|
|
|---|
|
|
|
|---|
Calculate an initial system state.
(system-init correct-vals) → systate
The initial state of the sytem is determined by the addresses of the correct validators.
We prove that every system state calculated by this function satisfies the predicate that characterized initial states.
Function:
(defun system-init-loop (correct-vals vstates) (declare (xargs :guard (and (address-setp correct-vals) (validators-statep vstates)))) (let ((__function__ 'system-init-loop)) (declare (ignorable __function__)) (b* (((when (or (not (mbt (address-setp correct-vals))) (emptyp correct-vals))) (validators-state-fix vstates)) (vstates (omap::update (head correct-vals) (validator-init) vstates))) (system-init-loop (tail correct-vals) vstates))))
Theorem:
(defthm validators-statep-of-system-init-loop (implies (validators-statep vstates) (b* ((new-vstates (system-init-loop correct-vals vstates))) (validators-statep new-vstates))) :rule-classes :rewrite)
Theorem:
(defthm system-init-loop-of-address-set-fix-correct-vals (equal (system-init-loop (address-set-fix correct-vals) vstates) (system-init-loop correct-vals vstates)))
Theorem:
(defthm system-init-loop-address-set-equiv-congruence-on-correct-vals (implies (address-set-equiv correct-vals correct-vals-equiv) (equal (system-init-loop correct-vals vstates) (system-init-loop correct-vals-equiv vstates))) :rule-classes :congruence)
Theorem:
(defthm in-of-keys-of-system-init-loop (implies (validators-statep vstates) (equal (in val (omap::keys (system-init-loop correct-vals vstates))) (or (in val (address-set-fix correct-vals)) (in val (omap::keys vstates))))))
Theorem:
(defthm keys-of-system-init-loop (implies (validators-statep vstates) (equal (omap::keys (system-init-loop correct-vals vstates)) (union (address-set-fix correct-vals) (omap::keys vstates)))))
Theorem:
(defthm lookup-of-system-init-loop (implies (validators-statep vstates) (equal (omap::lookup val (system-init-loop correct-vals vstates)) (if (in val (address-set-fix correct-vals)) (validator-init) (omap::lookup val vstates)))))
Function:
(defun system-init (correct-vals) (declare (xargs :guard (address-setp correct-vals))) (let ((__function__ 'system-init)) (declare (ignorable __function__)) (b* ((vstates (system-init-loop correct-vals nil))) (make-system-state :validators vstates :network nil))))
Theorem:
(defthm system-statep-of-system-init (b* ((systate (system-init correct-vals))) (system-statep systate)) :rule-classes :rewrite)
Theorem:
(defthm system-initp-of-system-init (system-initp (system-init correct-vals)))
Theorem:
(defthm system-init-of-address-set-fix-correct-vals (equal (system-init (address-set-fix correct-vals)) (system-init correct-vals)))
Theorem:
(defthm system-init-address-set-equiv-congruence-on-correct-vals (implies (address-set-equiv correct-vals correct-vals-equiv) (equal (system-init correct-vals) (system-init correct-vals-equiv))) :rule-classes :congruence)