: e c e',
true: True,
squash: 
T,
es-interface-part: (X|g=i),
class-program: ClassProgram(T),
es-empty-interface: Empty,
p-conditional: [f?g],
btrue: tt,
es-lnk: Error :es-lnk,
es-causl: (e < e'),
es-isrcv: Error :es-isrcv,
es-first-from: Error :es-first-from,
p-compose: f o g,
map: map(f;as),
listp: A List,
combination: Combination(n;T),
append: as @ bs,
hd: hd(l),
last: last(L),
remove-repeats: remove-repeats(eq;L),
select: l[i],
eqof: eqof(d),
so_apply: x[s],
eq_knd: a = b,
fpf-dom: x dom(f),
lnk_rcv: lnk_rcv{lnk_rcv_compseq_tag_def:o}(tg; l),
ldst_mk_lnk: ldst_mk_lnk{ldst_mk_lnk_compseq_tag_def:o}(n; j; i),
lsrc_mk_lnk: lsrc_mk_lnk{lsrc_mk_lnk_compseq_tag_def:o}(n; j; i),
lname_mk_lnk: lname_mk_lnk{lname_mk_lnk_compseq_tag_def:o}(n; j; i),
isrcv_rcv: isrcv_rcv{isrcv_rcv_compseq_tag_def:o}(tg; l),
tag_rcv: tag_rcv{tag_rcv_compseq_tag_def:o}(tg; l),
mk_lnk: (link(n) from i to j),
rcv: rcv(l,tg),
lname: lname(l),
tagof: tag(k),
es-interface-prior-vals: X(e),
null: null(as),
l_exists: (xL. P[x]),
decidable: Dec(P),
divides: b | a,
assoced: a ~ b,
set_leq: Error :set_leq,
set_lt: Error :set_lt,
grp_lt: Error :grp_lt,
infix_ap: x f y,
l_contains: A B,
inject: Inj(A;B;f),
reducible: reducible(a),
prime: prime(a),
l_disjoint: l_disjoint(T;l1;l2),
fun-connected: y is f*(x),
qle: r s,
qless: r < s,
q-rel: q-rel(r;x),
fset-member: a s,
f-subset: xs ys,
fset-closed: (s closed under fs),
cs-not-completed: in state s, a has not completed inning i,
cs-archived: by state s, a archived v in inning i,
cs-passed: by state s, a passed inning i without archiving a value,
cs-inning-committed: in state s, inning i has committed v,
cs-inning-committable: in state s, inning i could commit v ,
cs-archive-blocked: in state s, ws' blocks ws from archiving v in inning i,
cs-precondition: state s may consider v in inning i,
existse-before: e<e'.P[e],
existse-le: ee'.P[e],
alle-le: ee'.P[e],
alle-between1: e[e1,e2).P[e],
existse-between1: e[e1,e2).P[e],
alle-between2: e[e1,e2].P[e],
existse-between2: e[e1,e2].P[e],
existse-between3: e(e1,e2].P[e],
collect-event: collect-event(es;X;n;v.num[v];L.P[L];e),
es-fset-loc: i locs(s),
cut-order: a (X;f) b,
path-goes-thru: x-f*-y thru i,
ses-action: Action(e),
ses-legal-sequence: Legal(pas) given prvt,
es-r-immediate-pred: es-r-immediate-pred(es;R;e';e),
same-thread: same-thread(es;p;e;e'),
snd-it: Error :snd-it,
rcv-it: Error :rcv-it,
f2f+-pred: Error :f2f+-pred,
sq_stable: SqStable(P),
uni_sat: a = !x:T. Q[x],
inv_funs: InvFuns(A;B;f;g),
eqfun_p: IsEqFun(T;eq),
refl: Refl(T;x,y.E[x; y]),
sym: Sym(T;x,y.E[x; y]),
trans: Trans(T;x,y.E[x; y]),
anti_sym: AntiSym(T;x,y.R[x; y]),
connex: Connex(T;x,y.R[x; y]),
coprime: CoPrime(a,b),
ident: Error :ident,
assoc: Error :assoc,
comm: Error :comm,
inverse: Error :inverse,
bilinear: Error :bilinear,
bilinear_p: Error :bilinear_p,
action_p: Error :action_p,
dist_1op_2op_lr: Error :dist_1op_2op_lr,
fun_thru_1op: Error :fun_thru_1op,
fun_thru_2op: Error :fun_thru_2op,
cancel: Error :cancel,
monot: Error :monot,
monoid_p: Error :monoid_p,
group_p: Error :group_p,
monoid_hom_p: Error :monoid_hom_p,
grp_leq: Error :grp_leq,
integ_dom_p: Error :integ_dom_p,
prime_ideal_p: Error :prime_ideal_p,
is_list_splitting: is_list_splitting(T;L;LL;L2;f),
is_accum_splitting: is_accum_splitting(T;A;L;LL;L2;f;g;x),
req: x = y,
rnonneg: rnonneg(r),
rleq: x y,
i-member: r I,
partitions: partitions(I;p),
ext-eq: A 
B,
rev_subtype_rel: A 
r B,
es-first-at: e is first@ i s.t. e.P[e],
es-prior-val: (X)',
es-interface-predecessors: (X)(e),
MaName: MaName,
consensus-state3: consensus-state3(T),
consensus-rcv: consensus-rcv(V;A),
tl: tl(l),
bnot: b,
rcv-class: Error :rcv-class,
eq_pcl_term: Error :eq_pcl_term,
eq_pcl_basic: Error :eq_pcl_basic,
pcl-key-contains: Error :pcl-key-contains,
eq_pcl_key: Error :eq_pcl_key,
es-eq-E: e = e',
bimplies: p q,
bor: p q,
cless: Error :cless,
rel_plus: R^+,
sum-map: 
f[x] for x L,
sum: (f[x] | x < k),
isrcvl: isrcvl(l;k),
int_nzero: 
,
locl: locl(a),
MaAuto: Error :MaAuto,
CollapseTHEN: Error :CollapseTHEN,
tactic: Error :tactic,
do-apply: do-apply(f;x),
outl: outl(x),
eq_atom: x =a y,
set_blt: Error :set_blt,
grp_blt: Error :grp_blt,
b-exists: (i<n.P[i])_b,
bl-exists: (xL.P[x])_b,
bl-all: (xL.P[x])_b,
dcdr-to-bool: [d],
eq_type: eq_type(T;T'),
eq_atom: eq_atom$n(x;y),
q_le: q_le(r;s),
q_less: q_less(a;b),
qeq: qeq(r;s),
deq-all-disjoint: deq-all-disjoint(eq;ass;bs),
deq-disjoint: deq-disjoint(eq;as;bs),
eq_lnk: a = b,
nequal: a 
b T
Lemmas :
es-first-at-unique,
filter_wf,
es-interface-predecessors_wf,
collect-opt-max-val,
assert_of_lt_int,
bnot_of_lt_int,
assert_of_le_int,
isl_wf,
es-filter-image-val,
es-is-filter-image,
es-is-interface_wf_top,
es-locl-total,
Error :mcast-propagate-implies-unique,
prior-class-when-val,
is-prior-class-when,
Error :filtered-propagate-implies-unique,
no_repeats_wf,
Paxos-partial-spec8-locations,
sq_stable__subtype_rel,
member_singleton,
assert-eq-knd,
mapfilter-class_wf,
eq_int_wf,
es-interface-pair-prior_wf,
es-collect-filter_wf,
es-interface-at_wf,
bfalse_wf,
Error :es-filtered-propagation_wf,
surject_wf,
band_wf,
eqtt_to_assert,
eqff_to_assert,
assert_of_bnot,
not_functionality_wrt_iff,
bnot_wf,
nat_sq,
round-robin-member,
cons_member,
l_all_wf2,
Error :es-isrcv-loc,
Error :is-in-ports,
decidable__l_member,
decidable__equal_Id,
is-collect-opt-max,
subtype_rel_functionality_wrt_implies,
es-E-filter-image,
subtype_rel_weakening,
ext-eq_inversion,
ext-eq_weakening,
property-from-l_member,
sq_stable_wf,
sq_stable_from_decidable,
decidable__assert,
Error :class-mcast-fail-from-propagate,
Knd_sq,
l_exists_wf,
Error :es-valtype_wf,
Error :es-kind_wf,
l_member-settype,
hd_member,
false_wf,
iff_transitivity,
member-rcvs-on,
member-links-from-to,
Id_sq,
lname_wf,
tagof_wf,
btrue_wf,
IdLnk_wf,
rcv_wf,
mk_lnk_wf,
hd_wf,
length_wf1,
exists_functionality_wrt_iff,
and_functionality_wrt_iff,
assert-eq-id,
eq_id_wf,
l_member_subtype,
iff_functionality_wrt_iff,
member_map,
map_wf,
ldst_wf,
lnk_wf,
is-map-class,
map-class-val,
l_member_wf,
es-loc_wf,
lsrc_wf,
Error :es-lnk_wf,
es-interface-val_wf2,
subtype_rel_self,
es-interface-val_wf,
es-causle_wf,
member-interface-at,
Error :is-src,
bool_sq,
assert_elim,
E-map-class,
squash_wf,
true_wf,
es-E-interface-property,
Error :class-reply-or-fail-from-propagate,
iff_wf,
rev_implies_wf,
E-prior-class-when,
es-collect-opt-max_wf,
pi2_wf,
nat_plus_properties,
es-filter-image_wf,
es-interface-accum_wf,
imax_wf,
imax_ub,
nat_properties,
le_int_wf,
es-interface-subtype_rel,
le_wf,
es-tagged-true-class_wf,
accum-class_wf,
ifthenelse_wf,
lt_int_wf,
pi1_wf,
es-prior-class-when_wf,
map-class_wf,
it_wf,
es-class-mcast-fail_wf,
Error :es-class-reply-or-fail_wf,
es-locl_wf,
not_wf,
alle-lt_wf,
es-le_wf,
es-propagate-iff1_wf,
l_all_wf,
Error :es-filtered-propagate-iff1_wf,
guard_wf,
Error :in-ports-src-class,
intensional-universe_wf,
es-E-interface_wf,
length_wf_nat,
es-interface-top,
top_wf,
subtype_rel_wf,
es-E_wf,
es-is-interface_wf,
Error :src-class_wf,
Paxos-spec8_wf,
Paxos-spec9-body_wf,
nat_plus_wf,
event_ordering_wf,
links-from-to_wf,
unit_wf,
bool_wf,
es-interface_wf,
Paxos-spec8-body_wf,
nat_plus_inc,
Id_wf,
round-robin_wf,
nat_wf,
Error :es-in-ports_wf,
rcvs-on_wf,
member_wf,
Knd_wf,
assert_wf,
isrcv_wf
\mforall{}es:event\_system\{i:l\}. \mforall{}failset:Id List. \mforall{}T:Type. \mforall{}leaders:Id List.
\mforall{}Decide,Input:Temporary AbsInterface(es;T). \mforall{}tag1a,tg1b,tg2a,tg2b,tgpaxos:Id. \mforall{}f:\mBbbN{}\msupplus{}.
\mforall{}acceptors:Id List.
(Paxos-spec9-body(es;T;f;acceptors;leaders;Input;Decide;tag1a;tg1b;tg2a;tg2b;tgpaxos;failset)
{}\mRightarrow{} Paxos-spec8(es;T;round-robin(leaders);failset;
Val(Rcvs(tag1a) on links(tgpaxos) from leaders to acceptors);Decide;Input))
Date html generated:
2010_08_28-PM-01_58_12
Last ObjectModification:
2010_07_15-PM-02_26_11
Home
Index