From Coq Require Import Reals. From stdpp Require Import prelude. From VLSM.Lib Require Import Preamble StdppExtras FinSetExtras. From VLSM.Lib Require Import ListExtras ListSetExtras Measurable. From VLSM.Core Require Import VLSM AnnotatedVLSM MessageDependencies VLSMProjections Composition. From VLSM.Core Require Import Validator ProjectionTraces SubProjectionTraces Equivocation. From VLSM.Core Require Import Equivocation.FixedSetEquivocation. From VLSM.Core Require Import Equivocation.LimitedMessageEquivocation. From VLSM.Core Require Import Equivocation.MsgDepFixedSetEquivocation. From VLSM.Core Require Import Equivocation.TraceWiseEquivocation.[Loading ML file ring_plugin.cmxs (using legacy method) ... done][Loading ML file zify_plugin.cmxs (using legacy method) ... done][Loading ML file micromega_plugin.cmxs (using legacy method) ... done][Loading ML file btauto_plugin.cmxs (using legacy method) ... done][Loading ML file coq-itauto.plugin ... done]
To allow capturing the two models of limited equivocation described in the
sections below, we first define a notion of limited equivocation parameterized
on a function yielding the set of equivocators induced by a received message,
other that the message sender.
Section sec_coequivocating_senders_limited_equivocation. Context {message : Type} `{finite.Finite index} (IM : index -> VLSM message) (threshold : R) `{ReachableThreshold validator Cv threshold} (A : validator -> index) (sender : message -> option validator) (coequivocating_senders : composite_state IM -> message -> Cv) `{forall i, HasBeenSentCapability (IM i)} `{forall i, HasBeenReceivedCapability (IM i)} . Definition coeqv_message_equivocators (s : composite_state IM) (m : message) : Cv := if decide (composite_has_been_directly_observed IM s m) then (* no additional equivocation *) ∅ else (* m itself and all its non-observed dependencies are equivocating. *) list_to_set (omap sender [m] ++ (elements (coequivocating_senders s m))). Definition coeqv_composite_transition_message_equivocators (l : composite_label IM) (som : annotated_state (free_composite_vlsm IM) Cv * option message) : Cv := match som with | (sa, None) => state_annotation sa | (sa, Some m) => (state_annotation sa) ∪ (coeqv_message_equivocators (original_state sa) m) end. Definition coeqv_limited_equivocation_constraint (l : composite_label IM) (som : annotated_state (free_composite_vlsm IM) Cv * option message) : Prop := (sum_weights (coeqv_composite_transition_message_equivocators l som) <= threshold)%R. #[export] Program Instance empty_validators_inhabited : Inhabited {s : Cv | s ≡@{Cv} ∅} := populate (exist _ ∅ _).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)(λ s : Cv, s ≡ ∅) ∅done. Defined. Definition coeqv_limited_equivocation_vlsm : VLSM message := constrained_vlsm (annotated_vlsm (free_composite_vlsm IM) Cv (fun s => s ≡@{Cv} ∅) coeqv_composite_transition_message_equivocators) coeqv_limited_equivocation_constraint. Definition coeqv_annotate_trace_with_equivocators := annotate_trace (free_composite_vlsm IM) Cv (fun s => s ≡@{Cv} ∅) coeqv_composite_transition_message_equivocators.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)(λ s : Cv, s ≡ ∅) ∅message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
l: label coeqv_limited_equivocation_vlsm
s: state coeqv_limited_equivocation_vlsm
iom: option message
s': state coeqv_limited_equivocation_vlsm
oom: option messagetransition l (s, iom) = (s', oom) → state_annotation s ⊆ state_annotation s'message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
l: label coeqv_limited_equivocation_vlsm
s: state coeqv_limited_equivocation_vlsm
iom: option message
s': state coeqv_limited_equivocation_vlsm
oom: option messagetransition l (s, iom) = (s', oom) → state_annotation s ⊆ state_annotation s'message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
l: label coeqv_limited_equivocation_vlsm
s: state coeqv_limited_equivocation_vlsm
iom: option message
s': state coeqv_limited_equivocation_vlsm
oom: option message
_s': state (free_composite_vlsm IM)
_om': option message({| original_state := _s'; state_annotation := coeqv_composite_transition_message_equivocators l (s, iom) |}, _om') = (s', oom) → state_annotation s ⊆ state_annotation s'by destruct iom as [m |]; [apply union_subseteq_l |]. Qed.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
l: label coeqv_limited_equivocation_vlsm
s: state coeqv_limited_equivocation_vlsm
iom: option message
s': state coeqv_limited_equivocation_vlsm
oom: option message
_s': state (free_composite_vlsm IM)
_om': option message
H11: ({| original_state := _s'; state_annotation := coeqv_composite_transition_message_equivocators l (s, iom) |}, _om') = (s', oom)
H13: {| original_state := _s'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators (original_state s) m | None => state_annotation s end |} = s'
H14: _om' = oomstate_annotation s ⊆ match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators (original_state s) m | None => state_annotation s endmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s: state coeqv_limited_equivocation_vlsmvalid_state_prop coeqv_limited_equivocation_vlsm s → NoDup (elements (state_annotation s))message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s: state coeqv_limited_equivocation_vlsmvalid_state_prop coeqv_limited_equivocation_vlsm s → NoDup (elements (state_annotation s))message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s: state coeqv_limited_equivocation_vlsm
Hs: initial_state_prop sNoDup (elements (state_annotation s))message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s': state coeqv_limited_equivocation_vlsm
l: label coeqv_limited_equivocation_vlsm
om, om': option message
s: state coeqv_limited_equivocation_vlsm
Ht: input_valid_transition coeqv_limited_equivocation_vlsm l ( s, om) (s', om')
IHvalid_state_prop: NoDup (elements (state_annotation s))NoDup (elements (state_annotation s'))by destruct s, Hs as [_ ->]; cbn in *; apply NoDup_elements.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s: state coeqv_limited_equivocation_vlsm
Hs: initial_state_prop sNoDup (elements (state_annotation s))message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s': state coeqv_limited_equivocation_vlsm
l: label coeqv_limited_equivocation_vlsm
om, om': option message
s: state coeqv_limited_equivocation_vlsm
Ht: input_valid_transition coeqv_limited_equivocation_vlsm l ( s, om) (s', om')
IHvalid_state_prop: NoDup (elements (state_annotation s))NoDup (elements (state_annotation s'))unfold annotated_transition in Ht ; destruct (transition _ _ _); inversion Ht; apply NoDup_elements. Qed.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s': state coeqv_limited_equivocation_vlsm
l: label coeqv_limited_equivocation_vlsm
om, om': option message
s: state coeqv_limited_equivocation_vlsm
Ht: annotated_transition (free_composite_vlsm IM) Cv coeqv_composite_transition_message_equivocators l (s, om) = (s', om')
IHvalid_state_prop: NoDup (elements (state_annotation s))NoDup (elements (state_annotation s'))message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s: state coeqv_limited_equivocation_vlsmvalid_state_prop coeqv_limited_equivocation_vlsm s → (sum_weights (state_annotation s) <= threshold)%Rmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s: state coeqv_limited_equivocation_vlsmvalid_state_prop coeqv_limited_equivocation_vlsm s → (sum_weights (state_annotation s) <= threshold)%Rmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s: state coeqv_limited_equivocation_vlsm
Hs: initial_state_prop s(sum_weights (state_annotation s) <= threshold)%Rmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s': state coeqv_limited_equivocation_vlsm
l: label coeqv_limited_equivocation_vlsm
om, om': option message
s: state coeqv_limited_equivocation_vlsm
Ht: input_valid_transition coeqv_limited_equivocation_vlsm l ( s, om) (s', om')
IHvalid_state_prop: (sum_weights (state_annotation s) <= threshold)%R(sum_weights (state_annotation s') <= threshold)%Rmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s: state coeqv_limited_equivocation_vlsm
Hs: initial_state_prop s(sum_weights (state_annotation s) <= threshold)%Rmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
original_state: composite_state IM
state_annotation: Cv
Heqv: state_annotation ≡ ∅(sum_weights state_annotation <= threshold)%Rby apply (rt_positive (H6 := H7)).message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
original_state: composite_state IM
state_annotation: Cv
Heqv: state_annotation ≡ ∅(0 <= threshold)%Rmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s': state coeqv_limited_equivocation_vlsm
l: label coeqv_limited_equivocation_vlsm
om, om': option message
s: state coeqv_limited_equivocation_vlsm
Ht: input_valid_transition coeqv_limited_equivocation_vlsm l ( s, om) (s', om')
IHvalid_state_prop: (sum_weights (state_annotation s) <= threshold)%R(sum_weights (state_annotation s') <= threshold)%Rby destruct om as [m |]. Qed. Definition coeqv_limited_equivocation_projection_validator_prop : index -> Prop := annotated_projection_validator_prop IM (fun s => s ≡@{Cv} ∅) coeqv_limited_equivocation_constraint coeqv_composite_transition_message_equivocators. Definition coeqv_limited_equivocation_message_validator_prop : index -> Prop := annotated_message_validator_prop IM (fun s => s ≡@{Cv} ∅) coeqv_limited_equivocation_constraint coeqv_composite_transition_message_equivocators. Definition coeqv_limited_equivocation_projection_validator_prop_alt : index -> Prop := annotated_projection_validator_prop_alt IM (fun s => s ≡@{Cv} ∅) coeqv_limited_equivocation_constraint coeqv_composite_transition_message_equivocators. #[export] Program Instance coeqv_limited_equivocation_vlsm_has_been_sent : HasBeenSentCapability coeqv_limited_equivocation_vlsm := { has_been_sent := fun (sigma : state coeqv_limited_equivocation_vlsm) (m : message) => composite_has_been_sent IM (original_state sigma) m }.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
s': state coeqv_limited_equivocation_vlsm
l: label coeqv_limited_equivocation_vlsm
om, om': option message
s: state coeqv_limited_equivocation_vlsm
Hc: coeqv_limited_equivocation_constraint l (s, om)
s0: state (free_composite_vlsm IM)
o: option message
IHvalid_state_prop: (sum_weights (state_annotation s) <= threshold)%R(sum_weights (state_annotation {| original_state := s0; state_annotation := match om with | Some m => state_annotation s ∪ coeqv_message_equivocators (original_state s) m | None => state_annotation s end |}) <= threshold)%Rmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)RelDecision (λ (sigma : state coeqv_limited_equivocation_vlsm) (m : message), composite_has_been_sent IM (original_state sigma) m)by intros ? ?; apply composite_has_been_sent_dec. Qed.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)RelDecision (λ (sigma : state coeqv_limited_equivocation_vlsm) (m : message), composite_has_been_sent IM (original_state sigma) m)message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)has_been_sent_stepwise_prop (λ (sigma : state coeqv_limited_equivocation_vlsm) (m : message), composite_has_been_sent IM (original_state sigma) m)message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)has_been_sent_stepwise_prop (λ (sigma : state coeqv_limited_equivocation_vlsm) (m : message), composite_has_been_sent IM (original_state sigma) m)message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)∀ (l : label (preloaded_with_all_messages_vlsm coeqv_limited_equivocation_vlsm)) (s : state (preloaded_with_all_messages_vlsm coeqv_limited_equivocation_vlsm)) (im : option message) (s' : state (preloaded_with_all_messages_vlsm coeqv_limited_equivocation_vlsm)) (om : option message), input_constrained_transition coeqv_limited_equivocation_vlsm l (s, im) (s', om) → ∀ msg : message, composite_has_been_sent IM (original_state s') msg ↔ field_selector output msg {| l := l; input := im; destination := s'; output := om |} ∨ composite_has_been_sent IM (original_state s) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
eqv: Cv
im: option message
s': state (free_composite_vlsm IM)
eqv': Cv
om: option message
Ht: input_constrained_transition coeqv_limited_equivocation_vlsm (existT i li) ({| original_state := s; state_annotation := eqv |}, im) ({| original_state := s'; state_annotation := eqv' |}, om)
msg: messagecomposite_has_been_sent IM (original_state {| original_state := s'; state_annotation := eqv' |}) msg ↔ field_selector output msg {| l := existT i li; input := im; destination := {| original_state := s'; state_annotation := eqv' |}; output := om |} ∨ composite_has_been_sent IM (original_state {| original_state := s; state_annotation := eqv |}) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
eqv: Cv
im: option message
s': state (free_composite_vlsm IM)
eqv': Cv
om: option message
Ht: input_constrained_transition coeqv_limited_equivocation_vlsm (existT i li) ({| original_state := s; state_annotation := eqv |}, im) ({| original_state := s'; state_annotation := eqv' |}, om)
msg: message
Hti: input_valid_transition (preloaded_with_all_messages_vlsm (IM i)) li (annotated_composite_state_project IM (λ s : Cv, s ≡ ∅) coeqv_limited_equivocation_constraint coeqv_composite_transition_message_equivocators i {| original_state := s; state_annotation := eqv |}, im) (annotated_composite_state_project IM (λ s : Cv, s ≡ ∅) coeqv_limited_equivocation_constraint coeqv_composite_transition_message_equivocators i {| original_state := s'; state_annotation := eqv' |}, om)composite_has_been_sent IM (original_state {| original_state := s'; state_annotation := eqv' |}) msg ↔ field_selector output msg {| l := existT i li; input := im; destination := {| original_state := s'; state_annotation := eqv' |}; output := om |} ∨ composite_has_been_sent IM (original_state {| original_state := s; state_annotation := eqv |}) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
eqv: Cv
im: option message
s': state (free_composite_vlsm IM)
eqv': Cv
om: option message
Ht: input_constrained_transition coeqv_limited_equivocation_vlsm (existT i li) ({| original_state := s; state_annotation := eqv |}, im) ({| original_state := s'; state_annotation := eqv' |}, om)
msg: message
Hti: input_valid_transition (preloaded_with_all_messages_vlsm (IM i)) li (s i, im) (s' i, om)composite_has_been_sent IM (original_state {| original_state := s'; state_annotation := eqv' |}) msg ↔ field_selector output msg {| l := existT i li; input := im; destination := {| original_state := s'; state_annotation := eqv' |}; output := om |} ∨ composite_has_been_sent IM (original_state {| original_state := s; state_annotation := eqv |}) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
eqv: Cv
im: option message
s': state (free_composite_vlsm IM)
eqv': Cv
om: option message
Ht: input_constrained_transition coeqv_limited_equivocation_vlsm (existT i li) ({| original_state := s; state_annotation := eqv |}, im) ({| original_state := s'; state_annotation := eqv' |}, om)
msg: message
Hti: has_been_sent (IM i) (s' i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msgcomposite_has_been_sent IM (original_state {| original_state := s'; state_annotation := eqv' |}) msg ↔ field_selector output msg {| l := existT i li; input := im; destination := {| original_state := s'; state_annotation := eqv' |}; output := om |} ∨ composite_has_been_sent IM (original_state {| original_state := s; state_annotation := eqv |}) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: state (free_composite_vlsm IM)
eqv: Cv
im: option message
s': state (free_composite_vlsm IM)
eqv': Cv
om: option message
Ht: (let (s', om') := let (si', om') := transition li (s i, im) in (state_update IM s i si', om') in ({| original_state := s'; state_annotation := match im with | Some m => eqv ∪ coeqv_message_equivocators s m | None => eqv end |}, om')) = ({| original_state := s'; state_annotation := eqv' |}, om)
msg: message
Hti: has_been_sent (IM i) (s' i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msgcomposite_has_been_sent IM (original_state {| original_state := s'; state_annotation := eqv' |}) msg ↔ field_selector output msg {| l := existT i li; input := im; destination := {| original_state := s'; state_annotation := eqv' |}; output := om |} ∨ composite_has_been_sent IM (original_state {| original_state := s; state_annotation := eqv |}) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msgcomposite_has_been_sent IM (state_update IM s i s0) msg ↔ om = Some msg ∨ composite_has_been_sent IM s msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msgcomposite_has_been_sent IM (state_update IM s i s0) msg → om = Some msg ∨ composite_has_been_sent IM s msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msgom = Some msg ∨ composite_has_been_sent IM s msg → composite_has_been_sent IM (state_update IM s i s0) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msgcomposite_has_been_sent IM (state_update IM s i s0) msg → om = Some msg ∨ composite_has_been_sent IM s msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
i_msg: index
Hmsg: has_been_sent (IM i_msg) (state_update IM s i s0 i_msg) msgom = Some msg ∨ composite_has_been_sent IM s msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
Hmsg: has_been_sent (IM i) (state_update IM s i s0 i) msgom = Some msg ∨ composite_has_been_sent IM s msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
i_msg: index
Hmsg: has_been_sent (IM i_msg) (state_update IM s i s0 i_msg) msg
Hi_msg: i ≠ i_msgom = Some msg ∨ composite_has_been_sent IM s msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
Hmsg: has_been_sent (IM i) (state_update IM s i s0 i) msgom = Some msg ∨ composite_has_been_sent IM s msgby right; eexists.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
Hmsg: has_been_sent (IM i) (s i) msgom = Some msg ∨ composite_has_been_sent IM s msgby right; state_update_simpl; eexists.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
i_msg: index
Hmsg: has_been_sent (IM i_msg) (state_update IM s i s0 i_msg) msg
Hi_msg: i ≠ i_msgom = Some msg ∨ composite_has_been_sent IM s msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msgom = Some msg ∨ composite_has_been_sent IM s msg → composite_has_been_sent IM (state_update IM s i s0) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
Hmsg: composite_has_been_sent IM s msgcomposite_has_been_sent IM (state_update IM s i s0) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
i_msg: index
Hmsg: has_been_sent (IM i_msg) (s i_msg) msgcomposite_has_been_sent IM (state_update IM s i s0) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
Hmsg: has_been_sent (IM i) (s i) msgcomposite_has_been_sent IM (state_update IM s i s0) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
i_msg: index
Hmsg: has_been_sent (IM i_msg) (s i_msg) msg
Hi_msg: i ≠ i_msgcomposite_has_been_sent IM (state_update IM s i s0) msgby eexists; apply Hti; right.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
Hmsg: has_been_sent (IM i) (s i) msgcomposite_has_been_sent IM (state_update IM s i s0) msgby exists i_msg; state_update_simpl. Qed. End sec_coequivocating_senders_limited_equivocation. Section sec_msg_dep_limited_equivocation. Context {message : Type} `{finite.Finite index} (IM : index -> VLSM message) `{forall i, HasBeenSentCapability (IM i)} `{forall i, HasBeenReceivedCapability (IM i)} (threshold : R) `{ReachableThreshold validator Cv threshold} `{FinSet message Cm} (full_message_dependencies : message -> Cm) (A : validator -> index) (sender : message -> option validator) . Definition not_directly_observed_happens_before_dependencies (s : composite_state IM) (m : message) : Cm := filter (fun dm => ~ composite_has_been_directly_observed IM s dm) (full_message_dependencies m). Definition msg_dep_coequivocating_senders (s : composite_state IM) (m : message) : Cv := list_to_set (omap sender (elements (not_directly_observed_happens_before_dependencies s m))). Definition msg_dep_limited_equivocation_vlsm : VLSM message := coeqv_limited_equivocation_vlsm IM threshold sender msg_dep_coequivocating_senders. Definition msg_dep_message_equivocators := coeqv_message_equivocators IM sender msg_dep_coequivocating_senders. Definition msg_dep_annotate_trace_with_equivocators := coeqv_annotate_trace_with_equivocators IM sender msg_dep_coequivocating_senders.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H0: ElemOf validator Cv
H1: Empty Cv
H2: Singleton validator Cv
H3: Union Cv
H4: Intersection Cv
H5: Difference Cv
H6: Elements validator Cv
EqDecision1: EqDecision validator
H7: FinSet validator Cv
H8: ReachableThreshold validator Cv threshold
A: validator → index
sender: message → option validator
coequivocating_senders: composite_state IM → message → Cv
H9: ∀ i : index, HasBeenSentCapability (IM i)
H10: ∀ i : index, HasBeenReceivedCapability (IM i)
i: index
li: label (IM i)
s: composite_state IM
eqv: Cv
im, om: option message
s0: state (IM i)
msg: message
Hti: has_been_sent (IM i) (state_update IM s i s0 i) msg ↔ om = Some msg ∨ has_been_sent (IM i) (s i) msg
i_msg: index
Hmsg: has_been_sent (IM i_msg) (s i_msg) msg
Hi_msg: i ≠ i_msgcomposite_has_been_sent IM (state_update IM s i s0) msgmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
H0: ∀ i : index, HasBeenSentCapability (IM i)
H1: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H2: ElemOf validator Cv
H3: Empty Cv
H4: Singleton validator Cv
H5: Union Cv
H6: Intersection Cv
H7: Difference Cv
H8: Elements validator Cv
EqDecision1: EqDecision validator
H9: FinSet validator Cv
H10: ReachableThreshold validator Cv threshold
Cm: Type
H11: ElemOf message Cm
H12: Empty Cm
H13: Singleton message Cm
H14: Union Cm
H15: Intersection Cm
H16: Difference Cm
H17: Elements message Cm
EqDecision2: EqDecision message
H18: FinSet message Cm
full_message_dependencies: message → Cm
A: validator → index
sender: message → option validator∀ (sa : state (free_composite_vlsm IM)) (tr1 tr2 : list transition_item), msg_dep_annotate_trace_with_equivocators sa (tr1 ++ tr2) = msg_dep_annotate_trace_with_equivocators sa tr1 ++ annotate_trace_from (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender msg_dep_coequivocating_senders) (finite_trace_last {| original_state := sa; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators sa tr1)) tr2by intros; apply annotate_trace_from_app. Qed.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
H0: ∀ i : index, HasBeenSentCapability (IM i)
H1: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H2: ElemOf validator Cv
H3: Empty Cv
H4: Singleton validator Cv
H5: Union Cv
H6: Intersection Cv
H7: Difference Cv
H8: Elements validator Cv
EqDecision1: EqDecision validator
H9: FinSet validator Cv
H10: ReachableThreshold validator Cv threshold
Cm: Type
H11: ElemOf message Cm
H12: Empty Cm
H13: Singleton message Cm
H14: Union Cm
H15: Intersection Cm
H16: Difference Cm
H17: Elements message Cm
EqDecision2: EqDecision message
H18: FinSet message Cm
full_message_dependencies: message → Cm
A: validator → index
sender: message → option validator∀ (sa : state (free_composite_vlsm IM)) (tr1 tr2 : list transition_item), msg_dep_annotate_trace_with_equivocators sa (tr1 ++ tr2) = msg_dep_annotate_trace_with_equivocators sa tr1 ++ annotate_trace_from (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender msg_dep_coequivocating_senders) (finite_trace_last {| original_state := sa; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators sa tr1)) tr2message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
H0: ∀ i : index, HasBeenSentCapability (IM i)
H1: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H2: ElemOf validator Cv
H3: Empty Cv
H4: Singleton validator Cv
H5: Union Cv
H6: Intersection Cv
H7: Difference Cv
H8: Elements validator Cv
EqDecision1: EqDecision validator
H9: FinSet validator Cv
H10: ReachableThreshold validator Cv threshold
Cm: Type
H11: ElemOf message Cm
H12: Empty Cm
H13: Singleton message Cm
H14: Union Cm
H15: Intersection Cm
H16: Difference Cm
H17: Elements message Cm
EqDecision2: EqDecision message
H18: FinSet message Cm
full_message_dependencies: message → Cm
A: validator → index
sender: message → option validator∀ (s : state (annotated_type (free_composite_vlsm IM) Cv)) (s' : state (free_composite_vlsm IM)) (tr : list transition_item), original_state (finite_trace_last s (msg_dep_annotate_trace_with_equivocators s' tr)) = finite_trace_last (original_state s) trby intros; apply annotate_trace_from_last_original_state. Qed. Definition msg_dep_composite_transition_message_equivocators := coeqv_composite_transition_message_equivocators IM sender msg_dep_coequivocating_senders. Definition msg_dep_limited_equivocation_projection_validator_prop := coeqv_limited_equivocation_projection_validator_prop IM threshold sender msg_dep_coequivocating_senders. Definition msg_dep_limited_equivocation_message_validator_prop := coeqv_limited_equivocation_message_validator_prop IM threshold sender msg_dep_coequivocating_senders. Definition msg_dep_limited_equivocation_projection_validator_prop_alt := coeqv_limited_equivocation_projection_validator_prop_alt IM threshold sender msg_dep_coequivocating_senders.message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
H0: ∀ i : index, HasBeenSentCapability (IM i)
H1: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H2: ElemOf validator Cv
H3: Empty Cv
H4: Singleton validator Cv
H5: Union Cv
H6: Intersection Cv
H7: Difference Cv
H8: Elements validator Cv
EqDecision1: EqDecision validator
H9: FinSet validator Cv
H10: ReachableThreshold validator Cv threshold
Cm: Type
H11: ElemOf message Cm
H12: Empty Cm
H13: Singleton message Cm
H14: Union Cm
H15: Intersection Cm
H16: Difference Cm
H17: Elements message Cm
EqDecision2: EqDecision message
H18: FinSet message Cm
full_message_dependencies: message → Cm
A: validator → index
sender: message → option validator∀ (s : state (annotated_type (free_composite_vlsm IM) Cv)) (s' : state (free_composite_vlsm IM)) (tr : list transition_item), original_state (finite_trace_last s (msg_dep_annotate_trace_with_equivocators s' tr)) = finite_trace_last (original_state s) trmessage, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
H0: ∀ i : index, HasBeenSentCapability (IM i)
H1: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H2: ElemOf validator Cv
H3: Empty Cv
H4: Singleton validator Cv
H5: Union Cv
H6: Intersection Cv
H7: Difference Cv
H8: Elements validator Cv
EqDecision1: EqDecision validator
H9: FinSet validator Cv
H10: ReachableThreshold validator Cv threshold
Cm: Type
H11: ElemOf message Cm
H12: Empty Cm
H13: Singleton message Cm
H14: Union Cm
H15: Intersection Cm
H16: Difference Cm
H17: Elements message Cm
EqDecision2: EqDecision message
H18: FinSet message Cm
full_message_dependencies: message → Cm
A: validator → index
sender: message → option validator
s: state (free_composite_vlsm IM)
tr: list transition_itempre_VLSM_embedding_finite_trace_project msg_dep_limited_equivocation_vlsm (composite_type IM) Datatypes.id original_state (msg_dep_annotate_trace_with_equivocators s tr) = trby apply (annotate_trace_project (free_composite_vlsm IM) Cv). Qed. End sec_msg_dep_limited_equivocation. Section sec_full_node_limited_equivocation. Context {message : Type} `{finite.Finite index} (IM : index -> VLSM message) `{forall i, HasBeenSentCapability (IM i)} `{forall i, HasBeenReceivedCapability (IM i)} (threshold : R) `{ReachableThreshold validator Cv threshold} (A : validator -> index) (sender : message -> option validator) . Definition full_node_coequivocating_senders (s : composite_state IM) (m : message) : Cv := ∅. Definition full_node_limited_equivocation_vlsm : VLSM message := coeqv_limited_equivocation_vlsm IM threshold sender full_node_coequivocating_senders. End sec_full_node_limited_equivocation. Section sec_full_node_msg_dep_limited_equivocation_equivalence. Context {message : Type} `{FinSet message Cm} `{finite.Finite index} (IM : index -> VLSM message) `{forall i, HasBeenSentCapability (IM i)} `{forall i, HasBeenReceivedCapability (IM i)} (full_message_dependencies : message -> Cm) (threshold : R) `{ReachableThreshold validator Cv threshold} `{!LeibnizEquiv Cv} (A : validator -> index) (sender : message -> option validator) (message_dependencies : message -> Cm) `{!FullMessageDependencies message_dependencies full_message_dependencies} `{forall i, MessageDependencies (IM i) message_dependencies} (Hfull : forall i, message_dependencies_full_node_condition_prop (IM i) message_dependencies) (Limited := msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender (Cv := Cv)) (FullNodeLimited := full_node_limited_equivocation_vlsm IM threshold sender (Cv := Cv)) .message, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
IM: index → VLSM message
H0: ∀ i : index, HasBeenSentCapability (IM i)
H1: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H2: ElemOf validator Cv
H3: Empty Cv
H4: Singleton validator Cv
H5: Union Cv
H6: Intersection Cv
H7: Difference Cv
H8: Elements validator Cv
EqDecision1: EqDecision validator
H9: FinSet validator Cv
H10: ReachableThreshold validator Cv threshold
Cm: Type
H11: ElemOf message Cm
H12: Empty Cm
H13: Singleton message Cm
H14: Union Cm
H15: Intersection Cm
H16: Difference Cm
H17: Elements message Cm
EqDecision2: EqDecision message
H18: FinSet message Cm
full_message_dependencies: message → Cm
A: validator → index
sender: message → option validator
s: state (free_composite_vlsm IM)
tr: list transition_itempre_VLSM_embedding_finite_trace_project msg_dep_limited_equivocation_vlsm (composite_type IM) Datatypes.id original_state (msg_dep_annotate_trace_with_equivocators s tr) = trmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
s: ∀ x : index, state (preloaded_with_all_messages_vlsm (IM x))
m: message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
Hvalid: input_constrained (IM i) li (s i, Some m)msg_dep_coequivocating_senders IM full_message_dependencies sender s m ≡ ∅message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
s: ∀ x : index, state (preloaded_with_all_messages_vlsm (IM x))
m: message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
Hvalid: input_constrained (IM i) li (s i, Some m)msg_dep_coequivocating_senders IM full_message_dependencies sender s m ≡ ∅message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
s: ∀ x : index, state (preloaded_with_all_messages_vlsm (IM x))
m: message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
Hvalid: input_constrained (IM i) li (s i, Some m)
x: validator
Hx: x ∈ msg_dep_coequivocating_senders IM full_message_dependencies sender s mx ∈ ∅message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
s: ∀ x : index, state (preloaded_with_all_messages_vlsm (IM x))
m: message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
Hvalid: input_constrained (IM i) li (s i, Some m)
x: validatorx ∉ msg_dep_coequivocating_senders IM full_message_dependencies sender s mmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
s: ∀ x : index, state (preloaded_with_all_messages_vlsm (IM x))
m: message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
Hvalid: input_constrained (IM i) li (s i, Some m)
x: validatorx ∉ list_to_set (omap sender (elements (not_directly_observed_happens_before_dependencies IM full_message_dependencies s m)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
s: ∀ x : index, state (preloaded_with_all_messages_vlsm (IM x))
m: message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
Hvalid: input_constrained (IM i) li (s i, Some m)
x: validator¬ (∃ x0 : message, x0 ∈ elements (not_directly_observed_happens_before_dependencies IM full_message_dependencies s m) ∧ sender x0 = Some x)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
s: ∀ x : index, state (preloaded_with_all_messages_vlsm (IM x))
m: message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
Hvalid: input_constrained (IM i) li (s i, Some m)
x: validator¬ (∃ x0 : message, (¬ composite_has_been_directly_observed IM s x0 ∧ x0 ∈ full_message_dependencies m) ∧ sender x0 = Some x)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
s: ∀ x : index, state (preloaded_with_all_messages_vlsm (IM x))
m: message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
Hvalid: input_constrained (IM i) li (s i, Some m)
x: validator
dm: message
Hnobs: ¬ composite_has_been_directly_observed IM s dm
Hdm: dm ∈ full_message_dependencies mFalsemessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
s: ∀ x : index, state (preloaded_with_all_messages_vlsm (IM x))
m: message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
Hvalid: input_constrained (IM i) li (s i, Some m)
x: validator
dm: message
Hdm: dm ∈ full_message_dependencies mhas_been_directly_observed (IM i) (s i) dmby apply full_message_dependencies_happens_before. Qed.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
s: ∀ x : index, state (preloaded_with_all_messages_vlsm (IM x))
m: message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
Hvalid: input_constrained (IM i) li (s i, Some m)
x: validator
dm: message
Hdm: dm ∈ full_message_dependencies mmsg_dep_happens_before message_dependencies dm mmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
iprop: Cv → Prop
H20: Inhabited {x : Cv | iprop x}
trans: label (annotated_type (free_composite_vlsm IM) Cv) → annotated_state (free_composite_vlsm IM) Cv * option message → Cv
constr: label (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) → state (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) * option message → Prop
i: index
li: (λ n : index, label (IM n)) i
s: state (constrained_vlsm (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) constr)
om: option messageinput_valid (constrained_vlsm (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) constr) (existT i li) (s, om) → input_constrained (IM i) li (original_state s i, om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
iprop: Cv → Prop
H20: Inhabited {x : Cv | iprop x}
trans: label (annotated_type (free_composite_vlsm IM) Cv) → annotated_state (free_composite_vlsm IM) Cv * option message → Cv
constr: label (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) → state (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) * option message → Prop
i: index
li: (λ n : index, label (IM n)) i
s: state (constrained_vlsm (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) constr)
om: option messageinput_valid (constrained_vlsm (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) constr) (existT i li) (s, om) → input_constrained (IM i) li (original_state s i, om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
iprop: Cv → Prop
H20: Inhabited {x : Cv | iprop x}
trans: label (annotated_type (free_composite_vlsm IM) Cv) → annotated_state (free_composite_vlsm IM) Cv * option message → Cv
constr: label (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) → state (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) * option message → Prop
i: index
li: (λ n : index, label (IM n)) i
s: state (constrained_vlsm (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) constr)
om: option message
Hvalid: input_valid (constrained_vlsm (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) constr) (existT i li) (s, om)input_constrained (IM i) li (original_state s i, om)by apply (VLSM_incl_input_valid (vlsm_incl_preloaded_with_all_messages_vlsm (free_composite_vlsm IM))), (VLSM_embedding_input_valid (forget_annotations_projection (free_composite_vlsm IM) _ _ _)). Qed.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
iprop: Cv → Prop
H20: Inhabited {x : Cv | iprop x}
trans: label (annotated_type (free_composite_vlsm IM) Cv) → annotated_state (free_composite_vlsm IM) Cv * option message → Cv
constr: label (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) → state (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) * option message → Prop
i: index
li: (λ n : index, label (IM n)) i
s: state (constrained_vlsm (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) constr)
om: option message
Hvalid: input_valid (constrained_vlsm (annotated_vlsm (free_composite_vlsm IM) Cv iprop trans) constr) (existT i li) (s, om)input_valid (preloaded_with_all_messages_vlsm (free_composite_vlsm IM)) (existT i li) (original_state s, om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
s: state (annotated_type (free_composite_vlsm IM) Cv)
om: option message
Hvalid: input_constrained (IM i) li (original_state s i, om)coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM) (existT i li) (s, om) ≡ msg_dep_composite_transition_message_equivocators IM full_message_dependencies sender (existT i li) (s, om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
s: state (annotated_type (free_composite_vlsm IM) Cv)
om: option message
Hvalid: input_constrained (IM i) li (original_state s i, om)coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM) (existT i li) (s, om) ≡ msg_dep_composite_transition_message_equivocators IM full_message_dependencies sender (existT i li) (s, om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
s: state (annotated_type (free_composite_vlsm IM) Cv)
m: message
Hvalid: input_constrained (IM i) li (original_state s i, Some m)state_annotation s ∪ coeqv_message_equivocators IM sender (full_node_coequivocating_senders IM) (original_state s) m ≡ state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) mmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
s: state (annotated_type (free_composite_vlsm IM) Cv)
m: message
Hvalid: input_constrained (IM i) li (original_state s i, Some m)coeqv_message_equivocators IM sender (full_node_coequivocating_senders IM) (original_state s) m ≡ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) mmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
s: state (annotated_type (free_composite_vlsm IM) Cv)
m: message
Hvalid: input_constrained (IM i) li (original_state s i, Some m)(if decide (composite_has_been_directly_observed IM (original_state s) m) then ∅ else list_to_set (omap sender [m] ++ elements (full_node_coequivocating_senders IM (original_state s) m))) ≡ (if decide (composite_has_been_directly_observed IM (original_state s) m) then ∅ else list_to_set (omap sender [m] ++ elements (list_to_set (omap sender (elements (not_directly_observed_happens_before_dependencies IM full_message_dependencies (original_state s) m))))))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
s: state (annotated_type (free_composite_vlsm IM) Cv)
m: message
Hvalid: input_constrained (IM i) li (original_state s i, Some m)
Hobs: ¬ composite_has_been_directly_observed IM (original_state s) mlist_to_set (omap sender [m] ++ elements (full_node_coequivocating_senders IM (original_state s) m)) ≡ list_to_set (omap sender [m] ++ elements (list_to_set (omap sender (elements (not_directly_observed_happens_before_dependencies IM full_message_dependencies (original_state s) m)))))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
s: state (annotated_type (free_composite_vlsm IM) Cv)
m: message
Hvalid: input_constrained (IM i) li (original_state s i, Some m)
Hobs: ¬ composite_has_been_directly_observed IM (original_state s) m
equivs: Cv
Heqequivs: equivs = list_to_set (omap sender (elements (not_directly_observed_happens_before_dependencies IM full_message_dependencies (original_state s) m)))list_to_set (omap sender [m] ++ elements (full_node_coequivocating_senders IM (original_state s) m)) ≡ list_to_set (omap sender [m] ++ elements equivs)by subst; eapply full_node_msg_dep_coequivocating_senders. Qed.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (preloaded_with_all_messages_vlsm (IM i))
s: state (annotated_type (free_composite_vlsm IM) Cv)
m: message
Hvalid: input_constrained (IM i) li (original_state s i, Some m)
Hobs: ¬ composite_has_been_directly_observed IM (original_state s) m
equivs: Cv
Heqequivs: equivs = list_to_set (omap sender (elements (not_directly_observed_happens_before_dependencies IM full_message_dependencies (original_state s) m)))equivs ≡ ∅message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
l: {n : index & label (IM n)}
s: state (annotated_type (free_composite_vlsm IM) Cv)
om: option message
Hvi: input_constrained (IM (projT1 l)) (projT2 l) (original_state s (projT1 l), om)valid l (s, om) ↔ valid l (s, om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
l: {n : index & label (IM n)}
s: state (annotated_type (free_composite_vlsm IM) Cv)
om: option message
Hvi: input_constrained (IM (projT1 l)) (projT2 l) (original_state s (projT1 l), om)valid l (s, om) ↔ valid l (s, om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state (annotated_type (free_composite_vlsm IM) Cv)
om: option message
Hvi: input_constrained (IM (projT1 (existT i li))) (projT2 (existT i li)) (original_state s (projT1 (existT i li)), om)valid li (original_state s i, om) ∧ (sum_weights (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (existT i li) (s, om)) <= threshold)%R ↔ valid li (original_state s i, om) ∧ (sum_weights (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM) (existT i li) (s, om)) <= threshold)%Rby apply sum_weights_proper, full_node_msg_dep_composite_transition_message_equivocators. Qed.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state (annotated_type (free_composite_vlsm IM) Cv)
om: option message
Hvi: input_constrained (IM (projT1 (existT i li))) (projT2 (existT i li)) (original_state s (projT1 (existT i li)), om)sum_weights (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM) (existT i li) (s, om)) = sum_weights (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (existT i li) (s, om))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
l: {n : index & label (IM n)}
s: state (annotated_type (free_composite_vlsm IM) Cv)
om: option message
Hvi: input_constrained (IM (projT1 l)) (projT2 l) (original_state s (projT1 l), om)transition l (s, om) = transition l (s, om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
l: {n : index & label (IM n)}
s: state (annotated_type (free_composite_vlsm IM) Cv)
om: option message
Hvi: input_constrained (IM (projT1 l)) (projT2 l) (original_state s (projT1 l), om)transition l (s, om) = transition l (s, om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state (annotated_type (free_composite_vlsm IM) Cv)
om: option message
Hvi: input_constrained (IM (projT1 (existT i li))) (projT2 (existT i li)) (original_state s (projT1 (existT i li)), om)
s': state (free_composite_vlsm IM)
om': option message({| original_state := s'; state_annotation := coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (existT i li) (s, om) |}, om') = ({| original_state := s'; state_annotation := coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM) (existT i li) (s, om) |}, om')message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state (annotated_type (free_composite_vlsm IM) Cv)
om: option message
Hvi: input_constrained (IM (projT1 (existT i li))) (projT2 (existT i li)) (original_state s (projT1 (existT i li)), om)
s': state (free_composite_vlsm IM)
om': option messagecoeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (existT i li) (s, om) = coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM) (existT i li) (s, om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state (annotated_type (free_composite_vlsm IM) Cv)
m: message
Hvi: input_constrained (IM (projT1 (existT i li))) (projT2 (existT i li)) (original_state s (projT1 (existT i li)), Some m)
s': state (free_composite_vlsm IM)
om': option messagecoeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (existT i li) (s, Some m) = coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM) (existT i li) (s, Some m)by apply leibniz_equiv, full_node_msg_dep_composite_transition_message_equivocators. Qed.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state (annotated_type (free_composite_vlsm IM) Cv)
m: message
Hvi: input_constrained (IM (projT1 (existT i li))) (projT2 (existT i li)) (original_state s (projT1 (existT i li)), Some m)
s': state (free_composite_vlsm IM)
om': option messagecoeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM) (existT i li) (s, Some m) = coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (existT i li) (s, Some m)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageVLSM_incl Limited FullNodeLimitedmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageVLSM_incl Limited FullNodeLimitedmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messagestrong_incl_initial_state_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_initial_message_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_valid_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_transition_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)))by intros s Hs.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messagestrong_incl_initial_state_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)))by intros _ _ m _ _ Hinit; apply initial_message_is_valid.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_initial_message_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_valid_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) |}
om: option message
HvX: input_valid {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) |} (existT i li) (s, om)valid (Datatypes.id (existT i li)) (Datatypes.id s, om)by eapply annotated_free_input_valid_projection.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) |}
om: option message
HvX: input_valid {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) |} (existT i li) (s, om)input_constrained (IM (projT1 (Datatypes.id (existT i li)))) (projT2 (Datatypes.id (existT i li))) (original_state (Datatypes.id s) (projT1 (Datatypes.id (existT i li))), om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_transition_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) |}
iom: option message
s': state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) |}
oom: option message
Hv: input_valid {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) |} (existT i li) (s, iom)
Ht: annotated_transition (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) (existT i li) (s, iom) = ( s', oom)annotated_transition (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)) (existT i li) (s, iom) = annotated_transition (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) (existT i li) (s, iom)by eapply annotated_free_input_valid_projection. Qed.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) |}
iom: option message
s': state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) |}
oom: option message
Hv: input_valid {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) |} (existT i li) (s, iom)
Ht: annotated_transition (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) (existT i li) (s, iom) = ( s', oom)input_constrained (IM (projT1 (existT i li))) (projT2 (existT i li)) (original_state s (projT1 (existT i li)), iom)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageVLSM_incl FullNodeLimited Limitedmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageVLSM_incl FullNodeLimited Limitedmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messagestrong_incl_initial_state_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_initial_message_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_valid_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_transition_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)))by intros s Hs.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messagestrong_incl_initial_state_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)))by intros _ _ m _ _ Hinit; apply initial_message_is_valid.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_initial_message_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_valid_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)) |}
om: option message
HvX: input_valid {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)) |} (existT i li) (s, om)valid (Datatypes.id (existT i li)) (Datatypes.id s, om)by eapply annotated_free_input_valid_projection.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)) |}
om: option message
HvX: input_valid {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)) |} (existT i li) (s, om)input_constrained (IM (projT1 (Datatypes.id (existT i li)))) (projT2 (Datatypes.id (existT i li))) (original_state (Datatypes.id s) (projT1 (Datatypes.id (existT i li))), om)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageweak_incl_transition_preservation (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM))) (constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender))) (coeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)))message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)) |}
iom: option message
s': state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)) |}
oom: option message
Hv: input_valid {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)) |} (existT i li) (s, iom)
Ht: annotated_transition (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)) (existT i li) (s, iom) = ( s', oom)annotated_transition (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) (existT i li) (s, iom) = annotated_transition (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)) (existT i li) (s, iom)by eapply annotated_free_input_valid_projection. Qed.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM message
i: index
li: label (IM i)
s: state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)) |}
iom: option message
s': state {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)) |}
oom: option message
Hv: input_valid {| vlsm_type := annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)); vlsm_machine := constrained_vlsm_machine (annotated_vlsm (free_composite_vlsm IM) Cv (λ s : Cv, s ≡ ∅) (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM))) (coeqv_limited_equivocation_constraint IM threshold sender (full_node_coequivocating_senders IM)) |} (existT i li) (s, iom)
Ht: annotated_transition (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (full_node_coequivocating_senders IM)) (existT i li) (s, iom) = ( s', oom)input_constrained (IM (projT1 (existT i li))) (projT2 (existT i li)) (original_state s (projT1 (existT i li)), iom)message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageVLSM_eq FullNodeLimited Limitedmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageVLSM_eq FullNodeLimited Limitedmessage, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageVLSM_incl {| vlsm_type := FullNodeLimited; vlsm_machine := FullNodeLimited |} {| vlsm_type := FullNodeLimited; vlsm_machine := Limited |}message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageVLSM_incl {| vlsm_type := FullNodeLimited; vlsm_machine := Limited |} {| vlsm_type := FullNodeLimited; vlsm_machine := FullNodeLimited |}by apply full_node_msg_dep_limited_equivocation_vlsm_incl.message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageVLSM_incl {| vlsm_type := FullNodeLimited; vlsm_machine := FullNodeLimited |} {| vlsm_type := FullNodeLimited; vlsm_machine := Limited |}by apply msg_dep_full_node_limited_equivocation_vlsm_incl. Qed. End sec_full_node_msg_dep_limited_equivocation_equivalence. Section sec_msg_dep_fixed_limited_equivocation. Context {message : Type} `{FinSet index Ci} `{!finite.Finite index} `{FinSet message Cm} (IM : index -> VLSM message) `{forall i, HasBeenSentCapability (IM i)} `{forall i, HasBeenReceivedCapability (IM i)} (message_dependencies : message -> Cm) (full_message_dependencies : message -> Cm) `{!FullMessageDependencies message_dependencies full_message_dependencies} `{forall i, MessageDependencies (IM i) message_dependencies} (threshold : R) `{ReachableThreshold validator Cv threshold} (sender : message -> option validator) (A : validator -> index) `{!Inj (=) (=) A} (Limited := msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender (Cv := Cv)) (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM) (Hchannel : channel_authentication_prop IM A sender) (Hsender_safety : sender_safety_alt_prop IM A sender := channel_authentication_sender_safety _ _ _ Hchannel) .message, Cm: Type
H: ElemOf message Cm
H0: Empty Cm
H1: Singleton message Cm
H2: Union Cm
H3: Intersection Cm
H4: Difference Cm
H5: Elements message Cm
EqDecision0: EqDecision message
H6: FinSet message Cm
index: Type
EqDecision1: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision2: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
LeibnizEquiv0: LeibnizEquiv Cv
A: validator → index
sender: message → option validator
message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H19: ∀ i : index, MessageDependencies (IM i) message_dependencies
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
FullNodeLimited:= full_node_limited_equivocation_vlsm IM threshold sender: VLSM messageVLSM_incl {| vlsm_type := FullNodeLimited; vlsm_machine := Limited |} {| vlsm_type := FullNodeLimited; vlsm_machine := FullNodeLimited |}message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im∃ v : validator, v ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im∃ v : validator, v ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit {| vlsm_type := free_composite_vlsm IM; vlsm_machine := preloaded_with_all_messages_vlsm (free_composite_vlsm IM) |} im
Hnobserved: ¬ composite_has_been_directly_observed IM s im∃ v : validator, v ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
j: index
Him: can_emit (preloaded_with_all_messages_vlsm (IM j)) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im∃ v : validator, v ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
j: index
Him: can_emit (preloaded_with_all_messages_vlsm (IM j)) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
Hsender: channel_authenticated_message A sender j im∃ v : validator, v ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
j: index
Him: can_emit (preloaded_with_all_messages_vlsm (IM j)) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
Hsender: option_map A (sender im) = Some j∃ v : validator, v ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
j: index
Him: can_emit (preloaded_with_all_messages_vlsm (IM j)) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
v: validator
Heq_sender: sender im = Some v
Hsender: option_map A (Some v) = Some j∃ v : validator, v ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
v: validator
Him: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
Heq_sender: sender im = Some v∃ v : validator, v ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
v: validator
Him: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
Heq_sender: sender im = Some vv ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
v: validator
Him: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
Heq_sender: sender im = Some vv ∈ (if decide (composite_has_been_directly_observed IM s im) then ∅ else list_to_set (omap sender [im] ++ elements (list_to_set (omap sender (elements (filter (λ dm : message, ¬ composite_has_been_directly_observed IM s dm) (full_message_dependencies im))))))) ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
v: validator
Him: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
Heq_sender: sender im = Some vv ∈ list_to_set (match sender im with | Some y => [y] | None => [] end ++ elements (list_to_set (omap sender (elements (filter (λ dm : message, ¬ composite_has_been_directly_observed IM s dm) (full_message_dependencies im)))))) ∧ can_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
v: validator
Him: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
Heq_sender: sender im = Some vv ∈ list_to_set (match sender im with | Some y => [y] | None => [] end ++ elements (list_to_set (omap sender (elements (filter (λ dm : message, ¬ composite_has_been_directly_observed IM s dm) (full_message_dependencies im))))))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
v: validator
Him: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
Heq_sender: sender im = Some vcan_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) imby rewrite Heq_sender, elem_of_list_to_set, elem_of_app; left; left.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
v: validator
Him: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
Heq_sender: sender im = Some vv ∈ list_to_set (match sender im with | Some y => [y] | None => [] end ++ elements (list_to_set (omap sender (elements (filter (λ dm : message, ¬ composite_has_been_directly_observed IM s dm) (full_message_dependencies im))))))by eapply message_dependencies_are_sufficient. Qed.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
v: validator
Him: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
Heq_sender: sender im = Some vcan_emit (preloaded_vlsm (IM (A v)) (λ dm : message, msg_dep_rel message_dependencies dm im)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im∀ dm : message, msg_dep_happens_before message_dependencies dm im → composite_has_been_directly_observed IM s dm ∨ (∃ v_i : validator, v_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v_i))) dm)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im∀ dm : message, msg_dep_happens_before message_dependencies dm im → composite_has_been_directly_observed IM s dm ∨ (∃ v_i : validator, v_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v_i))) dm)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm imcomposite_has_been_directly_observed IM s dm ∨ (∃ v_i : validator, v_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v_i))) dm)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm∃ v_i : validator, v_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v_i))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm(∃ v : validator, sender dm = Some v ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dm) → ∃ v_i : validator, v_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v_i))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm∃ v : validator, sender dm = Some v ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm(∃ v : validator, sender dm = Some v ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dm) → ∃ v_i : validator, v_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v_i))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm
v: validator
Hsender: sender dm = Some v
Hemit: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dm∃ v_i : validator, v_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender s im ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v_i))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm
v: validator
Hsender: sender dm = Some v
Hemit: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dmv ∈ msg_dep_message_equivocators IM full_message_dependencies sender s immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm
v: validator
Hsender: sender dm = Some v
Hemit: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dmv ∈ (if decide (composite_has_been_directly_observed IM s im) then ∅ else list_to_set (omap sender [im] ++ elements (list_to_set (omap sender (elements (filter (λ dm : message, ¬ composite_has_been_directly_observed IM s dm) (full_message_dependencies im)))))))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm
v: validator
Hsender: sender dm = Some v
Hemit: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dm(∃ x : message, x ∈ [im] ∧ sender x = Some v) ∨ (∃ x : message, x ∈ elements (filter (λ dm : message, ¬ composite_has_been_directly_observed IM s dm) (full_message_dependencies im)) ∧ sender x = Some v)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm
v: validator
Hsender: sender dm = Some v
Hemit: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dmdm ∈ elements (filter (λ dm : message, ¬ composite_has_been_directly_observed IM s dm) (full_message_dependencies im)) ∧ sender dm = Some vby setoid_rewrite full_message_dependencies_happens_before.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm
v: validator
Hsender: sender dm = Some v
Hemit: can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dm(¬ composite_has_been_directly_observed IM s dm ∧ dm ∈ full_message_dependencies im) ∧ sender dm = Some vmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: can_emit (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm∃ v : validator, sender dm = Some v ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dmby eapply msg_dep_happens_before_composite_no_initial_valid_messages_emitted_by_sender. Qed.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: composite_state IM
im: message
Him: valid_message_prop (free_composite_vlsm IM) im
Hnobserved: ¬ composite_has_been_directly_observed IM s im
dm: message
Hdm: msg_dep_happens_before message_dependencies dm im
Hnobs: ¬ composite_has_been_directly_observed IM s dm∃ v : validator, sender dm = Some v ∧ can_emit (preloaded_with_all_messages_vlsm (IM (A v))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) imcan_emit (equivocators_composition_for_directly_observed IM (set_map A (state_annotation s ∪ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im)) (original_state s)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) imcan_emit (equivocators_composition_for_directly_observed IM (set_map A (state_annotation s ∪ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im)) (original_state s)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) imVLSM_embedding ?X (equivocators_composition_for_directly_observed IM (set_map A (state_annotation s ∪ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im)) (original_state s)) ?label_project ?state_projectmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) imcan_emit ?X immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) imVLSM_embedding ?X (equivocators_composition_for_directly_observed IM (set_map A (state_annotation s ∪ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im)) (original_state s)) ?label_project ?state_projectmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) imelements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im)) ⊆ elements (set_map A (state_annotation s ∪ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))by apply set_map_mono, union_subseteq_r.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
x: indexx ∈ set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im) → x ∈ set_map A (state_annotation s ∪ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) imcan_emit (equivocators_composition_for_directly_observed IM (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im)) (original_state s)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) imcan_emit (equivocators_composition_for_directly_observed IM (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im)) (original_state s)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im∀ dm : message, (λ dm0 : message, msg_dep_rel message_dependencies dm0 im) dm → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
H_dm: msg_dep_rel message_dependencies dm imvalid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
H_dm: msg_dep_rel message_dependencies dm im
Hdm: msg_dep_happens_before message_dependencies dm imvalid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im∀ dm : message, msg_dep_happens_before message_dependencies dm im → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
Hind: ∀ y : message, msg_dep_happens_before message_dependencies y dm → msg_dep_happens_before message_dependencies y im → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) y
Hdm: msg_dep_happens_before message_dependencies dm imvalid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
Hind: ∀ y : message, msg_dep_happens_before message_dependencies y dm → msg_dep_happens_before message_dependencies y im → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) y
Hdm: msg_dep_happens_before message_dependencies dm iminitial_message_prop dm ∨ can_emit (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
Hind: ∀ y : message, msg_dep_happens_before message_dependencies y dm → msg_dep_happens_before message_dependencies y im → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) y
Hdm: msg_dep_happens_before message_dependencies dm im
dm_i: validator
Hdm_i: dm_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemit_dm: can_emit (preloaded_with_all_messages_vlsm (IM (A dm_i))) dmcan_emit (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
Hind: ∀ y : message, msg_dep_happens_before message_dependencies y dm → msg_dep_happens_before message_dependencies y im → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) y
Hdm: msg_dep_happens_before message_dependencies dm im
dm_i: validator
Hdm_i: dm_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemit_dm: can_emit (preloaded_with_all_messages_vlsm (IM (A dm_i))) dm∀ dm0 : message, (λ msg : message, msg ∈ message_dependencies dm) dm0 → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) dm0message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
Hind: ∀ y : message, msg_dep_happens_before message_dependencies y dm → msg_dep_happens_before message_dependencies y im → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) y
Hdm: msg_dep_happens_before message_dependencies dm im
dm_i: validator
Hdm_i: dm_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemit_dm: can_emit (preloaded_with_all_messages_vlsm (IM (A dm_i))) dm
dm': message
Hdm': (λ msg : message, msg ∈ message_dependencies dm) dm'msg_dep_happens_before message_dependencies dm' dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
Hind: ∀ y : message, msg_dep_happens_before message_dependencies y dm → msg_dep_happens_before message_dependencies y im → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) y
Hdm: msg_dep_happens_before message_dependencies dm im
dm_i: validator
Hdm_i: dm_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemit_dm: can_emit (preloaded_with_all_messages_vlsm (IM (A dm_i))) dm
dm': message
Hdm': (λ msg : message, msg ∈ message_dependencies dm) dm'msg_dep_happens_before message_dependencies dm' imby apply msg_dep_happens_before_iff_one; left.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
Hind: ∀ y : message, msg_dep_happens_before message_dependencies y dm → msg_dep_happens_before message_dependencies y im → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) y
Hdm: msg_dep_happens_before message_dependencies dm im
dm_i: validator
Hdm_i: dm_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemit_dm: can_emit (preloaded_with_all_messages_vlsm (IM (A dm_i))) dm
dm': message
Hdm': (λ msg : message, msg ∈ message_dependencies dm) dm'msg_dep_happens_before message_dependencies dm' dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
Hind: ∀ y : message, msg_dep_happens_before message_dependencies y dm → msg_dep_happens_before message_dependencies y im → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) y
Hdm: msg_dep_happens_before message_dependencies dm im
dm_i: validator
Hdm_i: dm_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemit_dm: can_emit (preloaded_with_all_messages_vlsm (IM (A dm_i))) dm
dm': message
Hdm': (λ msg : message, msg ∈ message_dependencies dm) dm'msg_dep_happens_before message_dependencies dm' imby apply msg_dep_happens_before_iff_one; left. Qed.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
s: state Limited
im: message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobserved: ¬ composite_has_been_directly_observed IM (original_state s) im
HLemit: can_emit (free_composite_vlsm IM) im
j: validator
Heqv_j: j ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemitj: can_emit (preloaded_vlsm (IM (A j)) (λ dm : message, msg_dep_rel message_dependencies dm im)) im
dm: message
Hind: ∀ y : message, msg_dep_happens_before message_dependencies y dm → msg_dep_happens_before message_dependencies y im → valid_message_prop (preloaded_vlsm (free_composite_vlsm (sub_IM IM (elements (set_map A (msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im))))) (composite_has_been_directly_observed IM (original_state s))) y
Hdm: msg_dep_happens_before message_dependencies dm im
dm_i: validator
Hdm_i: dm_i ∈ msg_dep_message_equivocators IM full_message_dependencies sender (original_state s) im
Hemit_dm: can_emit (preloaded_with_all_messages_vlsm (IM (A dm_i))) dm
dm': message
Hdm': (λ msg : message, msg ∈ message_dependencies dm) dm'msg_dep_happens_before message_dependencies dm' dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state Limited
tr: list transition_item
Htr: finite_valid_trace Limited is tr
equivocators:= state_annotation (finite_trace_last is tr): Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message(sum_weights equivocators <= threshold)%R ∧ finite_valid_trace Fixed (original_state is) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state Limited
tr: list transition_item
Htr: finite_valid_trace Limited is tr
equivocators:= state_annotation (finite_trace_last is tr): Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message(sum_weights equivocators <= threshold)%R ∧ finite_valid_trace Fixed (original_state is) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state Limited
tr: list transition_item
Htr: finite_valid_trace Limited is tr
equivocators:= state_annotation (finite_trace_last is tr): Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM messagefinite_valid_trace_from Fixed (original_state is) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited is (finite_trace_last is tr) tr
equivocators:= state_annotation (finite_trace_last is tr): Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM messagefinite_valid_trace_from Fixed (original_state is) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)finite_valid_trace_from Fixed (original_state si) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) tr ++ map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) [{| l := l; input := iom; destination := sf; output := oom |}])message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)finite_valid_trace_from Fixed (original_state si) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)finite_valid_trace_from Fixed (finite_trace_last (original_state si) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) tr)) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) [{| l := l; input := iom; destination := sf; output := oom |}])message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)finite_valid_trace_from Fixed (original_state si) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message(let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)) → finite_valid_trace_from Fixed (original_state si) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM messageelements (set_map A (state_annotation s)) ⊆ elements (set_map A equivocators)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
x: indexx ∈ set_map A (state_annotation s) → x ∈ set_map A equivocatorsby eapply coeqv_limited_equivocation_transition_state_annotation_incl, Ht.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
x: indexstate_annotation s ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)finite_valid_trace_from Fixed (finite_trace_last (original_state si) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) tr)) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) [{| l := l; input := iom; destination := sf; output := oom |}])message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)input_valid_transition Fixed (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (finite_trace_last (original_state si) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) tr), input {| l := l; input := iom; destination := sf; output := oom |}) (original_state (destination {| l := l; input := iom; destination := sf; output := oom |}), output {| l := l; input := iom; destination := sf; output := oom |})message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)(valid_state_prop Fixed (finite_trace_last (original_state si) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) tr)) ∧ option_valid_message_prop Fixed (input {| l := l; input := iom; destination := sf; output := oom |}) ∧ valid (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (finite_trace_last (original_state si) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) tr), input {| l := l; input := iom; destination := sf; output := oom |})) ∧ transition (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (finite_trace_last (original_state si) (map (pre_VLSM_embedding_transition_item_project Limited (composite_type IM) Datatypes.id original_state) tr), input {| l := l; input := iom; destination := sf; output := oom |}) = (original_state (destination {| l := l; input := iom; destination := sf; output := oom |}), output {| l := l; input := iom; destination := sf; output := oom |})message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)(valid_state_prop Fixed (finite_trace_last (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)) ∧ option_valid_message_prop Fixed (input {| l := l; input := iom; destination := sf; output := oom |}) ∧ valid (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (finite_trace_last (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr), input {| l := l; input := iom; destination := sf; output := oom |})) ∧ transition (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (finite_trace_last (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr), input {| l := l; input := iom; destination := sf; output := oom |}) = (original_state (destination {| l := l; input := iom; destination := sf; output := oom |}), output {| l := l; input := iom; destination := sf; output := oom |})message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)(valid_state_prop Fixed (original_state (finite_trace_last si tr)) ∧ option_valid_message_prop Fixed (input {| l := l; input := iom; destination := sf; output := oom |}) ∧ valid (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (original_state (finite_trace_last si tr), input {| l := l; input := iom; destination := sf; output := oom |})) ∧ transition (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (original_state (finite_trace_last si tr), input {| l := l; input := iom; destination := sf; output := oom |}) = (original_state (destination {| l := l; input := iom; destination := sf; output := oom |}), output {| l := l; input := iom; destination := sf; output := oom |})message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)(valid_state_prop Fixed (original_state (finite_trace_last si tr)) ∧ option_valid_message_prop Fixed (input {| l := l; input := iom; destination := sf; output := oom |}) ∧ valid (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (original_state (finite_trace_last si tr), input {| l := l; input := iom; destination := sf; output := oom |})) ∧ transition (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (original_state (finite_trace_last si tr), input {| l := l; input := iom; destination := sf; output := oom |}) = (original_state (destination {| l := l; input := iom; destination := sf; output := oom |}), output {| l := l; input := iom; destination := sf; output := oom |})message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state (finite_trace_last si tr))by apply finite_valid_trace_last_pstate.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (finite_trace_last (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
Ht: input_valid_transition Limited l ( s, iom) (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)(valid_state_prop Fixed (original_state (finite_trace_last si tr)) ∧ option_valid_message_prop Fixed (input {| l := l; input := iom; destination := sf; output := oom |}) ∧ valid (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (original_state (finite_trace_last si tr), input {| l := l; input := iom; destination := sf; output := oom |})) ∧ transition (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (original_state (finite_trace_last si tr), input {| l := l; input := iom; destination := sf; output := oom |}) = (original_state (destination {| l := l; input := iom; destination := sf; output := oom |}), output {| l := l; input := iom; destination := sf; output := oom |})message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid l (s, iom)
HLt: transition l (s, iom) = (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)(valid_state_prop Fixed (original_state (finite_trace_last si tr)) ∧ option_valid_message_prop Fixed (input {| l := l; input := iom; destination := sf; output := oom |}) ∧ valid (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (original_state (finite_trace_last si tr), input {| l := l; input := iom; destination := sf; output := oom |})) ∧ transition (Datatypes.id (VLSM.l {| l := l; input := iom; destination := sf; output := oom |})) (original_state (finite_trace_last si tr), input {| l := l; input := iom; destination := sf; output := oom |}) = (original_state (destination {| l := l; input := iom; destination := sf; output := oom |}), output {| l := l; input := iom; destination := sf; output := oom |})message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid l (s, iom)
HLt: (let (s', om') := let (i, li) := l in let (si', om') := transition li (original_state s i, iom) in (state_update IM (original_state s) i si', om') in ({| original_state := s'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}, om')) = (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)(valid_state_prop Fixed (original_state (finite_trace_last si tr)) ∧ option_valid_message_prop Fixed iom ∧ (let (i, li) := l in valid li (original_state (finite_trace_last si tr) i, iom)) ∧ from_option (fixed_equivocation IM (set_map A equivocators) (original_state (finite_trace_last si tr))) True iom) ∧ (let (i, li) := l in let (si', om') := transition li (original_state (finite_trace_last si tr) i, iom) in (state_update IM (original_state (finite_trace_last si tr)) i si', om')) = (original_state sf, oom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
l: label Limited
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid l (s, iom)
HLt: (let (s', om') := let (i, li) := l in let (si', om') := transition li (original_state s i, iom) in (state_update IM (original_state s) i si', om') in ({| original_state := s'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}, om')) = (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)(valid_state_prop Fixed (original_state s) ∧ option_valid_message_prop Fixed iom ∧ (let (i, li) := l in valid li (original_state s i, iom)) ∧ from_option (fixed_equivocation IM (set_map A equivocators) (original_state s)) True iom) ∧ (let (i, li) := l in let (si', om') := transition li (original_state s i, iom) in (state_update IM (original_state s) i si', om')) = (original_state sf, oom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
sf: state Limited
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
om': option message
HLt: ({| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}, om') = (sf, oom)
equivocators:= state_annotation sf: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)(valid_state_prop Fixed (original_state s) ∧ option_valid_message_prop Fixed iom ∧ valid li (original_state s i, iom) ∧ from_option (fixed_equivocation IM (set_map A equivocators) (original_state s)) True iom) ∧ (state_update IM (original_state s) i si', om') = (original_state sf, oom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)(valid_state_prop Fixed (original_state s) ∧ option_valid_message_prop Fixed iom ∧ valid li (original_state s i, iom) ∧ from_option (fixed_equivocation IM (set_map A match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end) (original_state s)) True iom) ∧ (state_update IM (original_state s) i si', oom) = (state_update IM (original_state s) i si', oom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)valid_state_prop Fixed (original_state s)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)option_valid_message_prop Fixed iommessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)valid li (original_state s i, iom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)from_option (fixed_equivocation IM (set_map A match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end) (original_state s)) True iommessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)valid_state_prop Fixed (original_state s)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)VLSM_incl_part (constrained_vlsm_machine (free_composite_vlsm IM) (fixed_equivocation_constraint IM (set_map A (state_annotation s)))) (constrained_vlsm_machine (free_composite_vlsm IM) (fixed_equivocation_constraint IM (set_map A equivocators)))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)elements (set_map A (state_annotation s)) ⊆ elements (set_map A equivocators)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
x: indexx ∈ set_map A (state_annotation s) → x ∈ set_map A equivocatorsby destruct iom as [im |]; [apply union_subseteq_l |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
x: indexstate_annotation s ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)option_valid_message_prop Fixed iommessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)option_valid_message_prop Fixed (Some im)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)valid_message_prop Fixed immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hobs: composite_has_been_directly_observed IM (original_state s) imvalid_message_prop Fixed immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) imvalid_message_prop Fixed immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hobs: composite_has_been_directly_observed IM (original_state s) imvalid_message_prop Fixed immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hobs: composite_has_been_directly_observed IM (original_state s) imvalid_state_prop (composite_vlsm IM (fixed_equivocation_constraint IM (set_map A equivocators))) (original_state s)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hobs: composite_has_been_directly_observed IM (original_state s) imVLSM_incl_part (constrained_vlsm_machine (free_composite_vlsm IM) (fixed_equivocation_constraint IM (set_map A (state_annotation s)))) (constrained_vlsm_machine (free_composite_vlsm IM) (fixed_equivocation_constraint IM (set_map A equivocators)))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hobs: composite_has_been_directly_observed IM (original_state s) imelements (set_map A (state_annotation s)) ⊆ elements (set_map A equivocators)by apply set_map_mono, union_subseteq_l.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hobs: composite_has_been_directly_observed IM (original_state s) im
x: indexx ∈ set_map A (state_annotation s) → x ∈ set_map A equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) imvalid_message_prop Fixed immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) imoption_valid_message_prop Limited (Some im) → valid_message_prop Fixed immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) iminitial_message_prop im ∨ can_emit Limited im → initial_message_prop im ∨ can_emit Fixed immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imcan_emit Fixed immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imVLSM_weak_embedding ?X Fixed ?label_project ?state_projectmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imcan_emit ?X immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imVLSM_weak_embedding ?X Fixed ?label_project ?state_projectmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imvalid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) (original_state s)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imVLSM_incl_part (constrained_vlsm_machine (free_composite_vlsm IM) (fixed_equivocation_constraint IM (set_map A (state_annotation s)))) (constrained_vlsm_machine (free_composite_vlsm IM) (fixed_equivocation_constraint IM (set_map A equivocators)))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imelements (set_map A (state_annotation s)) ⊆ elements (set_map A equivocators)by apply set_map_mono, union_subseteq_l.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited im
x: indexx ∈ set_map A (state_annotation s) → x ∈ set_map A equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imcan_emit (equivocators_composition_for_sent IM (set_map A equivocators) (original_state s)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imVLSM_incl_part ?MX (preloaded_vlsm_machine (free_equivocating_vlsm_composition IM (set_map A equivocators)) (sent_by_non_equivocating IM (set_map A equivocators) (original_state s)))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imcan_emit {| vlsm_type := free_equivocating_vlsm_composition IM (set_map A equivocators); vlsm_machine := ?MX |} immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imVLSM_incl_part ?MX (preloaded_vlsm_machine (free_equivocating_vlsm_composition IM (set_map A equivocators)) (sent_by_non_equivocating IM (set_map A equivocators) (original_state s)))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imvalid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) (original_state s)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imVLSM_incl_part (constrained_vlsm_machine (free_composite_vlsm IM) (fixed_equivocation_constraint IM (set_map A (state_annotation s)))) (constrained_vlsm_machine (free_composite_vlsm IM) (fixed_equivocation_constraint IM (set_map A equivocators)))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imelements (set_map A (state_annotation s)) ⊆ elements (set_map A equivocators)by apply set_map_mono, union_subseteq_l.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited im
x: indexx ∈ set_map A (state_annotation s) → x ∈ set_map A equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imcan_emit {| vlsm_type := free_equivocating_vlsm_composition IM (set_map A equivocators); vlsm_machine := equivocators_composition_for_directly_observed IM (set_map A equivocators) (original_state s) |} immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imcan_emit (free_composite_vlsm IM) imby apply forget_annotations_projection.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) im
Hemit: can_emit Limited imVLSM_embedding Limited (free_composite_vlsm IM) ?label_project ?state_projectby apply HLv.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)valid li (original_state s i, iom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
iom, oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited iom
HLv: valid (existT i li) (s, iom)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)from_option (fixed_equivocation IM (set_map A match iom with | Some m => state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) m | None => state_annotation s end) (original_state s)) True iommessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)from_option (fixed_equivocation IM (set_map A (state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im)) (original_state s)) True (Some im)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) imcan_emit (equivocators_composition_for_directly_observed IM (set_map A (state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im)) (original_state s)) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
HLim: option_valid_message_prop Limited (Some im)
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) imcan_emit (free_composite_vlsm IM) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
Hemit: can_emit Limited im
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) imcan_emit (free_composite_vlsm IM) imby apply forget_annotations_projection. Qed.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
si, s: state Limited
tr: list transition_item
Htr: finite_valid_trace_init_to Limited si s tr
im: message
oom: option message
i: index
li: label (IM i)
HLs: valid_state_prop Limited s
Hemit: can_emit Limited im
HLv: valid (existT i li) (s, Some im)
si': state (IM i)
equivocators:= state_annotation {| original_state := state_update IM (original_state s) i si'; state_annotation := state_annotation s ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state s) im |}: Cv
Fixed:= fixed_equivocation_vlsm_composition IM (set_map A equivocators): VLSM message
IHHtr: let equivocators := state_annotation s in let Fixed := fixed_equivocation_vlsm_composition IM (set_map A equivocators) in finite_valid_trace_from Fixed (original_state si) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation s))) (original_state s)
Hnobs: ¬ composite_has_been_directly_observed IM (original_state s) imVLSM_embedding Limited (free_composite_vlsm IM) ?label_project ?state_projectmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state Limited
tr: list transition_itemfinite_valid_trace Limited is tr → fixed_limited_equivocation_prop IM threshold A (original_state is) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state Limited
tr: list transition_itemfinite_valid_trace Limited is tr → fixed_limited_equivocation_prop IM threshold A (original_state is) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state Limited
tr: list transition_item
Htr: finite_valid_trace Limited is trfixed_limited_equivocation_prop IM threshold A (original_state is) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)by apply msg_dep_fixed_limited_equivocation_witnessed. Qed.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state Limited
tr: list transition_item
Htr: finite_valid_trace Limited is tr(sum_weights (state_annotation (finite_trace_last is tr)) <= threshold)%R ∧ finite_valid_trace (fixed_equivocation_vlsm_composition IM (set_map A (state_annotation (finite_trace_last is tr)))) (original_state is) (pre_VLSM_embedding_finite_trace_project Limited (composite_type IM) Datatypes.id original_state tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
iom: option message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM equivocators) l (s, iom) ( sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validatorsmsg_dep_composite_transition_message_equivocators IM full_message_dependencies sender l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (annotate_trace_from (free_composite_vlsm IM) Cv (msg_dep_composite_transition_message_equivocators IM full_message_dependencies sender) {| original_state := is; state_annotation := ∅ |} tr), iom) ⊆ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
iom: option message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM equivocators) l (s, iom) ( sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validatorsmsg_dep_composite_transition_message_equivocators IM full_message_dependencies sender l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (annotate_trace_from (free_composite_vlsm IM) Cv (msg_dep_composite_transition_message_equivocators IM full_message_dependencies sender) {| original_state := is; state_annotation := ∅ |} tr), iom) ⊆ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM equivocators) l (s, Some im) ( sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validatorsmsg_dep_composite_transition_message_equivocators IM full_message_dependencies sender l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (annotate_trace_from (free_composite_vlsm IM) Cv (msg_dep_composite_transition_message_equivocators IM full_message_dependencies sender) {| original_state := is; state_annotation := ∅ |} tr), Some im) ⊆ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM equivocators) l (s, Some im) ( sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validatorscoeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (annotate_trace_from (free_composite_vlsm IM) Cv (msg_dep_composite_transition_message_equivocators IM full_message_dependencies sender) {| original_state := is; state_annotation := ∅ |} tr))) im ⊆ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM equivocators) l (s, Some im) ( sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validatorscoeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (finite_trace_last is tr) im ⊆ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM equivocators) l (s, Some im) ( sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validatorscoeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) s im ⊆ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM equivocators) l (s, Some im) ( sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators(if decide (composite_has_been_directly_observed IM s im) then ∅ else list_to_set (omap sender [im] ++ elements (msg_dep_coequivocating_senders IM full_message_dependencies sender s im))) ⊆ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM equivocators) l (s, Some im) ( sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s imlist_to_set (omap sender [im] ++ elements (msg_dep_coequivocating_senders IM full_message_dependencies sender s im)) ⊆ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
Heqv: eqv ∈ list_to_set (omap sender [im] ++ elements (msg_dep_coequivocating_senders IM full_message_dependencies sender s im))eqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
Heqv: (∃ x : message, x = im ∧ sender x = Some eqv) ∨ (∃ x : message, (¬ composite_has_been_directly_observed IM s x ∧ x ∈ full_message_dependencies im) ∧ sender x = Some eqv)eqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hmsg: msg = im
Hsender: sender msg = Some eqveqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqveqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hmsg: msg = im
Hsender: sender msg = Some eqveqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
Hsender: sender im = Some eqveqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
Hsender: sender im = Some eqv
Hemitted: can_emit {| vlsm_type := free_equivocating_vlsm_composition IM equivocators; vlsm_machine := preloaded_with_all_messages_vlsm (free_equivocating_vlsm_composition IM equivocators) |} imeqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
Hsender: sender im = Some eqv
sub_eqv: sub_index (elements equivocators)
Hemitted: can_emit (preloaded_with_all_messages_vlsm (sub_IM IM (elements equivocators) sub_eqv)) imeqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
Hsender: sender im = Some eqv
_eqv: index
H_eqv: sub_index_prop (elements equivocators) _eqv
Hemitted: can_emit (preloaded_with_all_messages_vlsm (sub_IM IM (elements equivocators) (dexist _eqv H_eqv))) imeqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
Hsender: sender im = Some eqv
_eqv: index
H_eqv: sub_index_prop (elements equivocators) _eqv
Hemitted: can_emit (preloaded_with_all_messages_vlsm (IM _eqv)) imeqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
Hsender: sender im = Some eqv
H_eqv: sub_index_prop (elements equivocators) (A eqv)eqv ∈ eqv_validatorsby revert H_eqv; apply elem_of_set_map_inj.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
Hsender: sender im = Some eqv
H_eqv: A eqv ∈ equivocatorseqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqveqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqvstrong_fixed_equivocation IM equivocators s msg → eqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqvstrong_fixed_equivocation IM equivocators s msgmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqvstrong_fixed_equivocation IM equivocators s msg → eqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
Hobserved: sent_by_non_equivocating IM equivocators s msgeqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
Hemitted_msg: can_emit (equivocators_composition_for_sent IM equivocators s) msgeqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
Hobserved: sent_by_non_equivocating IM equivocators s msgeqv ∈ eqv_validatorsby eapply sent_by_non_equivocating_are_directly_observed.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
Hobserved: sent_by_non_equivocating IM equivocators s msgcomposite_has_been_directly_observed IM s msgmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
Hemitted_msg: can_emit (equivocators_composition_for_sent IM equivocators s) msgeqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
Hemitted_msg: can_emit {| vlsm_type := free_equivocating_vlsm_composition IM equivocators; vlsm_machine := preloaded_with_all_messages_vlsm (free_equivocating_vlsm_composition IM equivocators) |} msgeqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
sub_i: sub_index (elements equivocators)
Hemitted_msg: can_emit (preloaded_with_all_messages_vlsm (sub_IM IM (elements equivocators) sub_i)) msgeqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
i: index
Hi: sub_index_prop (elements equivocators) i
Hemitted_msg: can_emit (preloaded_with_all_messages_vlsm (sub_IM IM (elements equivocators) (dexist i Hi))) msgeqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
i: index
Hi: sub_index_prop (elements equivocators) i
Hemitted_msg: A eqv = `(dexist i Hi)eqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
Hi: sub_index_prop (elements equivocators) (A eqv)eqv ∈ eqv_validatorsby revert Hi; apply elem_of_set_map_inj.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv
Hi: A eqv ∈ equivocatorseqv ∈ eqv_validatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqvstrong_fixed_equivocation IM equivocators s msgmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqvcan_emit (equivocators_composition_for_sent IM equivocators s) immessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv∀ dm m : message, msg_dep_rel message_dependencies dm m → strong_fixed_equivocation IM equivocators s m → strong_fixed_equivocation IM equivocators s dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqvcan_emit (equivocators_composition_for_sent IM equivocators s) imby apply Equivocators_Fixed_Strong_incl.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqvVLSM_incl_part (preloaded_vlsm_machine (free_equivocating_vlsm_composition IM equivocators) (composite_has_been_directly_observed IM s)) (preloaded_vlsm_machine (free_equivocating_vlsm_composition IM equivocators) (sent_by_non_equivocating IM equivocators s))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqv∀ dm m : message, msg_dep_rel message_dependencies dm m → strong_fixed_equivocation IM equivocators s m → strong_fixed_equivocation IM equivocators s dmmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqvvalid_state_prop (composite_vlsm IM (strong_fixed_equivocation_constraint IM equivocators)) sby apply Fixed_incl_StrongFixed. Qed.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
eqv_validators: Cv
equivocators:= set_map A eqv_validators: Ci
is: state (free_composite_vlsm IM)
s: state (fixed_equivocation_vlsm_composition IM equivocators)
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM equivocators) is s tr
l: label (fixed_equivocation_vlsm_composition IM equivocators)
im: message
sf: state (fixed_equivocation_vlsm_composition IM equivocators)
oom: option message
Hs: valid_state_prop (fixed_equivocation_vlsm_composition IM equivocators) s
Him: option_valid_message_prop (fixed_equivocation_vlsm_composition IM equivocators) (Some im)
Hv: valid l (s, Some im)
Hemitted: can_emit (equivocators_composition_for_directly_observed IM equivocators s) im
Ht: transition l (s, Some im) = (sf, oom)
Hsub_equivocators: state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ eqv_validators
Hnobserved: ¬ composite_has_been_directly_observed IM s im
eqv: validator
msg: message
Hnobserved_msg: ¬ composite_has_been_directly_observed IM s msg
Hdep_msg: msg ∈ full_message_dependencies im
Hsender: sender msg = Some eqvVLSM_incl_part (constrained_vlsm_machine (free_composite_vlsm IM) (fixed_equivocation_constraint IM equivocators)) (constrained_vlsm_machine (free_composite_vlsm IM) (strong_fixed_equivocation_constraint IM equivocators))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state (free_composite_vlsm IM)
tr: list (composite_transition_item IM)fixed_limited_equivocation_prop IM threshold A is tr → finite_valid_trace Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state (free_composite_vlsm IM)
tr: list (composite_transition_item IM)fixed_limited_equivocation_prop IM threshold A is tr → finite_valid_trace Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state (free_composite_vlsm IM)
tr: list (composite_transition_item IM)
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
Htr: finite_valid_trace (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is trfinite_valid_trace Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state (free_composite_vlsm IM)
tr: list (composite_transition_item IM)
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
Htr: finite_valid_trace (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is trfinite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state (free_composite_vlsm IM)
tr: list (composite_transition_item IM)
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
Htr: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is (finite_trace_last is tr) trfinite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
is: state (free_composite_vlsm IM)
tr: list (composite_transition_item IM)
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
Htr: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is (finite_trace_last is tr) trfinite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
His: initial_state_prop isfinite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is []) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is [])) ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsfinite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]))) ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
His: initial_state_prop isfinite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is []) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is [])) ⊆ equivocatorsby constructor; apply initial_state_is_valid.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
His: initial_state_prop isfinite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is [])message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsfinite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]))) ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsfinite_valid_trace_from Limited {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr ++ annotate_trace_item (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) {| l := l; input := iom; destination := sf; output := oom |} (λ _ : annotated_state (free_composite_vlsm IM) Cv, []) (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr ++ annotate_trace_item (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) {| l := l; input := iom; destination := sf; output := oom |} (λ _ : annotated_state (free_composite_vlsm IM) Cv, []) (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)))) ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsfinite_valid_trace_from Limited {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr ++ [{| l := l; input := iom; destination := {| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}; output := oom |}]) ∧ match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsmatch iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsfinite_valid_trace_from Limited {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr ++ [{| l := l; input := iom; destination := {| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}; output := oom |}])by eapply fixed_transition_preserves_annotation_equivocators ; [| | apply IHHtr1].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsmatch iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsfinite_valid_trace_from Limited {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr ++ [{| l := l; input := iom; destination := {| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}; output := oom |}])message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsfinite_valid_trace_from Limited {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ finite_valid_trace_from Limited (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) [{| l := l; input := iom; destination := {| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}; output := oom |}]message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsfinite_valid_trace_from Limited (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) [{| l := l; input := iom; destination := {| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}; output := oom |}]message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsinput_valid_transition Limited l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr), iom) ({| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}, oom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsvalid_state_prop Limited (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsoption_valid_message_prop Limited iommessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsvalid l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr), iom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorscoeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr), iom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorstransition l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr), iom) = ({| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}, oom)by apply finite_valid_trace_last_pstate, IHHtr1.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsvalid_state_prop Limited (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsoption_valid_message_prop Limited iommessage, index, Ci: Type
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
Cm: Type
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H14: Elements message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H25: Elements validator Cv
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
equivocators: Cv
iom: option message
iom_si: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsoption_valid_message_prop Limited iommessage, index, Ci: Type
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
Cm: Type
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H14: Elements message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H25: Elements validator Cv
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
equivocators: Cv
iom: option message
iom_si: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)option_valid_message_prop Limited iommessage, index, Ci: Type
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
Cm: Type
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H14: Elements message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H25: Elements validator Cv
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
equivocators: Cv
iom: option message
iom_si: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: match has_last_or_null iom_tr with | inleft (existT x (x0 ↾ _)) => output x0 = iom | inright _ => option_initial_message_prop (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom end
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)option_valid_message_prop Limited iommessage, index, Ci: Type
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
Cm: Type
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H14: Elements message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H25: Elements validator Cv
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
equivocators: Cv
iom: option message
iom_si: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr, iom_tr': list transition_item
iom_item: transition_item
Heqiom_tr: iom_tr = iom_tr' ++ [iom_item]
Heqiom: output iom_item = iom
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si (iom_tr' ++ [iom_item]))option_valid_message_prop Limited iommessage, index, Ci: Type
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
Cm: Type
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H14: Elements message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H25: Elements validator Cv
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
equivocators: Cv
im: message
iom_si: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr, iom_tr': list transition_item
iom_item: transition_item
Heqiom_tr: iom_tr = iom_tr' ++ [iom_item]
Heqiom: output iom_item = Some im
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si (iom_tr' ++ [iom_item]))option_valid_message_prop Limited (Some im)message, index, Ci: Type
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
Cm: Type
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H14: Elements message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H25: Elements validator Cv
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
equivocators: Cv
im: message
iom_si: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr, iom_tr': list transition_item
iom_item: transition_item
Heqiom_tr: iom_tr = iom_tr' ++ [iom_item]
Heqiom: output iom_item = Some im
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si (iom_tr' ++ [iom_item]))trace_has_message (field_selector output) im (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si (iom_tr' ++ [iom_item]))message, index, Ci: Type
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
Cm: Type
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H14: Elements message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H25: Elements validator Cv
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
equivocators: Cv
im: message
iom_si: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr, iom_tr': list transition_item
iom_item: transition_item
Heqiom_tr: iom_tr = iom_tr' ++ [iom_item]
Heqiom: output iom_item = Some im
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si (iom_tr' ++ [iom_item]))trace_has_message (field_selector output) im (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr' ++ annotate_trace_from (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr')) [iom_item])message, index, Ci: Type
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
Cm: Type
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H14: Elements message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H25: Elements validator Cv
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
equivocators: Cv
im: message
iom_si: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr, iom_tr': list transition_item
iom_item: transition_item
Heqiom_tr: iom_tr = iom_tr' ++ [iom_item]
Heqiom: output iom_item = Some im
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si (iom_tr' ++ [iom_item]))Exists (field_selector output im) (annotate_trace_from (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr')) [iom_item])by apply Exists_exists; eexists; split; [left |].message, index, Ci: Type
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
Cm: Type
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H14: Elements message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
full_message_dependencies: message → Cm
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H25: Elements validator Cv
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
equivocators: Cv
im: message
iom_si: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr, iom_tr': list transition_item
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
input: option message
destination: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
output: option message
Heqiom_tr: iom_tr = iom_tr' ++ [{| l := l; input := input; destination := destination; output := output |}]
Heqiom: VLSM.output {| l := l; input := input; destination := destination; output := output |} = Some im
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si (iom_tr' ++ [{| l := l; input := input; destination := destination; output := output |}]))Exists (field_selector VLSM.output im) (annotate_trace_from (free_composite_vlsm IM) Cv (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender)) (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr')) [{| l := l; input := input; destination := destination; output := output |}])message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsvalid l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr), iom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
i: index
li: label (IM i)
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) (existT i li) (s, iom) ( sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsvalid li (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) i, iom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
i: index
li: label (IM i)
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) (existT i li) (s, iom) ( sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsvalid li (finite_trace_last is tr i, iom)by apply Ht.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
i: index
li: label (IM i)
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) (existT i li) (s, iom) ( sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorsvalid li (s i, iom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorscoeqv_limited_equivocation_constraint IM threshold sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr), iom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocators(sum_weights (coeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr), iom)) <= sum_weights equivocators)%Rby eapply fixed_transition_preserves_annotation_equivocators; [.. | apply IHHtr1].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorscoeqv_composite_transition_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr), iom) ⊆ equivocatorsmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
l: label (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) l ( s, iom) (sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocatorstransition l (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr), iom) = ({| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}, oom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
i: index
li: label (IM i)
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) (existT i li) (s, iom) ( sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocators(let (s', om') := let (si', om') := transition li (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) i, iom) in (state_update IM (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) i si', om') in ({| original_state := s'; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}, om')) = ({| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (original_state (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr))) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}, oom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
i: index
li: label (IM i)
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) (existT i li) (s, iom) ( sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocators(let (s', om') := let (si', om') := transition li (finite_trace_last is tr i, iom) in (state_update IM (finite_trace_last is tr) i si', om') in ({| original_state := s'; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (finite_trace_last is tr) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}, om')) = ({| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) (finite_trace_last is tr) m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}, oom)by destruct Ht as [_ Ht]; cbn in Ht ; destruct (transition _ _ _) as (si', om') ; inversion Ht. Qed.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
equivocators: Cv
Hlimited: (sum_weights equivocators <= threshold)%R
is, s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
tr: list transition_item
Htr1: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) is s tr
iom: option message
iom_si, iom_s: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
iom_tr: list transition_item
Heqiom: empty_initial_message_or_final_output (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_tr iom
Htr2: finite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) iom_si iom_s iom_tr
sf: state (fixed_equivocation_vlsm_composition IM (set_map A equivocators))
oom: option message
i: index
li: label (IM i)
Ht: input_valid_transition (fixed_equivocation_vlsm_composition IM (set_map A equivocators)) (existT i li) (s, iom) ( sf, oom)
IHHtr1: finite_valid_trace_from Limited {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr) ∧ state_annotation (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ⊆ equivocators
IHHtr2: finite_valid_trace_from Limited {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr) ∧ state_annotation (finite_trace_last {| original_state := iom_si; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender iom_si iom_tr)) ⊆ equivocators(let (s', om') := let (si', om') := transition li (s i, iom) in (state_update IM s i si', om') in ({| original_state := s'; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) s m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}, om')) = ({| original_state := sf; state_annotation := match iom with | Some m => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) ∪ coeqv_message_equivocators IM sender (msg_dep_coequivocating_senders IM full_message_dependencies sender) s m | None => state_annotation (finite_trace_last {| original_state := is; state_annotation := ∅ |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) end |}, oom)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)VLSM_embedding Limited (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) Datatypes.id original_statemessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)VLSM_embedding Limited (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) Datatypes.id original_statemessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
sX: state Limited
trX: list transition_item
HtrX: finite_valid_trace Limited sX trXfinite_valid_trace (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) (original_state sX) (pre_VLSM_embedding_finite_trace_project Limited (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) Datatypes.id original_state trX)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
sX: state Limited
trX: list transition_item
HtrX: finite_valid_trace Limited sX trXsender_safety_alt_prop IM A sendermessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
sX: state Limited
trX: list transition_item
HtrX: finite_valid_trace Limited sX trXfixed_limited_equivocation_prop IM threshold A (original_state sX) (pre_VLSM_embedding_finite_trace_project Limited (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) Datatypes.id original_state trX)by apply Hsender_safety.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
sX: state Limited
trX: list transition_item
HtrX: finite_valid_trace Limited sX trXsender_safety_alt_prop IM A senderby apply msg_dep_fixed_limited_equivocation. Qed.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
sX: state Limited
trX: list transition_item
HtrX: finite_valid_trace Limited sX trXfixed_limited_equivocation_prop IM threshold A (original_state sX) (pre_VLSM_embedding_finite_trace_project Limited (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) Datatypes.id original_state trX)message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies∀ s : composite_state IM, valid_state_prop (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) s → ∃ sigma : state Limited, valid_state_prop Limited sigma ∧ original_state sigma = smessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies∀ s : composite_state IM, valid_state_prop (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) s → ∃ sigma : state Limited, valid_state_prop Limited sigma ∧ original_state sigma = smessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
s: composite_state IM
Hs: valid_state_prop (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) s∃ sigma : state Limited, valid_state_prop Limited sigma ∧ original_state sigma = smessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
is: state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
tr: list transition_item
Htr: fixed_limited_equivocation_prop IM threshold A is tr∃ sigma : state Limited, valid_state_prop Limited sigma ∧ original_state sigma = finite_trace_last is trmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
is: state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
tr: list transition_item
Htr: finite_valid_trace_init_to Limited {| original_state := is; state_annotation := `inhabitant |} (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)∃ sigma : state Limited, valid_state_prop Limited sigma ∧ original_state sigma = finite_trace_last is trby cbn; rewrite msg_dep_annotate_trace_with_equivocators_last_original_state. Qed.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
is: state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
tr: list transition_item
Htr: finite_valid_trace_init_to Limited {| original_state := is; state_annotation := `inhabitant |} (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)original_state (finite_trace_last {| original_state := is; state_annotation := `inhabitant |} (msg_dep_annotate_trace_with_equivocators IM full_message_dependencies sender is tr)) = finite_trace_last is trmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies∀ m : message, valid_message_prop (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) m → valid_message_prop Limited mmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies∀ m : message, valid_message_prop (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) m → valid_message_prop Limited mmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
msg: message
Hmsg: valid_message_prop (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) msgvalid_message_prop Limited msgmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
msg: message
s: state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
im: option message
i: index
li: label (IM i)
s': state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
Ht: input_valid_transition (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) (existT i li) ( s, im) ( s', Some msg)valid_message_prop Limited msgmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
msg: message
s: state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
im: option message
i: index
li: label (IM i)
s': state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
Ht: input_valid_transition (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) (existT i li) ( s, im) ( s', Some msg)
Hs': valid_state_prop (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) s'valid_message_prop Limited msgmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
msg: message
s: state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
im: option message
i: index
li: label (IM i)
sigma: state Limited
Ht: input_valid_transition (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) (existT i li) ( s, im) ( original_state sigma, Some msg)
Hsigma: valid_state_prop Limited sigmavalid_message_prop Limited msgmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
msg: message
s: state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
im: option message
i: index
li: label (IM i)
sigma: state Limited
Ht: input_valid_transition (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) (existT i li) ( s, im) ( original_state sigma, Some msg)
Hsigma: valid_state_prop Limited sigmahas_been_sent Limited sigma msgmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
msg: message
s: state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
im: option message
i: index
li: label (IM i)
sigma: state Limited
Ht: input_valid_transition (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) (existT i li) ( s, im) ( original_state sigma, Some msg)
Hsigma: valid_state_prop Limited sigmahas_been_sent (IM i) (original_state sigma i) msgmessage, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
msg: message
s: state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
im: option message
i: index
li: label (IM i)
sigma: state Limited
Ht: input_valid_transition (tracewise_limited_equivocation_vlsm_composition IM threshold A sender) (existT i li) ( s, im) ( original_state sigma, Some msg)
Hsigma: valid_state_prop Limited sigmacan_produce (preloaded_with_all_messages_vlsm (IM i)) (original_state sigma i) msgby eexists _, _. Qed. End sec_msg_dep_fixed_limited_equivocation.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
Cm: Type
H8: ElemOf message Cm
H9: Empty Cm
H10: Singleton message Cm
H11: Union Cm
H12: Intersection Cm
H13: Difference Cm
H14: Elements message Cm
EqDecision1: EqDecision message
H15: FinSet message Cm
IM: index → VLSM message
H16: ∀ i : index, HasBeenSentCapability (IM i)
H17: ∀ i : index, HasBeenReceivedCapability (IM i)
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies message_dependencies full_message_dependencies
H18: ∀ i : index, MessageDependencies (IM i) message_dependencies
threshold: R
validator, Cv: Type
Hm: Measurable validator
H19: ElemOf validator Cv
H20: Empty Cv
H21: Singleton validator Cv
H22: Union Cv
H23: Intersection Cv
H24: Difference Cv
H25: Elements validator Cv
EqDecision2: EqDecision validator
H26: FinSet validator Cv
H27: ReachableThreshold validator Cv threshold
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
Hchannel: channel_authentication_prop IM A sender
Hsender_safety:= channel_authentication_sender_safety IM A sender Hchannel: sender_safety_alt_prop IM A sender
H28: finite.Finite validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
H29: WitnessedEquivocation.WitnessedEquivocationCapability IM threshold A sender
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop (IM i) message_dependencies
msg: message
s: state (tracewise_limited_equivocation_vlsm_composition IM threshold A sender)
im: option message
i: index
li: label (IM i)
sigma: state Limited
Ht: input_constrained_transition (IM (projT1 (existT i li))) (projT2 (existT i li)) (s (projT1 (existT i li)), im) (original_state sigma (projT1 (existT i li)), Some msg)
Hsigma: valid_state_prop Limited sigmacan_produce (preloaded_with_all_messages_vlsm (IM i)) (original_state sigma i) msg