New state resulting from an event.
(event-next event systate) → new-systate
Based on the event, we use the appropriate function.
Function:
(defun event-next (event systate) (declare (xargs :guard (and (eventp event) (system-statep systate)))) (declare (xargs :guard (event-possiblep event systate))) (let ((__function__ 'event-next)) (declare (ignorable __function__)) (event-case event :create (create-next event.certificate systate) :receive (receive-next event.message systate) :store (store-next event.validator event.certificate systate) :advance (advance-next event.validator systate) :commit (commit-next event.validator systate) :timeout (timeout-next event.validator systate))))
Theorem:
(defthm system-statep-of-event-next (b* ((new-systate (event-next event systate))) (system-statep new-systate)) :rule-classes :rewrite)
Theorem:
(defthm correct-addresses-of-event-next (implies (event-possiblep event systate) (b* ((?new-systate (event-next event systate))) (equal (correct-addresses new-systate) (correct-addresses systate)))))
Theorem:
(defthm event-next-of-event-fix-event (equal (event-next (event-fix event) systate) (event-next event systate)))
Theorem:
(defthm event-next-event-equiv-congruence-on-event (implies (event-equiv event event-equiv) (equal (event-next event systate) (event-next event-equiv systate))) :rule-classes :congruence)
Theorem:
(defthm event-next-of-system-state-fix-systate (equal (event-next event (system-state-fix systate)) (event-next event systate)))
Theorem:
(defthm event-next-system-state-equiv-congruence-on-systate (implies (system-state-equiv systate systate-equiv) (equal (event-next event systate) (event-next event systate-equiv))) :rule-classes :congruence)