From VLSM.Lib Require Import Itauto.
[Loading ML file ring_plugin.cmxs (using legacy method) ... done]
[Loading ML file zify_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_plugin.cmxs (using legacy method) ... done]
[Loading ML file btauto_plugin.cmxs (using legacy method) ... done]
[Loading ML file coq-itauto.plugin ... done]
From stdpp Require Import prelude.
From VLSM.Lib Require Import Preamble.
From VLSM.Core Require Import VLSM MessageDependencies VLSMProjections Composition Equivocation.
From VLSM.Core Require Import Equivocation.FixedSetEquivocation ProjectionTraces SubProjectionTraces.

Section sec_msg_dep_fixed_set_equivocation.

Context
  `(IM : index -> VLSM message)
  `{FinSet message Cm}
  (message_dependencies : message -> Cm)
  `{FinSet index Ci}
  (equivocators : Ci)
  `{finite.Finite index}
  `{forall i, HasBeenSentCapability (IM i)}
  `{forall i, HasBeenReceivedCapability (IM i)}
  `{!Irreflexive (msg_dep_happens_before message_dependencies)}
  `{forall i, MessageDependencies (IM i) message_dependencies}
  .

Definition equivocator_can_emit (m : message) : Prop :=
  exists i, i ∈ elements equivocators /\ can_emit (preloaded_with_all_messages_vlsm (IM i)) m.

Definition dependencies_with_non_equivocating_senders_were_sent s m : Prop :=
  forall dm, msg_dep_happens_before message_dependencies dm m ->
    sent_by_non_equivocating IM equivocators s dm \/ equivocator_can_emit dm.

Definition msg_dep_fixed_set_equivocation (s : composite_state IM) (m : message) :=
  sent_by_non_equivocating IM equivocators s m \/
  equivocator_can_emit m /\
  dependencies_with_non_equivocating_senders_were_sent s m.

Definition msg_dep_fixed_set_equivocation_constraint
  (l : composite_label IM)
  (som : composite_state IM * option message)
  : Prop :=
  from_option (msg_dep_fixed_set_equivocation som.1) True som.2.

Definition msg_dep_fixed_set_equivocation_vlsm : VLSM message :=
  composite_vlsm IM msg_dep_fixed_set_equivocation_constraint.

Lemma messages_with_valid_dependences_can_be_emitted s dm
  (Hdepm :
    forall dm0, msg_dep_rel message_dependencies dm0 dm ->
    valid_message_prop (equivocators_composition_for_sent IM equivocators s) dm0)
  (dm_i : index)
  (Hdm_i : dm_i ∈ equivocators)
  (Hemitted : can_emit (preloaded_with_all_messages_vlsm (IM dm_i)) dm)
  : can_emit (equivocators_composition_for_sent IM equivocators s) dm.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm: message
Hdepm: ∀ dm0 : message,
  msg_dep_rel message_dependencies dm0 dm
  → valid_message_prop
      (equivocators_composition_for_sent IM
         equivocators s) dm0
dm_i: index
Hdm_i: dm_i ∈ equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
can_emit
  (equivocators_composition_for_sent IM equivocators s)
  dm
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm: message
Hdepm: ∀ dm0 : message,
  msg_dep_rel message_dependencies dm0 dm
  → valid_message_prop
      (equivocators_composition_for_sent IM
         equivocators s) dm0
dm_i: index
Hdm_i: dm_i ∈ equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
can_emit
  (equivocators_composition_for_sent IM equivocators s)
  dm
  eapply sub_valid_preloaded_lifts_can_be_emitted, message_dependencies_are_sufficient.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm: message
Hdepm: ∀ dm0 : message,
  msg_dep_rel message_dependencies dm0 dm
  → valid_message_prop
      (equivocators_composition_for_sent IM
         equivocators s) dm0
dm_i: index
Hdm_i: dm_i ∈ equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
?j ∈ elements equivocators
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm: message
Hdepm: ∀ dm0 : message,
  msg_dep_rel message_dependencies dm0 dm
  → valid_message_prop
      (equivocators_composition_for_sent IM
         equivocators s) dm0
dm_i: index
Hdm_i: dm_i ∈ equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
∀ dm0 : message,
  (λ msg : message, msg ∈ message_dependencies dm) dm0
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements equivocators)))
         (sent_by_non_equivocating IM equivocators s))
      dm0
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm: message
Hdepm: ∀ dm0 : message,
  msg_dep_rel message_dependencies dm0 dm
  → valid_message_prop
      (equivocators_composition_for_sent IM
         equivocators s) dm0
dm_i: index
Hdm_i: dm_i ∈ equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
can_emit (preloaded_with_all_messages_vlsm (IM ?j)) dm
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm: message
Hdepm: ∀ dm0 : message,
  msg_dep_rel message_dependencies dm0 dm
  → valid_message_prop
      (equivocators_composition_for_sent IM
         equivocators s) dm0
dm_i: index
Hdm_i: dm_i ∈ equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
?j ∈ elements equivocators by apply elem_of_elements, Hdm_i.
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm: message
Hdepm: ∀ dm0 : message,
  msg_dep_rel message_dependencies dm0 dm
  → valid_message_prop
      (equivocators_composition_for_sent IM
         equivocators s) dm0
dm_i: index
Hdm_i: dm_i ∈ equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
∀ dm0 : message,
  (λ msg : message, msg ∈ message_dependencies dm) dm0
  → valid_message_prop
      (preloaded_vlsm
         (free_composite_vlsm
            (sub_IM IM (elements equivocators)))
         (sent_by_non_equivocating IM equivocators s))
      dm0 by apply Hdepm.
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm: message
Hdepm: ∀ dm0 : message,
  msg_dep_rel message_dependencies dm0 dm
  → valid_message_prop
      (equivocators_composition_for_sent IM
         equivocators s) dm0
dm_i: index
Hdm_i: dm_i ∈ equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
can_emit (preloaded_with_all_messages_vlsm (IM dm_i))
  dm by apply Hemitted.
Qed.

Lemma msg_dep_rel_reflects_dependencies_with_non_equivocating_senders_were_sent s
  : forall dm m, msg_dep_rel message_dependencies dm m ->
    dependencies_with_non_equivocating_senders_were_sent s m ->
    dependencies_with_non_equivocating_senders_were_sent s dm.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
∀ dm m : message,
  msg_dep_rel message_dependencies dm m
  → dependencies_with_non_equivocating_senders_were_sent
      s m
    → dependencies_with_non_equivocating_senders_were_sent
        s dm
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
∀ dm m : message,
  msg_dep_rel message_dependencies dm m
  → dependencies_with_non_equivocating_senders_were_sent
      s m
    → dependencies_with_non_equivocating_senders_were_sent
        s dm
  intros dm m Hdm Hdeps dm0 Hdm0.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hdeps: dependencies_with_non_equivocating_senders_were_sent
  s m
dm0: message
Hdm0: msg_dep_happens_before message_dependencies dm0
  dm
sent_by_non_equivocating IM equivocators s dm0
∨ equivocator_can_emit dm0
  apply Hdeps.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hdeps: dependencies_with_non_equivocating_senders_were_sent
  s m
dm0: message
Hdm0: msg_dep_happens_before message_dependencies dm0
  dm
msg_dep_happens_before message_dependencies dm0 m
  transitivity dm; [done |].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hdeps: dependencies_with_non_equivocating_senders_were_sent
  s m
dm0: message
Hdm0: msg_dep_happens_before message_dependencies dm0
  dm
msg_dep_happens_before message_dependencies dm m
  apply msg_dep_happens_before_iff_one.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hdeps: dependencies_with_non_equivocating_senders_were_sent
  s m
dm0: message
Hdm0: msg_dep_happens_before message_dependencies dm0
  dm
msg_dep_rel message_dependencies dm m
∨ (∃ y : message,
     msg_dep_happens_before message_dependencies dm y
     ∧ msg_dep_rel message_dependencies y m)
  by itauto.
Qed.

Lemma dependencies_are_valid s m
  (Hmsg_dep_happens_before_wf : well_founded (msg_dep_happens_before message_dependencies))
  : dependencies_with_non_equivocating_senders_were_sent s m ->
    forall dm, msg_dep_rel message_dependencies dm m ->
      valid_message_prop
        (equivocators_composition_for_sent IM equivocators s) dm.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
dependencies_with_non_equivocating_senders_were_sent s
  m
→ ∀ dm : message,
    msg_dep_rel message_dependencies dm m
    → valid_message_prop
        (equivocators_composition_for_sent IM
           equivocators s) dm
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
dependencies_with_non_equivocating_senders_were_sent s
  m
→ ∀ dm : message,
    msg_dep_rel message_dependencies dm m
    → valid_message_prop
        (equivocators_composition_for_sent IM
           equivocators s) dm
  induction m as [m Hind] using (well_founded_ind Hmsg_dep_happens_before_wf).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hind: ∀ y : message,
  msg_dep_happens_before message_dependencies y
    m
  → dependencies_with_non_equivocating_senders_were_sent
      s y
    → ∀ dm : message,
        msg_dep_rel message_dependencies dm y
        → valid_message_prop
            (equivocators_composition_for_sent
               IM equivocators s) dm
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
dependencies_with_non_equivocating_senders_were_sent s
  m
→ ∀ dm : message,
    msg_dep_rel message_dependencies dm m
    → valid_message_prop
        (equivocators_composition_for_sent IM
           equivocators s) dm
  intros Heqv dm Hdm.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hind: ∀ y : message,
  msg_dep_happens_before message_dependencies y
    m
  → dependencies_with_non_equivocating_senders_were_sent
      s y
    → ∀ dm : message,
        msg_dep_rel message_dependencies dm y
        → valid_message_prop
            (equivocators_composition_for_sent
               IM equivocators s) dm
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
dm: message
Hdm: msg_dep_rel message_dependencies dm m
valid_message_prop
  (equivocators_composition_for_sent IM equivocators s)
  dm
  apply emitted_messages_are_valid_iff.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hind: ∀ y : message,
  msg_dep_happens_before message_dependencies y
    m
  → dependencies_with_non_equivocating_senders_were_sent
      s y
    → ∀ dm : message,
        msg_dep_rel message_dependencies dm y
        → valid_message_prop
            (equivocators_composition_for_sent
               IM equivocators s) dm
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
dm: message
Hdm: msg_dep_rel message_dependencies dm m
initial_message_prop dm
∨ can_emit
    (equivocators_composition_for_sent IM equivocators
       s) dm
  assert (Hdm_hb : msg_dep_happens_before message_dependencies dm m)
    by (apply msg_dep_happens_before_iff_one; itauto).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hind: ∀ y : message,
  msg_dep_happens_before message_dependencies y
    m
  → dependencies_with_non_equivocating_senders_were_sent
      s y
    → ∀ dm : message,
        msg_dep_rel message_dependencies dm y
        → valid_message_prop
            (equivocators_composition_for_sent
               IM equivocators s) dm
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
dm: message
Hdm: msg_dep_rel message_dependencies dm m
Hdm_hb: msg_dep_happens_before message_dependencies
  dm m
initial_message_prop dm
∨ can_emit
    (equivocators_composition_for_sent IM equivocators
       s) dm
  destruct (Heqv _ Hdm_hb) as [Hsent | (dm_i & Hdm_i & Hemitted)]; [by left; right |].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hind: ∀ y : message,
  msg_dep_happens_before message_dependencies y
    m
  → dependencies_with_non_equivocating_senders_were_sent
      s y
    → ∀ dm : message,
        msg_dep_rel message_dependencies dm y
        → valid_message_prop
            (equivocators_composition_for_sent
               IM equivocators s) dm
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
dm: message
Hdm: msg_dep_rel message_dependencies dm m
Hdm_hb: msg_dep_happens_before message_dependencies
  dm m
dm_i: index
Hdm_i: dm_i ∈ elements equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
initial_message_prop dm
∨ can_emit
    (equivocators_composition_for_sent IM equivocators
       s) dm
  right.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hind: ∀ y : message,
  msg_dep_happens_before message_dependencies y
    m
  → dependencies_with_non_equivocating_senders_were_sent
      s y
    → ∀ dm : message,
        msg_dep_rel message_dependencies dm y
        → valid_message_prop
            (equivocators_composition_for_sent
               IM equivocators s) dm
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
dm: message
Hdm: msg_dep_rel message_dependencies dm m
Hdm_hb: msg_dep_happens_before message_dependencies
  dm m
dm_i: index
Hdm_i: dm_i ∈ elements equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
can_emit
  (equivocators_composition_for_sent IM equivocators s)
  dm
  apply messages_with_valid_dependences_can_be_emitted with dm_i
  ; [| by apply elem_of_elements in Hdm_i | done].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hind: ∀ y : message,
  msg_dep_happens_before message_dependencies y
    m
  → dependencies_with_non_equivocating_senders_were_sent
      s y
    → ∀ dm : message,
        msg_dep_rel message_dependencies dm y
        → valid_message_prop
            (equivocators_composition_for_sent
               IM equivocators s) dm
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
dm: message
Hdm: msg_dep_rel message_dependencies dm m
Hdm_hb: msg_dep_happens_before message_dependencies
  dm m
dm_i: index
Hdm_i: dm_i ∈ elements equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
∀ dm0 : message,
  msg_dep_rel message_dependencies dm0 dm
  → valid_message_prop
      (equivocators_composition_for_sent IM
         equivocators s) dm0
  intros dm0 Hdm0.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hind: ∀ y : message,
  msg_dep_happens_before message_dependencies y
    m
  → dependencies_with_non_equivocating_senders_were_sent
      s y
    → ∀ dm : message,
        msg_dep_rel message_dependencies dm y
        → valid_message_prop
            (equivocators_composition_for_sent
               IM equivocators s) dm
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
dm: message
Hdm: msg_dep_rel message_dependencies dm m
Hdm_hb: msg_dep_happens_before message_dependencies
  dm m
dm_i: index
Hdm_i: dm_i ∈ elements equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
dm0: message
Hdm0: msg_dep_rel message_dependencies dm0 dm
valid_message_prop
  (equivocators_composition_for_sent IM equivocators s)
  dm0
  apply Hind with dm; [done | | done].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
Hind: ∀ y : message,
  msg_dep_happens_before message_dependencies y
    m
  → dependencies_with_non_equivocating_senders_were_sent
      s y
    → ∀ dm : message,
        msg_dep_rel message_dependencies dm y
        → valid_message_prop
            (equivocators_composition_for_sent
               IM equivocators s) dm
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
dm: message
Hdm: msg_dep_rel message_dependencies dm m
Hdm_hb: msg_dep_happens_before message_dependencies
  dm m
dm_i: index
Hdm_i: dm_i ∈ elements equivocators
Hemitted: can_emit
  (preloaded_with_all_messages_vlsm
     (IM dm_i)) dm
dm0: message
Hdm0: msg_dep_rel message_dependencies dm0 dm
dependencies_with_non_equivocating_senders_were_sent s
  dm
  clear -Heqv Hdm; revert dm m Hdm Heqv.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H13: Elements index Ci
equivocators: Ci
H16: ∀ i : index, HasBeenSentCapability (IM i)
s: ∀ x : index, state (IM x)
∀ dm m : message,
  msg_dep_rel message_dependencies dm m
  → dependencies_with_non_equivocating_senders_were_sent
      s m
    → dependencies_with_non_equivocating_senders_were_sent
        s dm
  by apply msg_dep_rel_reflects_dependencies_with_non_equivocating_senders_were_sent.
Qed.

Lemma msg_dep_strong_fixed_equivocation_subsumption s m
  (Hmsg_dep_happens_before_wf : well_founded (msg_dep_happens_before message_dependencies))
  : msg_dep_fixed_set_equivocation s m ->
    strong_fixed_equivocation IM equivocators s m.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: composite_state IM
m: message
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
msg_dep_fixed_set_equivocation s m
→ strong_fixed_equivocation IM equivocators s m
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: composite_state IM
m: message
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
msg_dep_fixed_set_equivocation s m
→ strong_fixed_equivocation IM equivocators s m
  intros  [Hsent | [[i [Hi Hemit]] Heqv]]; [by left |].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: composite_state IM
m: message
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
i: index
Hi: i ∈ elements equivocators
Hemit: can_emit
  (preloaded_with_all_messages_vlsm (IM i)) m
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
strong_fixed_equivocation IM equivocators s m
  cut (forall dm, msg_dep_rel message_dependencies dm m ->
    valid_message_prop (equivocators_composition_for_sent IM equivocators s) dm)
  ; [| by apply dependencies_are_valid].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: composite_state IM
m: message
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
i: index
Hi: i ∈ elements equivocators
Hemit: can_emit
  (preloaded_with_all_messages_vlsm (IM i)) m
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
(∀ dm : message,
   msg_dep_rel message_dependencies dm m
   → valid_message_prop
       (equivocators_composition_for_sent IM
          equivocators s) dm)
→ strong_fixed_equivocation IM equivocators s m
  intro Hdeps; right.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: composite_state IM
m: message
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
i: index
Hi: i ∈ elements equivocators
Hemit: can_emit
  (preloaded_with_all_messages_vlsm (IM i)) m
Heqv: dependencies_with_non_equivocating_senders_were_sent
  s m
Hdeps: ∀ dm : message,
  msg_dep_rel message_dependencies dm m
  → valid_message_prop
      (equivocators_composition_for_sent IM
         equivocators s) dm
can_emit
  (equivocators_composition_for_sent IM equivocators s)
  m
  by apply messages_with_valid_dependences_can_be_emitted with i;
   [itauto | apply elem_of_elements in Hi |].
Qed.

Lemma msg_dep_strong_fixed_equivocation_constraint_subsumption
  (Hmsg_dep_happens_before_wf : well_founded (msg_dep_happens_before message_dependencies))
  : strong_constraint_subsumption (free_composite_vlsm IM)
      msg_dep_fixed_set_equivocation_constraint
      (strong_fixed_equivocation_constraint IM equivocators).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
strong_constraint_subsumption (free_composite_vlsm IM)
  msg_dep_fixed_set_equivocation_constraint
  (strong_fixed_equivocation_constraint IM
     equivocators)
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
strong_constraint_subsumption (free_composite_vlsm IM)
  msg_dep_fixed_set_equivocation_constraint
  (strong_fixed_equivocation_constraint IM
     equivocators)
  intros l [s [m |]] Hc; [| done].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hc: msg_dep_fixed_set_equivocation_constraint l
  (s, Some m)
strong_fixed_equivocation_constraint IM equivocators l
  (s, Some m)
  by apply msg_dep_strong_fixed_equivocation_subsumption.
Qed.

Lemma single_equivocator_projection s j
  (Hj : j ∈ elements equivocators)
  : VLSM_projection
      (equivocators_composition_for_sent IM equivocators s)
      (preloaded_with_all_messages_vlsm (IM j))
      (sub_label_element_project IM equivocators j)
      (sub_state_element_project IM equivocators j Hj).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
VLSM_projection
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_label_element_project IM equivocators j)
  (sub_state_element_project IM equivocators j Hj)
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
VLSM_projection
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_label_element_project IM equivocators j)
  (sub_state_element_project IM equivocators j Hj)
  apply basic_VLSM_projection.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
weak_projection_valid_preservation
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_label_element_project IM equivocators j)
  (sub_state_element_project IM equivocators j Hj)
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
weak_projection_transition_preservation_Some
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_label_element_project IM equivocators j)
  (sub_state_element_project IM equivocators j Hj)
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
weak_projection_transition_consistency_None
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_label_element_project IM equivocators j)
  (sub_state_element_project IM equivocators j Hj)
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
strong_projection_initial_state_preservation
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_state_element_project IM equivocators j Hj)
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
weak_projection_valid_message_preservation
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_label_element_project IM equivocators j)
  (sub_state_element_project IM equivocators j Hj)
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
weak_projection_valid_preservation
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_label_element_project IM equivocators j)
  (sub_state_element_project IM equivocators j Hj) intros [sub_i li] lY HlX_pr sX om (_ & _ & HvX) HsY _; revert HvX.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
sub_i: sub_index (elements equivocators)
li: label (sub_IM IM (elements equivocators) sub_i)
lY: label (preloaded_with_all_messages_vlsm (IM j))
HlX_pr: sub_label_element_project IM equivocators j
  (existT sub_i li) = Some lY
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
HsY: valid_state_prop
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_state_element_project IM equivocators j
     Hj sX)
valid (existT sub_i li) (sX, om)
→ valid lY
    (sub_state_element_project IM equivocators j Hj sX,
     om)
    destruct_dec_sig sub_i i Hi Heqsub_i; subst.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
lY: label (preloaded_with_all_messages_vlsm (IM j))
HlX_pr: sub_label_element_project IM equivocators j
  (existT (dexist i Hi) li) = 
Some lY
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
HsY: valid_state_prop
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_state_element_project IM equivocators j
     Hj sX)
valid (existT (dexist i Hi) li) (sX, om)
→ valid lY
    (sub_state_element_project IM equivocators j Hj sX,
     om)
    unfold sub_label_element_project in HlX_pr; cbn in HlX_pr.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
lY: label (preloaded_with_all_messages_vlsm (IM j))
HlX_pr: match decide (j = i) with
| left e =>
    Some
      (eq_rect_r (λ j : index, label (IM j))
         li e)
| right _ => None
end = Some lY
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
HsY: valid_state_prop
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_state_element_project IM equivocators j
     Hj sX)
valid (existT (dexist i Hi) li) (sX, om)
→ valid lY
    (sub_state_element_project IM equivocators j Hj sX,
     om)
    case_decide as Heqij; [| congruence].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
lY: label (preloaded_with_all_messages_vlsm (IM j))
Heqij: j = i
HlX_pr: Some
  (eq_rect_r (λ j : index, label (IM j)) li
     Heqij) = Some lY
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
HsY: valid_state_prop
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_state_element_project IM equivocators j
     Hj sX)
valid (existT (dexist i Hi) li) (sX, om)
→ valid lY
    (sub_state_element_project IM equivocators j Hj sX,
     om)
    subst i; cbv in HlX_pr; apply Some_inj in HlX_pr; subst li.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
Hi: sub_index_prop (elements equivocators) j
lY: label (preloaded_with_all_messages_vlsm (IM j))
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
HsY: valid_state_prop
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_state_element_project IM equivocators j
     Hj sX)
valid (existT (dexist j Hi) lY) (sX, om)
→ valid lY
    (sub_state_element_project IM equivocators j Hj sX,
     om)
    unfold sub_IM, sub_state_element_project; cbn.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
Hi: sub_index_prop (elements equivocators) j
lY: label (preloaded_with_all_messages_vlsm (IM j))
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
HsY: valid_state_prop
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_state_element_project IM equivocators j
     Hj sX)
valid lY (sX (dexist j Hi), om)
→ valid lY (sX (dexist j Hj), om)
    by rewrite (sub_IM_state_pi sX Hj Hi).
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
weak_projection_transition_preservation_Some
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_label_element_project IM equivocators j)
  (sub_state_element_project IM equivocators j Hj) intros [sub_i li] lY HlX_pr sX om sX' om' [_ HtX]; revert HtX.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
sub_i: sub_index (elements equivocators)
li: label (sub_IM IM (elements equivocators) sub_i)
lY: label (preloaded_with_all_messages_vlsm (IM j))
HlX_pr: sub_label_element_project IM equivocators j
  (existT sub_i li) = Some lY
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
transition (existT sub_i li) (sX, om) = (sX', om')
→ transition lY
    (sub_state_element_project IM equivocators j Hj sX,
     om) =
  (sub_state_element_project IM equivocators j Hj sX',
   om')
    destruct_dec_sig sub_i i Hi Heqsub_i; subst.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
lY: label (preloaded_with_all_messages_vlsm (IM j))
HlX_pr: sub_label_element_project IM equivocators j
  (existT (dexist i Hi) li) = 
Some lY
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
transition (existT (dexist i Hi) li) (sX, om) =
(sX', om')
→ transition lY
    (sub_state_element_project IM equivocators j Hj sX,
     om) =
  (sub_state_element_project IM equivocators j Hj sX',
   om')
    unfold sub_label_element_project in HlX_pr; cbn in HlX_pr.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
lY: label (preloaded_with_all_messages_vlsm (IM j))
HlX_pr: match decide (j = i) with
| left e =>
    Some
      (eq_rect_r (λ j : index, label (IM j))
         li e)
| right _ => None
end = Some lY
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
transition (existT (dexist i Hi) li) (sX, om) =
(sX', om')
→ transition lY
    (sub_state_element_project IM equivocators j Hj sX,
     om) =
  (sub_state_element_project IM equivocators j Hj sX',
   om')
    case_decide as Heqij; [| by congruence].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
lY: label (preloaded_with_all_messages_vlsm (IM j))
Heqij: j = i
HlX_pr: Some
  (eq_rect_r (λ j : index, label (IM j)) li
     Heqij) = Some lY
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
transition (existT (dexist i Hi) li) (sX, om) =
(sX', om')
→ transition lY
    (sub_state_element_project IM equivocators j Hj sX,
     om) =
  (sub_state_element_project IM equivocators j Hj sX',
   om')
    subst i; cbv in HlX_pr; apply Some_inj in HlX_pr; subst li.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
Hi: sub_index_prop (elements equivocators) j
lY: label (preloaded_with_all_messages_vlsm (IM j))
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
transition (existT (dexist j Hi) lY) (sX, om) =
(sX', om')
→ transition lY
    (sub_state_element_project IM equivocators j Hj sX,
     om) =
  (sub_state_element_project IM equivocators j Hj sX',
   om')
    cbn; unfold sub_IM, sub_state_element_project; cbn.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
Hi: sub_index_prop (elements equivocators) j
lY: label (preloaded_with_all_messages_vlsm (IM j))
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
(let (si', om') :=
   transition lY (sX (dexist j Hi), om) in
 (state_update
    (λ ei : sub_index (elements equivocators),
       IM (`ei)) sX (dexist j Hi) si', om')) =
(sX', om')
→ transition lY (sX (dexist j Hj), om) =
  (sX' (dexist j Hj), om')
    rewrite (sub_IM_state_pi sX Hj Hi).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
Hi: sub_index_prop (elements equivocators) j
lY: label (preloaded_with_all_messages_vlsm (IM j))
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
(let (si', om') :=
   transition lY (sX (dexist j Hi), om) in
 (state_update
    (λ ei : sub_index (elements equivocators),
       IM (`ei)) sX (dexist j Hi) si', om')) =
(sX', om')
→ transition lY (sX (dexist j Hi), om) =
  (sX' (dexist j Hj), om')
    destruct (transition _ _ _) as (sj', _om'); inversion_clear 1.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
Hi: sub_index_prop (elements equivocators) j
lY: label (preloaded_with_all_messages_vlsm (IM j))
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
sj': state (IM j)
_om': option message
(sj', om') =
(state_update
   (λ ei : sub_index (elements equivocators), IM (`ei))
   sX (dexist j Hi) sj' (dexist j Hj), om')
    by f_equal; symmetry; apply sub_IM_state_update_eq.
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
weak_projection_transition_consistency_None
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_label_element_project IM equivocators j)
  (sub_state_element_project IM equivocators j Hj) intros [sub_i li] HlX_pr sX om sX' om' [_ HtX].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
sub_i: sub_index (elements equivocators)
li: label (sub_IM IM (elements equivocators) sub_i)
HlX_pr: sub_label_element_project IM equivocators j
  (existT sub_i li) = None
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
HtX: transition (existT sub_i li) (sX, om) =
(sX', om')
sub_state_element_project IM equivocators j Hj sX' =
sub_state_element_project IM equivocators j Hj sX
    destruct_dec_sig sub_i i Hi Heqsub_i; subst.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
HlX_pr: sub_label_element_project IM equivocators j
  (existT (dexist i Hi) li) = None
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
HtX: transition (existT (dexist i Hi) li) (sX, om) =
(sX', om')
sub_state_element_project IM equivocators j Hj sX' =
sub_state_element_project IM equivocators j Hj sX
    unfold sub_label_element_project in HlX_pr; cbn in HlX_pr.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
HlX_pr: match decide (j = i) with
| left e =>
    Some
      (eq_rect_r (λ j : index, label (IM j))
         li e)
| right _ => None
end = None
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
HtX: transition (existT (dexist i Hi) li) (sX, om) =
(sX', om')
sub_state_element_project IM equivocators j Hj sX' =
sub_state_element_project IM equivocators j Hj sX
    case_decide as Heqij; [by congruence |].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
Heqij: j ≠ i
HlX_pr: None = None
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
HtX: transition (existT (dexist i Hi) li) (sX, om) =
(sX', om')
sub_state_element_project IM equivocators j Hj sX' =
sub_state_element_project IM equivocators j Hj sX
    cbn in HtX; destruct (transition _ _ _) as (si', _om').
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
Heqij: j ≠ i
HlX_pr: None = None
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
si': state
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
_om': option message
HtX: (state_update
   (sub_IM IM (elements equivocators)) sX
   (dexist i Hi) si', _om') = (
sX', om')
sub_state_element_project IM equivocators j Hj sX' =
sub_state_element_project IM equivocators j Hj sX
    inversion_clear HtX.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
Heqij: j ≠ i
HlX_pr: None = None
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
si': state
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
_om': option message
sub_state_element_project IM equivocators j Hj
  (state_update (sub_IM IM (elements equivocators)) sX
     (dexist i Hi) si') =
sub_state_element_project IM equivocators j Hj sX
    unfold sub_state_element_project.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
Heqij: j ≠ i
HlX_pr: None = None
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
om: option message
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
om': option message
si': state
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
_om': option message
state_update (sub_IM IM (elements equivocators)) sX
  (dexist i Hi) si' (dexist j Hj) = sX (dexist j Hj)
    by state_update_simpl.
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
strong_projection_initial_state_preservation
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_state_element_project IM equivocators j Hj) by intros sX HsX; apply (HsX (dexist j Hj)).
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
j: index
Hj: j ∈ elements equivocators
weak_projection_valid_message_preservation
  (equivocators_composition_for_sent IM equivocators s)
  (preloaded_with_all_messages_vlsm (IM j))
  (sub_label_element_project IM equivocators j)
  (sub_state_element_project IM equivocators j Hj) by intro; intros; apply any_message_is_valid_in_preloaded.
Qed.

Lemma equivocators_composition_can_emit_sender s m
  : can_emit (equivocators_composition_for_sent IM equivocators s) m ->
    equivocator_can_emit m.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
can_emit
  (equivocators_composition_for_sent IM equivocators s)
  m → equivocator_can_emit m
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
can_emit
  (equivocators_composition_for_sent IM equivocators s)
  m → equivocator_can_emit m
  intros [(sX, iom) [(sub_i, li) [sX' HtX]]].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
sub_i: sub_index (elements equivocators)
li: label (sub_IM IM (elements equivocators) sub_i)
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT sub_i li) (
  sX, iom) (sX', Some m)
equivocator_can_emit m
  destruct_dec_sig sub_i i Hi Heqsub_i; subst.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT (dexist i Hi) li)
  (sX, iom) (sX', Some m)
equivocator_can_emit m
  exists i; split; [done |].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT (dexist i Hi) li)
  (sX, iom) (sX', Some m)
can_emit (preloaded_with_all_messages_vlsm (IM i)) m
  apply can_emit_iff.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT (dexist i Hi) li)
  (sX, iom) (sX', Some m)
∃ s : state (preloaded_with_all_messages_vlsm (IM i)),
  can_produce
    (preloaded_with_all_messages_vlsm (IM i)) s m
  apply (VLSM_projection_input_valid_transition
    (single_equivocator_projection s i Hi)) with (lY := li) in HtX
  ; [by eexists _, _, _ |].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT (dexist i Hi) li)
  (sX, iom) (sX', Some m)
sub_label_element_project IM equivocators i
  (existT (dexist i Hi) li) = Some li
  unfold sub_label_element_project; cbn.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
s: ∀ x : index, state (IM x)
m: message
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT (dexist i Hi) li)
  (sX, iom) (sX', Some m)
match decide (i = i) with
| left e =>
    Some (eq_rect_r (λ j : index, label (IM j)) li e)
| right _ => None
end = Some li
  by rewrite decide_True_pi with eq_refl.
Qed.

Lemma sent_by_non_equivocating_msg_dep_rel_strong_fixed_equivocation
  (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM)
  : forall s, valid_state_prop (composite_vlsm IM
      (strong_fixed_equivocation_constraint IM equivocators)) s ->
    forall dm m, msg_dep_rel message_dependencies dm m ->
    sent_by_non_equivocating  IM equivocators s m ->
    strong_fixed_equivocation IM equivocators s dm.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
∀ s : state
        (composite_vlsm IM
           (strong_fixed_equivocation_constraint IM
              equivocators)),
  valid_state_prop
    (composite_vlsm IM
       (strong_fixed_equivocation_constraint IM
          equivocators)) s
  → ∀ dm m : message,
      msg_dep_rel message_dependencies dm m
      → sent_by_non_equivocating IM equivocators s m
        → strong_fixed_equivocation IM equivocators s
            dm
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
∀ s : state
        (composite_vlsm IM
           (strong_fixed_equivocation_constraint IM
              equivocators)),
  valid_state_prop
    (composite_vlsm IM
       (strong_fixed_equivocation_constraint IM
          equivocators)) s
  → ∀ dm m : message,
      msg_dep_rel message_dependencies dm m
      → sent_by_non_equivocating IM equivocators s m
        → strong_fixed_equivocation IM equivocators s
            dm
  intros s Hs dm m Hdm (i & Hni & Hsent).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
Hsent: has_been_sent (IM i) (s i) m
strong_fixed_equivocation IM equivocators s dm
  apply (messages_sent_from_component_produced_previously IM Hs) in Hsent
    as (destination & Hfutures & Hproduce).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
strong_fixed_equivocation IM equivocators s dm
  eapply VLSM_incl_in_futures in Hfutures as Hpre_futures
  ; [| apply constrained_preloaded_incl].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM)
  |} destination s
strong_fixed_equivocation IM equivocators s dm
  apply (VLSM_projection_in_futures (preloaded_component_projection IM i)) in Hpre_futures.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
strong_fixed_equivocation IM equivocators s dm
  eapply message_dependencies_are_necessary in Hproduce as Hobs.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hobs: message_dependencies_full_node_condition 
  (IM i) message_dependencies 
  (destination i) m
strong_fixed_equivocation IM equivocators s dm
  eapply has_been_directly_observed_sent_received_iff
    in Hobs as [Hreceived | Hsent]; [.. | done]; cycle 1.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hsent: has_been_sent (IM i) (destination i) dm
strong_fixed_equivocation IM equivocators s dm
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hobs: message_dependencies_full_node_condition 
  (IM i) message_dependencies 
  (destination i) m
H19: ∀ (vlsm : VLSM message) 
  (H : HasBeenReceivedCapability vlsm) 
  (H0 : HasBeenSentCapability vlsm) 
  (H1 : HasBeenDirectlyObservedCapability vlsm) 
  (s : state
         (preloaded_with_all_messages_vlsm vlsm)),
  constrained_state_prop vlsm s
  → ∀ m : message,
      has_been_directly_observed vlsm s m
      → has_been_received vlsm s m
        ∨ has_been_sent vlsm s m
constrained_state_prop (IM i) (destination i)
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hreceived: has_been_received (IM i) 
  (destination i) dm
strong_fixed_equivocation IM equivocators s dm
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hsent: has_been_sent (IM i) (destination i) dm
strong_fixed_equivocation IM equivocators s dm left; exists i; split; [done |].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hsent: has_been_sent (IM i) (destination i) dm
has_been_sent (IM i) (s i) dm
    by eapply in_futures_preserving_oracle_from_stepwise
    ; [apply has_been_sent_stepwise_props | |].
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hobs: message_dependencies_full_node_condition 
  (IM i) message_dependencies 
  (destination i) m
H19: ∀ (vlsm : VLSM message) 
  (H : HasBeenReceivedCapability vlsm) 
  (H0 : HasBeenSentCapability vlsm) 
  (H1 : HasBeenDirectlyObservedCapability vlsm) 
  (s : state
         (preloaded_with_all_messages_vlsm vlsm)),
  constrained_state_prop vlsm s
  → ∀ m : message,
      has_been_directly_observed vlsm s m
      → has_been_received vlsm s m
        ∨ has_been_sent vlsm s m
constrained_state_prop (IM i) (destination i) by eapply in_futures_valid_fst.
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hreceived: has_been_received (IM i) 
  (destination i) dm
strong_fixed_equivocation IM equivocators s dm apply in_futures_valid_fst in Hfutures as Hdestination.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
Hni: i ∉ elements equivocators
destination: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators))
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hreceived: has_been_received (IM i) 
  (destination i) dm
Hdestination: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination
strong_fixed_equivocation IM equivocators s dm
    specialize (received_component_received_previously IM Hdestination Hreceived)
      as (s_item_dm & [] & Ht & Hfutures_dm & <- & Hinput);
      destruct l as [i li]; cbn in Hinput; subst input; cbn in *.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: composite_state IM
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
li: label (IM i)
destination0: composite_state IM
output: option message
Hni: i ∉ elements equivocators
destination: composite_state IM
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hreceived: has_been_received (IM i) 
  (destination i) dm
Hdestination: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination
s_item_dm: composite_state IM
Hfutures_dm: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination0
  destination
Ht: input_valid_transition_item
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s_item_dm
  {|
    l := existT i li;
    input := Some dm;
    destination := destination0;
    output := output
  |}
strong_fixed_equivocation IM equivocators s dm
      apply input_valid_transition_in_futures in Ht as Hfutures_t; cbn in Hfutures_t
      ; destruct Ht as [(_ & _ & _ & Hc) _].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: composite_state IM
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
li: label (IM i)
destination0: composite_state IM
output: option message
Hni: i ∉ elements equivocators
destination: composite_state IM
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hreceived: has_been_received (IM i) 
  (destination i) dm
Hdestination: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination
s_item_dm: composite_state IM
Hfutures_dm: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination0
  destination
Hc: strong_fixed_equivocation_constraint IM
  equivocators
  (l
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
  (s_item_dm,
   input
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
Hfutures_t: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) s_item_dm
  destination0
strong_fixed_equivocation IM equivocators s dm
      eapply in_futures_preserves_strong_fixed_equivocation; [| apply Hc].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: composite_state IM
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
li: label (IM i)
destination0: composite_state IM
output: option message
Hni: i ∉ elements equivocators
destination: composite_state IM
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hreceived: has_been_received (IM i) 
  (destination i) dm
Hdestination: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination
s_item_dm: composite_state IM
Hfutures_dm: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination0
  destination
Hc: strong_fixed_equivocation_constraint IM
  equivocators
  (l
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
  (s_item_dm,
   input
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
Hfutures_t: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) s_item_dm
  destination0
in_futures
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM)) s_item_dm s
      eapply VLSM_incl_in_futures.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: composite_state IM
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
li: label (IM i)
destination0: composite_state IM
output: option message
Hni: i ∉ elements equivocators
destination: composite_state IM
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hreceived: has_been_received (IM i) 
  (destination i) dm
Hdestination: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination
s_item_dm: composite_state IM
Hfutures_dm: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination0
  destination
Hc: strong_fixed_equivocation_constraint IM
  equivocators
  (l
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
  (s_item_dm,
   input
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
Hfutures_t: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) s_item_dm
  destination0
VLSM_incl_part ?MX
  (preloaded_vlsm_machine (free_composite_vlsm IM)
     (λ _ : message, True))
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: composite_state IM
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
li: label (IM i)
destination0: composite_state IM
output: option message
Hni: i ∉ elements equivocators
destination: composite_state IM
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hreceived: has_been_received (IM i) 
  (destination i) dm
Hdestination: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination
s_item_dm: composite_state IM
Hfutures_dm: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination0
  destination
Hc: strong_fixed_equivocation_constraint IM
  equivocators
  (l
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
  (s_item_dm,
   input
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
Hfutures_t: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) s_item_dm
  destination0
in_futures
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine := ?MX
  |} s_item_dm s
      +
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: composite_state IM
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
li: label (IM i)
destination0: composite_state IM
output: option message
Hni: i ∉ elements equivocators
destination: composite_state IM
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hreceived: has_been_received (IM i) 
  (destination i) dm
Hdestination: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination
s_item_dm: composite_state IM
Hfutures_dm: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination0
  destination
Hc: strong_fixed_equivocation_constraint IM
  equivocators
  (l
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
  (s_item_dm,
   input
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
Hfutures_t: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) s_item_dm
  destination0
VLSM_incl_part ?MX
  (preloaded_vlsm_machine (free_composite_vlsm IM)
     (λ _ : message, True)) by apply constrained_preloaded_incl
         with (constraint := strong_fixed_equivocation_constraint IM equivocators).
      +
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: composite_state IM
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
i: index
li: label (IM i)
destination0: composite_state IM
output: option message
Hni: i ∉ elements equivocators
destination: composite_state IM
Hfutures: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination s
Hproduce: can_produce
  (preloaded_with_all_messages_vlsm (IM i))
  (destination i) m
Hpre_futures: in_futures
  (preloaded_with_all_messages_vlsm
     (IM i)) (destination i) 
  (s i)
Hreceived: has_been_received (IM i) 
  (destination i) dm
Hdestination: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination
s_item_dm: composite_state IM
Hfutures_dm: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) destination0
  destination
Hc: strong_fixed_equivocation_constraint IM
  equivocators
  (l
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
  (s_item_dm,
   input
     {|
       l := existT i li;
       input := Some dm;
       destination := destination0;
       output := output
     |})
Hfutures_t: in_futures
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint
        IM equivocators)) s_item_dm
  destination0
in_futures
  {|
    vlsm_type := free_composite_vlsm IM;
    vlsm_machine :=
      constrained_vlsm (free_composite_vlsm IM)
        (strong_fixed_equivocation_constraint IM
           equivocators)
  |} s_item_dm s by do 2 (eapply in_futures_trans; [done |]).
Qed.

Lemma msg_dep_rel_reflects_strong_fixed_equivocation
  (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM)
  : forall s, valid_state_prop (composite_vlsm IM
      (strong_fixed_equivocation_constraint IM equivocators)) s ->
    forall dm m, msg_dep_rel message_dependencies dm m ->
    strong_fixed_equivocation IM equivocators s m ->
    strong_fixed_equivocation IM equivocators s dm.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
∀ s : state
        (composite_vlsm IM
           (strong_fixed_equivocation_constraint IM
              equivocators)),
  valid_state_prop
    (composite_vlsm IM
       (strong_fixed_equivocation_constraint IM
          equivocators)) s
  → ∀ dm m : message,
      msg_dep_rel message_dependencies dm m
      → strong_fixed_equivocation IM equivocators s m
        → strong_fixed_equivocation IM equivocators s
            dm
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
∀ s : state
        (composite_vlsm IM
           (strong_fixed_equivocation_constraint IM
              equivocators)),
  valid_state_prop
    (composite_vlsm IM
       (strong_fixed_equivocation_constraint IM
          equivocators)) s
  → ∀ dm m : message,
      msg_dep_rel message_dependencies dm m
      → strong_fixed_equivocation IM equivocators s m
        → strong_fixed_equivocation IM equivocators s
            dm
  intros s Hs dm m Hdm [Hsent | Hemit].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hsent: sent_by_non_equivocating IM equivocators s m
strong_fixed_equivocation IM equivocators s dm
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) m
strong_fixed_equivocation IM equivocators s dm
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hsent: sent_by_non_equivocating IM equivocators s m
strong_fixed_equivocation IM equivocators s dm by eapply sent_by_non_equivocating_msg_dep_rel_strong_fixed_equivocation.
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) m
strong_fixed_equivocation IM equivocators s dm cut (valid_message_prop (equivocators_composition_for_sent IM equivocators s) dm).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) m
valid_message_prop
  (equivocators_composition_for_sent IM equivocators s)
  dm → strong_fixed_equivocation IM equivocators s dm
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) m
valid_message_prop
  (equivocators_composition_for_sent IM equivocators s)
  dm
    {
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) m
valid_message_prop
  (equivocators_composition_for_sent IM equivocators s)
  dm → strong_fixed_equivocation IM equivocators s dm
      intro Hsent_comp; apply emitted_messages_are_valid_iff in Hsent_comp
        as [[[sub_j [[_im Him] Heqim]] |] |]
      ; [| by left | by right].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) m
sub_j: sub_index (elements equivocators)
_im: message
Him: initial_message_prop _im
Heqim: `(_im ↾ Him) = dm
strong_fixed_equivocation IM equivocators s dm
      destruct_dec_sig sub_j j Hj Heqsub_j; subst.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
m, _im: message
j: index
Hj: sub_index_prop (elements equivocators) j
Him: initial_message_prop _im
Hdm: msg_dep_rel message_dependencies 
  (`(_im ↾ Him)) m
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) m
strong_fixed_equivocation IM equivocators s
  (`(_im ↾ Him))
      clear -Him no_initial_messages_in_IM; contradict Him.
index, message: Type
IM: index → VLSM message
Ci: Type
H13: Elements index Ci
equivocators: Ci
EqDecision2: EqDecision index
H16: ∀ i : index, HasBeenSentCapability (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
_im: message
j: index
Hj: sub_index_prop (elements equivocators) j
¬ initial_message_prop _im
      by apply no_initial_messages_in_IM.
    }
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) m
valid_message_prop
  (equivocators_composition_for_sent IM equivocators s)
  dm
    destruct Hemit as ((sX, iom) & (sub_i, li) & sX' & HtX).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
sub_i: sub_index (elements equivocators)
li: label (sub_IM IM (elements equivocators) sub_i)
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT sub_i li) (
  sX, iom) (sX', Some m)
valid_message_prop
  (equivocators_composition_for_sent IM equivocators s)
  dm
    eapply (preloaded_free_composite_directly_observed_valid _ _ sX').
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
sub_i: sub_index (elements equivocators)
li: label (sub_IM IM (elements equivocators) sub_i)
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT sub_i li) (
  sX, iom) (sX', Some m)
valid_state_prop
  (preloaded_vlsm
     (free_composite_vlsm
        (sub_IM IM (elements equivocators)))
     (sent_by_non_equivocating IM equivocators s)) sX'
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
sub_i: sub_index (elements equivocators)
li: label (sub_IM IM (elements equivocators) sub_i)
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT sub_i li) (
  sX, iom) (sX', Some m)
composite_has_been_directly_observed
  (sub_IM IM (elements equivocators)) sX' dm
    +
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
sub_i: sub_index (elements equivocators)
li: label (sub_IM IM (elements equivocators) sub_i)
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT sub_i li) (
  sX, iom) (sX', Some m)
valid_state_prop
  (preloaded_vlsm
     (free_composite_vlsm
        (sub_IM IM (elements equivocators)))
     (sent_by_non_equivocating IM equivocators s)) sX' by eapply input_valid_transition_destination.
    +
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
sub_i: sub_index (elements equivocators)
li: label (sub_IM IM (elements equivocators) sub_i)
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT sub_i li) (
  sX, iom) (sX', Some m)
composite_has_been_directly_observed
  (sub_IM IM (elements equivocators)) sX' dm exists sub_i; destruct_dec_sig sub_i i Hi Heqsub_i; subst.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT (dexist i Hi) li)
  (sX, iom) (sX', Some m)
has_been_directly_observed
  (sub_IM IM (elements equivocators) (dexist i Hi))
  (sX' (dexist i Hi)) dm
      eapply message_dependencies_are_necessary; [| done].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT (dexist i Hi) li)
  (sX, iom) (sX', Some m)
can_produce
  (preloaded_with_all_messages_vlsm
     (sub_IM IM (elements equivocators) (dexist i Hi)))
  (sX' (dexist i Hi)) m
      eexists _, _
      ; eapply (VLSM_projection_input_valid_transition (single_equivocator_projection s i Hi))
      ; [| done].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT (dexist i Hi) li)
  (sX, iom) (sX', Some m)
sub_label_element_project IM equivocators i
  (existT (dexist i Hi) li) = Some ?Goal
      unfold sub_label_element_project; cbn.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
s: state
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Hs: valid_state_prop
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
dm, m: message
Hdm: msg_dep_rel message_dependencies dm m
sX: state
  (equivocators_composition_for_sent IM
     equivocators s)
iom: option message
i: index
Hi: sub_index_prop (elements equivocators) i
li: label
  (sub_IM IM (elements equivocators)
     (dexist i Hi))
sX': state
  (equivocators_composition_for_sent IM
     equivocators s)
HtX: input_valid_transition
  (equivocators_composition_for_sent IM
     equivocators s) (existT (dexist i Hi) li)
  (sX, iom) (sX', Some m)
match decide (i = i) with
| left e =>
    Some (eq_rect_r (λ j : index, label (IM j)) li e)
| right _ => None
end = Some ?Goal
      by rewrite (decide_True_pi eq_refl).
Qed.

Lemma strong_fixed_equivocation_msg_dep_constraint_subsumption
  (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM)
  : input_valid_constraint_subsumption (free_composite_vlsm IM)
      (strong_fixed_equivocation_constraint IM equivocators)
      msg_dep_fixed_set_equivocation_constraint.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
input_valid_constraint_subsumption
  (free_composite_vlsm IM)
  (strong_fixed_equivocation_constraint IM
     equivocators)
  msg_dep_fixed_set_equivocation_constraint
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
input_valid_constraint_subsumption
  (free_composite_vlsm IM)
  (strong_fixed_equivocation_constraint IM
     equivocators)
  msg_dep_fixed_set_equivocation_constraint
  intros l [s [m |]] (Hs & _ & _ & Hc); [| done].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
msg_dep_fixed_set_equivocation_constraint l
  (s, Some m)
  cut (dependencies_with_non_equivocating_senders_were_sent s m).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dependencies_with_non_equivocating_senders_were_sent s
  m
→ msg_dep_fixed_set_equivocation_constraint l
    (s, Some m)
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dependencies_with_non_equivocating_senders_were_sent s
  m
  {
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dependencies_with_non_equivocating_senders_were_sent s
  m
→ msg_dep_fixed_set_equivocation_constraint l
    (s, Some m)
    intros Hassume.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
Hassume: dependencies_with_non_equivocating_senders_were_sent
  s m
msg_dep_fixed_set_equivocation_constraint l
  (s, Some m)
    destruct Hc as [Hsent | Hemit]; [by left | right].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) m
Hassume: dependencies_with_non_equivocating_senders_were_sent
  s m
equivocator_can_emit m
∧ dependencies_with_non_equivocating_senders_were_sent
    (s, Some m).1 m
    split; [| done].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) m
Hassume: dependencies_with_non_equivocating_senders_were_sent
  s m
equivocator_can_emit m
    by eapply equivocators_composition_can_emit_sender.
  }
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dependencies_with_non_equivocating_senders_were_sent s
  m
  intros dm Hdm.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dm: message
Hdm: msg_dep_happens_before message_dependencies dm m
sent_by_non_equivocating IM equivocators s dm
∨ equivocator_can_emit dm
  cut (strong_fixed_equivocation IM equivocators s dm).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dm: message
Hdm: msg_dep_happens_before message_dependencies dm m
strong_fixed_equivocation IM equivocators s dm
→ sent_by_non_equivocating IM equivocators s dm
  ∨ equivocator_can_emit dm
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dm: message
Hdm: msg_dep_happens_before message_dependencies dm m
strong_fixed_equivocation IM equivocators s dm
  {
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dm: message
Hdm: msg_dep_happens_before message_dependencies dm m
strong_fixed_equivocation IM equivocators s dm
→ sent_by_non_equivocating IM equivocators s dm
  ∨ equivocator_can_emit dm
    intros [Hsent | Hemit]; [by left | right].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dm: message
Hdm: msg_dep_happens_before message_dependencies dm m
Hemit: can_emit
  (equivocators_composition_for_sent IM
     equivocators s) dm
equivocator_can_emit dm
    by eapply equivocators_composition_can_emit_sender.
  }
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dm: message
Hdm: msg_dep_happens_before message_dependencies dm m
strong_fixed_equivocation IM equivocators s dm
  eapply msg_dep_happens_before_reflect; [| done | done].
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hs: valid_state_prop
  (constrained_vlsm (free_composite_vlsm IM)
     (strong_fixed_equivocation_constraint IM
        equivocators)) s
Hc: strong_fixed_equivocation_constraint IM
  equivocators l (s, Some m)
dm: message
Hdm: msg_dep_happens_before message_dependencies dm m
∀ dm m : message,
  msg_dep_rel message_dependencies dm m
  → strong_fixed_equivocation IM equivocators s m
    → strong_fixed_equivocation IM equivocators s dm
  by apply msg_dep_rel_reflects_strong_fixed_equivocation.
Qed.

Lemma msg_dep_strong_fixed_equivocation_incl
  (Hmsg_dep_happens_before_wf : well_founded (msg_dep_happens_before message_dependencies))
  : VLSM_incl
      (composite_vlsm IM msg_dep_fixed_set_equivocation_constraint)
      (composite_vlsm IM (strong_fixed_equivocation_constraint IM equivocators)).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
VLSM_incl
  (composite_vlsm IM
     msg_dep_fixed_set_equivocation_constraint)
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
VLSM_incl
  (composite_vlsm IM
     msg_dep_fixed_set_equivocation_constraint)
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
  apply constraint_subsumption_incl.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
input_valid_constraint_subsumption
  (free_composite_vlsm IM)
  msg_dep_fixed_set_equivocation_constraint
  (strong_fixed_equivocation_constraint IM
     equivocators)
  apply preloaded_constraint_subsumption_stronger.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
preloaded_constraint_subsumption
  (free_composite_vlsm IM)
  msg_dep_fixed_set_equivocation_constraint
  (strong_fixed_equivocation_constraint IM
     equivocators)
  apply strong_constraint_subsumption_strongest.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
strong_constraint_subsumption (free_composite_vlsm IM)
  msg_dep_fixed_set_equivocation_constraint
  (strong_fixed_equivocation_constraint IM
     equivocators)
  by apply msg_dep_strong_fixed_equivocation_constraint_subsumption.
Qed.

Lemma strong_msg_dep_fixed_equivocation_incl
  (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM)
  : VLSM_incl
      (composite_vlsm IM (strong_fixed_equivocation_constraint IM equivocators))
      (composite_vlsm IM msg_dep_fixed_set_equivocation_constraint).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
VLSM_incl
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
  (composite_vlsm IM
     msg_dep_fixed_set_equivocation_constraint)
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
VLSM_incl
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
  (composite_vlsm IM
     msg_dep_fixed_set_equivocation_constraint)
  apply constraint_subsumption_incl.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
input_valid_constraint_subsumption
  (free_composite_vlsm IM)
  (strong_fixed_equivocation_constraint IM
     equivocators)
  msg_dep_fixed_set_equivocation_constraint
  by apply strong_fixed_equivocation_msg_dep_constraint_subsumption.
Qed.

Lemma msg_dep_strong_fixed_equivocation_eq
  (Hmsg_dep_happens_before_wf : well_founded (msg_dep_happens_before message_dependencies))
  (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM)
  : VLSM_eq
      (composite_vlsm IM msg_dep_fixed_set_equivocation_constraint)
      (composite_vlsm IM (strong_fixed_equivocation_constraint IM equivocators)).
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
VLSM_eq
  (composite_vlsm IM
     msg_dep_fixed_set_equivocation_constraint)
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
Proof.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
VLSM_eq
  (composite_vlsm IM
     msg_dep_fixed_set_equivocation_constraint)
  (composite_vlsm IM
     (strong_fixed_equivocation_constraint IM
        equivocators))
  split.
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        (strong_fixed_equivocation_constraint IM
           equivocators)
  |}
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        (strong_fixed_equivocation_constraint IM
           equivocators)
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint
  |}
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        (strong_fixed_equivocation_constraint IM
           equivocators)
  |} by apply msg_dep_strong_fixed_equivocation_incl.
  -
index, message: Type
IM: index → VLSM message
Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
message_dependencies: message → Cm
Ci: Type
H7: ElemOf index Ci
H8: Empty Ci
H9: Singleton index Ci
H10: Union Ci
H11: Intersection Ci
H12: Difference Ci
H13: Elements index Ci
EqDecision1: EqDecision index
H14: FinSet index Ci
equivocators: Ci
EqDecision2: EqDecision index
H15: finite.Finite index
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hmsg_dep_happens_before_wf: wf
  (msg_dep_happens_before
     message_dependencies)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        (strong_fixed_equivocation_constraint IM
           equivocators)
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        msg_dep_fixed_set_equivocation_constraint
  |} by apply strong_msg_dep_fixed_equivocation_incl.
Qed.

End sec_msg_dep_fixed_set_equivocation.

Section sec_full_node_fixed_set_equivocation.

Context
  {message : Type}
  `{FinSet index Ci}
  `{finite.Finite index}
  (IM : index -> VLSM message)
  `{forall i, HasBeenSentCapability (IM i)}
  `{FinSet message Cm}
  (message_dependencies : message -> Cm)
  (equivocators : Ci)
  {validator : Type}
  (A : validator -> index)
  (sender : message -> option validator)
  .

Definition has_equivocating_sender (m : message)
  := exists v, sender m = Some v /\ A v ∈ equivocators.

Definition full_node_fixed_set_equivocation (s : composite_state IM) (m : message) :=
  sent_by_non_equivocating IM equivocators s m \/ has_equivocating_sender m.

Definition full_node_fixed_set_equivocation_constraint
  (l : composite_label IM)
  (som : composite_state IM * option message)
  : Prop :=
  from_option (full_node_fixed_set_equivocation som.1) True som.2.

Lemma msg_dep_full_node_fixed_set_equivocation_constraint_subsumption
  (Hchannel : channel_authentication_prop IM A sender)
  : strong_constraint_subsumption (free_composite_vlsm IM)
      (msg_dep_fixed_set_equivocation_constraint IM message_dependencies equivocators)
      full_node_fixed_set_equivocation_constraint.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
Hchannel: channel_authentication_prop IM A sender
strong_constraint_subsumption (free_composite_vlsm IM)
  (msg_dep_fixed_set_equivocation_constraint IM
     message_dependencies equivocators)
  full_node_fixed_set_equivocation_constraint
Proof.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
Hchannel: channel_authentication_prop IM A sender
strong_constraint_subsumption (free_composite_vlsm IM)
  (msg_dep_fixed_set_equivocation_constraint IM
     message_dependencies equivocators)
  full_node_fixed_set_equivocation_constraint
  intros l [s [m |]]; [| done]
  ; intros [Hsent | [[i [Hi Hemit]] Hdeps]]; [by left | right].
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
Hchannel: channel_authentication_prop IM A sender
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
i: index
Hi: i ∈ elements equivocators
Hemit: can_emit
  (preloaded_with_all_messages_vlsm (IM i)) m
Hdeps: dependencies_with_non_equivocating_senders_were_sent
  IM message_dependencies equivocators
  (s, Some m).1 m
has_equivocating_sender m
  apply Hchannel in Hemit; cbv in Hemit |- *.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
Hchannel: channel_authentication_prop IM A sender
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
i: index
Hi: i ∈ elements equivocators
Hemit: match sender m with
| Some a => Some (A a)
| None => None
end = Some i
Hdeps: dependencies_with_non_equivocating_senders_were_sent
  IM message_dependencies equivocators
  (s, Some m).1 m
∃ v : validator,
  sender m = Some v ∧ H (A v) equivocators
  destruct (sender m) as [v |]; [| congruence].
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
Hchannel: channel_authentication_prop IM A sender
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
i: index
Hi: i ∈ elements equivocators
v: validator
Hemit: Some (A v) = Some i
Hdeps: dependencies_with_non_equivocating_senders_were_sent
  IM message_dependencies equivocators
  (s, Some m).1 m
∃ v0 : validator,
  Some v = Some v0 ∧ H (A v0) equivocators
  eexists; split; [done |].
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
Hchannel: channel_authentication_prop IM A sender
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
i: index
Hi: i ∈ elements equivocators
v: validator
Hemit: Some (A v) = Some i
Hdeps: dependencies_with_non_equivocating_senders_were_sent
  IM message_dependencies equivocators
  (s, Some m).1 m
H (A v) equivocators
  replace (A v) with i; [by apply elem_of_elements in Hi |].
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
Hchannel: channel_authentication_prop IM A sender
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
i: index
Hi: i ∈ elements equivocators
v: validator
Hemit: Some (A v) = Some i
Hdeps: dependencies_with_non_equivocating_senders_were_sent
  IM message_dependencies equivocators
  (s, Some m).1 m
i = A v
  by congruence.
Qed.

Context
  (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM)
  `{forall i, HasBeenReceivedCapability (IM i)}
  `{!Irreflexive (msg_dep_happens_before message_dependencies)}
  `{forall i, MessageDependencies (IM i) message_dependencies}
  .

Lemma fixed_full_node_equivocation_incl
  (Hchannel : channel_authentication_prop IM A sender)
  : VLSM_incl
      (composite_vlsm IM (fixed_equivocation_constraint IM equivocators))
      (composite_vlsm IM full_node_fixed_set_equivocation_constraint).
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
VLSM_incl
  (composite_vlsm IM
     (fixed_equivocation_constraint IM equivocators))
  (composite_vlsm IM
     full_node_fixed_set_equivocation_constraint)
Proof.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
VLSM_incl
  (composite_vlsm IM
     (fixed_equivocation_constraint IM equivocators))
  (composite_vlsm IM
     full_node_fixed_set_equivocation_constraint)
  eapply VLSM_incl_trans.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM)
        (fixed_equivocation_constraint IM equivocators)
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine := ?MY
  |}
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine := ?MY
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM)
        full_node_fixed_set_equivocation_constraint
  |}
  -
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM)
        (fixed_equivocation_constraint IM equivocators)
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine := ?MY
  |} by apply Fixed_incl_StrongFixed.
  -
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM)
        (strong_fixed_equivocation_constraint IM
           equivocators)
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM)
        full_node_fixed_set_equivocation_constraint
  |} eapply VLSM_incl_trans.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM)
        (strong_fixed_equivocation_constraint IM
           equivocators)
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine := ?MY
  |}
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine := ?MY
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM)
        full_node_fixed_set_equivocation_constraint
  |}
    +
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM)
        (strong_fixed_equivocation_constraint IM
           equivocators)
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine := ?MY
  |} by eapply strong_msg_dep_fixed_equivocation_incl.
    +
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM)
        (msg_dep_fixed_set_equivocation_constraint IM
           message_dependencies equivocators)
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators);
    vlsm_machine :=
      constrained_vlsm_machine
        (free_composite_vlsm IM)
        full_node_fixed_set_equivocation_constraint
  |} eapply (constraint_subsumption_incl (free_composite_vlsm _)) with (constraint1 :=
        msg_dep_fixed_set_equivocation_constraint IM message_dependencies equivocators).
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
input_valid_constraint_subsumption
  (free_composite_vlsm IM)
  (msg_dep_fixed_set_equivocation_constraint IM
     message_dependencies equivocators)
  full_node_fixed_set_equivocation_constraint
      apply preloaded_constraint_subsumption_stronger.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
preloaded_constraint_subsumption
  (free_composite_vlsm IM)
  (msg_dep_fixed_set_equivocation_constraint IM
     message_dependencies equivocators)
  full_node_fixed_set_equivocation_constraint
      apply strong_constraint_subsumption_strongest.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
strong_constraint_subsumption (free_composite_vlsm IM)
  (msg_dep_fixed_set_equivocation_constraint IM
     message_dependencies equivocators)
  full_node_fixed_set_equivocation_constraint
      by apply msg_dep_full_node_fixed_set_equivocation_constraint_subsumption.
Qed.

Lemma full_node_fixed_equivocation_constraint_subsumption
  (Hfull : forall i, message_dependencies_full_node_condition_prop (IM i) message_dependencies)
  (Hsender_safety : sender_safety_alt_prop IM A sender)
  : input_valid_constraint_subsumption (free_composite_vlsm IM)
      full_node_fixed_set_equivocation_constraint
      (fixed_equivocation_constraint IM equivocators).
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
input_valid_constraint_subsumption
  (free_composite_vlsm IM)
  full_node_fixed_set_equivocation_constraint
  (fixed_equivocation_constraint IM equivocators)
Proof.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
input_valid_constraint_subsumption
  (free_composite_vlsm IM)
  full_node_fixed_set_equivocation_constraint
  (fixed_equivocation_constraint IM equivocators)
  intros l [s [m |]] (_ & Hm & Hv & Hc); [| itauto]
  ; destruct Hc as [Hsent | Heqv]; [left | right].
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid l (s, Some m)
Hsent: sent_by_non_equivocating IM equivocators
  (s, Some m).1 m
composite_has_been_directly_observed IM s m
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid l (s, Some m)
Heqv: has_equivocating_sender m
can_emit
  (equivocators_composition_for_directly_observed IM
     equivocators s) m
  -
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid l (s, Some m)
Hsent: sent_by_non_equivocating IM equivocators
  (s, Some m).1 m
composite_has_been_directly_observed IM s m by revert Hsent; apply sent_by_non_equivocating_are_directly_observed.
  -
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
l: label (free_composite_vlsm IM)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid l (s, Some m)
Heqv: has_equivocating_sender m
can_emit
  (equivocators_composition_for_directly_observed IM
     equivocators s) m destruct l as [i li], Heqv as (j & Hsender & HAj).
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ equivocators
can_emit
  (equivocators_composition_for_directly_observed IM
     equivocators s) m
    apply elem_of_elements in HAj.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
can_emit
  (equivocators_composition_for_directly_observed IM
     equivocators s) m
    eapply VLSM_incl_can_emit.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
VLSM_incl_part ?MX
  (preloaded_vlsm_machine
     (free_equivocating_vlsm_composition IM
        equivocators)
     (composite_has_been_directly_observed IM s))
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
can_emit
  {|
    vlsm_type :=
      free_equivocating_vlsm_composition IM
        equivocators;
    vlsm_machine := ?MX
  |} m
    {
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
VLSM_incl_part ?MX
  (preloaded_vlsm_machine
     (free_equivocating_vlsm_composition IM
        equivocators)
     (composite_has_been_directly_observed IM s))
      apply preloaded_vlsm_incl_relaxed
        with (P := fun dm => composite_has_been_directly_observed IM s dm \/
          dm ∈ message_dependencies m).
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
∀ m0 : message,
  composite_has_been_directly_observed IM s m0
  ∨ m0 ∈ message_dependencies m
  → composite_has_been_directly_observed IM s m0
    ∨ valid_message_prop
        (preloaded_vlsm
           (free_equivocating_vlsm_composition IM
              equivocators)
           (composite_has_been_directly_observed IM s))
        m0
      intros m0 [Hsent_m0 | Hdep_m0]; [itauto |].
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
m0: message
Hdep_m0: m0 ∈ message_dependencies m
composite_has_been_directly_observed IM s m0
∨ valid_message_prop
    (preloaded_vlsm
       (free_equivocating_vlsm_composition IM
          equivocators)
       (composite_has_been_directly_observed IM s)) m0
      left; exists i.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
m0: message
Hdep_m0: m0 ∈ message_dependencies m
has_been_directly_observed (IM i) (s i) m0
      by eapply Hfull; [apply Hv |].
    }
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
can_emit
  {|
    vlsm_type :=
      free_equivocating_vlsm_composition IM
        equivocators;
    vlsm_machine :=
      preloaded_vlsm
        (free_equivocating_vlsm_composition IM
           equivocators)
        (λ dm : message,
           composite_has_been_directly_observed IM s
             dm ∨ dm ∈ message_dependencies m)
  |} m
    eapply VLSM_embedding_can_emit.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
VLSM_embedding ?X
  {|
    vlsm_type :=
      free_equivocating_vlsm_composition IM
        equivocators;
    vlsm_machine :=
      preloaded_vlsm
        (free_equivocating_vlsm_composition IM
           equivocators)
        (λ dm : message,
           composite_has_been_directly_observed IM s
             dm ∨ dm ∈ message_dependencies m)
  |} ?label_project ?state_project
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
can_emit ?X m
    {
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
VLSM_embedding ?X
  {|
    vlsm_type :=
      free_equivocating_vlsm_composition IM
        equivocators;
    vlsm_machine :=
      preloaded_vlsm
        (free_equivocating_vlsm_composition IM
           equivocators)
        (λ dm : message,
           composite_has_been_directly_observed IM s
             dm ∨ dm ∈ message_dependencies m)
  |} ?label_project ?state_project
      by apply @preloaded_sub_element_embedding
        with (Hj := HAj) (P := fun dm => dm ∈ message_dependencies m); itauto.
    }
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
can_emit
  (preloaded_vlsm (IM (A j))
     (λ dm : message, dm ∈ message_dependencies m)) m
    apply message_dependencies_are_sufficient.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
can_emit (preloaded_with_all_messages_vlsm (IM (A j)))
  m
    cut (exists k, can_emit (preloaded_with_all_messages_vlsm (IM k)) m).
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
(∃ k : index,
   can_emit (preloaded_with_all_messages_vlsm (IM k))
     m)
→ can_emit
    (preloaded_with_all_messages_vlsm (IM (A j))) m
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
∃ k : index,
  can_emit (preloaded_with_all_messages_vlsm (IM k)) m
    {
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
(∃ k : index,
   can_emit (preloaded_with_all_messages_vlsm (IM k))
     m)
→ can_emit
    (preloaded_with_all_messages_vlsm (IM (A j))) m
      intros [k Hk].
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
k: index
Hk: can_emit
  (preloaded_with_all_messages_vlsm (IM k)) m
can_emit (preloaded_with_all_messages_vlsm (IM (A j)))
  m
      replace (A j) with k; [done |].
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
k: index
Hk: can_emit
  (preloaded_with_all_messages_vlsm (IM k)) m
k = A j
      by symmetry; eapply Hsender_safety.
    }
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
∃ k : index,
  can_emit (preloaded_with_all_messages_vlsm (IM k)) m
    eapply @can_emit_composite_project
      with (constraint := full_node_fixed_set_equivocation_constraint).
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
can_emit
  (preloaded_with_all_messages_vlsm
     (composite_vlsm IM
        full_node_fixed_set_equivocation_constraint))
  m
    apply (VLSM_incl_can_emit
            (vlsm_incl_preloaded_with_all_messages_vlsm (composite_vlsm IM _))).
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
Hm: option_valid_message_prop
  (constrained_vlsm (free_composite_vlsm IM)
     full_node_fixed_set_equivocation_constraint)
  (Some m)
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
can_emit
  {|
    vlsm_type :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint
  |} m
    apply emitted_messages_are_valid_iff in Hm as [[k [[im Him] Heqm]] | Hemit]
    ; [| done].
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
m: message
k: index
im: message
Him: initial_message_prop im
Heqm: `(im ↾ Him) = m
Hv: valid (existT i li) (s, Some m)
j: validator
Hsender: sender m = Some j
HAj: A j ∈ elements equivocators
can_emit
  {|
    vlsm_type :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint
  |} m
    by clear Heqm; contradict Him; apply no_initial_messages_in_IM.
Qed.

Lemma full_node_fixed_equivocation_incl
  (Hfull : forall i, message_dependencies_full_node_condition_prop (IM i) message_dependencies)
  (Hsender_safety : sender_safety_alt_prop IM A sender)
  : VLSM_incl
      (composite_vlsm IM full_node_fixed_set_equivocation_constraint)
      (composite_vlsm IM (fixed_equivocation_constraint IM equivocators)).
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
VLSM_incl
  (composite_vlsm IM
     full_node_fixed_set_equivocation_constraint)
  (composite_vlsm IM
     (fixed_equivocation_constraint IM equivocators))
Proof.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
VLSM_incl
  (composite_vlsm IM
     full_node_fixed_set_equivocation_constraint)
  (composite_vlsm IM
     (fixed_equivocation_constraint IM equivocators))
  apply constraint_subsumption_incl.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
Hsender_safety: sender_safety_alt_prop IM A sender
input_valid_constraint_subsumption
  (free_composite_vlsm IM)
  full_node_fixed_set_equivocation_constraint
  (fixed_equivocation_constraint IM equivocators)
  by apply full_node_fixed_equivocation_constraint_subsumption.
Qed.

Lemma full_node_fixed_equivocation_eq
  (Hchannel : channel_authentication_prop IM A sender)
  (Hfull : forall i, message_dependencies_full_node_condition_prop (IM i) message_dependencies)
  : VLSM_eq
      (composite_vlsm IM full_node_fixed_set_equivocation_constraint)
      (composite_vlsm IM (fixed_equivocation_constraint IM equivocators)).
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
VLSM_eq
  (composite_vlsm IM
     full_node_fixed_set_equivocation_constraint)
  (composite_vlsm IM
     (fixed_equivocation_constraint IM equivocators))
Proof.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
VLSM_eq
  (composite_vlsm IM
     full_node_fixed_set_equivocation_constraint)
  (composite_vlsm IM
     (fixed_equivocation_constraint IM equivocators))
  split.
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators)
  |}
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators)
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint
  |}
  -
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators)
  |} apply full_node_fixed_equivocation_incl; [done |].
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
sender_safety_alt_prop IM A sender
    by apply channel_authentication_sender_safety.
  -
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
Cm: Type
H9: ElemOf message Cm
H10: Empty Cm
H11: Singleton message Cm
H12: Union Cm
H13: Intersection Cm
H14: Difference Cm
H15: Elements message Cm
EqDecision2: EqDecision message
H16: FinSet message Cm
message_dependencies: message → Cm
equivocators: Ci
validator: Type
A: validator → index
sender: message → option validator
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H18: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
Hchannel: channel_authentication_prop IM A sender
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
VLSM_incl
  {|
    vlsm_type :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        (fixed_equivocation_constraint IM equivocators)
  |}
  {|
    vlsm_type :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint;
    vlsm_machine :=
      composite_vlsm IM
        full_node_fixed_set_equivocation_constraint
  |} by apply fixed_full_node_equivocation_incl.
Qed.

End sec_full_node_fixed_set_equivocation.