Total stake of a set of members of the committee.
(committee-members-stake members commtt) → stake
We add up all the stakes of the members.
We prove various properties that relate this function to set operations.
The monotonicity property uses a (locally defined) custom induction, which removes from the second set the head of the first set in the recursive call, when the first set is not empty; this is needed to exclude the stake of that committee member (if present in the second set of committee members) in the induction hypothesis.
The union expansion properties is analogous to the property of cardinalities of sets, but with stake in this case. The total stake of the union of two sets is their sum, minus the stake of the intersection (if any), which the sum union counts twice.
Function:
(defun committee-members-stake (members commtt) (declare (xargs :guard (and (address-setp members) (committeep commtt)))) (declare (xargs :guard (subset members (committee-members commtt)))) (let ((__function__ 'committee-members-stake)) (declare (ignorable __function__)) (cond ((emptyp (address-set-fix members)) 0) (t (+ (committee-member-stake (address-fix (head members)) commtt) (committee-members-stake (tail members) commtt))))))
Theorem:
(defthm natp-of-committee-members-stake (b* ((stake (committee-members-stake members commtt))) (natp stake)) :rule-classes :rewrite)
Theorem:
(defthm posp-of-committee-members-stake (implies (not (emptyp (address-set-fix members))) (b* ((stake (committee-members-stake members commtt))) (posp stake))) :rule-classes (:rewrite :type-prescription))
Theorem:
(defthm committee-members-stake-0-to-emptyp-members (equal (equal (committee-members-stake members commtt) 0) (emptyp (address-set-fix members))))
Theorem:
(defthm committee-members-stake-when-emptyp-members (implies (emptyp members) (equal (committee-members-stake members commtt) 0)))
Theorem:
(defthm committee-members-stake-of-insert (implies (and (addressp member) (address-setp members)) (equal (committee-members-stake (insert member members) commtt) (if (in member members) (committee-members-stake members commtt) (+ (committee-member-stake member commtt) (committee-members-stake members commtt))))))
Theorem:
(defthm committee-members-stake-of-delete (implies (address-setp members) (equal (committee-members-stake (delete member members) commtt) (if (in member members) (- (committee-members-stake members commtt) (committee-member-stake member commtt)) (committee-members-stake members commtt)))))
Theorem:
(defthm committee-members-stake-monotone (implies (and (address-setp members1) (address-setp members2) (subset members1 members2)) (<= (committee-members-stake members1 commtt) (committee-members-stake members2 commtt))))
Theorem:
(defthm committee-members-stake-of-union-expand (implies (and (address-setp members1) (address-setp members2)) (equal (committee-members-stake (union members1 members2) commtt) (- (+ (committee-members-stake members1 commtt) (committee-members-stake members2 commtt)) (committee-members-stake (intersect members1 members2) commtt)))))
Theorem:
(defthm committee-members-stake-of-intersect-expand (implies (and (address-setp members1) (address-setp members2)) (equal (committee-members-stake (intersect members1 members2) commtt) (- (+ (committee-members-stake members1 commtt) (committee-members-stake members2 commtt)) (committee-members-stake (union members1 members2) commtt)))))
Theorem:
(defthm committee-members-stake-of-address-set-fix-members (equal (committee-members-stake (address-set-fix members) commtt) (committee-members-stake members commtt)))
Theorem:
(defthm committee-members-stake-address-set-equiv-congruence-on-members (implies (address-set-equiv members members-equiv) (equal (committee-members-stake members commtt) (committee-members-stake members-equiv commtt))) :rule-classes :congruence)
Theorem:
(defthm committee-members-stake-of-committee-fix-commtt (equal (committee-members-stake members (committee-fix commtt)) (committee-members-stake members commtt)))
Theorem:
(defthm committee-members-stake-committee-equiv-congruence-on-commtt (implies (committee-equiv commtt commtt-equiv) (equal (committee-members-stake members commtt) (committee-members-stake members commtt-equiv))) :rule-classes :congruence)