|
|
|---|
|
|
|
|---|
Check if two blockchains calculate consistent active committees.
The two blockchains may differ, in particular in length, but the predicate checks that, when they both calculate a active committeed at a round, they calculate the same committee. It allows only one blockchain to calculate the active committee for a round, with the other blockchain being too short for that.
Theorem:
(defthm same-active-committees-p-necc (implies (same-active-committees-p blocks1 blocks2) (implies (posp round) (b* ((commtt1 (active-committee-at-round round blocks1)) (commtt2 (active-committee-at-round round blocks2))) (implies (and commtt1 commtt2) (equal commtt1 commtt2))))))
Theorem:
(defthm booleanp-of-same-active-committees-p (b* ((yes/no (same-active-committees-p blocks1 blocks2))) (booleanp yes/no)) :rule-classes :rewrite)
Theorem:
(defthm same-active-committees-p-of-block-list-fix-blocks1 (equal (same-active-committees-p (block-list-fix blocks1) blocks2) (same-active-committees-p blocks1 blocks2)))
Theorem:
(defthm same-active-committees-p-block-list-equiv-congruence-on-blocks1 (implies (block-list-equiv blocks1 blocks1-equiv) (equal (same-active-committees-p blocks1 blocks2) (same-active-committees-p blocks1-equiv blocks2))) :rule-classes :congruence)
Theorem:
(defthm same-active-committees-p-of-block-list-fix-blocks2 (equal (same-active-committees-p blocks1 (block-list-fix blocks2)) (same-active-committees-p blocks1 blocks2)))
Theorem:
(defthm same-active-committees-p-block-list-equiv-congruence-on-blocks2 (implies (block-list-equiv blocks2 blocks2-equiv) (equal (same-active-committees-p blocks1 blocks2) (same-active-committees-p blocks1 blocks2-equiv))) :rule-classes :congruence)