|
|
|---|
|
|
|
|---|
Set of the addresses of all the correct validators in the system.
(correct-addresses systate) → addrs
These are the keys in the map
with an associated non-
Function:
(defun correct-addresses-loop (vstates) (declare (xargs :guard (validators-statep vstates))) (let ((__function__ 'correct-addresses-loop)) (declare (ignorable __function__)) (b* (((when (omap::emptyp vstates)) nil) ((mv addr vstate) (omap::head vstates))) (if vstate (insert (address-fix addr) (correct-addresses-loop (omap::tail vstates))) (correct-addresses-loop (omap::tail vstates))))))
Theorem:
(defthm address-setp-of-correct-addresses-loop (b* ((addrs (correct-addresses-loop vstates))) (address-setp addrs)) :rule-classes :rewrite)
Theorem:
(defthm correct-addresses-loop-subset-keys (implies (validators-statep vstates) (subset (correct-addresses-loop vstates) (omap::keys vstates))))
Theorem:
(defthm lookup-nonnil-of-correct-addresses-loop (implies (and (validators-statep vstates) (in addr (correct-addresses-loop vstates))) (omap::lookup addr vstates)) :rule-classes (:rewrite :type-prescription))
Theorem:
(defthm in-of-correct-addresses-loop (implies (validators-statep vstates) (iff (in addr (correct-addresses-loop vstates)) (and (omap::assoc addr vstates) (cdr (omap::assoc addr vstates))))))
Theorem:
(defthm correct-addresses-loop-of-update (implies (and (addressp val) (validator-statep vstate) (validators-statep vstates)) (equal (correct-addresses-loop (omap::update val vstate vstates)) (if vstate (insert val (correct-addresses-loop vstates)) (delete val (correct-addresses-loop vstates))))))
Theorem:
(defthm nil-not-in-correct-addresses-loop (not (in nil (correct-addresses-loop vstates))))
Function:
(defun correct-addresses (systate) (declare (xargs :guard (system-statep systate))) (let ((__function__ 'correct-addresses)) (declare (ignorable __function__)) (correct-addresses-loop (system-state->validators systate))))
Theorem:
(defthm address-setp-of-correct-addresses (b* ((addrs (correct-addresses systate))) (address-setp addrs)) :rule-classes :rewrite)
Theorem:
(defthm correct-addresses-subset-all-addresses (subset (correct-addresses systate) (all-addresses systate)))
Theorem:
(defthm correct-addresses-subset-keys-validators (subset (correct-addresses systate) (omap::keys (system-state->validators systate))))
Theorem:
(defthm in-all-addresses-when-in-correct-addresses (implies (in val (correct-addresses systate)) (in val (all-addresses systate))))
Theorem:
(defthm lookup-nonnil-of-correct-addresses (implies (in addr (correct-addresses systate)) (omap::lookup addr (system-state->validators systate))) :rule-classes (:rewrite :type-prescription))
Theorem:
(defthm nonempty-all-addresses-when-correct-validator (implies (in val (correct-addresses systate)) (not (emptyp (all-addresses systate)))))
Theorem:
(defthm not-nil-in-correct-addresses (not (in nil (correct-addresses systate))))
Theorem:
(defthm correct-addresses-of-system-state-fix-systate (equal (correct-addresses (system-state-fix systate)) (correct-addresses systate)))
Theorem:
(defthm correct-addresses-system-state-equiv-congruence-on-systate (implies (system-state-equiv systate systate-equiv) (equal (correct-addresses systate) (correct-addresses systate-equiv))) :rule-classes :congruence)