{ 
[V:Type]
A:Id List. t:
. f:V List 
V. v0:V. L:consensus-rcv(V;A) List.
let b,i,as,vs,v = consensus-accum-num-state(t;f;v0;L) in
(filter(
r.i - 1 <z inning(r);L) = [])
(||as|| = ||vs||)
(zip(as;vs) = votes-from-inning(i - 1;L))
(0 
i)
1 i supposing 
null(L)
(||values-for-distinct(IdDeq;votes-from-inning(i - 1;L))|| (2 * t)) }
{ Proof }
Definitions occuring in Statement :
consensus-accum-num-state: consensus-accum-num-state(t;f;v0;L),
votes-from-inning: votes-from-inning(i;L),
rcvd-inning-gt: i <z inning(r),
consensus-rcv: consensus-rcv(V;A),
id-deq: IdDeq,
Id: Id,
length: ||as||,
null: null(as),
assert: b,
nat_plus: ,
spreadn: let a,b,c,d,e = u in v[a; b; c; d; e],
uimplies: b supposing a,
uall: [x:A]. B[x],
le: A B,
all: x:A. B[x],
not: A,
and: P Q,
set: {x:A| B[x]} ,
lambda: x.A[x],
function: x:A B[x],
product: x:A 
B[x],
nil: [],
list: type List,
multiply: n * m,
subtract: n - m,
natural_number: $n,
int: 
,
universe: Type,
equal: s = t,
zip: zip(as;bs),
filter: filter(P;l),
l_member: (x 
l),
values-for-distinct: values-for-distinct(eq;L)
Definitions :
uall: [x:A]. B[x],
all: x:A. B[x],
spreadn: let a,b,c,d,e = u in v[a; b; c; d; e],
consensus-accum-num-state: consensus-accum-num-state(t;f;v0;L),
and: P Q,
filter: filter(P;l),
length: ||as||,
zip: zip(as;bs),
votes-from-inning: votes-from-inning(i;L),
le: A B,
uimplies: b supposing a,
not: A,
assert: b,
null: null(as),
values-for-distinct: values-for-distinct(eq;L),
member: t T,
prop: 
,
so_lambda: 
x.t[x],
implies: P 
Q,
append: as @ bs,
nat: ,
subtype: S 
T,
cand: A c B,
top: Top,
list_accum: list_accum(x,a.f[x; a];y;l),
consensus-accum-num: consensus-accum-num(num;f;s;r),
bfalse: ff,
ycomb: Y,
reduce: reduce(f;k;as),
ifthenelse: if b then t else f fi ,
btrue: tt,
true: True,
false: False,
mapfilter: mapfilter(f;P;L),
spreadn: spread3,
rcvd-vote: rcvd-vote(x),
rcvd-inning-eq: inning(r) =
i,
map: map(f;as),
pi1: fst(t),
so_lambda: x y.t[x; y],
let: let,
cs-initial-rcv: Init[v],
cs-rcv-vote: Vote[a;i;v],
outr: outr(x),
band: p 
q,
rcv-vote?: rcv-vote?(x),
pi2: snd(t),
squash: 
T,
Id: Id,
nat_plus: ,
consensus-rcv: consensus-rcv(V;A),
rcvd-inning-gt: i <z inning(r),
so_apply: x[s],
guard: {T},
so_apply: x[s1;s2],
iff: P 
Q,
bool: 
,
unit: Unit,
unzip: unzip(as),
sq_type: SQType(T),
or: P 
Q,
it: 
Lemmas :
id-deq_wf,
strong-subtype-deq-subtype,
l_member_wf,
strong-subtype-set3,
strong-subtype-self,
last_induction,
consensus-rcv_wf,
consensus-accum-num-state_wf,
nat_plus_inc,
bool_wf,
filter_wf,
rcvd-inning-gt_wf,
length_wf1,
Id_wf,
zip_wf,
votes-from-inning_wf,
le_wf,
not_wf,
assert_wf,
null_wf3,
top_wf,
values-for-distinct_wf,
nat_plus_properties,
true_wf,
list_accum_append,
nat_plus_wf,
eq_int_wf,
mapfilter-append,
rcvd-inning-eq_wf,
votes-from-inning-is-nil,
nat_wf,
cs-initial-rcv_wf,
false_wf,
bnot_wf,
append-nil,
filter_wf_top,
rcvd-innings-nil,
lt_int_wf,
nat_properties,
cs-rcv-vote_wf,
iff_weakening_uiff,
assert_of_lt_int,
le_int_wf,
not_functionality_wrt_uiff,
remove-repeats_wf,
append_wf,
length-append,
uiff_transitivity,
eqtt_to_assert,
assert_of_eq_int,
eqff_to_assert,
assert_of_bnot,
filter_append_sq,
length_wf_nat,
assert_functionality_wrt_uiff,
bnot_of_lt_int,
assert_of_le_int,
zip-append,
squash_wf,
unzip_zip,
pi1_wf_top,
pi2_wf,
map_wf,
length-map,
subtype_base_sq,
list_subtype_base,
set_subtype_base,
atom2_subtype_base,
map_append_sq,
remove-repeats-append-one
\mforall{}[V:Type]
\mforall{}A:Id List. \mforall{}t:\mBbbN{}\msupplus{}. \mforall{}f:V List {}\mrightarrow{} V. \mforall{}v0:V. \mforall{}L:consensus-rcv(V;A) List.
let b,i,as,vs,v = consensus-accum-num-state(t;f;v0;L) in (filter(\mlambda{}r.i - 1 <z inning(r);L) = [])
\mwedge{} (||as|| = ||vs||)
\mwedge{} (zip(as;vs) = votes-from-inning(i - 1;L))
\mwedge{} (0 \mleq{} i)
\mwedge{} 1 \mleq{} i supposing \mneg{}\muparrow{}null(L)
\mwedge{} (||values-for-distinct(IdDeq;votes-from-inning(i - 1;L))|| \mleq{} (2 * t))
Date html generated:
2011_08_16-AM-10_13_57
Last ObjectModification:
2011_06_18-AM-09_06_21
Home
Index