|
|
|---|
|
|
|
|---|
New system state resulting from a
(receive-next msg systate) → new-systate
The certificate is added to the buffer of the destination validator. Recall that receive-possiblep requires the destination address to be of a correct validator.
The message is removed from the network.
Function:
(defun receive-next (msg systate) (declare (xargs :guard (and (messagep msg) (system-statep systate)))) (declare (xargs :guard (receive-possiblep msg systate))) (let ((__function__ 'receive-next)) (declare (ignorable __function__)) (b* (((certificate cert) (message->certificate msg)) (dest (message->destination msg)) ((validator-state vstate) (get-validator-state dest systate)) (new-buffer (insert cert vstate.buffer)) (new-vstate (change-validator-state vstate :buffer new-buffer)) (systate (update-validator-state dest new-vstate systate)) (network (get-network-state systate)) (new-network (delete (message-fix msg) network)) (systate (update-network-state new-network systate))) systate)))
Theorem:
(defthm system-statep-of-receive-next (b* ((new-systate (receive-next msg systate))) (system-statep new-systate)) :rule-classes :rewrite)
Theorem:
(defthm correct-addresses-of-receive-next (implies (receive-possiblep msg systate) (b* ((?new-systate (receive-next msg systate))) (equal (correct-addresses new-systate) (correct-addresses systate)))))
Theorem:
(defthm validator-state->round-of-receive-next (implies (receive-possiblep msg systate) (b* ((?new-systate (receive-next msg systate))) (equal (validator-state->round (get-validator-state val new-systate)) (validator-state->round (get-validator-state val systate))))))
Theorem:
(defthm validator-state->dag-of-receive-next (implies (receive-possiblep msg systate) (b* ((?new-systate (receive-next msg systate))) (equal (validator-state->dag (get-validator-state val new-systate)) (validator-state->dag (get-validator-state val systate))))))
Theorem:
(defthm validator-state->buffer-of-receive-next (implies (and (in val (correct-addresses systate)) (receive-possiblep msg systate)) (b* ((?new-systate (receive-next msg systate))) (equal (validator-state->buffer (get-validator-state val new-systate)) (if (equal val (message->destination msg)) (insert (message->certificate msg) (validator-state->buffer (get-validator-state val systate))) (validator-state->buffer (get-validator-state val systate)))))))
Theorem:
(defthm validator-state->endorsed-of-receive-next (implies (receive-possiblep msg systate) (b* ((?new-systate (receive-next msg systate))) (equal (validator-state->endorsed (get-validator-state val new-systate)) (validator-state->endorsed (get-validator-state val systate))))))
Theorem:
(defthm validator-state->last-of-receive-next (implies (receive-possiblep msg systate) (b* ((?new-systate (receive-next msg systate))) (equal (validator-state->last (get-validator-state val new-systate)) (validator-state->last (get-validator-state val systate))))))
Theorem:
(defthm validator-state->blockchain-of-receive-next (implies (receive-possiblep msg systate) (b* ((?new-systate (receive-next msg systate))) (equal (validator-state->blockchain (get-validator-state val new-systate)) (validator-state->blockchain (get-validator-state val systate))))))
Theorem:
(defthm validator-state->committed-of-receive-next (implies (receive-possiblep msg systate) (b* ((?new-systate (receive-next msg systate))) (equal (validator-state->committed (get-validator-state val new-systate)) (validator-state->committed (get-validator-state val systate))))))
Theorem:
(defthm validator-state->timer-of-receive-next (implies (receive-possiblep msg systate) (b* ((?new-systate (receive-next msg systate))) (equal (validator-state->timer (get-validator-state val new-systate)) (validator-state->timer (get-validator-state val systate))))))
Theorem:
(defthm get-network-state-of-receive-next (b* ((?new-systate (receive-next msg systate))) (equal (get-network-state new-systate) (delete (message-fix msg) (get-network-state systate)))))
Theorem:
(defthm receive-next-of-message-fix-msg (equal (receive-next (message-fix msg) systate) (receive-next msg systate)))
Theorem:
(defthm receive-next-message-equiv-congruence-on-msg (implies (message-equiv msg msg-equiv) (equal (receive-next msg systate) (receive-next msg-equiv systate))) :rule-classes :congruence)
Theorem:
(defthm receive-next-of-system-state-fix-systate (equal (receive-next msg (system-state-fix systate)) (receive-next msg systate)))
Theorem:
(defthm receive-next-system-state-equiv-congruence-on-systate (implies (system-state-equiv systate systate-equiv) (equal (receive-next msg systate) (receive-next msg systate-equiv))) :rule-classes :congruence)