From VLSM.Lib Require Import Itauto.[Loading ML file ring_plugin.cmxs (using legacy method) ... done]
[Loading ML file zify_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_plugin.cmxs (using legacy method) ... done]
[Loading ML file btauto_plugin.cmxs (using legacy method) ... done]
[Loading ML file coq-itauto.plugin ... done]
From stdpp Require Import prelude finite.
From VLSM.Core Require Import VLSM VLSMProjections Composition.
From VLSM.Lib Require Import Preamble EquationsExtras ListExtras FinSetExtras.[Loading ML file extraction_plugin.cmxs (using legacy method) ... done]
[Loading ML file equations_plugin.cmxs (using legacy method) ... done]
From VLSM.Core Require Import ConstrainedVLSM.

Tutorial: Round-Based Asynchronous Muddy Children Puzzle

This module formalizes the Muddy Children (MC) puzzle as a constrained composition of VLSMs that communicate asynchronously in rounds. The module provides an advanced self-contained example of modeling and reasoning with VLSMs.

Consider a standard statement of the MC puzzle:

"Three children are playing in the mud. Father calls the children to the house, arranging them in a semicircle so that each child can clearly see every other child. At least one of you has mud on your forehead, says Father. The children look around, each examining every other child's forehead. Of course, no child can examine his or her own. Father continues, If you know whether your forehead is dirty, then step forward now. No child steps forward. Father repeats himself a second time, If you know whether your forehead is dirty, then step forward now. Some but not all of the children step forward. Father repeats himself a third time, If you know whether your forehead is dirty, then step forward now. All of the remaining children step forward. How many children have muddy foreheads?"

We alter the puzzle in two ways:

we allow an arbitrary but fixed number of children, and
we allow the children to communicate asynchronously.

To allow asynchronous communication, we let each child maintain the "round" they perceive themselves to be in and to communicate their round number to their peers.

We define some VLSM-specific notions in the context of the MC puzzle (such as labels, states, initial states, messages, transitions, valid transitions, and composition constraints), but there are also some MC-specific notions (final state, consistent state, observation equivalence, and invariant).

The consistency property of states guarantees that a state adheres to the assumptions in the puzzle's statement:

there is at least one muddy child, and
any child sees all the muddy children except themselves.

Final states are those states in which each child has decided on a status, i.e., as muddy or clean.

The main result in the module is the theorem MC_safety, which establishes that final states are reachable from any non-initial valid state. The proof is based on the lemmas MC_composite_invariant_preservation, MC_progress and MC_round_bound.

Basic definitions

Inductive Label : Type :=
| init
| emit
| receive.

Inductive ChildStatus : Type :=
| undecided
| muddy
| clean.

Record RoundStatus : Type := mkRS
{
  rs_round : nat;
  rs_status : ChildStatus;
}.

Show RoundStatus using the constructor instead of the record syntax.

Add Printing Constructor RoundStatus.

Section sec_muddy.

Context
  (index : Type)
  `{finite.Finite index}
  `{Inhabited index}
  `{FinSet index indexSet}
  .

Children maintain the set of (indices of) other children they perceive as being muddy and (except for their initial state) the current round they perceive themselves to be at and their ChildStatus.

Record State : Type := mkSt
{
  st_obs : indexSet;
  st_rs : option RoundStatus;
}.

Show State using the constructor instead of the record syntax.

Add Printing Constructor State.

A message carries the identity of its sender, and shares the round number and their ChildStatus.

Record Message : Type := mkMsg
{
  msg_index : index;
  msg_round : nat;
  msg_status : ChildStatus;
}.

Show Message using the constructor instead of the record syntax.

Add Printing Constructor Message.

Definition MCType : VLSMType Message :=
{|
  state := State;
  label := Label;
|}.

Definition MC_initial_state_prop (s : State) : Prop :=
  st_rs s = None.

Equations MC_transition (i : index) (l : Label)
 (s : State) (om : option Message) : State * option Message :=
MC_transition i init (mkSt o None) None with size o :=
 { | 0 => (mkSt o (Some (mkRS 0 muddy)), None)
   | S _ => (mkSt o (Some (mkRS 0 undecided)), None)
 };
MC_transition i emit (mkSt o (Some (mkRS r status))) None :=
 ((mkSt o (Some (mkRS r status))), Some (mkMsg i r status));
MC_transition i receive (mkSt o (Some (mkRS r undecided))) (Some (mkMsg j r' clean))
 with decide (j ∈ o) :=
 { | right Hin =>
     if decide (r' = size o) then
       (mkSt o (Some (mkRS r' clean)), None)
     else if decide (r' = size o + 1) then
       (mkSt o (Some (mkRS (r' - 1) muddy)), None)
     else (mkSt o (Some (mkRS r undecided)), None)
   | left Hin => (mkSt o (Some (mkRS r undecided)), None)
 };
MC_transition i receive (mkSt o (Some (mkRS r undecided))) (Some (mkMsg j r' muddy))
 with decide (j ∈ o) :=
  { | left Hin =>
      if decide (r' = size o) then
       (mkSt o (Some (mkRS r' muddy)), None)
      else if decide (r' = size o - 1) then
       (mkSt o (Some (mkRS (r' + 1) clean)), None)
      else (mkSt o (Some (mkRS r undecided)), None)
   | right Hin => (mkSt o (Some (mkRS r undecided)), None)
  };
(**
  One of the most interesting cases of the transition function is the one when
  a child [i] who doesn't know their status receives a message from a child [j]
  who also doesn't know their own status. However, being at round [r'], [j] knows
  there are more than [r'] muddy children.
*)
MC_transition i receive (mkSt o (Some (mkRS r undecided))) (Some (mkMsg j r' undecided))
  (**
    If child [i] sees [j] as muddy, they can infer that there are actually more than
    [r' + 1] muddy children.
  *)
  with decide (j ∈ o) :=
  { | left Hin =>
      (**
        If [r' + 1] is less than or equal to the current round number of [i], then
        the round doesn't change and the status remains undecided.
      *)
      if decide (r' < r) then
        (mkSt o (Some (mkRS r undecided)), None)
      (**
        Else, we update the round number to [r' + 1], and have to compare it to
        the number of muddy children seen by child [i].
        If its less than that, the information gained is not useful enough to
        infer anything, so the status remains undecided.
      *)
      else if decide (r <= r' < size o - 1) then
        (mkSt o (Some (mkRS (r' + 1) undecided)), None)
      (**
        Else, if the updated round ever becomes equal to the number of muddy children
        seen by [i], they can conclude they are muddy.
      *)
      else if decide (r' = size o - 1) then
        (mkSt o (Some (mkRS (r' + 1) muddy)), None)
      else (mkSt o (Some (mkRS r undecided)), None)
    | right Hin =>
      if decide (r' <= r) then
        (mkSt o (Some (mkRS r undecided)), None)
      else if decide (r < r' < size o) then
        (mkSt o (Some (mkRS r' undecided)), None)
      else if decide (r' = size o) then
        (mkSt o (Some (mkRS r' muddy)), None)
      else (mkSt o (Some (mkRS r undecided)), None)
  };
MC_transition _ _ s _ := (s, None).

Definition state_status (s : option RoundStatus) : ChildStatus :=
  from_option rs_status undecided s.

Definition state_round (s : option RoundStatus) : nat :=
  from_option rs_round 0 s.

Definition state_round_inc (s : State) : nat :=
  match st_rs s with
  | Some rs => S (rs_round rs)
  | _ => 0
  end.

Definition message_status (om : option Message) : ChildStatus :=
  from_option msg_status undecided om.

Definition message_round (om : option Message) : nat :=
  from_option msg_round 0 om.

Definition message_index (om : option Message) (i : index) : index :=
  from_option msg_index i om.

Inductive MC_valid : Label -> State -> option Message -> Prop :=
| MC_valid_init : forall o : indexSet,
    MC_valid init (mkSt o None) None
| MC_valid_emit : forall (o : indexSet) (rs : RoundStatus),
    MC_valid emit (mkSt o (Some rs)) None
| MC_valid_receive : forall (o : indexSet) (rs : RoundStatus) (m : Message),
    MC_valid receive (mkSt o (Some rs)) (Some m).

#[export] Instance ChildStatus_eq_dec : EqDecision ChildStatus.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
EqDecision ChildStatus
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
EqDecision ChildStatus by intros x y; unfold Decision; decide equality. Qed.

Definition MC_initial_state_type : Type :=
  {st : State | MC_initial_state_prop st}.

Program Definition MC_initial_state : MC_initial_state_type :=
  exist _ (mkSt ∅ None) _.
Next Obligation.indexSet, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
MC_initial_state_prop (mkSt ∅ None)
Proof.indexSet, index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
MC_initial_state_prop (mkSt ∅ None) done. Qed.

#[export] Instance Decision_MC_initial_state_prop :
  forall s, Decision (MC_initial_state_prop s).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ s : State, Decision (MC_initial_state_prop s)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ s : State, Decision (MC_initial_state_prop s) by typeclasses eauto. Qed.

#[export] Instance Inhabited_MC_initial_state_type : Inhabited (MC_initial_state_type) :=
  populate (MC_initial_state).

Definition MCMachine (i : index) : VLSMMachine MCType :=
{|
  initial_state_prop := MC_initial_state_prop;
  initial_message_prop := const False;
  transition := fun l '(st, om) => MC_transition i l st om;
  valid := fun l '(st, om) => MC_valid l st om;
|}.

Definition MCVLSM (i : index) : VLSM Message :=
{|
  vlsm_type := MCType;
  vlsm_machine := MCMachine i;
|}.

#[export] Instance MC_composite_initial_state_dec :
  forall s, Decision (composite_initial_state_prop MCVLSM s).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ s : composite_state MCVLSM,
  Decision (composite_initial_state_prop MCVLSM s)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ s : composite_state MCVLSM,
  Decision (composite_initial_state_prop MCVLSM s)
  intros s; eapply @Decision_iff with
    (P := Forall (fun n : index => initial_state_prop (MCVLSM n) (s n)) (enum index)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Forall (λ n : index, initial_state_prop (s n))
  (enum index) ↔ composite_initial_state_prop MCVLSM s
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Decision
  (Forall (λ n : index, initial_state_prop (s n))
     (enum index))
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Forall (λ n : index, initial_state_prop (s n))
  (enum index) ↔ composite_initial_state_prop MCVLSM s rewrite Forall_forall; apply forall_proper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
∀ x : index,
  (x ∈ enum index → initial_state_prop (s x))
  ↔ initial_state_prop (s x)
    split; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
(x ∈ enum index → initial_state_prop (s x))
→ initial_state_prop (s x)
    by intros Hx; apply Hx, elem_of_enum.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Decision
  (Forall (λ n : index, initial_state_prop (s n))
     (enum index)) by typeclasses eauto.
Qed.

Definition MuddyUnion (s : composite_state MCVLSM) : indexSet :=
  ⋃ (map (fun i => st_obs (s i)) (enum index)).

Lemma MuddyUnion_elem (s : composite_state MCVLSM) (i j : index) :
  i ∈ st_obs (s j) -> i ∈ MuddyUnion s.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i, j: index
i ∈ st_obs (s j) → i ∈ MuddyUnion s
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i, j: index
i ∈ st_obs (s j) → i ∈ MuddyUnion s
  intros Hobs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i, j: index
Hobs: i ∈ st_obs (s j)
i ∈ MuddyUnion s
  apply elem_of_union_list.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i, j: index
Hobs: i ∈ st_obs (s j)
∃ X : indexSet,
  X ∈ map (λ i : index, st_obs (s i)) (enum index)
  ∧ i ∈ X
  exists (st_obs (s j)); split; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i, j: index
Hobs: i ∈ st_obs (s j)
st_obs (s j)
∈ map (λ i : index, st_obs (s i)) (enum index)
  apply elem_of_list_fmap.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i, j: index
Hobs: i ∈ st_obs (s j)
∃ y : index,
  st_obs (s j) = st_obs (s y) ∧ y ∈ enum index
  exists j; split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i, j: index
Hobs: i ∈ st_obs (s j)
j ∈ enum index
  by apply elem_of_enum.
Qed.

Definition consistent (s : composite_state MCVLSM) : Prop :=
  MuddyUnion s ≢  ∅ /\ forall n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}.

Definition MC_no_equivocation (s : composite_state MCVLSM) (m : Message) : Prop :=
  match m with
  | mkMsg n r' status' =>
    match s n with
    | mkSt _ (Some (mkRS r status)) =>
      (status' = status /\ r' = r) \/ (status' = undecided /\ r' < r)
    | _ => False
    end
  end.

Inductive MC_no_equivocation_inductive : composite_state MCVLSM -> Message -> Prop :=
| MC_no_equivocation_inductive_msg_eq : forall s n o r status,
    s n = mkSt o (Some (mkRS r status)) ->
    MC_no_equivocation_inductive s (mkMsg n r status)
| MC_no_equivocation_inductive_undecided : forall s n o r r' status,
    s n = mkSt o (Some (mkRS r status)) ->
    r' < r ->
    MC_no_equivocation_inductive s (mkMsg n r' undecided).

Lemma MC_no_equivocation_inductive_equiv :
  forall s m, MC_no_equivocation s m <-> MC_no_equivocation_inductive s m.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s : composite_state MCVLSM) (m : Message),
  MC_no_equivocation s m
  ↔ MC_no_equivocation_inductive s m
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s : composite_state MCVLSM) (m : Message),
  MC_no_equivocation s m
  ↔ MC_no_equivocation_inductive s m
  split; destruct m; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
match s msg_index0 with
| mkSt _ (Some (mkRS r status)) =>
    msg_status0 = status ∧ msg_round0 = r
    ∨ msg_status0 = undecided ∧ msg_round0 < r
| mkSt _ None => False
end
→ MC_no_equivocation_inductive s
    (mkMsg msg_index0 msg_round0 msg_status0)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
MC_no_equivocation_inductive s
  (mkMsg msg_index0 msg_round0 msg_status0)
→ match s msg_index0 with
  | mkSt _ (Some (mkRS r status)) =>
      msg_status0 = status ∧ msg_round0 = r
      ∨ msg_status0 = undecided ∧ msg_round0 < r
  | mkSt _ None => False
  end
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
match s msg_index0 with
| mkSt _ (Some (mkRS r status)) =>
    msg_status0 = status ∧ msg_round0 = r
    ∨ msg_status0 = undecided ∧ msg_round0 < r
| mkSt _ None => False
end
→ MC_no_equivocation_inductive s
    (mkMsg msg_index0 msg_round0 msg_status0) repeat case_match; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
st_obs0: indexSet
st_rs0: option RoundStatus
r: RoundStatus
rs_round0: nat
rs_status0: ChildStatus
H11: r = mkRS rs_round0 rs_status0
H10: st_rs0 = Some (mkRS rs_round0 rs_status0)
H9: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 rs_status0))
msg_status0 = rs_status0 ∧ msg_round0 = rs_round0
∨ msg_status0 = undecided ∧ msg_round0 < rs_round0
→ MC_no_equivocation_inductive s
    (mkMsg msg_index0 msg_round0 msg_status0)
    intros [[] | []]; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
msg_index0: index
st_obs0: indexSet
rs_round0: nat
rs_status0: ChildStatus
H9: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 rs_status0))
MC_no_equivocation_inductive s
  (mkMsg msg_index0 rs_round0 rs_status0)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
msg_index0: index
msg_round0: nat
st_obs0: indexSet
rs_round0: nat
rs_status0: ChildStatus
H9: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 rs_status0))
H13: msg_round0 < rs_round0
MC_no_equivocation_inductive s
  (mkMsg msg_index0 msg_round0 undecided)
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
msg_index0: index
st_obs0: indexSet
rs_round0: nat
rs_status0: ChildStatus
H9: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 rs_status0))
MC_no_equivocation_inductive s
  (mkMsg msg_index0 rs_round0 rs_status0) by eapply MC_no_equivocation_inductive_msg_eq; eauto.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
msg_index0: index
msg_round0: nat
st_obs0: indexSet
rs_round0: nat
rs_status0: ChildStatus
H9: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 rs_status0))
H13: msg_round0 < rs_round0
MC_no_equivocation_inductive s
  (mkMsg msg_index0 msg_round0 undecided) by eapply MC_no_equivocation_inductive_undecided; eauto.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
MC_no_equivocation_inductive s
  (mkMsg msg_index0 msg_round0 msg_status0)
→ match s msg_index0 with
  | mkSt _ (Some (mkRS r status)) =>
      msg_status0 = status ∧ msg_round0 = r
      ∨ msg_status0 = undecided ∧ msg_round0 < r
  | mkSt _ None => False
  end by repeat case_match; inversion 1; itauto congruence.
Qed.

Definition MC_constraint
  (l : composite_label MCVLSM) (sm : composite_state MCVLSM * option Message) : Prop :=
  match l, sm with
  | existT _ init, (s, _) => consistent s
  | existT _ receive, (s, Some m) => MC_no_equivocation s m
  | _, _ => True
  end.

Definition MC_composite_vlsm : VLSM Message :=
  composite_vlsm MCVLSM MC_constraint.

Definition MC_final_state (s : composite_state MCVLSM) : Prop :=
  forall n : index, state_status (st_rs (s n)) <> undecided.

Definition MC_initial_consistent_state (s : composite_state MCVLSM) : Prop :=
  composite_initial_state_prop MCVLSM s /\ consistent s.

Definition MC_non_initial_valid_state (s : composite_state MCVLSM) : Prop :=
  valid_state_prop MC_composite_vlsm s /\ ~ (composite_initial_state_prop MCVLSM s).

Definition MC_obs_equivalence (s1 s2 : composite_state MCVLSM) : Prop :=
  forall n : index, st_obs (s1 n) ≡ st_obs (s2 n).

#[export] Instance MC_obs_equiv_refl : Reflexive MC_obs_equivalence.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Reflexive MC_obs_equivalence
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Reflexive MC_obs_equivalence done. Qed.

#[export] Instance MC_obs_equiv_symm : Symmetric MC_obs_equivalence.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Symmetric MC_obs_equivalence
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Symmetric MC_obs_equivalence by unfold MC_obs_equivalence; intros x y Hxy. Qed.

#[export] Instance MC_obs_equiv_trans : Transitive MC_obs_equivalence.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Transitive MC_obs_equivalence
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Transitive MC_obs_equivalence
  by unfold MC_obs_equivalence; intros s1 s2 s3 H12 H23;
    etransitivity; [apply H12 | apply H23].
Qed.

#[export] Instance MC_obs_equiv_equiv : Equivalence MC_obs_equivalence.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Equivalence MC_obs_equivalence
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Equivalence MC_obs_equivalence by split; typeclasses eauto. Qed.

Lemma MC_state_update_preserves_obs_equiv
  (s : composite_state MCVLSM) (i : index) (si : State) :
  st_obs (s i) ≡ st_obs si -> MC_obs_equivalence s (state_update MCVLSM s i si).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
si: State
st_obs (s i) ≡ st_obs si
→ MC_obs_equivalence s (state_update MCVLSM s i si)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
si: State
st_obs (s i) ≡ st_obs si
→ MC_obs_equivalence s (state_update MCVLSM s i si)
  by intros Hobs n; destruct (decide (n = i)); subst; state_update_simpl.
Qed.

Lemma MC_obs_equiv_preserves_muddy (s1 s2 : composite_state MCVLSM) :
  MC_obs_equivalence s1 s2 -> MuddyUnion s1 ≡ MuddyUnion s2.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
MC_obs_equivalence s1 s2
→ MuddyUnion s1 ≡ MuddyUnion s2
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
MC_obs_equivalence s1 s2
→ MuddyUnion s1 ≡ MuddyUnion s2
  intros Hobs; unfold MuddyUnion.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
⋃ map (λ i : index, st_obs (s1 i)) (enum index)
≡ ⋃ map (λ i : index, st_obs (s2 i)) (enum index)
  intros i; rewrite !elem_of_union_list.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i: index
(∃ X : indexSet,
   X ∈ map (λ i : index, st_obs (s1 i)) (enum index)
   ∧ i ∈ X)
↔ (∃ X : indexSet,
     X ∈ map (λ i : index, st_obs (s2 i)) (enum index)
     ∧ i ∈ X)
  split; intros (X & HX & Hi); apply elem_of_list_fmap in HX as (y & -> & Hy).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s1 y)
∃ X : indexSet,
  X ∈ map (λ i : index, st_obs (s2 i)) (enum index)
  ∧ i ∈ X
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s2 y)
∃ X : indexSet,
  X ∈ map (λ i : index, st_obs (s1 i)) (enum index)
  ∧ i ∈ X
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s1 y)
∃ X : indexSet,
  X ∈ map (λ i : index, st_obs (s2 i)) (enum index)
  ∧ i ∈ X exists (st_obs (s2 y)); split.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s1 y)
st_obs (s2 y)
∈ map (λ i : index, st_obs (s2 i)) (enum index)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s1 y)
i ∈ st_obs (s2 y)
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s1 y)
st_obs (s2 y)
∈ map (λ i : index, st_obs (s2 i)) (enum index) by apply elem_of_list_fmap; exists y.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s1 y)
i ∈ st_obs (s2 y) by apply Hobs.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s2 y)
∃ X : indexSet,
  X ∈ map (λ i : index, st_obs (s1 i)) (enum index)
  ∧ i ∈ X exists (st_obs (s1 y)); split.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s2 y)
st_obs (s1 y)
∈ map (λ i : index, st_obs (s1 i)) (enum index)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s2 y)
i ∈ st_obs (s1 y)
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s2 y)
st_obs (s1 y)
∈ map (λ i : index, st_obs (s1 i)) (enum index) by apply elem_of_list_fmap; exists y.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
i, y: index
Hy: y ∈ enum index
Hi: i ∈ st_obs (s2 y)
i ∈ st_obs (s1 y) by apply Hobs.
Qed.

Lemma MC_obs_equiv_preserves_consistency (s1 s2 : composite_state MCVLSM) :
  MC_obs_equivalence s1 s2 -> consistent s1 -> consistent s2.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
MC_obs_equivalence s1 s2
→ consistent s1 → consistent s2
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
MC_obs_equivalence s1 s2
→ consistent s1 → consistent s2
  intros Hobs [Hnempty Hcons]; split.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hnempty: MuddyUnion s1 ≢ ∅
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
MuddyUnion s2 ≢ ∅
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hnempty: MuddyUnion s1 ≢ ∅
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
∀ n : index, st_obs (s2 n) ≡ MuddyUnion s2 ∖ {[n]}
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hnempty: MuddyUnion s1 ≢ ∅
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
MuddyUnion s2 ≢ ∅ unfold MuddyUnion in Hnempty |- *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hnempty: ⋃ map (λ i : index, st_obs (s1 i))
    (enum index) ≢ ∅
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
⋃ map (λ i : index, st_obs (s2 i)) (enum index) ≢ ∅
    rewrite empty_union_list, Forall_forall in Hnempty |- *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hnempty: ¬ (∀ x : indexSet,
     x
     ∈ map (λ i : index, st_obs (s1 i))
         (enum index) → 
     x ≡ ∅)
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
¬ (∀ x : indexSet,
     x ∈ map (λ i : index, st_obs (s2 i)) (enum index)
     → x ≡ ∅)
    contradict Hnempty.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
Hnempty: ∀ x : indexSet,
  x
  ∈ map (λ i : index, st_obs (s2 i))
      (enum index) → x ≡ ∅
∀ x : indexSet,
  x ∈ map (λ i : index, st_obs (s1 i)) (enum index)
  → x ≡ ∅
    intros x Hx.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
Hnempty: ∀ x : indexSet,
  x
  ∈ map (λ i : index, st_obs (s2 i))
      (enum index) → x ≡ ∅
x: indexSet
Hx: x ∈ map (λ i : index, st_obs (s1 i)) (enum index)
x ≡ ∅
    apply elem_of_list_fmap in Hx as (j & -> & _).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
Hnempty: ∀ x : indexSet,
  x
  ∈ map (λ i : index, st_obs (s2 i))
      (enum index) → x ≡ ∅
j: index
st_obs (s1 j) ≡ ∅
    unfold MC_obs_equivalence in Hobs; rewrite Hobs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: ∀ n : index, st_obs (s1 n) ≡ st_obs (s2 n)
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
Hnempty: ∀ x : indexSet,
  x
  ∈ map (λ i : index, st_obs (s2 i))
      (enum index) → x ≡ ∅
j: index
st_obs (s2 j) ≡ ∅
    apply Hnempty, elem_of_list_fmap.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: ∀ n : index, st_obs (s1 n) ≡ st_obs (s2 n)
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
Hnempty: ∀ x : indexSet,
  x
  ∈ map (λ i : index, st_obs (s2 i))
      (enum index) → x ≡ ∅
j: index
∃ y : index,
  st_obs (s2 j) = st_obs (s2 y) ∧ y ∈ enum index
    exists j; split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: ∀ n : index, st_obs (s1 n) ≡ st_obs (s2 n)
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
Hnempty: ∀ x : indexSet,
  x
  ∈ map (λ i : index, st_obs (s2 i))
      (enum index) → x ≡ ∅
j: index
j ∈ enum index
    by apply elem_of_enum.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hnempty: MuddyUnion s1 ≢ ∅
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
∀ n : index, st_obs (s2 n) ≡ MuddyUnion s2 ∖ {[n]} intros j x.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hnempty: MuddyUnion s1 ≢ ∅
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
j, x: index
x ∈ st_obs (s2 j) ↔ x ∈ MuddyUnion s2 ∖ {[j]}
    rewrite <- MC_obs_equiv_preserves_muddy by done.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: MC_obs_equivalence s1 s2
Hnempty: MuddyUnion s1 ≢ ∅
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
j, x: index
x ∈ st_obs (s2 j) ↔ x ∈ MuddyUnion s1 ∖ {[j]}
    unfold MC_obs_equivalence in Hobs; rewrite <- Hobs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
Hobs: ∀ n : index, st_obs (s1 n) ≡ st_obs (s2 n)
Hnempty: MuddyUnion s1 ≢ ∅
Hcons: ∀ n : index,
  st_obs (s1 n) ≡ MuddyUnion s1 ∖ {[n]}
j, x: index
x ∈ st_obs (s1 j) ↔ x ∈ MuddyUnion s1 ∖ {[j]}
    by apply Hcons.
Qed.

Lemma MC_trans_preserves_obs_equiv (s : composite_state MCVLSM) :
  forall (l : composite_label MCVLSM) (s' : composite_state MCVLSM) (m m' : option Message),
    composite_transition (MCVLSM) l (s, m) = (s', m') -> MC_obs_equivalence s s'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
∀ (l : composite_label MCVLSM) (s' : composite_state
                                       MCVLSM) (m
                                                m' : 
                                                option
                                                 Message),
  composite_transition MCVLSM l (s, m) = (s', m')
  → MC_obs_equivalence s s'
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
∀ (l : composite_label MCVLSM) (s' : composite_state
                                       MCVLSM) (m
                                                m' : 
                                                option
                                                 Message),
  composite_transition MCVLSM l (s, m) = (s', m')
  → MC_obs_equivalence s s'
  intros; unfold composite_transition in H9.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
l: composite_label MCVLSM
s': composite_state MCVLSM
m, m': option Message
H9: (let (i, li) := l in
 let (si', om') := transition li (s i, m) in
 (state_update MCVLSM s i si', om')) = (
s', m')
MC_obs_equivalence s s'
  destruct l as [i li], (transition li (s i, m)) eqn: Ht;
    cbn in Ht; inversion H9; subst; clear H9.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
li: label (MCVLSM i)
m, m': option Message
s0: state (MCVLSM i)
Ht: MC_transition i li (s i) m = (s0, m')
MC_obs_equivalence s (state_update MCVLSM s i s0)
  apply MC_state_update_preserves_obs_equiv.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
li: label (MCVLSM i)
m, m': option Message
s0: state (MCVLSM i)
Ht: MC_transition i li (s i) m = (s0, m')
st_obs (s i) ≡ st_obs s0
  destruct s0, (s i).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
li: label (MCVLSM i)
m, m': option Message
st_obs0: indexSet
st_rs0: option RoundStatus
st_obs1: indexSet
st_rs1: option RoundStatus
Ht: MC_transition i li (mkSt st_obs1 st_rs1) m =
(mkSt st_obs0 st_rs0, m')
st_obs (mkSt st_obs1 st_rs1)
≡ st_obs (mkSt st_obs0 st_rs0)
  revert Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
li: label (MCVLSM i)
m, m': option Message
st_obs0: indexSet
st_rs0: option RoundStatus
st_obs1: indexSet
st_rs1: option RoundStatus
MC_transition i li (mkSt st_obs1 st_rs1) m =
(mkSt st_obs0 st_rs0, m')
→ st_obs (mkSt st_obs1 st_rs1)
  ≡ st_obs (mkSt st_obs0 st_rs0)
  by apply FunctionalElimination_MC_transition; intros; inversion Ht;
    subst; try done; repeat case_decide; inversion H10.
Qed.

Lemma MC_in_futures_preserves_obs_equiv
  (s s' : composite_state MCVLSM)
  (Hfutures : in_futures MC_composite_vlsm s s') :
  MC_obs_equivalence s s'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
MC_obs_equivalence s s'
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
MC_obs_equivalence s s'
  apply (in_futures_preserving MC_composite_vlsm); [.. | done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
PreOrder MC_obs_equivalence
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
input_valid_transition_preserving MC_composite_vlsm
  MC_obs_equivalence
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
PreOrder MC_obs_equivalence by split; typeclasses eauto.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
input_valid_transition_preserving MC_composite_vlsm
  MC_obs_equivalence intros s1 s2 l om1 om2 [].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
s1, s2: state MC_composite_vlsm
l: label MC_composite_vlsm
om1, om2: option Message
H9: input_valid MC_composite_vlsm l (s1, om1)
H10: transition l (s1, om1) = (s2, om2)
MC_obs_equivalence s1 s2
    by apply MC_trans_preserves_obs_equiv with l om1 om2.
Qed.

Lemma MC_in_futures_preserves_muddy
  (s s' : composite_state MCVLSM) (Hfutures : in_futures MC_composite_vlsm s s') :
    MuddyUnion s ≡ MuddyUnion s'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
MuddyUnion s ≡ MuddyUnion s'
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
MuddyUnion s ≡ MuddyUnion s'
  by intros; apply MC_obs_equiv_preserves_muddy, MC_in_futures_preserves_obs_equiv.
Qed.

Lemma MC_in_futures_preserves_consistency
  (s s' : composite_state MCVLSM) (Hfutures : in_futures MC_composite_vlsm s s') :
    consistent s <-> consistent s'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
consistent s ↔ consistent s'
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
consistent s ↔ consistent s'
  unfold consistent.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
MuddyUnion s ≢ ∅
∧ (∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]})
↔ MuddyUnion s' ≢ ∅
  ∧ (∀ n : index,
       st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]})
  apply MC_in_futures_preserves_obs_equiv in Hfutures as Hfutures'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
Hfutures': MC_obs_equivalence s s'
MuddyUnion s ≢ ∅
∧ (∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]})
↔ MuddyUnion s' ≢ ∅
  ∧ (∀ n : index,
       st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]})
  unfold MC_obs_equivalence in Hfutures'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
Hfutures': ∀ n : index, st_obs (s n) ≡ st_obs (s' n)
MuddyUnion s ≢ ∅
∧ (∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]})
↔ MuddyUnion s' ≢ ∅
  ∧ (∀ n : index,
       st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]})
  setoid_rewrite Hfutures'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: in_futures MC_composite_vlsm s s'
Hfutures': ∀ n : index, st_obs (s n) ≡ st_obs (s' n)
MuddyUnion s ≢ ∅
∧ (∀ n : index, st_obs (s' n) ≡ MuddyUnion s ∖ {[n]})
↔ MuddyUnion s' ≢ ∅
  ∧ (∀ n : index,
       st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]})
  apply MC_in_futures_preserves_muddy in Hfutures.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, s': composite_state MCVLSM
Hfutures: MuddyUnion s ≡ MuddyUnion s'
Hfutures': ∀ n : index, st_obs (s n) ≡ st_obs (s' n)
MuddyUnion s ≢ ∅
∧ (∀ n : index, st_obs (s' n) ≡ MuddyUnion s ∖ {[n]})
↔ MuddyUnion s' ≢ ∅
  ∧ (∀ n : index,
       st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]})
  by setoid_rewrite Hfutures.
Qed.

Lemma MC_non_initial_valid_consistent :
  forall (s : composite_state MCVLSM), MC_non_initial_valid_state s -> consistent s.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ s : composite_state MCVLSM,
  MC_non_initial_valid_state s → consistent s
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ s : composite_state MCVLSM,
  MC_non_initial_valid_state s → consistent s
  intros s [Hvalid Hnon_initial].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnon_initial: ¬ composite_initial_state_prop MCVLSM s
consistent s
  induction Hvalid using valid_state_prop_ind; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
l: label MC_composite_vlsm
om, om': option Message
s: state MC_composite_vlsm
Ht: input_valid_transition MC_composite_vlsm l
  (s, om) (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
consistent s'
  destruct Ht as [(_ & _ & Hv & Hc) Ht].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
l: label MC_composite_vlsm
om, om': option Message
s: state MC_composite_vlsm
Hv: valid l (s, om)
Hc: MC_constraint l (s, om)
Ht: transition l (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
consistent s'
  destruct (decide (composite_initial_state_prop MCVLSM s)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
l: label MC_composite_vlsm
om, om': option Message
s: state MC_composite_vlsm
Hv: valid l (s, om)
Hc: MC_constraint l (s, om)
Ht: transition l (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
c: composite_initial_state_prop MCVLSM s
consistent s'
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
l: label MC_composite_vlsm
om, om': option Message
s: state MC_composite_vlsm
Hv: valid l (s, om)
Hc: MC_constraint l (s, om)
Ht: transition l (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
n: ¬ composite_initial_state_prop MCVLSM s
consistent s'
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
l: label MC_composite_vlsm
om, om': option Message
s: state MC_composite_vlsm
Hv: valid l (s, om)
Hc: MC_constraint l (s, om)
Ht: transition l (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
c: composite_initial_state_prop MCVLSM s
consistent s' destruct l as [i []]; cbn in Hv.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
i: index
om, om': option Message
s: state MC_composite_vlsm
Hv: MC_valid init (s i) om
Hc: MC_constraint (existT i init) (s, om)
Ht: transition (existT i init) (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
c: composite_initial_state_prop MCVLSM s
consistent s'
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
i: index
om, om': option Message
s: state MC_composite_vlsm
Hv: MC_valid emit (s i) om
Hc: MC_constraint (existT i emit) (s, om)
Ht: transition (existT i emit) (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
c: composite_initial_state_prop MCVLSM s
consistent s'
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
i: index
om, om': option Message
s: state MC_composite_vlsm
Hv: MC_valid receive (s i) om
Hc: MC_constraint (existT i receive) (s, om)
Ht: transition (existT i receive) (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
c: composite_initial_state_prop MCVLSM s
consistent s'
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
i: index
om, om': option Message
s: state MC_composite_vlsm
Hv: MC_valid init (s i) om
Hc: MC_constraint (existT i init) (s, om)
Ht: transition (existT i init) (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
c: composite_initial_state_prop MCVLSM s
consistent s' eapply MC_obs_equiv_preserves_consistency; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
i: index
om, om': option Message
s: state MC_composite_vlsm
Hv: MC_valid init (s i) om
Hc: MC_constraint (existT i init) (s, om)
Ht: transition (existT i init) (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
c: composite_initial_state_prop MCVLSM s
MC_obs_equivalence s s'
      by eapply MC_trans_preserves_obs_equiv
        with (s := s) (l := existT i init) (m := om) (m' := om').
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
i: index
om, om': option Message
s: state MC_composite_vlsm
Hv: MC_valid emit (s i) om
Hc: MC_constraint (existT i emit) (s, om)
Ht: transition (existT i emit) (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
c: composite_initial_state_prop MCVLSM s
consistent s' by inversion Hv; specialize (c i); rewrite <- H9 in c.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
i: index
om, om': option Message
s: state MC_composite_vlsm
Hv: MC_valid receive (s i) om
Hc: MC_constraint (existT i receive) (s, om)
Ht: transition (existT i receive) (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
c: composite_initial_state_prop MCVLSM s
consistent s' by inversion Hv; specialize (c i); rewrite <- H9 in c.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
l: label MC_composite_vlsm
om, om': option Message
s: state MC_composite_vlsm
Hv: valid l (s, om)
Hc: MC_constraint l (s, om)
Ht: transition l (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
n: ¬ composite_initial_state_prop MCVLSM s
consistent s' eapply MC_obs_equiv_preserves_consistency; [| by apply IHHvalid].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s': state MC_composite_vlsm
l: label MC_composite_vlsm
om, om': option Message
s: state MC_composite_vlsm
Hv: valid l (s, om)
Hc: MC_constraint l (s, om)
Ht: transition l (s, om) = (s', om')
Hnon_initial: ¬ composite_initial_state_prop MCVLSM
    s'
IHHvalid: ¬ composite_initial_state_prop MCVLSM s
→ consistent s
n: ¬ composite_initial_state_prop MCVLSM s
MC_obs_equivalence s s'
    by apply MC_trans_preserves_obs_equiv
      with (s := s) (l := l) (m := om) (m' := om').
Qed.

Lemma MC_muddy_number_of_muddy_seen (s : composite_state MCVLSM) (j : index) :
  consistent s ->
  j ∈ MuddyUnion s ->
  size (st_obs (s j)) = size (MuddyUnion s) - 1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
consistent s
→ j ∈ MuddyUnion s
  → size (st_obs (s j)) = size (MuddyUnion s) - 1
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
consistent s
→ j ∈ MuddyUnion s
  → size (st_obs (s j)) = size (MuddyUnion s) - 1
  intros [Hnempty Hn] n.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: j ∈ MuddyUnion s
size (st_obs (s j)) = size (MuddyUnion s) - 1
  rewrite Hn, size_difference.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: j ∈ MuddyUnion s
size (MuddyUnion s) - size {[j]} =
size (MuddyUnion s) - 1
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: j ∈ MuddyUnion s
{[j]} ⊆ MuddyUnion s
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: j ∈ MuddyUnion s
size (MuddyUnion s) - size {[j]} =
size (MuddyUnion s) - 1 by rewrite size_singleton.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: j ∈ MuddyUnion s
{[j]} ⊆ MuddyUnion s by rewrite singleton_subseteq_l.
Qed.

Lemma MC_muddy_number_of_muddy_seen_iff (s : composite_state MCVLSM) (j : index) :
  consistent s ->
  j ∈ MuddyUnion s <-> size (st_obs (s j)) = size (MuddyUnion s) - 1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
consistent s
→ j ∈ MuddyUnion s
  ↔ size (st_obs (s j)) = size (MuddyUnion s) - 1
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
consistent s
→ j ∈ MuddyUnion s
  ↔ size (st_obs (s j)) = size (MuddyUnion s) - 1
  intros [Hnempty Hn].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j ∈ MuddyUnion s
↔ size (st_obs (s j)) = size (MuddyUnion s) - 1
  split; [by apply MC_muddy_number_of_muddy_seen |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (st_obs (s j)) = size (MuddyUnion s) - 1
→ j ∈ MuddyUnion s
  intros Hsize.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (st_obs (s j)) = size (MuddyUnion s) - 1
j ∈ MuddyUnion s
  rewrite Hn, size_difference_alt in Hsize.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s) - 1
j ∈ MuddyUnion s
  destruct (decide (size (MuddyUnion s) = 0));
    [by apply size_non_empty_iff in Hnempty |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s) - 1
n: size (MuddyUnion s) ≠ 0
j ∈ MuddyUnion s
  cut (size (MuddyUnion s ∩ {[j]}) ≠ 0).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s) - 1
n: size (MuddyUnion s) ≠ 0
size (MuddyUnion s ∩ {[j]}) ≠ 0 → j ∈ MuddyUnion s
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s) - 1
n: size (MuddyUnion s) ≠ 0
size (MuddyUnion s ∩ {[j]}) ≠ 0
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s) - 1
n: size (MuddyUnion s) ≠ 0
size (MuddyUnion s ∩ {[j]}) ≠ 0 → j ∈ MuddyUnion s
    intros Hsizennull.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s) - 1
n: size (MuddyUnion s) ≠ 0
Hsizennull: size (MuddyUnion s ∩ {[j]}) ≠ 0
j ∈ MuddyUnion s
    apply size_non_empty_iff in Hsizennull.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s) - 1
n: size (MuddyUnion s) ≠ 0
Hsizennull: MuddyUnion s ∩ {[j]} ≢ ∅
j ∈ MuddyUnion s
    by set_solver.
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s) - 1
n: size (MuddyUnion s) ≠ 0
size (MuddyUnion s ∩ {[j]}) ≠ 0
  by lia.
Qed.

Lemma MC_clean_number_of_muddy_seen (s : composite_state MCVLSM) (j : index) :
  consistent s ->
  j ∉ MuddyUnion s ->
  size (st_obs (s j)) = size (MuddyUnion s).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
consistent s
→ j ∉ MuddyUnion s
  → size (st_obs (s j)) = size (MuddyUnion s)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
consistent s
→ j ∉ MuddyUnion s
  → size (st_obs (s j)) = size (MuddyUnion s)
  intros [Hnempty Hn] n.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: j ∉ MuddyUnion s
size (st_obs (s j)) = size (MuddyUnion s)
  rewrite Hn, size_difference_alt.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: j ∉ MuddyUnion s
size (MuddyUnion s) - size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s)
  replace (size (MuddyUnion s ∩ {[j]})) with 0; [by lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: j ∉ MuddyUnion s
0 = size (MuddyUnion s ∩ {[j]})
  by symmetry; apply size_empty_iff; set_solver.
Qed.

Lemma MC_clean_number_of_muddy_seen_iff (s : composite_state MCVLSM) (j : index) :
  consistent s ->
  j ∉ MuddyUnion s <-> size (st_obs (s j)) = size (MuddyUnion s).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
consistent s
→ j ∉ MuddyUnion s
  ↔ size (st_obs (s j)) = size (MuddyUnion s)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
consistent s
→ j ∉ MuddyUnion s
  ↔ size (st_obs (s j)) = size (MuddyUnion s)
  intros [Hnempty Hn].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j ∉ MuddyUnion s
↔ size (st_obs (s j)) = size (MuddyUnion s)
  split; [by apply MC_clean_number_of_muddy_seen |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (st_obs (s j)) = size (MuddyUnion s)
→ j ∉ MuddyUnion s
  intros Hsize.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (st_obs (s j)) = size (MuddyUnion s)
j ∉ MuddyUnion s
  rewrite Hn, size_difference_alt in Hsize.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s)
j ∉ MuddyUnion s
  destruct (decide (size (MuddyUnion s) = 0));
    [by apply size_non_empty_iff in Hnempty |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s)
n: size (MuddyUnion s) ≠ 0
j ∉ MuddyUnion s
  cut (size (MuddyUnion s ∩ {[j]}) = 0).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s)
n: size (MuddyUnion s) ≠ 0
size (MuddyUnion s ∩ {[j]}) = 0 → j ∉ MuddyUnion s
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s)
n: size (MuddyUnion s) ≠ 0
size (MuddyUnion s ∩ {[j]}) = 0
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s)
n: size (MuddyUnion s) ≠ 0
size (MuddyUnion s ∩ {[j]}) = 0 → j ∉ MuddyUnion s
    intros Hsize0.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s)
n: size (MuddyUnion s) ≠ 0
Hsize0: size (MuddyUnion s ∩ {[j]}) = 0
j ∉ MuddyUnion s
    apply size_empty_iff in Hsize0.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s)
n: size (MuddyUnion s) ≠ 0
Hsize0: MuddyUnion s ∩ {[j]} ≡ ∅
j ∉ MuddyUnion s
    by set_solver.
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
Hnempty: MuddyUnion s ≢ ∅
Hn: ∀ n : index, st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsize: size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]}) =
size (MuddyUnion s)
n: size (MuddyUnion s) ≠ 0
size (MuddyUnion s ∩ {[j]}) = 0
  by lia.
Qed.

Lemma MC_number_of_muddy_seen (s : composite_state MCVLSM) :
  consistent s ->
  forall n, size (st_obs (s n)) <= size (MuddyUnion s) <= size (st_obs (s n)) + 1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
consistent s
→ ∀ n : index,
    size (st_obs (s n)) <= size (MuddyUnion s) <=
    size (st_obs (s n)) + 1
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
consistent s
→ ∀ n : index,
    size (st_obs (s n)) <= size (MuddyUnion s) <=
    size (st_obs (s n)) + 1
  intros Hcons n.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hcons: consistent s
n: index
size (st_obs (s n)) <= size (MuddyUnion s) <=
size (st_obs (s n)) + 1
  destruct (decide (n ∈ MuddyUnion s)) as [Hdec | Hdec].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hcons: consistent s
n: index
Hdec: n ∈ MuddyUnion s
size (st_obs (s n)) <= size (MuddyUnion s) <=
size (st_obs (s n)) + 1
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hcons: consistent s
n: index
Hdec: n ∉ MuddyUnion s
size (st_obs (s n)) <= size (MuddyUnion s) <=
size (st_obs (s n)) + 1
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hcons: consistent s
n: index
Hdec: n ∈ MuddyUnion s
size (st_obs (s n)) <= size (MuddyUnion s) <=
size (st_obs (s n)) + 1 by apply MC_muddy_number_of_muddy_seen in Hdec as ->; [lia |].
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hcons: consistent s
n: index
Hdec: n ∉ MuddyUnion s
size (st_obs (s n)) <= size (MuddyUnion s) <=
size (st_obs (s n)) + 1 by apply MC_clean_number_of_muddy_seen in Hdec as ->; [lia |].
Qed.

Lemma MC_transition_undecided_receive_clean_round_obs :
  forall (i : index) (s : State) (m : Message),
    state_status (st_rs s) = undecided ->
    msg_status m = clean ->
    msg_index m ∉ st_obs s ->
    msg_round m = size (st_obs s) ->
    MC_transition i receive
      (mkSt (st_obs s) (Some (mkRS (state_round (st_rs s)) (state_status (st_rs s)))))
      (Some (mkMsg (msg_index m) (msg_round m) (msg_status m)))
      =
    (mkSt (st_obs s) (Some (mkRS (msg_round m) clean)), None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = clean
    → msg_index m ∉ st_obs s
      → msg_round m = size (st_obs s)
        → MC_transition i receive
            (mkSt (st_obs s)
               (Some
                  (mkRS (state_round (st_rs s))
                     (state_status (st_rs s)))))
            (Some
               (mkMsg (msg_index m) (msg_round m)
                  (msg_status m))) =
          (mkSt (st_obs s)
             (Some (mkRS (msg_round m) clean)), None)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = clean
    → msg_index m ∉ st_obs s
      → msg_round m = size (st_obs s)
        → MC_transition i receive
            (mkSt (st_obs s)
               (Some
                  (mkRS (state_round (st_rs s))
                     (state_status (st_rs s)))))
            (Some
               (mkMsg (msg_index m) (msg_round m)
                  (msg_status m))) =
          (mkSt (st_obs s)
             (Some (mkRS (msg_round m) clean)), None)
  by intros; rewrite H9, H10, MC_transition_equation_9;
    unfold MC_transition_clause_3; repeat case_decide.
Qed.

Lemma MC_transition_undecided_receive_clean_round_obs_plus_one :
  forall (i : index) (s : State) (m : Message),
    state_status (st_rs s) = undecided ->
    msg_status m = clean ->
    msg_index m ∉ st_obs s ->
    msg_round m = size (st_obs s) + 1 ->
    MC_transition i receive
      (mkSt (st_obs s) (Some (mkRS (state_round (st_rs s)) (state_status (st_rs s)))))
      (Some (mkMsg (msg_index m) (msg_round m) (msg_status m)))
      =
    (mkSt (st_obs s) (Some (mkRS (msg_round m - 1) muddy)), None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = clean
    → msg_index m ∉ st_obs s
      → msg_round m = size (st_obs s) + 1
        → MC_transition i receive
            (mkSt (st_obs s)
               (Some
                  (mkRS (state_round (st_rs s))
                     (state_status (st_rs s)))))
            (Some
               (mkMsg (msg_index m) (msg_round m)
                  (msg_status m))) =
          (mkSt (st_obs s)
             (Some (mkRS (msg_round m - 1) muddy)),
           None)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = clean
    → msg_index m ∉ st_obs s
      → msg_round m = size (st_obs s) + 1
        → MC_transition i receive
            (mkSt (st_obs s)
               (Some
                  (mkRS (state_round (st_rs s))
                     (state_status (st_rs s)))))
            (Some
               (mkMsg (msg_index m) (msg_round m)
                  (msg_status m))) =
          (mkSt (st_obs s)
             (Some (mkRS (msg_round m - 1) muddy)),
           None)
  by intros; rewrite H9, H10, MC_transition_equation_9;
    unfold MC_transition_clause_3; repeat case_decide; try done; lia.
Qed.

Lemma MC_transition_undecided_receive_muddy_round_obs :
  forall (i : index) (s : State) (m : Message),
    state_status (st_rs s) = undecided ->
    msg_status m = muddy ->
    msg_index m ∈ st_obs s ->
    msg_round m = size (st_obs s) ->
    MC_transition i receive
      (mkSt (st_obs s) (Some (mkRS (state_round (st_rs s)) (state_status (st_rs s)))))
      (Some (mkMsg (msg_index m) (msg_round m) (msg_status m)))
      =
    (mkSt (st_obs s) (Some (mkRS (msg_round m) muddy)), None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = muddy
    → msg_index m ∈ st_obs s
      → msg_round m = size (st_obs s)
        → MC_transition i receive
            (mkSt (st_obs s)
               (Some
                  (mkRS (state_round (st_rs s))
                     (state_status (st_rs s)))))
            (Some
               (mkMsg (msg_index m) (msg_round m)
                  (msg_status m))) =
          (mkSt (st_obs s)
             (Some (mkRS (msg_round m) muddy)), None)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = muddy
    → msg_index m ∈ st_obs s
      → msg_round m = size (st_obs s)
        → MC_transition i receive
            (mkSt (st_obs s)
               (Some
                  (mkRS (state_round (st_rs s))
                     (state_status (st_rs s)))))
            (Some
               (mkMsg (msg_index m) (msg_round m)
                  (msg_status m))) =
          (mkSt (st_obs s)
             (Some (mkRS (msg_round m) muddy)), None)
  by intros; rewrite H9, H10, MC_transition_equation_8;
    unfold MC_transition_clause_4; repeat case_decide.
Qed.

Lemma MC_transition_undecided_receive_muddy_round_obs_minus_one :
  forall (i : index) (s : State) (m : Message),
    state_status (st_rs s) = undecided ->
    msg_status m = muddy ->
    msg_index m ∈ st_obs s ->
    msg_round m = size (st_obs s) - 1 ->
    MC_transition i receive
      (mkSt (st_obs s) (Some (mkRS (state_round (st_rs s)) (state_status (st_rs s)))))
      (Some (mkMsg (msg_index m) (msg_round m) (msg_status m)))
      =
    (mkSt (st_obs s) (Some (mkRS (msg_round m + 1) clean)), None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = muddy
    → msg_index m ∈ st_obs s
      → msg_round m = size (st_obs s) - 1
        → MC_transition i receive
            (mkSt (st_obs s)
               (Some
                  (mkRS (state_round (st_rs s))
                     (state_status (st_rs s)))))
            (Some
               (mkMsg (msg_index m) (msg_round m)
                  (msg_status m))) =
          (mkSt (st_obs s)
             (Some (mkRS (msg_round m + 1) clean)),
           None)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = muddy
    → msg_index m ∈ st_obs s
      → msg_round m = size (st_obs s) - 1
        → MC_transition i receive
            (mkSt (st_obs s)
               (Some
                  (mkRS (state_round (st_rs s))
                     (state_status (st_rs s)))))
            (Some
               (mkMsg (msg_index m) (msg_round m)
                  (msg_status m))) =
          (mkSt (st_obs s)
             (Some (mkRS (msg_round m + 1) clean)),
           None)
  intros; rewrite H9, H10, MC_transition_equation_8;
    unfold MC_transition_clause_4; repeat case_decide; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
s: State
m: Message
H9: state_status (st_rs s) = undecided
H10: msg_status m = muddy
H11: msg_index m ∈ st_obs s
H12: msg_round m = size (st_obs s) - 1
H13: msg_index m ∈ st_obs s
H14: msg_round m = size (st_obs s)
(mkSt (st_obs s) (Some (mkRS (msg_round m) muddy)),
 None) =
(mkSt (st_obs s) (Some (mkRS (msg_round m + 1) clean)),
 None)
  destruct (decide (size (st_obs s) = 0)); [| by lia].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
s: State
m: Message
H9: state_status (st_rs s) = undecided
H10: msg_status m = muddy
H11: msg_index m ∈ st_obs s
H12: msg_round m = size (st_obs s) - 1
H13: msg_index m ∈ st_obs s
H14: msg_round m = size (st_obs s)
e: size (st_obs s) = 0
(mkSt (st_obs s) (Some (mkRS (msg_round m) muddy)),
 None) =
(mkSt (st_obs s) (Some (mkRS (msg_round m + 1) clean)),
 None)
  by apply non_empty_inhabited, size_non_empty_iff in H11.
Qed.

Lemma MC_transition_undecided_receive_undecided_round_obs_minus_one :
  forall (i : index) (s : State) (m : Message),
    state_status (st_rs s) = undecided ->
    msg_status m = undecided ->
    msg_index m ∈ st_obs s ->
    msg_round m = size (st_obs s) - 1 ->
    state_round (st_rs s) < size (st_obs s) ->
    MC_transition i receive
      (mkSt (st_obs s) (Some (mkRS (state_round (st_rs s)) (state_status (st_rs s)))))
      (Some (mkMsg (msg_index m) (msg_round m) (msg_status m)))
      =
    (mkSt (st_obs s) (Some (mkRS (msg_round m + 1) muddy)), None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = undecided
    → msg_index m ∈ st_obs s
      → msg_round m = size (st_obs s) - 1
        → state_round (st_rs s) < size (st_obs s)
          → MC_transition i receive
              (mkSt (st_obs s)
                 (Some
                    (mkRS (state_round (st_rs s))
                       (state_status (st_rs s)))))
              (Some
                 (mkMsg (msg_index m) (msg_round m)
                    (msg_status m))) =
            (mkSt (st_obs s)
               (Some (mkRS (msg_round m + 1) muddy)),
             None)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = undecided
    → msg_index m ∈ st_obs s
      → msg_round m = size (st_obs s) - 1
        → state_round (st_rs s) < size (st_obs s)
          → MC_transition i receive
              (mkSt (st_obs s)
                 (Some
                    (mkRS (state_round (st_rs s))
                       (state_status (st_rs s)))))
              (Some
                 (mkMsg (msg_index m) (msg_round m)
                    (msg_status m))) =
            (mkSt (st_obs s)
               (Some (mkRS (msg_round m + 1) muddy)),
             None)
  by intros; rewrite H9, H10, MC_transition_equation_7;
    unfold MC_transition_clause_5; repeat case_decide; try done; lia.
Qed.

Lemma MC_transition_undecided_receive_undecided_round_obs :
  forall (i : index) (s : State) (m : Message),
    state_status (st_rs s) = undecided ->
    msg_status m = undecided ->
    msg_index m ∉ st_obs s ->
    msg_round m = size (st_obs s) ->
    state_round (st_rs s) < size (st_obs s) ->
    MC_transition i receive
      (mkSt (st_obs s) (Some (mkRS (state_round (st_rs s)) (state_status (st_rs s)))))
      (Some (mkMsg (msg_index m) (msg_round m) (msg_status m)))
      =
    (mkSt (st_obs s) (Some (mkRS (msg_round m) muddy)), None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = undecided
    → msg_index m ∉ st_obs s
      → msg_round m = size (st_obs s)
        → state_round (st_rs s) < size (st_obs s)
          → MC_transition i receive
              (mkSt (st_obs s)
                 (Some
                    (mkRS (state_round (st_rs s))
                       (state_status (st_rs s)))))
              (Some
                 (mkMsg (msg_index m) (msg_round m)
                    (msg_status m))) =
            (mkSt (st_obs s)
               (Some (mkRS (msg_round m) muddy)), None)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = undecided
    → msg_index m ∉ st_obs s
      → msg_round m = size (st_obs s)
        → state_round (st_rs s) < size (st_obs s)
          → MC_transition i receive
              (mkSt (st_obs s)
                 (Some
                    (mkRS (state_round (st_rs s))
                       (state_status (st_rs s)))))
              (Some
                 (mkMsg (msg_index m) (msg_round m)
                    (msg_status m))) =
            (mkSt (st_obs s)
               (Some (mkRS (msg_round m) muddy)), None)
  by intros; rewrite H9, H10, MC_transition_equation_7;
    unfold MC_transition_clause_5; repeat case_decide; try done; lia.
Qed.

Lemma MC_transition_undecided_receive_undecided_round_lt_obs_minus_one :
  forall (i : index) (s : State) (m : Message),
    state_status (st_rs s) = undecided ->
    msg_status m = undecided ->
    msg_index m ∈ st_obs s ->
    state_round (st_rs s) <= msg_round m < size (st_obs s) - 1 ->
    state_round (st_rs s) < size (st_obs s) ->
    MC_transition i receive
      (mkSt (st_obs s) (Some (mkRS (state_round (st_rs s)) (state_status (st_rs s)))))
      (Some (mkMsg (msg_index m) (msg_round m) (msg_status m)))
      =
    (mkSt (st_obs s) (Some (mkRS (msg_round m + 1) (state_status (st_rs s)))), None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = undecided
    → msg_index m ∈ st_obs s
      → state_round (st_rs s) <= msg_round m <
        size (st_obs s) - 1
        → state_round (st_rs s) < size (st_obs s)
          → MC_transition i receive
              (mkSt (st_obs s)
                 (Some
                    (mkRS (state_round (st_rs s))
                       (state_status (st_rs s)))))
              (Some
                 (mkMsg (msg_index m) (msg_round m)
                    (msg_status m))) =
            (mkSt (st_obs s)
               (Some
                  (mkRS (msg_round m + 1)
                     (state_status (st_rs s)))), None)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (i : index) (s : State) (m : Message),
  state_status (st_rs s) = undecided
  → msg_status m = undecided
    → msg_index m ∈ st_obs s
      → state_round (st_rs s) <= msg_round m <
        size (st_obs s) - 1
        → state_round (st_rs s) < size (st_obs s)
          → MC_transition i receive
              (mkSt (st_obs s)
                 (Some
                    (mkRS (state_round (st_rs s))
                       (state_status (st_rs s)))))
              (Some
                 (mkMsg (msg_index m) (msg_round m)
                    (msg_status m))) =
            (mkSt (st_obs s)
               (Some
                  (mkRS (msg_round m + 1)
                     (state_status (st_rs s)))), None)
  by intros; rewrite H9, H10, MC_transition_equation_7;
    unfold MC_transition_clause_5; repeat case_decide; try done; lia.
Qed.

Invariant preservation

Definition MC_component_invariant_helper (s : State) (union : indexSet) : Prop :=
  match state_status (st_rs s) with
  | undecided => state_round (st_rs s) < size (st_obs s)
  | clean => state_round (st_rs s) = size (st_obs s) /\ size union = size (st_obs s)
  | muddy => state_round (st_rs s) = size (st_obs s) /\ size union - 1 = size (st_obs s)
  end.

Definition MC_component_invariant (s : composite_state MCVLSM) (i : index) : Prop :=
  MC_component_invariant_helper (s i) (MuddyUnion s).

Inductive MC_component_invariant_inductive : composite_state MCVLSM -> index -> Prop :=
| component_invariant_undecided : forall s i,
    state_status (st_rs (s i)) = undecided ->
    state_round (st_rs (s i)) < size (st_obs (s i)) ->
    MC_component_invariant_inductive s i
| component_invariant_clean : forall s i,
    state_status (st_rs (s i)) = clean ->
    state_round (st_rs (s i)) = size (st_obs (s i)) ->
    size (MuddyUnion s) = size (st_obs (s i)) ->
    MC_component_invariant_inductive s i
| component_invariant_muddy : forall s i,
   state_status (st_rs (s i)) = muddy ->
   state_round (st_rs (s i)) = size (st_obs (s i)) ->
   size (MuddyUnion s) - 1 = size (st_obs (s i)) ->
   MC_component_invariant_inductive s i.

Lemma MC_component_invariant_equiv_MC_component_invariant_inductive :
  forall (s : composite_state MCVLSM) (i : index),
    MC_component_invariant s i <-> MC_component_invariant_inductive s i.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s : composite_state MCVLSM) (i : index),
  MC_component_invariant s i
  ↔ MC_component_invariant_inductive s i
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s : composite_state MCVLSM) (i : index),
  MC_component_invariant s i
  ↔ MC_component_invariant_inductive s i
  intros s i.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
MC_component_invariant s i
↔ MC_component_invariant_inductive s i
  unfold MC_component_invariant, MC_component_invariant_helper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
match state_status (st_rs (s i)) with
| undecided =>
    state_round (st_rs (s i)) < size (st_obs (s i))
| muddy =>
    state_round (st_rs (s i)) = size (st_obs (s i))
    ∧ size (MuddyUnion s) - 1 = size (st_obs (s i))
| clean =>
    state_round (st_rs (s i)) = size (st_obs (s i))
    ∧ size (MuddyUnion s) = size (st_obs (s i))
end ↔ MC_component_invariant_inductive s i
  case_match; split; intros.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = undecided
H10: state_round (st_rs (s i)) < size (st_obs (s i))
MC_component_invariant_inductive s i
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = undecided
H10: MC_component_invariant_inductive s i
state_round (st_rs (s i)) < size (st_obs (s i))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = muddy
H10: state_round (st_rs (s i)) = size (st_obs (s i))
∧ size (MuddyUnion s) - 1 = size (st_obs (s i))
MC_component_invariant_inductive s i
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = muddy
H10: MC_component_invariant_inductive s i
state_round (st_rs (s i)) = size (st_obs (s i))
∧ size (MuddyUnion s) - 1 = size (st_obs (s i))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = clean
H10: state_round (st_rs (s i)) = size (st_obs (s i))
∧ size (MuddyUnion s) = size (st_obs (s i))
MC_component_invariant_inductive s i
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = clean
H10: MC_component_invariant_inductive s i
state_round (st_rs (s i)) = size (st_obs (s i))
∧ size (MuddyUnion s) = size (st_obs (s i))
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = undecided
H10: state_round (st_rs (s i)) < size (st_obs (s i))
MC_component_invariant_inductive s i by apply component_invariant_undecided.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = undecided
H10: MC_component_invariant_inductive s i
state_round (st_rs (s i)) < size (st_obs (s i)) by inversion H10; [| congruence..].
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = muddy
H10: state_round (st_rs (s i)) = size (st_obs (s i))
∧ size (MuddyUnion s) - 1 = size (st_obs (s i))
MC_component_invariant_inductive s i by apply component_invariant_muddy; destruct H10.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = muddy
H10: MC_component_invariant_inductive s i
state_round (st_rs (s i)) = size (st_obs (s i))
∧ size (MuddyUnion s) - 1 = size (st_obs (s i)) by inversion H10; split; congruence.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = clean
H10: state_round (st_rs (s i)) = size (st_obs (s i))
∧ size (MuddyUnion s) = size (st_obs (s i))
MC_component_invariant_inductive s i by apply component_invariant_clean; destruct H10.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
H9: state_status (st_rs (s i)) = clean
H10: MC_component_invariant_inductive s i
state_round (st_rs (s i)) = size (st_obs (s i))
∧ size (MuddyUnion s) = size (st_obs (s i)) by inversion H10; split; congruence.
Qed.

Definition MC_composite_invariant (s : composite_state MCVLSM) : Prop :=
  forall (i : index),
    initial_state_prop (MCVLSM i) (s i) \/ MC_component_invariant s i.

Definition MC_composite_invariant_inductive (s : composite_state MCVLSM) : Prop :=
  forall (i : index),
    initial_state_prop (MCVLSM i) (s i) \/ MC_component_invariant_inductive s i.

Lemma MC_composite_invariant_preservation_muddy_from_undecided
  (s sm : composite_state MCVLSM) (i j : index) (o : indexSet) :
  o ≡ st_obs (s i) ->
  j ∈ o -> consistent s ->
  (forall k, st_obs (sm k) ≡ st_obs (s k)) ->
  size o - 1 < size (st_obs (sm j)) ->
  size (MuddyUnion s) - 1 = size o.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
o: indexSet
o ≡ st_obs (s i)
→ j ∈ o
  → consistent s
    → (∀ k : index, st_obs (sm k) ≡ st_obs (s k))
      → size o - 1 < size (st_obs (sm j))
        → size (MuddyUnion s) - 1 = size o
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
o: indexSet
o ≡ st_obs (s i)
→ j ∈ o
  → consistent s
    → (∀ k : index, st_obs (sm k) ≡ st_obs (s k))
      → size o - 1 < size (st_obs (sm j))
        → size (MuddyUnion s) - 1 = size o
  intros Heqo Hin Hconsistent Hobs_equiv Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
o: indexSet
Heqo: o ≡ st_obs (s i)
Hin: j ∈ o
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
Hinvs: size o - 1 < size (st_obs (sm j))
size (MuddyUnion s) - 1 = size o
  destruct (Hconsistent) as [_ Hcons].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
o: indexSet
Heqo: o ≡ st_obs (s i)
Hin: j ∈ o
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
Hinvs: size o - 1 < size (st_obs (sm j))
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (MuddyUnion s) - 1 = size o
  rewrite Heqo in *; clear o Heqo.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
Hinvs: size (st_obs (s i)) - 1 < size (st_obs (sm j))
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (MuddyUnion s) - 1 = size (st_obs (s i))
  remember (size (st_obs (s i))) as o.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (st_obs (sm j))
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (MuddyUnion s) - 1 = o
  rewrite Hobs_equiv, Hcons, size_difference in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (MuddyUnion s) - size {[j]}
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (MuddyUnion s) - 1 = o
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (MuddyUnion s ∖ {[j]})
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
{[j]} ⊆ MuddyUnion s
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (MuddyUnion s) - size {[j]}
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (MuddyUnion s) - 1 = o rewrite size_singleton in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (MuddyUnion s) - 1
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (MuddyUnion s) - 1 = o
    apply MC_number_of_muddy_seen with (n := i) in Hconsistent.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: size (st_obs (s i)) <=
size (MuddyUnion s) <=
size (st_obs (s i)) + 1
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (MuddyUnion s) - 1
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (MuddyUnion s) - 1 = o
    by destruct Hconsistent; lia.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (MuddyUnion s ∖ {[j]})
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
{[j]} ⊆ MuddyUnion s apply singleton_subseteq_l.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (MuddyUnion s ∖ {[j]})
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j ∈ MuddyUnion s
    unfold MuddyUnion; rewrite elem_of_union_list.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (MuddyUnion s ∖ {[j]})
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
∃ X : indexSet,
  X ∈ map (λ i : index, st_obs (s i)) (enum index)
  ∧ j ∈ X
    exists (st_obs (s i)); split; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (MuddyUnion s ∖ {[j]})
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
st_obs (s i)
∈ map (λ i : index, st_obs (s i)) (enum index)
    apply elem_of_list_fmap.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∈ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o - 1 < size (MuddyUnion s ∖ {[j]})
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
∃ y : index,
  st_obs (s i) = st_obs (s y) ∧ y ∈ enum index
    by exists i; split; [| apply elem_of_enum].
Qed.

Lemma MC_composite_invariant_preservation_muddy_from_clean (s sm : composite_state MCVLSM)
  (i j : index) (o : indexSet) :
  o ≡ st_obs (s i) -> j ∉ o -> consistent s ->
  (forall k, st_obs (sm k) ≡ st_obs (s k)) ->
  size o < size (st_obs (sm j)) ->
  size (MuddyUnion s) - 1 = size o.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
o: indexSet
o ≡ st_obs (s i)
→ j ∉ o
  → consistent s
    → (∀ k : index, st_obs (sm k) ≡ st_obs (s k))
      → size o < size (st_obs (sm j))
        → size (MuddyUnion s) - 1 = size o
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
o: indexSet
o ≡ st_obs (s i)
→ j ∉ o
  → consistent s
    → (∀ k : index, st_obs (sm k) ≡ st_obs (s k))
      → size o < size (st_obs (sm j))
        → size (MuddyUnion s) - 1 = size o
  intros Heqo Hin Hconsistent Hobs_equiv Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
o: indexSet
Heqo: o ≡ st_obs (s i)
Hin: j ∉ o
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
Hinvs: size o < size (st_obs (sm j))
size (MuddyUnion s) - 1 = size o
  destruct (Hconsistent) as [_ Hcons].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
o: indexSet
Heqo: o ≡ st_obs (s i)
Hin: j ∉ o
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
Hinvs: size o < size (st_obs (sm j))
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (MuddyUnion s) - 1 = size o
  rewrite Heqo in *; clear o Heqo.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∉ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
Hinvs: size (st_obs (s i)) < size (st_obs (sm j))
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (MuddyUnion s) - 1 = size (st_obs (s i))
  rewrite Hobs_equiv in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∉ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
Hinvs: size (st_obs (s i)) < size (st_obs (s j))
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
size (MuddyUnion s) - 1 = size (st_obs (s i))
  destruct (decide (i = j)); [by subst; lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∉ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
Hinvs: size (st_obs (s i)) < size (st_obs (s j))
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: i ≠ j
size (MuddyUnion s) - 1 = size (st_obs (s i))
  remember (size (st_obs (s i))) as o.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∉ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o < size (st_obs (s j))
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: i ≠ j
size (MuddyUnion s) - 1 = o
  rewrite Hcons, size_difference_alt in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∉ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o <
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]})
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: i ≠ j
size (MuddyUnion s) - 1 = o
  replace (size (MuddyUnion s ∩ {[j]})) with 0 in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∉ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o < size (MuddyUnion s) - 0
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: i ≠ j
size (MuddyUnion s) - 1 = o
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∉ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o <
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]})
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: i ≠ j
0 = size (MuddyUnion s ∩ {[j]})
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∉ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o < size (MuddyUnion s) - 0
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: i ≠ j
size (MuddyUnion s) - 1 = o by apply MC_number_of_muddy_seen with (n := i) in Hconsistent; lia.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∉ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o <
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]})
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: i ≠ j
0 = size (MuddyUnion s ∩ {[j]}) symmetry; apply size_empty_iff.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s, sm: composite_state MCVLSM
i, j: index
Hin: j ∉ st_obs (s i)
Hconsistent: consistent s
Hobs_equiv: ∀ k : index, st_obs (sm k) ≡ st_obs (s k)
o: nat
Heqo: o = size (st_obs (s i))
Hinvs: o <
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[j]})
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n: i ≠ j
MuddyUnion s ∩ {[j]} ≡ ∅
    by rewrite Hcons in Hin; set_solver.
Qed.

Lemma non_initial_state_has_init_tr (is s : composite_state MCVLSM)
  (tr : list (composite_transition_item MCVLSM)) :
  finite_valid_trace_init_to MC_composite_vlsm is s tr -> forall (i : index),
  ~ MC_initial_state_prop (s i) ->
  exists (item : composite_transition_item MCVLSM), item ∈ tr /\ projT2 (l item) = init.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is, s: composite_state MCVLSM
tr: list (composite_transition_item MCVLSM)
finite_valid_trace_init_to MC_composite_vlsm is s tr
→ ∀ i : index,
    ¬ MC_initial_state_prop (s i)
    → ∃ item : composite_transition_item MCVLSM,
        item ∈ tr ∧ projT2 (l item) = init
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is, s: composite_state MCVLSM
tr: list (composite_transition_item MCVLSM)
finite_valid_trace_init_to MC_composite_vlsm is s tr
→ ∀ i : index,
    ¬ MC_initial_state_prop (s i)
    → ∃ item : composite_transition_item MCVLSM,
        item ∈ tr ∧ projT2 (l item) = init
  intros Htr i Hnoninit.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is, s: composite_state MCVLSM
tr: list (composite_transition_item MCVLSM)
Htr: finite_valid_trace_init_to MC_composite_vlsm is
  s tr
i: index
Hnoninit: ¬ MC_initial_state_prop (s i)
∃ item : composite_transition_item MCVLSM,
  item ∈ tr ∧ projT2 (l item) = init
  induction Htr using finite_valid_trace_init_to_rev_ind;
    [by contradiction Hnoninit; apply Hsi |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
l: label MC_composite_vlsm
Ht: input_valid_transition MC_composite_vlsm l
  (s, iom) (sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (VLSM.l item) = init
∃ item : composite_transition_item MCVLSM,
  item
  ∈ tr ++
    [{|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |}] ∧ projT2 (VLSM.l item) = init
  destruct (decide (MC_initial_state_prop (s i))); cycle 1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
l: label MC_composite_vlsm
Ht: input_valid_transition MC_composite_vlsm l
  (s, iom) (sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (VLSM.l item) = init
n: ¬ MC_initial_state_prop (s i)
∃ item : composite_transition_item MCVLSM,
  item
  ∈ tr ++
    [{|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |}] ∧ projT2 (VLSM.l item) = init
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
l: label MC_composite_vlsm
Ht: input_valid_transition MC_composite_vlsm l
  (s, iom) (sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (VLSM.l item) = init
m: MC_initial_state_prop (s i)
∃ item : composite_transition_item MCVLSM,
  item
  ∈ tr ++
    [{|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |}] ∧ projT2 (VLSM.l item) = init
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
l: label MC_composite_vlsm
Ht: input_valid_transition MC_composite_vlsm l
  (s, iom) (sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (VLSM.l item) = init
n: ¬ MC_initial_state_prop (s i)
∃ item : composite_transition_item MCVLSM,
  item
  ∈ tr ++
    [{|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |}] ∧ projT2 (VLSM.l item) = init destruct (IHHtr n) as (item & Hitem & Hinit).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
l: label MC_composite_vlsm
Ht: input_valid_transition MC_composite_vlsm l
  (s, iom) (sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (VLSM.l item) = init
n: ¬ MC_initial_state_prop (s i)
item: composite_transition_item MCVLSM
Hitem: item ∈ tr
Hinit: projT2 (VLSM.l item) = init
∃ item : composite_transition_item MCVLSM,
  item
  ∈ tr ++
    [{|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |}] ∧ projT2 (VLSM.l item) = init
    by exists item; rewrite elem_of_app; itauto.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
l: label MC_composite_vlsm
Ht: input_valid_transition MC_composite_vlsm l
  (s, iom) (sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (VLSM.l item) = init
m: MC_initial_state_prop (s i)
∃ item : composite_transition_item MCVLSM,
  item
  ∈ tr ++
    [{|
       l := l;
       input := iom;
       destination := sf;
       output := oom
     |}] ∧ projT2 (VLSM.l item) = init eexists.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
l: label MC_composite_vlsm
Ht: input_valid_transition MC_composite_vlsm l
  (s, iom) (sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (VLSM.l item) = init
m: MC_initial_state_prop (s i)
?item
∈ tr ++
  [{|
     l := l;
     input := iom;
     destination := sf;
     output := oom
   |}] ∧ projT2 (VLSM.l ?item) = init
    rewrite elem_of_app, elem_of_list_singleton.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
l: label MC_composite_vlsm
Ht: input_valid_transition MC_composite_vlsm l
  (s, iom) (sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (VLSM.l item) = init
m: MC_initial_state_prop (s i)
(?item ∈ tr
 ∨ ?item =
   {|
     l := l;
     input := iom;
     destination := sf;
     output := oom
   |}) ∧ projT2 (VLSM.l ?item) = init
    split; [by right |]; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
l: label MC_composite_vlsm
Ht: input_valid_transition MC_composite_vlsm l
  (s, iom) (sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (VLSM.l item) = init
m: MC_initial_state_prop (s i)
projT2 l = init
    destruct Ht as [(_ & _ & Hv & _) Ht], l as (j & lj); cbn in Ht, Hv |- *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
j: index
lj: label (MCVLSM j)
Hv: MC_valid lj (s j) iom
Ht: (let (si', om') :=
   MC_transition j lj (s j) iom in
 (state_update MCVLSM s j si', om')) = (
sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (l item) = init
m: MC_initial_state_prop (s i)
lj = init
    destruct (MC_transition j lj (s j) iom) as [si' om'].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
sf: state MC_composite_vlsm
iom, oom: option Message
j: index
lj: label (MCVLSM j)
Hv: MC_valid lj (s j) iom
si': State
om': option Message
Ht: (state_update MCVLSM s j si', om') = (sf, oom)
i: index
Hnoninit: ¬ MC_initial_state_prop (sf i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (l item) = init
m: MC_initial_state_prop (s i)
lj = init
    inversion Ht; subst; clear Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
iom, oom: option Message
j: index
lj: label (MCVLSM j)
Hv: MC_valid lj (s j) iom
si': State
i: index
Hnoninit: ¬ MC_initial_state_prop
    (state_update MCVLSM s j si' i)
IHHtr: ¬ MC_initial_state_prop (s i)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (l item) = init
m: MC_initial_state_prop (s i)
lj = init
    destruct (decide (i = j)); subst; state_update_simpl; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
iom, oom: option Message
j: index
lj: label (MCVLSM j)
Hv: MC_valid lj (s j) iom
si': State
m: MC_initial_state_prop (s j)
IHHtr: ¬ MC_initial_state_prop (s j)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (l item) = init
Hnoninit: ¬ MC_initial_state_prop si'
lj = init
    unfold MC_initial_state_prop in m.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
iom, oom: option Message
j: index
lj: label (MCVLSM j)
Hv: MC_valid lj (s j) iom
si': State
m: st_rs (s j) = None
IHHtr: ¬ MC_initial_state_prop (s j)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (l item) = init
Hnoninit: ¬ MC_initial_state_prop si'
lj = init
    destruct (s j); cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
si, s: composite_state MCVLSM
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm si
  s tr
iom, oom: option Message
j: index
lj: Label
st_obs0: indexSet
Hv: MC_valid lj (mkSt st_obs0 None) iom
si': State
IHHtr: ¬ MC_initial_state_prop (mkSt st_obs0 None)
→ ∃ item : composite_transition_item MCVLSM,
    item ∈ tr ∧ projT2 (l item) = init
Hnoninit: ¬ MC_initial_state_prop si'
lj = init
    by inversion Hv; subst.
Qed.

Lemma size_MuddyUnion_input_valid_transition :
  forall (l : label MC_composite_vlsm) (s s' : composite_state MCVLSM) (iom oom : option Message),
    input_valid_transition MC_composite_vlsm l (s, iom) (s', oom) ->
      size (MuddyUnion s) = size (MuddyUnion s').index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (l : label MC_composite_vlsm) (s
                                 s' : composite_state
                                        MCVLSM) (iom
                                                 oom : 
                                                 option
                                                 Message),
  input_valid_transition MC_composite_vlsm l (s, iom)
    (s', oom)
  → size (MuddyUnion s) = size (MuddyUnion s')
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (l : label MC_composite_vlsm) (s
                                 s' : composite_state
                                        MCVLSM) (iom
                                                 oom : 
                                                 option
                                                 Message),
  input_valid_transition MC_composite_vlsm l (s, iom)
    (s', oom)
  → size (MuddyUnion s) = size (MuddyUnion s')
  intros * Hivt.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
l: label MC_composite_vlsm
s, s': composite_state MCVLSM
iom, oom: option Message
Hivt: input_valid_transition MC_composite_vlsm l
  (s, iom) (s', oom)
size (MuddyUnion s) = size (MuddyUnion s')
  apply set_size_proper, MC_obs_equiv_preserves_muddy.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
l: label MC_composite_vlsm
s, s': composite_state MCVLSM
iom, oom: option Message
Hivt: input_valid_transition MC_composite_vlsm l
  (s, iom) (s', oom)
MC_obs_equivalence s s'
  apply MC_trans_preserves_obs_equiv with l iom oom.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
l: label MC_composite_vlsm
s, s': composite_state MCVLSM
iom, oom: option Message
Hivt: input_valid_transition MC_composite_vlsm l
  (s, iom) (s', oom)
composite_transition MCVLSM l (s, iom) = (s', oom)
  by apply Hivt.
Qed.

Lemma consistent_finite_valid_trace_from_to :
  forall (s1 s2 : composite_state MCVLSM) (tr : list transition_item) (i : index),
    finite_valid_trace_from_to MC_composite_vlsm s1 s2 tr ->
    st_rs (s2 i) <> None ->
      consistent s2.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s1 s2 : composite_state MCVLSM) (tr : list
                                           transition_item) 
  (i : index),
  finite_valid_trace_from_to MC_composite_vlsm s1 s2
    tr → st_rs (s2 i) ≠ None → consistent s2
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s1 s2 : composite_state MCVLSM) (tr : list
                                           transition_item) 
  (i : index),
  finite_valid_trace_from_to MC_composite_vlsm s1 s2
    tr → st_rs (s2 i) ≠ None → consistent s2
  intros * Hfvt Hneq.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
tr: list transition_item
i: index
Hfvt: finite_valid_trace_from_to MC_composite_vlsm s1
  s2 tr
Hneq: st_rs (s2 i) ≠ None
consistent s2
  destruct (decide (composite_initial_state_prop MCVLSM s2)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
tr: list transition_item
i: index
Hfvt: finite_valid_trace_from_to MC_composite_vlsm s1
  s2 tr
Hneq: st_rs (s2 i) ≠ None
c: composite_initial_state_prop MCVLSM s2
consistent s2
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
tr: list transition_item
i: index
Hfvt: finite_valid_trace_from_to MC_composite_vlsm s1
  s2 tr
Hneq: st_rs (s2 i) ≠ None
n: ¬ composite_initial_state_prop MCVLSM s2
consistent s2
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
tr: list transition_item
i: index
Hfvt: finite_valid_trace_from_to MC_composite_vlsm s1
  s2 tr
Hneq: st_rs (s2 i) ≠ None
c: composite_initial_state_prop MCVLSM s2
consistent s2 by specialize (c i).
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
tr: list transition_item
i: index
Hfvt: finite_valid_trace_from_to MC_composite_vlsm s1
  s2 tr
Hneq: st_rs (s2 i) ≠ None
n: ¬ composite_initial_state_prop MCVLSM s2
consistent s2 apply MC_non_initial_valid_consistent.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
tr: list transition_item
i: index
Hfvt: finite_valid_trace_from_to MC_composite_vlsm s1
  s2 tr
Hneq: st_rs (s2 i) ≠ None
n: ¬ composite_initial_state_prop MCVLSM s2
MC_non_initial_valid_state s2
    split; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s1, s2: composite_state MCVLSM
tr: list transition_item
i: index
Hfvt: finite_valid_trace_from_to MC_composite_vlsm s1
  s2 tr
Hneq: st_rs (s2 i) ≠ None
n: ¬ composite_initial_state_prop MCVLSM s2
valid_state_prop MC_composite_vlsm s2
    by apply valid_trace_last_pstate in Hfvt.
Qed.

Lemma consistent_valid_state_prop :
  forall (s : composite_state MCVLSM) (i : index),
    valid_state_prop MC_composite_vlsm s ->
    st_rs (s i) <> None ->
      consistent s.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s : composite_state MCVLSM) (i : index),
  valid_state_prop MC_composite_vlsm s
  → st_rs (s i) ≠ None → consistent s
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s : composite_state MCVLSM) (i : index),
  valid_state_prop MC_composite_vlsm s
  → st_rs (s i) ≠ None → consistent s
  intros * Hv Hneq.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
Hv: valid_state_prop MC_composite_vlsm s
Hneq: st_rs (s i) ≠ None
consistent s
  eapply consistent_finite_valid_trace_from_to; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
Hv: valid_state_prop MC_composite_vlsm s
Hneq: st_rs (s i) ≠ None
finite_valid_trace_from_to MC_composite_vlsm ?s1 s ?tr
  by constructor.
Qed.

Lemma MC_component_invariant_helper_from_constraint :
  forall (s : composite_state MCVLSM) (i : index) (r : nat) (status : ChildStatus),
    MC_composite_invariant s ->
    MC_constraint (existT i receive) (s, Some (mkMsg i r status)) ->
    MC_component_invariant_helper (mkSt (st_obs (s i)) (Some (mkRS r status))) (MuddyUnion s).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s : composite_state MCVLSM) (i : index) (r : nat) 
  (status : ChildStatus),
  MC_composite_invariant s
  → MC_constraint (existT i receive)
      (s, Some (mkMsg i r status))
    → MC_component_invariant_helper
        (mkSt (st_obs (s i)) (Some (mkRS r status)))
        (MuddyUnion s)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s : composite_state MCVLSM) (i : index) (r : nat) 
  (status : ChildStatus),
  MC_composite_invariant s
  → MC_constraint (existT i receive)
      (s, Some (mkMsg i r status))
    → MC_component_invariant_helper
        (mkSt (st_obs (s i)) (Some (mkRS r status)))
        (MuddyUnion s)
  cbn; intros * Hinvs Hc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
r: nat
status: ChildStatus
Hinvs: MC_composite_invariant s
Hc: match s i with
| mkSt _ (Some (mkRS r1 status0)) =>
    status = status0 ∧ r = r1
    ∨ status = undecided ∧ r < r1
| mkSt _ None => False
end
MC_component_invariant_helper
  (mkSt (st_obs (s i)) (Some (mkRS r status)))
  (MuddyUnion s)
  destruct (s i) as [oj [[rj statusj] |]] eqn: Hsj; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
r: nat
status: ChildStatus
Hinvs: MC_composite_invariant s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsj: s i = mkSt oj (Some (mkRS rj statusj))
Hc: status = statusj ∧ r = rj
∨ status = undecided ∧ r < rj
MC_component_invariant_helper
  (mkSt (st_obs (mkSt oj (Some (mkRS rj statusj))))
     (Some (mkRS r status))) (MuddyUnion s)
  destruct (Hinvs i) as [Hjinit | Hinvsj]; [by rewrite Hsj in Hjinit |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
r: nat
status: ChildStatus
Hinvs: MC_composite_invariant s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsj: s i = mkSt oj (Some (mkRS rj statusj))
Hc: status = statusj ∧ r = rj
∨ status = undecided ∧ r < rj
Hinvsj: MC_component_invariant s i
MC_component_invariant_helper
  (mkSt (st_obs (mkSt oj (Some (mkRS rj statusj))))
     (Some (mkRS r status))) (MuddyUnion s)
  unfold MC_component_invariant, MC_component_invariant_helper in Hinvsj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
r: nat
status: ChildStatus
Hinvs: MC_composite_invariant s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsj: s i = mkSt oj (Some (mkRS rj statusj))
Hc: status = statusj ∧ r = rj
∨ status = undecided ∧ r < rj
Hinvsj: match state_status (st_rs (s i)) with
| undecided =>
    state_round (st_rs (s i)) <
    size (st_obs (s i))
| muddy =>
    state_round (st_rs (s i)) =
    size (st_obs (s i))
    ∧ size (MuddyUnion s) - 1 =
      size (st_obs (s i))
| clean =>
    state_round (st_rs (s i)) =
    size (st_obs (s i))
    ∧ size (MuddyUnion s) =
      size (st_obs (s i))
end
MC_component_invariant_helper
  (mkSt (st_obs (mkSt oj (Some (mkRS rj statusj))))
     (Some (mkRS r status))) (MuddyUnion s)
  rewrite Hsj in Hinvsj; cbn in Hinvsj |- *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
r: nat
status: ChildStatus
Hinvs: MC_composite_invariant s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsj: s i = mkSt oj (Some (mkRS rj statusj))
Hc: status = statusj ∧ r = rj
∨ status = undecided ∧ r < rj
Hinvsj: match statusj with
| undecided => rj < size oj
| muddy =>
    rj = size oj
    ∧ size (MuddyUnion s) - 1 = size oj
| clean =>
    rj = size oj
    ∧ size (MuddyUnion s) = size oj
end
MC_component_invariant_helper
  (mkSt oj (Some (mkRS r status))) (MuddyUnion s)
  destruct Hc as [[] | []]; subst; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
r: nat
Hinvs: MC_composite_invariant s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsj: s i = mkSt oj (Some (mkRS rj statusj))
H10: r < rj
Hinvsj: match statusj with
| undecided => rj < size oj
| muddy =>
    rj = size oj
    ∧ size (MuddyUnion s) - 1 = size oj
| clean =>
    rj = size oj
    ∧ size (MuddyUnion s) = size oj
end
MC_component_invariant_helper
  (mkSt oj (Some (mkRS r undecided))) (MuddyUnion s)
  by destruct statusj; cbn; lia.
Qed.

The proof of the following lemma proceeds by induction on the length of the trace to the state s (such a trace exists because of the assumption that the state s is valid). The induction step analyzes each case of the transition function and proves the corresponding relations depending on the particular conditions of the transition.

Lemma MC_composite_invariant_preservation (s : composite_state MCVLSM) :
  valid_state_prop MC_composite_vlsm s -> MC_composite_invariant s.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
valid_state_prop MC_composite_vlsm s
→ MC_composite_invariant s
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
valid_state_prop MC_composite_vlsm s
→ MC_composite_invariant s
  intros Hvsp.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvsp: valid_state_prop MC_composite_vlsm s
MC_composite_invariant s
  apply valid_state_has_trace in Hvsp as (is & tr & Htr).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
is: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm is
  s tr
MC_composite_invariant s
  remember (length tr) as len_tr.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
is: state MC_composite_vlsm
tr: list transition_item
Htr: finite_valid_trace_init_to MC_composite_vlsm is
  s tr
len_tr: nat
Heqlen_tr: len_tr = length tr
MC_composite_invariant s
  revert s tr Heqlen_tr Htr.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: state MC_composite_vlsm
len_tr: nat
∀ (s : composite_state MCVLSM) (tr : list
                                       transition_item),
  len_tr = length tr
  → finite_valid_trace_init_to MC_composite_vlsm is s
      tr → MC_composite_invariant s
  induction len_tr as [len_tr Hind] using (well_founded_induction Wf_nat.lt_wf).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: state MC_composite_vlsm
len_tr: nat
Hind: ∀ y : nat,
  y < len_tr
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
∀ (s : composite_state MCVLSM) (tr : list
                                       transition_item),
  len_tr = length tr
  → finite_valid_trace_init_to MC_composite_vlsm is s
      tr → MC_composite_invariant s
  intros; subst len_tr.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: state MC_composite_vlsm
tr: list transition_item
Hind: ∀ y : nat,
  y < length tr
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s: composite_state MCVLSM
Htr: finite_valid_trace_init_to MC_composite_vlsm is
  s tr
MC_composite_invariant s
  destruct_list_last tr tr' lst Htr_lst;
    destruct Htr as [Htr Hinit]; [by inversion Htr; subst; left |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: state MC_composite_vlsm
tr, tr': list transition_item
lst: transition_item
Hind: ∀ y : nat,
  y < length (tr' ++ [lst])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm is
  s (tr' ++ [lst])
Hinit: initial_state_prop is
Htr_lst: tr = tr' ++ [lst]
MC_composite_invariant s
  intros i.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: state MC_composite_vlsm
tr, tr': list transition_item
lst: transition_item
Hind: ∀ y : nat,
  y < length (tr' ++ [lst])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm is
  s (tr' ++ [lst])
Hinit: initial_state_prop is
Htr_lst: tr = tr' ++ [lst]
i: index
initial_state_prop (s i) ∨ MC_component_invariant s i
  apply finite_valid_trace_from_to_app_split in Htr as [Htr' Hlst].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: state MC_composite_vlsm
tr, tr': list transition_item
lst: transition_item
Hind: ∀ y : nat,
  y < length (tr' ++ [lst])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s: composite_state MCVLSM
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is tr') tr'
Hlst: finite_valid_trace_from_to MC_composite_vlsm
  (finite_trace_last is tr') s [lst]
Hinit: initial_state_prop is
Htr_lst: tr = tr' ++ [lst]
i: index
initial_state_prop (s i) ∨ MC_component_invariant s i
  remember (finite_trace_last is tr') as s'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: state MC_composite_vlsm
tr, tr': list transition_item
lst: transition_item
Hind: ∀ y : nat,
  y < length (tr' ++ [lst])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s: composite_state MCVLSM
s': state MC_composite_vlsm
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hlst: finite_valid_trace_from_to MC_composite_vlsm s'
  s [lst]
Hinit: initial_state_prop is
Htr_lst: tr = tr' ++ [lst]
i: index
initial_state_prop (s i) ∨ MC_component_invariant s i
  apply valid_trace_get_last in Hlst as Heqs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: state MC_composite_vlsm
tr, tr': list transition_item
lst: transition_item
Hind: ∀ y : nat,
  y < length (tr' ++ [lst])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s: composite_state MCVLSM
s': state MC_composite_vlsm
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hlst: finite_valid_trace_from_to MC_composite_vlsm s'
  s [lst]
Hinit: initial_state_prop is
Htr_lst: tr = tr' ++ [lst]
i: index
Heqs: finite_trace_last s' [lst] = s
initial_state_prop (s i) ∨ MC_component_invariant s i
  apply valid_trace_forget_last, first_transition_valid in Hlst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: state MC_composite_vlsm
tr, tr': list transition_item
lst: transition_item
Hind: ∀ y : nat,
  y < length (tr' ++ [lst])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s: composite_state MCVLSM
s': state MC_composite_vlsm
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hlst: input_valid_transition MC_composite_vlsm
  (l lst) (s', input lst)
  (destination lst, output lst)
Hinit: initial_state_prop is
Htr_lst: tr = tr' ++ [lst]
i: index
Heqs: finite_trace_last s' [lst] = s
initial_state_prop (s i) ∨ MC_component_invariant s i
  cbn in Heqs, Hlst; rewrite Heqs in Hlst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: state MC_composite_vlsm
tr, tr': list transition_item
lst: transition_item
Hind: ∀ y : nat,
  y < length (tr' ++ [lst])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s: composite_state MCVLSM
s': state MC_composite_vlsm
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hlst: input_valid_transition MC_composite_vlsm
  (l lst) (s', input lst) (
  s, output lst)
Hinit: initial_state_prop is
Htr_lst: tr = tr' ++ [lst]
i: index
Heqs: destination lst = s
initial_state_prop (s i) ∨ MC_component_invariant s i
  destruct lst; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
l: composite_label MCVLSM
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := l;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s, s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hlst: input_valid_transition MC_composite_vlsm l
  (s', input) (s, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := l;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Heqs: destination = s
MC_initial_state_prop (s i)
∨ MC_component_invariant s i
  unfold MC_component_invariant, MC_component_invariant_helper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
l: composite_label MCVLSM
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := l;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s, s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hlst: input_valid_transition MC_composite_vlsm l
  (s', input) (s, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := l;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Heqs: destination = s
MC_initial_state_prop (s i)
∨ match state_status (st_rs (s i)) with
  | undecided =>
      state_round (st_rs (s i)) < size (st_obs (s i))
  | muddy =>
      state_round (st_rs (s i)) = size (st_obs (s i))
      ∧ size (MuddyUnion s) - 1 = size (st_obs (s i))
  | clean =>
      state_round (st_rs (s i)) = size (st_obs (s i))
      ∧ size (MuddyUnion s) = size (st_obs (s i))
  end
  erewrite <- size_MuddyUnion_input_valid_transition by done.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
l: composite_label MCVLSM
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := l;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s, s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hlst: input_valid_transition MC_composite_vlsm l
  (s', input) (s, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := l;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Heqs: destination = s
MC_initial_state_prop (s i)
∨ match state_status (st_rs (s i)) with
  | undecided =>
      state_round (st_rs (s i)) < size (st_obs (s i))
  | muddy =>
      state_round (st_rs (s i)) = size (st_obs (s i))
      ∧ size (MuddyUnion s') - 1 = size (st_obs (s i))
  | clean =>
      state_round (st_rs (s i)) = size (st_obs (s i))
      ∧ size (MuddyUnion s') = size (st_obs (s i))
  end
  destruct l as [j lj], Hlst as [(_ & _ & Hv & Hc) Ht]; cbn in Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
j: index
lj: label (MCVLSM j)
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT j lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s, s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: valid (existT j lj) (s', input)
Hc: MC_constraint (existT j lj) (s', input)
Ht: (let (si', om') :=
   MC_transition j lj (s' j) input in
 (state_update MCVLSM s' j si', om')) =
(s, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := existT j lj;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Heqs: destination = s
MC_initial_state_prop (s i)
∨ match state_status (st_rs (s i)) with
  | undecided =>
      state_round (st_rs (s i)) < size (st_obs (s i))
  | muddy =>
      state_round (st_rs (s i)) = size (st_obs (s i))
      ∧ size (MuddyUnion s') - 1 = size (st_obs (s i))
  | clean =>
      state_round (st_rs (s i)) = size (st_obs (s i))
      ∧ size (MuddyUnion s') = size (st_obs (s i))
  end
  destruct MC_transition eqn: Htj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
j: index
lj: label (MCVLSM j)
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT j lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s, s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: valid (existT j lj) (s', input)
Hc: MC_constraint (existT j lj) (s', input)
s0: State
o: option Message
Htj: MC_transition j lj (s' j) input = (s0, o)
Ht: (state_update MCVLSM s' j s0, o) = (s, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := existT j lj;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Heqs: destination = s
MC_initial_state_prop (s i)
∨ match state_status (st_rs (s i)) with
  | undecided =>
      state_round (st_rs (s i)) < size (st_obs (s i))
  | muddy =>
      state_round (st_rs (s i)) = size (st_obs (s i))
      ∧ size (MuddyUnion s') - 1 = size (st_obs (s i))
  | clean =>
      state_round (st_rs (s i)) = size (st_obs (s i))
      ∧ size (MuddyUnion s') = size (st_obs (s i))
  end
  inversion Ht as [Hdest]; subst s o.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
j: index
lj: label (MCVLSM j)
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT j lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: valid (existT j lj) (s', input)
Hc: MC_constraint (existT j lj) (s', input)
s0: State
Ht: (state_update MCVLSM s' j s0, output) =
(destination, output)
Htj: MC_transition j lj (s' j) input = (s0, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := existT j lj;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Hdest: state_update MCVLSM s' j s0 = destination
MC_initial_state_prop (state_update MCVLSM s' j s0 i)
∨ match
    state_status
      (st_rs (state_update MCVLSM s' j s0 i))
  with
  | undecided =>
      state_round
        (st_rs (state_update MCVLSM s' j s0 i)) <
      size (st_obs (state_update MCVLSM s' j s0 i))
  | muddy =>
      state_round
        (st_rs (state_update MCVLSM s' j s0 i)) =
      size (st_obs (state_update MCVLSM s' j s0 i))
      ∧ size (MuddyUnion s') - 1 =
        size (st_obs (state_update MCVLSM s' j s0 i))
  | clean =>
      state_round
        (st_rs (state_update MCVLSM s' j s0 i)) =
      size (st_obs (state_update MCVLSM s' j s0 i))
      ∧ size (MuddyUnion s') =
        size (st_obs (state_update MCVLSM s' j s0 i))
  end
  assert (Hinvs : MC_composite_invariant s').index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
j: index
lj: label (MCVLSM j)
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT j lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: valid (existT j lj) (s', input)
Hc: MC_constraint (existT j lj) (s', input)
s0: State
Ht: (state_update MCVLSM s' j s0, output) =
(destination, output)
Htj: MC_transition j lj (s' j) input = (s0, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := existT j lj;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Hdest: state_update MCVLSM s' j s0 = destination
MC_composite_invariant s'
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
j: index
lj: label (MCVLSM j)
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT j lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: valid (existT j lj) (s', input)
Hc: MC_constraint (existT j lj) (s', input)
s0: State
Ht: (state_update MCVLSM s' j s0, output) =
(destination, output)
Htj: MC_transition j lj (s' j) input = (s0, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := existT j lj;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Hdest: state_update MCVLSM s' j s0 = destination
Hinvs: MC_composite_invariant s'
MC_initial_state_prop (state_update MCVLSM s' j s0 i)
∨ match
    state_status
      (st_rs (state_update MCVLSM s' j s0 i))
  with
  | undecided =>
      state_round
        (st_rs (state_update MCVLSM s' j s0 i)) <
      size (st_obs (state_update MCVLSM s' j s0 i))
  | muddy =>
      state_round
        (st_rs (state_update MCVLSM s' j s0 i)) =
      size (st_obs (state_update MCVLSM s' j s0 i))
      ∧ size (MuddyUnion s') - 1 =
        size (st_obs (state_update MCVLSM s' j s0 i))
  | clean =>
      state_round
        (st_rs (state_update MCVLSM s' j s0 i)) =
      size (st_obs (state_update MCVLSM s' j s0 i))
      ∧ size (MuddyUnion s') =
        size (st_obs (state_update MCVLSM s' j s0 i))
  end
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
j: index
lj: label (MCVLSM j)
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT j lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: valid (existT j lj) (s', input)
Hc: MC_constraint (existT j lj) (s', input)
s0: State
Ht: (state_update MCVLSM s' j s0, output) =
(destination, output)
Htj: MC_transition j lj (s' j) input = (s0, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := existT j lj;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Hdest: state_update MCVLSM s' j s0 = destination
MC_composite_invariant s'
    eapply Hind; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
j: index
lj: label (MCVLSM j)
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT j lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: valid (existT j lj) (s', input)
Hc: MC_constraint (existT j lj) (s', input)
s0: State
Ht: (state_update MCVLSM s' j s0, output) =
(destination, output)
Htj: MC_transition j lj (s' j) input = (s0, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := existT j lj;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Hdest: state_update MCVLSM s' j s0 = destination
length tr' <
length
  (tr' ++
   [{|
      l := existT j lj;
      input := input;
      destination := destination;
      output := output
    |}])
    by rewrite app_length; cbn; lia.
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
j: index
lj: label (MCVLSM j)
input: option Message
destination: composite_state MCVLSM
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT j lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
s': composite_state MCVLSM
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: valid (existT j lj) (s', input)
Hc: MC_constraint (existT j lj) (s', input)
s0: State
Ht: (state_update MCVLSM s' j s0, output) =
(destination, output)
Htj: MC_transition j lj (s' j) input = (s0, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := existT j lj;
   input := input;
   destination := destination;
   output := output
 |}]
i: index
Hdest: state_update MCVLSM s' j s0 = destination
Hinvs: MC_composite_invariant s'
MC_initial_state_prop (state_update MCVLSM s' j s0 i)
∨ match
    state_status
      (st_rs (state_update MCVLSM s' j s0 i))
  with
  | undecided =>
      state_round
        (st_rs (state_update MCVLSM s' j s0 i)) <
      size (st_obs (state_update MCVLSM s' j s0 i))
  | muddy =>
      state_round
        (st_rs (state_update MCVLSM s' j s0 i)) =
      size (st_obs (state_update MCVLSM s' j s0 i))
      ∧ size (MuddyUnion s') - 1 =
        size (st_obs (state_update MCVLSM s' j s0 i))
  | clean =>
      state_round
        (st_rs (state_update MCVLSM s' j s0 i)) =
      size (st_obs (state_update MCVLSM s' j s0 i))
      ∧ size (MuddyUnion s') =
        size (st_obs (state_update MCVLSM s' j s0 i))
  end
  destruct (decide (j = i)); [subst j |]; state_update_simpl; [| by apply (Hinvs i)].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr, tr': list transition_item
i: index
destination, s': composite_state MCVLSM
s0: State
Hdest: state_update MCVLSM s' i s0 = destination
lj: label (MCVLSM i)
input, output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Heqs': s' = finite_trace_last is tr'
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hc: MC_constraint (existT i lj) (s', input)
Hv: valid (existT i lj) (s', input)
Htj: MC_transition i lj (s' i) input = (s0, output)
Ht: (state_update MCVLSM s' i s0, output) =
(destination, output)
Hinit: composite_initial_state_prop MCVLSM is
Htr_lst: tr =
tr' ++
[{|
   l := existT i lj;
   input := input;
   destination := destination;
   output := output
 |}]
Hinvs: MC_composite_invariant s'
MC_initial_state_prop s0
∨ match state_status (st_rs s0) with
  | undecided =>
      state_round (st_rs s0) < size (st_obs s0)
  | muddy =>
      state_round (st_rs s0) = size (st_obs s0)
      ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
  | clean =>
      state_round (st_rs s0) = size (st_obs s0)
      ∧ size (MuddyUnion s') = size (st_obs s0)
  end
  clear - Htr' Hinit Hdest Hv Hc Htj Hinvs Hind.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr': list transition_item
i: index
destination, s': composite_state MCVLSM
s0: State
Hdest: state_update MCVLSM s' i s0 = destination
lj: label (MCVLSM i)
input, output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hc: MC_constraint (existT i lj) (s', input)
Hv: valid (existT i lj) (s', input)
Htj: MC_transition i lj (s' i) input = (s0, output)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_composite_invariant s'
MC_initial_state_prop s0
∨ match state_status (st_rs s0) with
  | undecided =>
      state_round (st_rs s0) < size (st_obs s0)
  | muddy =>
      state_round (st_rs s0) = size (st_obs s0)
      ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
  | clean =>
      state_round (st_rs s0) = size (st_obs s0)
      ∧ size (MuddyUnion s') = size (st_obs s0)
  end
  right.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr': list transition_item
i: index
destination, s': composite_state MCVLSM
s0: State
Hdest: state_update MCVLSM s' i s0 = destination
lj: label (MCVLSM i)
input, output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hc: MC_constraint (existT i lj) (s', input)
Hv: valid (existT i lj) (s', input)
Htj: MC_transition i lj (s' i) input = (s0, output)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_composite_invariant s'
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
  pose proof (Hinvs' := Hinvs).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr': list transition_item
i: index
destination, s': composite_state MCVLSM
s0: State
Hdest: state_update MCVLSM s' i s0 = destination
lj: label (MCVLSM i)
input, output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hc: MC_constraint (existT i lj) (s', input)
Hv: valid (existT i lj) (s', input)
Htj: MC_transition i lj (s' i) input = (s0, output)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs, Hinvs': MC_composite_invariant s'
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
  specialize (Hinvs i).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
tr': list transition_item
i: index
destination, s': composite_state MCVLSM
s0: State
Hdest: state_update MCVLSM s' i s0 = destination
lj: label (MCVLSM i)
input, output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i lj;
        input := input;
        destination := destination;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hc: MC_constraint (existT i lj) (s', input)
Hv: valid (existT i lj) (s', input)
Htj: MC_transition i lj (s' i) input = (s0, output)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
  funelim (MC_transition i lj (s' i) input);
    inversion Hv; try congruence;
    rewrite <- H10 in H0; inversion H0; subst; clear H0; rewrite Htj in Heqcall.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
status: ChildStatus
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i emit;
        input := None;
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i emit (s' i) None = (s0, output)
Hv: valid (existT i emit) (s', None)
Hc: MC_constraint (existT i emit) (s', None)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
o0: indexSet
Heqcall: (mkSt o0 (Some (mkRS r status)),
 Some (mkMsg i r status)) = (
s0, output)
H10: mkSt o0 (Some (mkRS r status)) = s' i
H12: None = None
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
rs_round0: nat
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
m: Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some m;
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive (s' i) (Some m) =
(s0, output)
Hv: valid (existT i receive) (s', Some m)
Hc: MC_constraint (existT i receive) (s', Some m)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
o: indexSet
Heqcall: (mkSt o (Some (mkRS rs_round0 muddy)), None) =
(s0, output)
H10: mkSt o (Some (mkRS rs_round0 muddy)) = s' i
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
rs_round0: nat
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
m: Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some m;
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive (s' i) (Some m) =
(s0, output)
Hv: valid (existT i receive) (s', Some m)
Hc: MC_constraint (existT i receive) (s', Some m)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
o: indexSet
Heqcall: (mkSt o (Some (mkRS rs_round0 clean)), None) =
(s0, output)
H10: mkSt o (Some (mkRS rs_round0 clean)) = s' i
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o0: indexSet
s': composite_state MCVLSM
s0: State
output: option Message
Heqcall: (mkSt o0 (Some (mkRS 0 muddy)), None) =
(s0, output)
Heq: size o0 = 0
is: composite_state MCVLSM
tr': list transition_item
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i init;
        input := None;
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i init (s' i) None = (s0, output)
Hv: valid (existT i init) (s', None)
Hc: MC_constraint (existT i init) (s', None)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
H10: mkSt o0 None = s' i
H12: None = None
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
n: nat
o0: indexSet
s': composite_state MCVLSM
s0: State
output: option Message
Heqcall: (mkSt o0 (Some (mkRS 0 undecided)), None) =
(s0, output)
Heq: size o0 = S n
is: composite_state MCVLSM
tr': list transition_item
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i init;
        input := None;
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i init (s' i) None = (s0, output)
Hv: valid (existT i init) (s', None)
Hc: MC_constraint (existT i init) (s', None)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
H10: mkSt o0 None = s' i
H12: None = None
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' < r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r <= r' < size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) undecided)),
    None)
  else
   if decide (r' = size o0 - 1)
   then
    (mkSt o0 (Some (mkRS (r' + 1) muddy)),
     None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' ≤ r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r < r' < size o0)
  then
   (mkSt o0 (Some (mkRS r' undecided)), None)
  else
   if decide (r' = size o0)
   then
    (mkSt o0 (Some (mkRS r' muddy)), None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' muddy)), None)
 else
  if decide (r' = size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) clean)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (mkSt o0 (Some (mkRS r undecided)), None) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (mkSt o0 (Some (mkRS r undecided)), None) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' clean)), None)
 else
  if decide (r' = size o0 + 1)
  then
   (mkSt o0 (Some (mkRS (r' - 1) muddy)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
  - (* emit *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
status: ChildStatus
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i emit;
        input := None;
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i emit (s' i) None = (s0, output)
Hv: valid (existT i emit) (s', None)
Hc: MC_constraint (existT i emit) (s', None)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
o0: indexSet
Heqcall: (mkSt o0 (Some (mkRS r status)),
 Some (mkMsg i r status)) = (
s0, output)
H10: mkSt o0 (Some (mkRS r status)) = s' i
H12: None = None
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    inversion Heqcall; subst; cbn in *; clear Heqcall Htj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
status: ChildStatus
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
o0: indexSet
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i emit;
        input := None;
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS r status)));
        output := Some (mkMsg i r status)
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid emit (s' i) None
Hc: True
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
H10: mkSt o0 (Some (mkRS r status)) = s' i
H12: None = None
match status with
| undecided => r < size o0
| muddy =>
    r = size o0 ∧ size (MuddyUnion s') - 1 = size o0
| clean =>
    r = size o0 ∧ size (MuddyUnion s') = size o0
end
    unfold MC_component_invariant in Hinvs; rewrite <- H10 in Hinvs; cbn in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
status: ChildStatus
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
o0: indexSet
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i emit;
        input := None;
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS r status)));
        output := Some (mkMsg i r status)
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid emit (s' i) None
Hc: True
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop
  (mkSt o0 (Some (mkRS r status)))
∨ MC_component_invariant_helper
    (mkSt o0 (Some (mkRS r status)))
    (MuddyUnion s')
Hinvs': MC_composite_invariant s'
H10: mkSt o0 (Some (mkRS r status)) = s' i
H12: None = None
match status with
| undecided => r < size o0
| muddy =>
    r = size o0 ∧ size (MuddyUnion s') - 1 = size o0
| clean =>
    r = size o0 ∧ size (MuddyUnion s') = size o0
end
    by destruct Hinvs.
  - (* receive *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
rs_round0: nat
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
m: Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some m;
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive (s' i) (Some m) =
(s0, output)
Hv: valid (existT i receive) (s', Some m)
Hc: MC_constraint (existT i receive) (s', Some m)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
o: indexSet
Heqcall: (mkSt o (Some (mkRS rs_round0 muddy)), None) =
(s0, output)
H10: mkSt o (Some (mkRS rs_round0 muddy)) = s' i
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    inversion Heqcall; subst; cbn in *; clear Heqcall Htj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
rs_round0: nat
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
m: Message
o: indexSet
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some m;
        destination :=
          state_update MCVLSM s' i
            (mkSt o
               (Some (mkRS rs_round0 muddy)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid receive (s' i) (Some m)
Hc: MC_no_equivocation s' m
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
H10: mkSt o (Some (mkRS rs_round0 muddy)) = s' i
rs_round0 = size o ∧ size (MuddyUnion s') - 1 = size o
    unfold MC_component_invariant in Hinvs; rewrite <- H10 in Hinvs; cbn in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
rs_round0: nat
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
m: Message
o: indexSet
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some m;
        destination :=
          state_update MCVLSM s' i
            (mkSt o
               (Some (mkRS rs_round0 muddy)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid receive (s' i) (Some m)
Hc: MC_no_equivocation s' m
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop
  (mkSt o (Some (mkRS rs_round0 muddy)))
∨ rs_round0 = size o
  ∧ size (MuddyUnion s') - 1 = size o
Hinvs': MC_composite_invariant s'
H10: mkSt o (Some (mkRS rs_round0 muddy)) = s' i
rs_round0 = size o ∧ size (MuddyUnion s') - 1 = size o
    by destruct Hinvs.
  - (* receive *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
rs_round0: nat
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
m: Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some m;
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive (s' i) (Some m) =
(s0, output)
Hv: valid (existT i receive) (s', Some m)
Hc: MC_constraint (existT i receive) (s', Some m)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
o: indexSet
Heqcall: (mkSt o (Some (mkRS rs_round0 clean)), None) =
(s0, output)
H10: mkSt o (Some (mkRS rs_round0 clean)) = s' i
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    inversion Heqcall; subst; cbn in *; clear Heqcall Htj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
rs_round0: nat
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
m: Message
o: indexSet
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some m;
        destination :=
          state_update MCVLSM s' i
            (mkSt o
               (Some (mkRS rs_round0 clean)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid receive (s' i) (Some m)
Hc: MC_no_equivocation s' m
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
H10: mkSt o (Some (mkRS rs_round0 clean)) = s' i
rs_round0 = size o ∧ size (MuddyUnion s') = size o
    unfold MC_component_invariant in Hinvs; rewrite <- H10 in Hinvs; cbn in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
rs_round0: nat
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
m: Message
o: indexSet
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some m;
        destination :=
          state_update MCVLSM s' i
            (mkSt o
               (Some (mkRS rs_round0 clean)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid receive (s' i) (Some m)
Hc: MC_no_equivocation s' m
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop
  (mkSt o (Some (mkRS rs_round0 clean)))
∨ rs_round0 = size o
  ∧ size (MuddyUnion s') = size o
Hinvs': MC_composite_invariant s'
H10: mkSt o (Some (mkRS rs_round0 clean)) = s' i
rs_round0 = size o ∧ size (MuddyUnion s') = size o
    by destruct Hinvs.
  - (* init *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o0: indexSet
s': composite_state MCVLSM
s0: State
output: option Message
Heqcall: (mkSt o0 (Some (mkRS 0 muddy)), None) =
(s0, output)
Heq: size o0 = 0
is: composite_state MCVLSM
tr': list transition_item
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i init;
        input := None;
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i init (s' i) None = (s0, output)
Hv: valid (existT i init) (s', None)
Hc: MC_constraint (existT i init) (s', None)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
H10: mkSt o0 None = s' i
H12: None = None
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    inversion Heqcall; subst; cbn in *; clear Heqcall Htj Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o0: indexSet
s': composite_state MCVLSM
Heq: size o0 = 0
is: composite_state MCVLSM
tr': list transition_item
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i init;
        input := None;
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS 0 muddy)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid init (s' i) None
Hc: consistent s'
Hinit: composite_initial_state_prop MCVLSM is
Hinvs': MC_composite_invariant s'
H10: mkSt o0 None = s' i
H12: None = None
0 = size o0 ∧ size (MuddyUnion s') - 1 = size o0
    split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o0: indexSet
s': composite_state MCVLSM
Heq: size o0 = 0
is: composite_state MCVLSM
tr': list transition_item
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i init;
        input := None;
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS 0 muddy)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid init (s' i) None
Hc: consistent s'
Hinit: composite_initial_state_prop MCVLSM is
Hinvs': MC_composite_invariant s'
H10: mkSt o0 None = s' i
H12: None = None
size (MuddyUnion s') - 1 = size o0
    destruct Hc as [Hunion Hc].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o0: indexSet
s': composite_state MCVLSM
Heq: size o0 = 0
is: composite_state MCVLSM
tr': list transition_item
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i init;
        input := None;
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS 0 muddy)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid init (s' i) None
Hunion: MuddyUnion s' ≢ ∅
Hc: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hinit: composite_initial_state_prop MCVLSM is
Hinvs': MC_composite_invariant s'
H10: mkSt o0 None = s' i
H12: None = None
size (MuddyUnion s') - 1 = size o0
    specialize (Hc i); rewrite <- H10 in Hc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o0: indexSet
s': composite_state MCVLSM
Heq: size o0 = 0
is: composite_state MCVLSM
tr': list transition_item
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i init;
        input := None;
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS 0 muddy)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid init (s' i) None
Hunion: MuddyUnion s' ≢ ∅
Hc: st_obs (mkSt o0 None) ≡ MuddyUnion s' ∖ {[i]}
Hinit: composite_initial_state_prop MCVLSM is
Hinvs': MC_composite_invariant s'
H10: mkSt o0 None = s' i
H12: None = None
size (MuddyUnion s') - 1 = size o0
    cbn in Hc; rewrite Hc, size_difference, size_singleton; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o0: indexSet
s': composite_state MCVLSM
Heq: size o0 = 0
is: composite_state MCVLSM
tr': list transition_item
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i init;
        input := None;
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS 0 muddy)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid init (s' i) None
Hunion: MuddyUnion s' ≢ ∅
Hc: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinit: composite_initial_state_prop MCVLSM is
Hinvs': MC_composite_invariant s'
H10: mkSt o0 None = s' i
H12: None = None
{[i]} ⊆ MuddyUnion s'
    apply singleton_subseteq_l.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o0: indexSet
s': composite_state MCVLSM
Heq: size o0 = 0
is: composite_state MCVLSM
tr': list transition_item
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i init;
        input := None;
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS 0 muddy)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid init (s' i) None
Hunion: MuddyUnion s' ≢ ∅
Hc: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinit: composite_initial_state_prop MCVLSM is
Hinvs': MC_composite_invariant s'
H10: mkSt o0 None = s' i
H12: None = None
i ∈ MuddyUnion s'
    by apply size_empty_iff in Heq; rewrite Heq in Hc; set_solver.
  - (* init *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
n: nat
o0: indexSet
s': composite_state MCVLSM
s0: State
output: option Message
Heqcall: (mkSt o0 (Some (mkRS 0 undecided)), None) =
(s0, output)
Heq: size o0 = S n
is: composite_state MCVLSM
tr': list transition_item
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i init;
        input := None;
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i init (s' i) None = (s0, output)
Hv: valid (existT i init) (s', None)
Hc: MC_constraint (existT i init) (s', None)
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
H10: mkSt o0 None = s' i
H12: None = None
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    by inversion Heqcall; subst; cbn in *; lia.
  - (* receive *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' < r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r <= r' < size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) undecided)),
    None)
  else
   if decide (r' = size o0 - 1)
   then
    (mkSt o0 (Some (mkRS (r' + 1) muddy)),
     None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    unfold MC_component_invariant in Hinvs; rewrite <- H10 in Hinvs; cbn in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop
  (mkSt o0 (Some (mkRS r undecided)))
∨ r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' < r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r <= r' < size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) undecided)),
    None)
  else
   if decide (r' = size o0 - 1)
   then
    (mkSt o0 (Some (mkRS (r' + 1) muddy)),
     None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    destruct Hinvs; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' < r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r <= r' < size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) undecided)),
    None)
  else
   if decide (r' = size o0 - 1)
   then
    (mkSt o0 (Some (mkRS (r' + 1) muddy)),
     None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    eapply consistent_finite_valid_trace_from_to in Htr'
      as [HMuddy_s' Hconsistent]; [| by rewrite <- H10; cbn].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' < r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r <= r' < size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) undecided)),
    None)
  else
   if decide (r' = size o0 - 1)
   then
    (mkSt o0 (Some (mkRS (r' + 1) muddy)),
     None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    specialize (Hconsistent i) as Hconsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' < r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r <= r' < size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) undecided)),
    None)
  else
   if decide (r' = size o0 - 1)
   then
    (mkSt o0 (Some (mkRS (r' + 1) muddy)),
     None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: st_obs (s' i) ≡ MuddyUnion s' ∖ {[i]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    rewrite <- H10 in Hconsi; cbn in Hconsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' < r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r <= r' < size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) undecided)),
    None)
  else
   if decide (r' = size o0 - 1)
   then
    (mkSt o0 (Some (mkRS (r' + 1) muddy)),
     None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    assert (Hinvs : MC_component_invariant_helper (mkSt (st_obs (s' j))
      (Some (mkRS r' undecided))) (MuddyUnion s'))
      by (eapply MC_component_invariant_helper_from_constraint; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' < r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r <= r' < size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) undecided)),
    None)
  else
   if decide (r' = size o0 - 1)
   then
    (mkSt o0 (Some (mkRS (r' + 1) muddy)),
     None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: MC_component_invariant_helper
  (mkSt (st_obs (s' j))
     (Some (mkRS r' undecided)))
  (MuddyUnion s')
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    assert (o0 ≡ st_obs (s' i)) by (rewrite <- H10; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' < r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r <= r' < size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) undecided)),
    None)
  else
   if decide (r' = size o0 - 1)
   then
    (mkSt o0 (Some (mkRS (r' + 1) muddy)),
     None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: MC_component_invariant_helper
  (mkSt (st_obs (s' j))
     (Some (mkRS r' undecided)))
  (MuddyUnion s')
H9: o0 ≡ st_obs (s' i)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    repeat case_decide; inversion Heqcall; subst; cbn in *; clear Heqcall;
      repeat split; try lia; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin, H15: j ∈ o0
Heq: left H15 = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
Hc: match s' j with
| mkSt _ (Some (mkRS r status)) =>
    undecided = status ∧ size o0 - 1 = r
    ∨ undecided = undecided ∧ size o0 - 1 < r
| mkSt _ None => False
end
Hv: MC_valid receive (s' i)
  (Some (mkMsg j (size o0 - 1) undecided))
Htj: MC_transition i receive 
  (s' i)
  (Some (mkMsg j (size o0 - 1) undecided)) =
(mkSt o0 (Some (mkRS (size o0 - 1 + 1) muddy)),
 None)
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input :=
          Some
            (mkMsg j (size o0 - 1) undecided);
        destination :=
          state_update MCVLSM s' i
            (mkSt o0
               (Some
                  (mkRS (size o0 - 1 + 1) muddy)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
H13: ¬ r <= size o0 - 1 < size o0 - 1
H11: ¬ size o0 - 1 < r
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j (size o0 - 1) undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: size o0 - 1 < size (st_obs (s' j))
H9: o0 ≡ st_obs (s' i)
size (MuddyUnion s') - 1 = size o0
    by eapply MC_composite_invariant_preservation_muddy_from_undecided.
  - (* receive *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' ≤ r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r < r' < size o0)
  then
   (mkSt o0 (Some (mkRS r' undecided)), None)
  else
   if decide (r' = size o0)
   then
    (mkSt o0 (Some (mkRS r' muddy)), None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    unfold MC_component_invariant in Hinvs; rewrite <- H10 in Hinvs; cbn in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop
  (mkSt o0 (Some (mkRS r undecided)))
∨ r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' ≤ r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r < r' < size o0)
  then
   (mkSt o0 (Some (mkRS r' undecided)), None)
  else
   if decide (r' = size o0)
   then
    (mkSt o0 (Some (mkRS r' muddy)), None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    destruct Hinvs; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' ≤ r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r < r' < size o0)
  then
   (mkSt o0 (Some (mkRS r' undecided)), None)
  else
   if decide (r' = size o0)
   then
    (mkSt o0 (Some (mkRS r' muddy)), None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    eapply consistent_finite_valid_trace_from_to in Htr'
      as [HMuddy_s' Hconsistent]; [| by rewrite <- H10; cbn].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' ≤ r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r < r' < size o0)
  then
   (mkSt o0 (Some (mkRS r' undecided)), None)
  else
   if decide (r' = size o0)
   then
    (mkSt o0 (Some (mkRS r' muddy)), None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    specialize (Hconsistent i) as Hconsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' ≤ r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r < r' < size o0)
  then
   (mkSt o0 (Some (mkRS r' undecided)), None)
  else
   if decide (r' = size o0)
   then
    (mkSt o0 (Some (mkRS r' muddy)), None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: st_obs (s' i) ≡ MuddyUnion s' ∖ {[i]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    rewrite <- H10 in Hconsi; cbn in Hconsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' ≤ r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r < r' < size o0)
  then
   (mkSt o0 (Some (mkRS r' undecided)), None)
  else
   if decide (r' = size o0)
   then
    (mkSt o0 (Some (mkRS r' muddy)), None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    assert (Hinvs : MC_component_invariant_helper (mkSt (st_obs (s' j))
      (Some (mkRS r' undecided))) (MuddyUnion s'))
      by (eapply MC_component_invariant_helper_from_constraint; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' ≤ r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r < r' < size o0)
  then
   (mkSt o0 (Some (mkRS r' undecided)), None)
  else
   if decide (r' = size o0)
   then
    (mkSt o0 (Some (mkRS r' muddy)), None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: MC_component_invariant_helper
  (mkSt (st_obs (s' j))
     (Some (mkRS r' undecided)))
  (MuddyUnion s')
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    assert (o0 ≡ st_obs (s' i)) by (rewrite <- H10; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' undecided);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' undecided)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' undecided))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' ≤ r)
 then
  (mkSt o0 (Some (mkRS r undecided)), None)
 else
  if decide (r < r' < size o0)
  then
   (mkSt o0 (Some (mkRS r' undecided)), None)
  else
   if decide (r' = size o0)
   then
    (mkSt o0 (Some (mkRS r' muddy)), None)
   else
    (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: MC_component_invariant_helper
  (mkSt (st_obs (s' j))
     (Some (mkRS r' undecided)))
  (MuddyUnion s')
H9: o0 ≡ st_obs (s' i)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    repeat case_decide; inversion Heqcall; subst; cbn in *; clear Heqcall;
      repeat split; try lia; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin, H15: j ∉ o0
Heq: right H15 = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
Hc: match s' j with
| mkSt _ (Some (mkRS r status)) =>
    undecided = status ∧ size o0 = r
    ∨ undecided = undecided ∧ size o0 < r
| mkSt _ None => False
end
Hv: MC_valid receive (s' i)
  (Some (mkMsg j (size o0) undecided))
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j (size o0) undecided)) =
(mkSt o0 (Some (mkRS (size o0) muddy)), None)
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input :=
          Some (mkMsg j (size o0) undecided);
        destination :=
          state_update MCVLSM s' i
            (mkSt o0
               (Some (mkRS (size o0) muddy)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
H13: ¬ r < size o0 < size o0
H11: ¬ size o0 ≤ r
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j (size o0) undecided)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: size o0 < size (st_obs (s' j))
H9: o0 ≡ st_obs (s' i)
size (MuddyUnion s') - 1 = size o0
    by eapply MC_composite_invariant_preservation_muddy_from_clean.
  - (* receive *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' muddy)), None)
 else
  if decide (r' = size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) clean)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    unfold MC_component_invariant in Hinvs; rewrite <- H10 in Hinvs; cbn in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop
  (mkSt o0 (Some (mkRS r undecided)))
∨ r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' muddy)), None)
 else
  if decide (r' = size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) clean)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    destruct Hinvs; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' muddy)), None)
 else
  if decide (r' = size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) clean)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    eapply consistent_finite_valid_trace_from_to in Htr'
      as [HMuddy_s' Hconsistent]; [| by rewrite <- H10; cbn].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' muddy)), None)
 else
  if decide (r' = size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) clean)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    specialize (Hconsistent i) as Hconsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' muddy)), None)
 else
  if decide (r' = size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) clean)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: st_obs (s' i) ≡ MuddyUnion s' ∖ {[i]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    rewrite <- H10 in Hconsi; cbn in Hconsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' muddy)), None)
 else
  if decide (r' = size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) clean)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    assert (Hinvs : MC_component_invariant_helper (mkSt (st_obs (s' j))
      (Some (mkRS r' muddy))) (MuddyUnion s'))
      by (eapply MC_component_invariant_helper_from_constraint; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' muddy)), None)
 else
  if decide (r' = size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) clean)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: MC_component_invariant_helper
  (mkSt (st_obs (s' j)) (Some (mkRS r' muddy)))
  (MuddyUnion s')
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    assert (o0 ≡ st_obs (s' i)) by (rewrite <- H10; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' muddy)), None)
 else
  if decide (r' = size o0 - 1)
  then
   (mkSt o0 (Some (mkRS (r' + 1) clean)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: MC_component_invariant_helper
  (mkSt (st_obs (s' j)) (Some (mkRS r' muddy)))
  (MuddyUnion s')
H9: o0 ≡ st_obs (s' i)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    repeat case_decide; inversion Heqcall; subst; cbn in *; clear Heqcall;
      repeat split; try lia; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin, H14: j ∈ o0
Heq: left H14 = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
Hc: match s' j with
| mkSt _ (Some (mkRS r status)) =>
    muddy = status ∧ size o0 - 1 = r
    ∨ muddy = undecided ∧ size o0 - 1 < r
| mkSt _ None => False
end
Hv: MC_valid receive (s' i)
  (Some (mkMsg j (size o0 - 1) muddy))
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j (size o0 - 1) muddy)) =
(mkSt o0 (Some (mkRS (size o0 - 1 + 1) clean)),
 None)
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input :=
          Some (mkMsg j (size o0 - 1) muddy);
        destination :=
          state_update MCVLSM s' i
            (mkSt o0
               (Some
                  (mkRS (size o0 - 1 + 1) clean)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
H11: size o0 - 1 ≠ size o0
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j (size o0 - 1) muddy)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: size o0 - 1 = size (st_obs (s' j))
∧ size (MuddyUnion s') - 1 =
  size (st_obs (s' j))
H9: o0 ≡ st_obs (s' i)
size (MuddyUnion s') = size o0
    destruct Hinvs as [Hstobs Hmuddy].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin, H14: j ∈ o0
Heq: left H14 = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
Hc: match s' j with
| mkSt _ (Some (mkRS r status)) =>
    muddy = status ∧ size o0 - 1 = r
    ∨ muddy = undecided ∧ size o0 - 1 < r
| mkSt _ None => False
end
Hv: MC_valid receive (s' i)
  (Some (mkMsg j (size o0 - 1) muddy))
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j (size o0 - 1) muddy)) =
(mkSt o0 (Some (mkRS (size o0 - 1 + 1) clean)),
 None)
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input :=
          Some (mkMsg j (size o0 - 1) muddy);
        destination :=
          state_update MCVLSM s' i
            (mkSt o0
               (Some
                  (mkRS (size o0 - 1 + 1) clean)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
H11: size o0 - 1 ≠ size o0
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j (size o0 - 1) muddy)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hstobs: size o0 - 1 = size (st_obs (s' j))
Hmuddy: size (MuddyUnion s') - 1 =
size (st_obs (s' j))
H9: o0 ≡ st_obs (s' i)
size (MuddyUnion s') = size o0
    rewrite <- Hmuddy in Hstobs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin, H14: j ∈ o0
Heq: left H14 = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
Hc: match s' j with
| mkSt _ (Some (mkRS r status)) =>
    muddy = status ∧ size o0 - 1 = r
    ∨ muddy = undecided ∧ size o0 - 1 < r
| mkSt _ None => False
end
Hv: MC_valid receive (s' i)
  (Some (mkMsg j (size o0 - 1) muddy))
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j (size o0 - 1) muddy)) =
(mkSt o0 (Some (mkRS (size o0 - 1 + 1) clean)),
 None)
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input :=
          Some (mkMsg j (size o0 - 1) muddy);
        destination :=
          state_update MCVLSM s' i
            (mkSt o0
               (Some
                  (mkRS (size o0 - 1 + 1) clean)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
H11: size o0 - 1 ≠ size o0
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j (size o0 - 1) muddy)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hstobs: size o0 - 1 = size (MuddyUnion s') - 1
Hmuddy: size (MuddyUnion s') - 1 =
size (st_obs (s' j))
H9: o0 ≡ st_obs (s' i)
size (MuddyUnion s') = size o0
    destruct (decide (size (MuddyUnion s') = 0)); [| by lia].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin, H14: j ∈ o0
Heq: left H14 = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
Hc: match s' j with
| mkSt _ (Some (mkRS r status)) =>
    muddy = status ∧ size o0 - 1 = r
    ∨ muddy = undecided ∧ size o0 - 1 < r
| mkSt _ None => False
end
Hv: MC_valid receive (s' i)
  (Some (mkMsg j (size o0 - 1) muddy))
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j (size o0 - 1) muddy)) =
(mkSt o0 (Some (mkRS (size o0 - 1 + 1) clean)),
 None)
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input :=
          Some (mkMsg j (size o0 - 1) muddy);
        destination :=
          state_update MCVLSM s' i
            (mkSt o0
               (Some
                  (mkRS (size o0 - 1 + 1) clean)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
H11: size o0 - 1 ≠ size o0
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j (size o0 - 1) muddy)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hstobs: size o0 - 1 = size (MuddyUnion s') - 1
Hmuddy: size (MuddyUnion s') - 1 =
size (st_obs (s' j))
H9: o0 ≡ st_obs (s' i)
e: size (MuddyUnion s') = 0
size (MuddyUnion s') = size o0
    by apply size_non_empty_iff in HMuddy_s'.
  - (* receive *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' muddy)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' muddy))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (mkSt o0 (Some (mkRS r undecided)), None) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    inversion Heqcall; subst; cbn in *; clear Heqcall Htj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS r undecided)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid receive (s' i) (Some (mkMsg j r' muddy))
Hc: match s' j with
| mkSt _ (Some (mkRS r status)) =>
    muddy = status ∧ r' = r
    ∨ muddy = undecided ∧ r' < r
| mkSt _ None => False
end
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
r < size o0
    unfold MC_component_invariant in Hinvs; rewrite <- H10 in Hinvs; cbn in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' muddy);
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS r undecided)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid receive (s' i) (Some (mkMsg j r' muddy))
Hc: match s' j with
| mkSt _ (Some (mkRS r status)) =>
    muddy = status ∧ r' = r
    ∨ muddy = undecided ∧ r' < r
| mkSt _ None => False
end
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop
  (mkSt o0 (Some (mkRS r undecided)))
∨ r < size o0
Hinvs': MC_composite_invariant s'
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' muddy)
r < size o0
    by destruct Hinvs.
  - (* receive *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (mkSt o0 (Some (mkRS r undecided)), None) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    inversion Heqcall; cbn in *; subst; clear Heqcall Htj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS r undecided)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid receive (s' i) (Some (mkMsg j r' clean))
Hc: match s' j with
| mkSt _ (Some (mkRS r status)) =>
    clean = status ∧ r' = r
    ∨ clean = undecided ∧ r' < r
| mkSt _ None => False
end
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
r < size o0
    unfold MC_component_invariant in Hinvs; rewrite <- H10 in Hinvs; cbn in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∈ o0
r': nat
Heq: decide (j ∈ o0) = left Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i
            (mkSt o0 (Some (mkRS r undecided)));
        output := None
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Hv: MC_valid receive (s' i) (Some (mkMsg j r' clean))
Hc: match s' j with
| mkSt _ (Some (mkRS r status)) =>
    clean = status ∧ r' = r
    ∨ clean = undecided ∧ r' < r
| mkSt _ None => False
end
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop
  (mkSt o0 (Some (mkRS r undecided)))
∨ r < size o0
Hinvs': MC_composite_invariant s'
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
r < size o0
    by destruct Hinvs.
  - (* receive *)index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: initial_state_prop (s' i)
∨ MC_component_invariant s' i
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' clean)), None)
 else
  if decide (r' = size o0 + 1)
  then
   (mkSt o0 (Some (mkRS (r' - 1) muddy)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    unfold MC_component_invariant in Hinvs; rewrite <- H10 in Hinvs; cbn in Hinvs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
Hinvs: MC_initial_state_prop
  (mkSt o0 (Some (mkRS r undecided)))
∨ r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' clean)), None)
 else
  if decide (r' = size o0 + 1)
  then
   (mkSt o0 (Some (mkRS (r' - 1) muddy)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    destruct Hinvs; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htr': finite_valid_trace_from_to MC_composite_vlsm is
  s' tr'
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' clean)), None)
 else
  if decide (r' = size o0 + 1)
  then
   (mkSt o0 (Some (mkRS (r' - 1) muddy)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    eapply consistent_finite_valid_trace_from_to in Htr'
      as [HMuddy_s' Hconsistent]; [| by rewrite <- H10; cbn].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' clean)), None)
 else
  if decide (r' = size o0 + 1)
  then
   (mkSt o0 (Some (mkRS (r' - 1) muddy)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    specialize (Hconsistent i) as Hconsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' clean)), None)
 else
  if decide (r' = size o0 + 1)
  then
   (mkSt o0 (Some (mkRS (r' - 1) muddy)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: st_obs (s' i) ≡ MuddyUnion s' ∖ {[i]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    rewrite <- H10 in Hconsi; cbn in Hconsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' clean)), None)
 else
  if decide (r' = size o0 + 1)
  then
   (mkSt o0 (Some (mkRS (r' - 1) muddy)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    assert (Hinvs : MC_component_invariant_helper (mkSt (st_obs (s' j))
      (Some (mkRS r' clean))) (MuddyUnion s'))
      by (eapply MC_component_invariant_helper_from_constraint; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' clean)), None)
 else
  if decide (r' = size o0 + 1)
  then
   (mkSt o0 (Some (mkRS (r' - 1) muddy)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: MC_component_invariant_helper
  (mkSt (st_obs (s' j)) (Some (mkRS r' clean)))
  (MuddyUnion s')
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    assert (o0 ≡ st_obs (s' i)) by (rewrite <- H10; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
r: nat
j: index
o0: indexSet
Hin: j ∉ o0
r': nat
Heq: decide (j ∈ o0) = right Hin
is: composite_state MCVLSM
tr': list transition_item
s': composite_state MCVLSM
s0: State
output: option Message
Hind: ∀ y : nat,
  y <
  length
    (tr' ++
     [{|
        l := existT i receive;
        input := Some (mkMsg j r' clean);
        destination :=
          state_update MCVLSM s' i s0;
        output := output
      |}])
  → ∀ (s : composite_state MCVLSM) 
      (tr : list transition_item),
      y = length tr
      → finite_valid_trace_init_to
          MC_composite_vlsm is s tr
        → MC_composite_invariant s
Htj: MC_transition i receive 
  (s' i) (Some (mkMsg j r' clean)) =
(s0, output)
Hv: valid (existT i receive)
  (s', Some (mkMsg j r' clean))
Hc: MC_constraint (existT i receive)
  (s', Some (mkMsg j r' clean))
Hinit: composite_initial_state_prop MCVLSM is
H0: r < size o0
Hinvs': MC_composite_invariant s'
Heqcall: (if decide (r' = size o0)
 then (mkSt o0 (Some (mkRS r' clean)), None)
 else
  if decide (r' = size o0 + 1)
  then
   (mkSt o0 (Some (mkRS (r' - 1) muddy)),
    None)
  else
   (mkSt o0 (Some (mkRS r undecided)), None)) =
(s0, output)
m: Message
H10: mkSt o0 (Some (mkRS r undecided)) = s' i
H12: Some m = Some (mkMsg j r' clean)
HMuddy_s': MuddyUnion s' ≢ ∅
Hconsistent: ∀ n : index,
  st_obs (s' n) ≡ MuddyUnion s' ∖ {[n]}
Hconsi: o0 ≡ MuddyUnion s' ∖ {[i]}
Hinvs: MC_component_invariant_helper
  (mkSt (st_obs (s' j)) (Some (mkRS r' clean)))
  (MuddyUnion s')
H9: o0 ≡ st_obs (s' i)
match state_status (st_rs s0) with
| undecided =>
    state_round (st_rs s0) < size (st_obs s0)
| muddy =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') - 1 = size (st_obs s0)
| clean =>
    state_round (st_rs s0) = size (st_obs s0)
    ∧ size (MuddyUnion s') = size (st_obs s0)
end
    by repeat case_decide; inversion Heqcall; subst; cbn in *; clear Heqcall; lia.
Qed.

Lemma MC_composite_invariant_preservation_inductive (s : composite_state MCVLSM) :
  valid_state_prop MC_composite_vlsm s -> MC_composite_invariant_inductive s.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
valid_state_prop MC_composite_vlsm s
→ MC_composite_invariant_inductive s
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
valid_state_prop MC_composite_vlsm s
→ MC_composite_invariant_inductive s
  intros Hv i.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hv: valid_state_prop MC_composite_vlsm s
i: index
initial_state_prop (s i)
∨ MC_component_invariant_inductive s i
  destruct (MC_composite_invariant_preservation _ Hv i); [by left|].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hv: valid_state_prop MC_composite_vlsm s
i: index
H9: MC_component_invariant s i
initial_state_prop (s i)
∨ MC_component_invariant_inductive s i
  by right; apply MC_component_invariant_equiv_MC_component_invariant_inductive.
Qed.

Auxiliary progress results

Lemma MC_valid_noequiv_muddy (s : composite_state MCVLSM) (m : Message) :
  valid_state_prop MC_composite_vlsm s ->
  msg_status m = muddy ->
  MC_no_equivocation s m ->
  msg_round m = size (MuddyUnion s) - 1 /\ msg_index m ∈ MuddyUnion s.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
valid_state_prop MC_composite_vlsm s
→ msg_status m = muddy
  → MC_no_equivocation s m
    → msg_round m = size (MuddyUnion s) - 1
      ∧ msg_index m ∈ MuddyUnion s
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
valid_state_prop MC_composite_vlsm s
→ msg_status m = muddy
  → MC_no_equivocation s m
    → msg_round m = size (MuddyUnion s) - 1
      ∧ msg_index m ∈ MuddyUnion s
  intros Hs Hmuddy Hnoequiv.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: valid_state_prop MC_composite_vlsm s
Hmuddy: msg_status m = muddy
Hnoequiv: MC_no_equivocation s m
msg_round m = size (MuddyUnion s) - 1
∧ msg_index m ∈ MuddyUnion s
  pose proof (Hs' := Hs).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: valid_state_prop MC_composite_vlsm s
Hmuddy: msg_status m = muddy
Hnoequiv: MC_no_equivocation s m
Hs': valid_state_prop MC_composite_vlsm s
msg_round m = size (MuddyUnion s) - 1
∧ msg_index m ∈ MuddyUnion s
  apply MC_composite_invariant_preservation in Hs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: MC_composite_invariant s
Hmuddy: msg_status m = muddy
Hnoequiv: MC_no_equivocation s m
Hs': valid_state_prop MC_composite_vlsm s
msg_round m = size (MuddyUnion s) - 1
∧ msg_index m ∈ MuddyUnion s
  destruct (Hs (msg_index m)) as [Hinit | Hinvariant].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: MC_composite_invariant s
Hmuddy: msg_status m = muddy
Hnoequiv: MC_no_equivocation s m
Hs': valid_state_prop MC_composite_vlsm s
Hinit: initial_state_prop (s (msg_index m))
msg_round m = size (MuddyUnion s) - 1
∧ msg_index m ∈ MuddyUnion s
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: MC_composite_invariant s
Hmuddy: msg_status m = muddy
Hnoequiv: MC_no_equivocation s m
Hs': valid_state_prop MC_composite_vlsm s
Hinvariant: MC_component_invariant s (msg_index m)
msg_round m = size (MuddyUnion s) - 1
∧ msg_index m ∈ MuddyUnion s
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: MC_composite_invariant s
Hmuddy: msg_status m = muddy
Hnoequiv: MC_no_equivocation s m
Hs': valid_state_prop MC_composite_vlsm s
Hinit: initial_state_prop (s (msg_index m))
msg_round m = size (MuddyUnion s) - 1
∧ msg_index m ∈ MuddyUnion s unfold MC_no_equivocation in Hnoequiv.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: MC_composite_invariant s
Hmuddy: msg_status m = muddy
Hnoequiv: match m with
| mkMsg n r' status' =>
    match s n with
    | mkSt _ (Some (mkRS r status)) =>
        status' = status ∧ r' = r
        ∨ status' = undecided ∧ r' < r
    | mkSt _ None => False
    end
end
Hs': valid_state_prop MC_composite_vlsm s
Hinit: initial_state_prop (s (msg_index m))
msg_round m = size (MuddyUnion s) - 1
∧ msg_index m ∈ MuddyUnion s
    repeat case_match; cbn in *; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: MC_composite_invariant s
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
H9: m = mkMsg msg_index0 msg_round0 msg_status0
Hmuddy: msg_status0 = muddy
st_obs0: indexSet
st_rs0: option RoundStatus
r: RoundStatus
rs_round0: nat
rs_status0: ChildStatus
H12: r = mkRS rs_round0 rs_status0
H11: st_rs0 = Some (mkRS rs_round0 rs_status0)
H10: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 rs_status0))
Hnoequiv: msg_status0 = rs_status0
∧ msg_round0 = rs_round0
∨ msg_status0 = undecided
  ∧ msg_round0 < rs_round0
Hs': valid_state_prop MC_composite_vlsm s
Hinit: MC_initial_state_prop (s msg_index0)
msg_round0 = size (MuddyUnion s) - 1
∧ msg_index0 ∈ MuddyUnion s
    unfold MC_initial_state_prop in Hinit.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: MC_composite_invariant s
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
H9: m = mkMsg msg_index0 msg_round0 msg_status0
Hmuddy: msg_status0 = muddy
st_obs0: indexSet
st_rs0: option RoundStatus
r: RoundStatus
rs_round0: nat
rs_status0: ChildStatus
H12: r = mkRS rs_round0 rs_status0
H11: st_rs0 = Some (mkRS rs_round0 rs_status0)
H10: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 rs_status0))
Hnoequiv: msg_status0 = rs_status0
∧ msg_round0 = rs_round0
∨ msg_status0 = undecided
  ∧ msg_round0 < rs_round0
Hs': valid_state_prop MC_composite_vlsm s
Hinit: st_rs (s msg_index0) = None
msg_round0 = size (MuddyUnion s) - 1
∧ msg_index0 ∈ MuddyUnion s
    by rewrite H10 in Hinit.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: MC_composite_invariant s
Hmuddy: msg_status m = muddy
Hnoequiv: MC_no_equivocation s m
Hs': valid_state_prop MC_composite_vlsm s
Hinvariant: MC_component_invariant s (msg_index m)
msg_round m = size (MuddyUnion s) - 1
∧ msg_index m ∈ MuddyUnion s unfold MC_component_invariant, MC_component_invariant_helper in Hinvariant.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: MC_composite_invariant s
Hmuddy: msg_status m = muddy
Hnoequiv: MC_no_equivocation s m
Hs': valid_state_prop MC_composite_vlsm s
Hinvariant: match
  state_status (st_rs (s (msg_index m)))
with
| undecided =>
    state_round (st_rs (s (msg_index m))) <
    size (st_obs (s (msg_index m)))
| muddy =>
    state_round (st_rs (s (msg_index m))) =
    size (st_obs (s (msg_index m)))
    ∧ size (MuddyUnion s) - 1 =
      size (st_obs (s (msg_index m)))
| clean =>
    state_round (st_rs (s (msg_index m))) =
    size (st_obs (s (msg_index m)))
    ∧ size (MuddyUnion s) =
      size (st_obs (s (msg_index m)))
end
msg_round m = size (MuddyUnion s) - 1
∧ msg_index m ∈ MuddyUnion s
    unfold MC_no_equivocation in Hnoequiv.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: MC_composite_invariant s
Hmuddy: msg_status m = muddy
Hnoequiv: match m with
| mkMsg n r' status' =>
    match s n with
    | mkSt _ (Some (mkRS r status)) =>
        status' = status ∧ r' = r
        ∨ status' = undecided ∧ r' < r
    | mkSt _ None => False
    end
end
Hs': valid_state_prop MC_composite_vlsm s
Hinvariant: match
  state_status (st_rs (s (msg_index m)))
with
| undecided =>
    state_round (st_rs (s (msg_index m))) <
    size (st_obs (s (msg_index m)))
| muddy =>
    state_round (st_rs (s (msg_index m))) =
    size (st_obs (s (msg_index m)))
    ∧ size (MuddyUnion s) - 1 =
      size (st_obs (s (msg_index m)))
| clean =>
    state_round (st_rs (s (msg_index m))) =
    size (st_obs (s (msg_index m)))
    ∧ size (MuddyUnion s) =
      size (st_obs (s (msg_index m)))
end
msg_round m = size (MuddyUnion s) - 1
∧ msg_index m ∈ MuddyUnion s
    repeat case_match; cbn in *; subst; try done;
      destruct Hnoequiv as [[Hnoequivst Hnoequivr] | [Hnoequivst Hnoequivr]];
      subst; rewrite H11 in H9; cbn in *; try done.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
Hs': valid_state_prop MC_composite_vlsm s
H9: muddy = muddy
Hinvariant: state_round (st_rs (s msg_index0)) =
size (st_obs (s msg_index0))
∧ size (MuddyUnion s) - 1 =
  size (st_obs (s msg_index0))
rs_round0 = size (MuddyUnion s) - 1
∧ msg_index0 ∈ MuddyUnion s
    rewrite H11 in Hinvariant; cbn in Hinvariant.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
Hs': valid_state_prop MC_composite_vlsm s
H9: muddy = muddy
Hinvariant: rs_round0 = size st_obs0
∧ size (MuddyUnion s) - 1 = size st_obs0
rs_round0 = size (MuddyUnion s) - 1
∧ msg_index0 ∈ MuddyUnion s
    destruct Hinvariant as [Hn Hstobs].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
Hs': valid_state_prop MC_composite_vlsm s
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 = size st_obs0
rs_round0 = size (MuddyUnion s) - 1
∧ msg_index0 ∈ MuddyUnion s
    split; [by rewrite <- Hstobs in Hn |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
Hs': valid_state_prop MC_composite_vlsm s
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 = size st_obs0
msg_index0 ∈ MuddyUnion s
    eapply consistent_valid_state_prop in Hs' as [Hnempty Hcons];
      [| by rewrite H11; cbn].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 = size st_obs0
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
msg_index0 ∈ MuddyUnion s
    replace st_obs0 with (st_obs (s msg_index0)) in Hstobs; [| by rewrite H11].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 =
size (st_obs (s msg_index0))
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
msg_index0 ∈ MuddyUnion s
    rewrite Hcons, size_difference_alt in Hstobs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 =
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[msg_index0]})
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
msg_index0 ∈ MuddyUnion s
    apply size_non_empty_iff in Hnempty.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 =
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[msg_index0]})
Hnempty: size (MuddyUnion s) ≠ 0
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
msg_index0 ∈ MuddyUnion s
    assert (Hintersectgeq1 : size (MuddyUnion s ∩ {[msg_index0]}) >= 1) by lia.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 =
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[msg_index0]})
Hnempty: size (MuddyUnion s) ≠ 0
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hintersectgeq1: size (MuddyUnion s ∩ {[msg_index0]})
≥ 1
msg_index0 ∈ MuddyUnion s
    assert (Hintersectleq1 : MuddyUnion s ∩ {[msg_index0]} ⊆ {[msg_index0]}) by set_solver.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 =
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[msg_index0]})
Hnempty: size (MuddyUnion s) ≠ 0
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hintersectgeq1: size (MuddyUnion s ∩ {[msg_index0]})
≥ 1
Hintersectleq1: MuddyUnion s ∩ {[msg_index0]}
⊆ {[msg_index0]}
msg_index0 ∈ MuddyUnion s
    apply subseteq_size in Hintersectleq1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 =
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[msg_index0]})
Hnempty: size (MuddyUnion s) ≠ 0
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hintersectgeq1: size (MuddyUnion s ∩ {[msg_index0]})
≥ 1
Hintersectleq1: size (MuddyUnion s ∩ {[msg_index0]})
≤ size {[msg_index0]}
msg_index0 ∈ MuddyUnion s
    rewrite size_singleton in Hintersectleq1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 =
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[msg_index0]})
Hnempty: size (MuddyUnion s) ≠ 0
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hintersectgeq1: size (MuddyUnion s ∩ {[msg_index0]})
≥ 1
Hintersectleq1: size (MuddyUnion s ∩ {[msg_index0]})
≤ 1
msg_index0 ∈ MuddyUnion s
    assert (Hintersecteq1 : size (MuddyUnion s ∩ {[msg_index0]}) = 1) by lia.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 =
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[msg_index0]})
Hnempty: size (MuddyUnion s) ≠ 0
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hintersectgeq1: size (MuddyUnion s ∩ {[msg_index0]})
≥ 1
Hintersectleq1: size (MuddyUnion s ∩ {[msg_index0]})
≤ 1
Hintersecteq1: size (MuddyUnion s ∩ {[msg_index0]}) =
1
msg_index0 ∈ MuddyUnion s
    apply size_1_elem_of in Hintersecteq1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_composite_invariant s
msg_index0: index
st_obs0: indexSet
rs_round0: nat
H11: s msg_index0 =
mkSt st_obs0 (Some (mkRS rs_round0 muddy))
H9: muddy = muddy
Hn: rs_round0 = size st_obs0
Hstobs: size (MuddyUnion s) - 1 =
size (MuddyUnion s) -
size (MuddyUnion s ∩ {[msg_index0]})
Hnempty: size (MuddyUnion s) ≠ 0
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hintersectgeq1: size (MuddyUnion s ∩ {[msg_index0]})
≥ 1
Hintersectleq1: size (MuddyUnion s ∩ {[msg_index0]})
≤ 1
Hintersecteq1: ∃ x : index,
  MuddyUnion s ∩ {[msg_index0]}
  ≡ {[x]}
msg_index0 ∈ MuddyUnion s
    by set_solver.
Qed.

Lemma MC_valid_noninitial_state_undecided_round_less_obs
  (s : composite_state MCVLSM) (i : index) :
  valid_state_prop MC_composite_vlsm s ->
  ~ MC_initial_state_prop (s i) ->
  state_status (st_rs (s i)) = undecided ->
  state_round (st_rs (s i)) < size (st_obs (s i)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
valid_state_prop MC_composite_vlsm s
→ ¬ MC_initial_state_prop (s i)
  → state_status (st_rs (s i)) = undecided
    → state_round (st_rs (s i)) < size (st_obs (s i))
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
valid_state_prop MC_composite_vlsm s
→ ¬ MC_initial_state_prop (s i)
  → state_status (st_rs (s i)) = undecided
    → state_round (st_rs (s i)) < size (st_obs (s i))
  intros Hvalid Hundecided.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
Hvalid: valid_state_prop MC_composite_vlsm s
Hundecided: ¬ MC_initial_state_prop (s i)
state_status (st_rs (s i)) = undecided
→ state_round (st_rs (s i)) < size (st_obs (s i))
  apply MC_composite_invariant_preservation_inductive in Hvalid.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
Hvalid: MC_composite_invariant_inductive s
Hundecided: ¬ MC_initial_state_prop (s i)
state_status (st_rs (s i)) = undecided
→ state_round (st_rs (s i)) < size (st_obs (s i))
  destruct (Hvalid i); [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
Hvalid: MC_composite_invariant_inductive s
Hundecided: ¬ MC_initial_state_prop (s i)
H9: MC_component_invariant_inductive s i
state_status (st_rs (s i)) = undecided
→ state_round (st_rs (s i)) < size (st_obs (s i))
  by inversion H9; [| congruence ..].
Qed.

The definitions MC_build_muddy_muddy_trace and MC_build_clean_muddy_trace are useful in the proof of the lemma MC_build_valid_message, where, having a valid state, we aim to obtain a valid message with status undecided, emitted earlier on a trace leading to that state.

To achieve this, we take two indexes i and j, with child j being seen as muddy by i, and want to build a valid trace which corresponds to an exchange of messages between these two children.

We then use these two function definitions in order to build these traces between two specific children.

Fixpoint MC_build_muddy_muddy_trace (is : composite_state MCVLSM)
  (target helper : index) (round : nat) : list (composite_transition_item MCVLSM) :=
match round with
| 0 =>
  let s := state_update MCVLSM is helper
    (mkSt (st_obs (is helper)) (Some (mkRS 0 undecided)))
  in
  let item0 := Build_transition_item (T := composite_type MCVLSM)
    (existT helper init) None s None
  in
  let item1 := Build_transition_item (T := composite_type MCVLSM)
    (existT target init) None (state_update MCVLSM s target (mkSt (st_obs (s target))
    (Some (mkRS 0 undecided)))) None
  in [item0; item1]
| S n =>
  let tr := MC_build_muddy_muddy_trace is helper target n in
  let s := finite_trace_last is tr in
  let item := Build_transition_item (T := composite_type MCVLSM)
    (existT target receive) (Some (mkMsg helper n undecided))
    (state_update MCVLSM s target (mkSt (st_obs (s target))
      (Some (mkRS (S n) undecided)))) None
  in tr ++ [item]
end.

Lemma MC_build_muddy_muddy_trace_last_target
  (is : composite_state MCVLSM)
  (target helper : index) (round : nat) :
  exists (obs : indexSet),
    finite_trace_last is (MC_build_muddy_muddy_trace is target helper round) target
      =
    mkSt obs (Some (mkRS round undecided)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
∃ obs : indexSet,
  finite_trace_last is
    (MC_build_muddy_muddy_trace is target helper round)
    target = mkSt obs (Some (mkRS round undecided))
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
∃ obs : indexSet,
  finite_trace_last is
    (MC_build_muddy_muddy_trace is target helper round)
    target = mkSt obs (Some (mkRS round undecided))
  destruct round; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
∃ obs : indexSet,
  state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target
    (mkSt
       (st_obs
          (state_update MCVLSM is helper
             (mkSt (st_obs (is helper))
                (Some (mkRS 0 undecided))) target))
       (Some (mkRS 0 undecided))) target =
  mkSt obs (Some (mkRS 0 undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
∃ obs : indexSet,
  List.last
    (map destination
       (MC_build_muddy_muddy_trace is helper target
          round ++
        [{|
           l := existT target receive;
           input :=
             Some (mkMsg helper round undecided);
           destination :=
             state_update MCVLSM
               (finite_trace_last is
                  (MC_build_muddy_muddy_trace is
                     helper target round)) target
               (mkSt
                  (st_obs
                     (finite_trace_last is
                       (MC_build_muddy_muddy_trace is
                       helper target round) target))
                  (Some (mkRS (S round) undecided)));
           output := None
         |}])) is target =
  mkSt obs (Some (mkRS (S round) undecided))
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
∃ obs : indexSet,
  state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target
    (mkSt
       (st_obs
          (state_update MCVLSM is helper
             (mkSt (st_obs (is helper))
                (Some (mkRS 0 undecided))) target))
       (Some (mkRS 0 undecided))) target =
  mkSt obs (Some (mkRS 0 undecided)) by state_update_simpl; eexists.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
∃ obs : indexSet,
  List.last
    (map destination
       (MC_build_muddy_muddy_trace is helper target
          round ++
        [{|
           l := existT target receive;
           input :=
             Some (mkMsg helper round undecided);
           destination :=
             state_update MCVLSM
               (finite_trace_last is
                  (MC_build_muddy_muddy_trace is
                     helper target round)) target
               (mkSt
                  (st_obs
                     (finite_trace_last is
                        (MC_build_muddy_muddy_trace is
                           helper target round) target))
                  (Some (mkRS (S round) undecided)));
           output := None
         |}])) is target =
  mkSt obs (Some (mkRS (S round) undecided)) rewrite map_app; cbn; rewrite last_last.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
∃ obs : indexSet,
  state_update MCVLSM
    (finite_trace_last is
       (MC_build_muddy_muddy_trace is helper target
          round)) target
    (mkSt
       (st_obs
          (finite_trace_last is
             (MC_build_muddy_muddy_trace is helper
                target round) target))
       (Some (mkRS (S round) undecided))) target =
  mkSt obs (Some (mkRS (S round) undecided))
    by state_update_simpl; eexists.
Qed.

Lemma MC_build_muddy_muddy_trace_last_helper
  (is : composite_state MCVLSM)
  (target helper : index) (round : nat) :
  helper <> target ->
  exists (obs : indexSet),
    finite_trace_last is (MC_build_muddy_muddy_trace is target helper round) helper
      =
    mkSt obs (Some (mkRS (round - 1) undecided)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
helper ≠ target
→ ∃ obs : indexSet,
    finite_trace_last is
      (MC_build_muddy_muddy_trace is target helper
         round) helper =
    mkSt obs (Some (mkRS (round - 1) undecided))
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
helper ≠ target
→ ∃ obs : indexSet,
    finite_trace_last is
      (MC_build_muddy_muddy_trace is target helper
         round) helper =
    mkSt obs (Some (mkRS (round - 1) undecided))
  intros Hneq.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
∃ obs : indexSet,
  finite_trace_last is
    (MC_build_muddy_muddy_trace is target helper round)
    helper =
  mkSt obs (Some (mkRS (round - 1) undecided))
  destruct round; cbn; [by state_update_simpl; eexists |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
∃ obs : indexSet,
  List.last
    (map destination
       (MC_build_muddy_muddy_trace is helper target
          round ++
        [{|
           l := existT target receive;
           input :=
             Some (mkMsg helper round undecided);
           destination :=
             state_update MCVLSM
               (finite_trace_last is
                  (MC_build_muddy_muddy_trace is
                     helper target round)) target
               (mkSt
                  (st_obs
                     (finite_trace_last is
                        (MC_build_muddy_muddy_trace is
                           helper target round) target))
                  (Some (mkRS (S round) undecided)));
           output := None
         |}])) is helper =
  mkSt obs (Some (mkRS (round - 0) undecided))
  rewrite map_app; cbn; rewrite last_last.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
∃ obs : indexSet,
  state_update MCVLSM
    (finite_trace_last is
       (MC_build_muddy_muddy_trace is helper target
          round)) target
    (mkSt
       (st_obs
          (finite_trace_last is
             (MC_build_muddy_muddy_trace is helper
                target round) target))
       (Some (mkRS (S round) undecided))) helper =
  mkSt obs (Some (mkRS (round - 0) undecided))
  state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
∃ obs : indexSet,
  finite_trace_last is
    (MC_build_muddy_muddy_trace is helper target round)
    helper =
  mkSt obs (Some (mkRS (round - 0) undecided))
  destruct (MC_build_muddy_muddy_trace_last_target is helper target round)
    as (obs & Hlast).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
obs: indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs (Some (mkRS round undecided))
∃ obs : indexSet,
  finite_trace_last is
    (MC_build_muddy_muddy_trace is helper target round)
    helper =
  mkSt obs (Some (mkRS (round - 0) undecided))
  rewrite Hlast; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
obs: indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs (Some (mkRS round undecided))
∃ obs0 : indexSet,
  mkSt obs (Some (mkRS round undecided)) =
  mkSt obs0 (Some (mkRS (round - 0) undecided))
  replace (round - 0) with round by lia.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
obs: indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs (Some (mkRS round undecided))
∃ obs0 : indexSet,
  mkSt obs (Some (mkRS round undecided)) =
  mkSt obs0 (Some (mkRS round undecided))
  by eexists.
Qed.

Lemma MC_valid_message_from_valid_state (s : composite_state MCVLSM) :
  valid_state_prop MC_composite_vlsm s ->
  forall (i : index) (obs : indexSet) (round : nat) (status : ChildStatus),
  s i = mkSt obs (Some (mkRS round status)) ->
  valid_message_prop MC_composite_vlsm (mkMsg i round status).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
valid_state_prop MC_composite_vlsm s
→ ∀ (i : index) (obs : indexSet) (round : nat) (status : ChildStatus),
    s i = mkSt obs (Some (mkRS round status))
    → valid_message_prop MC_composite_vlsm
        (mkMsg i round status)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
valid_state_prop MC_composite_vlsm s
→ ∀ (i : index) (obs : indexSet) (round : nat) (status : ChildStatus),
    s i = mkSt obs (Some (mkRS round status))
    → valid_message_prop MC_composite_vlsm
        (mkMsg i round status)
  intros Hvalid * Hsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
i: index
obs: indexSet
round: nat
status: ChildStatus
Hsi: s i = mkSt obs (Some (mkRS round status))
valid_message_prop MC_composite_vlsm
  (mkMsg i round status)
  apply input_valid_transition_out
    with (l := existT i emit) (s := s) (s' := s) (om := None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
i: index
obs: indexSet
round: nat
status: ChildStatus
Hsi: s i = mkSt obs (Some (mkRS round status))
input_valid_transition MC_composite_vlsm
  (existT i emit) (s, None)
  (s, Some (mkMsg i round status))
  repeat split; subst; cbn in *; [done | ..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
i: index
obs: indexSet
round: nat
status: ChildStatus
Hsi: s i = mkSt obs (Some (mkRS round status))
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
i: index
obs: indexSet
round: nat
status: ChildStatus
Hsi: s i = mkSt obs (Some (mkRS round status))
MC_valid emit (s i) None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
i: index
obs: indexSet
round: nat
status: ChildStatus
Hsi: s i = mkSt obs (Some (mkRS round status))
(let (si', om') := MC_transition i emit (s i) None in
 (state_update MCVLSM s i si', om')) =
(s, Some (mkMsg i round status))
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
i: index
obs: indexSet
round: nat
status: ChildStatus
Hsi: s i = mkSt obs (Some (mkRS round status))
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
i: index
obs: indexSet
round: nat
status: ChildStatus
Hsi: s i = mkSt obs (Some (mkRS round status))
MC_valid emit (s i) None by rewrite Hsi; constructor.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
i: index
obs: indexSet
round: nat
status: ChildStatus
Hsi: s i = mkSt obs (Some (mkRS round status))
(let (si', om') := MC_transition i emit (s i) None in
 (state_update MCVLSM s i si', om')) =
(s, Some (mkMsg i round status)) by rewrite !Hsi, MC_transition_equation_5, state_update_id.
Qed.

Lemma st_obs_finite_valid_trace_from_to :
  forall (s1 s2 : composite_state MCVLSM) (tr : list transition_item) (i : index),
    finite_valid_trace_from_to MC_composite_vlsm s1 s2 tr ->
      st_obs (s1 i) ≡ st_obs (s2 i).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s1 s2 : composite_state MCVLSM) (tr : list
                                           transition_item) 
  (i : index),
  finite_valid_trace_from_to MC_composite_vlsm s1 s2
    tr → st_obs (s1 i) ≡ st_obs (s2 i)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s1 s2 : composite_state MCVLSM) (tr : list
                                           transition_item) 
  (i : index),
  finite_valid_trace_from_to MC_composite_vlsm s1 s2
    tr → st_obs (s1 i) ≡ st_obs (s2 i) by intros; apply MC_in_futures_preserves_obs_equiv; exists tr. Qed.

Lemma MC_build_muddy_muddy_trace_valid
  (is : composite_state MCVLSM)
  (target helper : index) (round : nat) :
  composite_initial_state_prop MCVLSM is ->
  consistent is ->
  target ∈ MuddyUnion is ->
  helper ∈ MuddyUnion is ->
  target <> helper ->
  round < size (MuddyUnion is) - 1 ->
  finite_valid_trace MC_composite_vlsm is
    (MC_build_muddy_muddy_trace is target helper round).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
composite_initial_state_prop MCVLSM is
→ consistent is
  → target ∈ MuddyUnion is
    → helper ∈ MuddyUnion is
      → target ≠ helper
        → round < size (MuddyUnion is) - 1
          → finite_valid_trace MC_composite_vlsm is
              (MC_build_muddy_muddy_trace is target
                 helper round)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
composite_initial_state_prop MCVLSM is
→ consistent is
  → target ∈ MuddyUnion is
    → helper ∈ MuddyUnion is
      → target ≠ helper
        → round < size (MuddyUnion is) - 1
          → finite_valid_trace MC_composite_vlsm is
              (MC_build_muddy_muddy_trace is target
                 helper round)
  intros Hinit Hcons Htarget Hhelper Hdiff Hround.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: round < size (MuddyUnion is) - 1
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper round)
  revert target helper Htarget Hhelper Hdiff Hround.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
∀ target helper : index,
  target ∈ MuddyUnion is
  → helper ∈ MuddyUnion is
    → target ≠ helper
      → round < size (MuddyUnion is) - 1
        → finite_valid_trace MC_composite_vlsm is
            (MC_build_muddy_muddy_trace is target
               helper round)
  induction round as [| round IHround]; intros.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper 0)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
IHround: ∀ target helper : index,
  target ∈ MuddyUnion is
  → helper ∈ MuddyUnion is
    → target ≠ helper
      → round < size (MuddyUnion is) - 1
        → finite_valid_trace
            MC_composite_vlsm is
            (MC_build_muddy_muddy_trace is
               target helper round)
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper
     (S round))
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper 0) specialize (Hinit helper) as Hinithelper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: initial_state_prop (is helper)
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper 0)
    cbn in Hinithelper; unfold MC_initial_state_prop in Hinithelper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper 0)
    specialize (Hinit target) as Hinittarget.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: initial_state_prop (is target)
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper 0)
    cbn in Hinittarget; unfold MC_initial_state_prop in Hinittarget.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper 0)
    destruct Hcons as [Hmuddyunion Hconsobs].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper 0)
    specialize (Hconsobs helper) as Hconshelper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper 0)
    specialize (Hconsobs target) as Hconstarget.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper 0)
    assert (size (MuddyUnion is) >= 2) by lia.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper 0)
    eapply valid_trace_forget_last, finite_valid_trace_init_to_alt_equiv.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
finite_valid_trace_init_to_alt MC_composite_vlsm is 
  ?f (MC_build_muddy_muddy_trace is target helper 0)
    constructor; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
message_valid_transitions_from_to MC_composite_vlsm is
  ?f (MC_build_muddy_muddy_trace is target helper 0)
    repeat (apply mvt_extend); cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
(let (si', om') :=
   MC_transition helper init (is helper) None in
 (state_update MCVLSM is helper si', om')) =
(state_update MCVLSM is helper
   (mkSt (st_obs (is helper))
      (Some (mkRS 0 undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_valid init (is helper) None ∧ consistent is
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
(let (si', om') :=
   MC_transition target init
     (state_update MCVLSM is helper
        (mkSt (st_obs (is helper))
           (Some (mkRS 0 undecided))) target) None in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt
      (st_obs
         (state_update MCVLSM is helper
            (mkSt (st_obs (is helper))
               (Some (mkRS 0 undecided))) target))
      (Some (mkRS 0 undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_valid init
  (state_update MCVLSM is helper
     (mkSt (st_obs (is helper))
        (Some (mkRS 0 undecided))) target) None
∧ consistent
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided))))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
message_valid_transitions_from_to MC_composite_vlsm
  (state_update MCVLSM
     (state_update MCVLSM is helper
        (mkSt (st_obs (is helper))
           (Some (mkRS 0 undecided)))) target
     (mkSt
        (st_obs
           (state_update MCVLSM is helper
              (mkSt (st_obs (is helper))
                 (Some (mkRS 0 undecided))) target))
        (Some (mkRS 0 undecided)))) 
  ?f []
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
(let (si', om') :=
   MC_transition helper init (is helper) None in
 (state_update MCVLSM is helper si', om')) =
(state_update MCVLSM is helper
   (mkSt (st_obs (is helper))
      (Some (mkRS 0 undecided))), None) destruct (is helper) as [o_helper []] eqn: Hishelper; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
o_helper: indexSet
Hishelper: is helper = mkSt o_helper None
Hinithelper: st_rs (mkSt o_helper None) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt o_helper None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
(let (si', om') :=
   MC_transition helper init (mkSt o_helper None) None in
 (state_update MCVLSM is helper si', om')) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt o_helper None))
      (Some (mkRS 0 undecided))), None)
      rewrite MC_transition_equation_3; unfold MC_transition_clause_1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
o_helper: indexSet
Hishelper: is helper = mkSt o_helper None
Hinithelper: st_rs (mkSt o_helper None) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt o_helper None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
(let (si', om') :=
   match size o_helper with
   | 0 => (mkSt o_helper (Some (mkRS 0 muddy)), None)
   | S _ =>
       (mkSt o_helper (Some (mkRS 0 undecided)), None)
   end in
 (state_update MCVLSM is helper si', om')) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt o_helper None))
      (Some (mkRS 0 undecided))), None)
      case_match eqn: Hso.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
o_helper: indexSet
Hishelper: is helper = mkSt o_helper None
Hinithelper: st_rs (mkSt o_helper None) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt o_helper None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size o_helper with
| 0 =>
    (mkSt o_helper (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt o_helper (Some (mkRS 0 undecided)),
     None)
end = (s, o)
(state_update MCVLSM is helper s, o) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt o_helper None))
      (Some (mkRS 0 undecided))), None)
      replace o_helper with (st_obs (is helper)) in * by (rewrite Hishelper; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
o_helper: indexSet
Hishelper: is helper = mkSt (st_obs (is helper)) None
Hinithelper: st_rs (mkSt (st_obs (is helper)) None) =
None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt (st_obs (is helper)) None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size (st_obs (is helper)) with
| 0 =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
(state_update MCVLSM is helper s, o) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt (st_obs (is helper)) None))
      (Some (mkRS 0 undecided))), None)
      rewrite Hconsobs, size_difference, size_singleton in Hso.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
o_helper: indexSet
Hishelper: is helper = mkSt (st_obs (is helper)) None
Hinithelper: st_rs (mkSt (st_obs (is helper)) None) =
None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt (st_obs (is helper)) None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size (MuddyUnion is) - 1 with
| 0 =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
(state_update MCVLSM is helper s, o) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt (st_obs (is helper)) None))
      (Some (mkRS 0 undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
o_helper: indexSet
Hishelper: is helper = mkSt (st_obs (is helper)) None
Hinithelper: st_rs (mkSt (st_obs (is helper)) None) =
None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt (st_obs (is helper)) None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size (MuddyUnion is ∖ {[helper]}) with
| 0 =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
{[helper]} ⊆ MuddyUnion is
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
o_helper: indexSet
Hishelper: is helper = mkSt (st_obs (is helper)) None
Hinithelper: st_rs (mkSt (st_obs (is helper)) None) =
None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt (st_obs (is helper)) None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size (MuddyUnion is) - 1 with
| 0 =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
(state_update MCVLSM is helper s, o) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt (st_obs (is helper)) None))
      (Some (mkRS 0 undecided))), None) by case_match; inversion Hso; subst; [lia |].
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
o_helper: indexSet
Hishelper: is helper = mkSt (st_obs (is helper)) None
Hinithelper: st_rs (mkSt (st_obs (is helper)) None) =
None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt (st_obs (is helper)) None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size (MuddyUnion is ∖ {[helper]}) with
| 0 =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
{[helper]} ⊆ MuddyUnion is by rewrite <- elem_of_subseteq_singleton.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_valid init (is helper) None ∧ consistent is split; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_valid init (is helper) None
      destruct (is helper); cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
st_obs0: indexSet
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs0 ≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_valid init (mkSt st_obs0 None) None
      by constructor.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
(let (si', om') :=
   MC_transition target init
     (state_update MCVLSM is helper
        (mkSt (st_obs (is helper))
           (Some (mkRS 0 undecided))) target) None in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt
      (st_obs
         (state_update MCVLSM is helper
            (mkSt (st_obs (is helper))
               (Some (mkRS 0 undecided))) target))
      (Some (mkRS 0 undecided))), None) state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
(let (si', om') :=
   MC_transition target init (is target) None in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (is target))
      (Some (mkRS 0 undecided))), None)
      destruct (is target) as [o_target []] eqn: Histarget; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
o_target: indexSet
Histarget: is target = mkSt o_target None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
(let (si', om') :=
   MC_transition target init (mkSt o_target None) None in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt o_target None))
      (Some (mkRS 0 undecided))), None)
      rewrite MC_transition_equation_3; unfold MC_transition_clause_1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
o_target: indexSet
Histarget: is target = mkSt o_target None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
(let (si', om') :=
   match size o_target with
   | 0 => (mkSt o_target (Some (mkRS 0 muddy)), None)
   | S _ =>
       (mkSt o_target (Some (mkRS 0 undecided)), None)
   end in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt o_target None))
      (Some (mkRS 0 undecided))), None)
      case_match eqn: Hso.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
o_target: indexSet
Histarget: is target = mkSt o_target None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size o_target with
| 0 =>
    (mkSt o_target (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt o_target (Some (mkRS 0 undecided)),
     None)
end = (s, o)
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target s, o) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt o_target None))
      (Some (mkRS 0 undecided))), None)
      replace o_target with (st_obs (is target)) in * by (rewrite Histarget; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
o_target: indexSet
Histarget: is target = mkSt (st_obs (is target)) None
Hinittarget: st_rs (mkSt (st_obs (is target)) None) =
None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt (st_obs (is target)) None)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size (st_obs (is target)) with
| 0 =>
    (mkSt (st_obs (is target))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is target))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target s, o) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt (st_obs (is target)) None))
      (Some (mkRS 0 undecided))), None)
      rewrite Hconsobs, size_difference, size_singleton in Hso.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
o_target: indexSet
Histarget: is target = mkSt (st_obs (is target)) None
Hinittarget: st_rs (mkSt (st_obs (is target)) None) =
None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt (st_obs (is target)) None)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size (MuddyUnion is) - 1 with
| 0 =>
    (mkSt (st_obs (is target))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is target))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target s, o) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt (st_obs (is target)) None))
      (Some (mkRS 0 undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
o_target: indexSet
Histarget: is target = mkSt (st_obs (is target)) None
Hinittarget: st_rs (mkSt (st_obs (is target)) None) =
None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt (st_obs (is target)) None)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size (MuddyUnion is ∖ {[target]}) with
| 0 =>
    (mkSt (st_obs (is target))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is target))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
{[target]} ⊆ MuddyUnion is
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
o_target: indexSet
Histarget: is target = mkSt (st_obs (is target)) None
Hinittarget: st_rs (mkSt (st_obs (is target)) None) =
None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt (st_obs (is target)) None)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size (MuddyUnion is) - 1 with
| 0 =>
    (mkSt (st_obs (is target))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is target))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target s, o) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt (st_obs (is target)) None))
      (Some (mkRS 0 undecided))), None) by case_match; inversion Hso; subst; [lia |].
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
o_target: indexSet
Histarget: is target = mkSt (st_obs (is target)) None
Hinittarget: st_rs (mkSt (st_obs (is target)) None) =
None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt (st_obs (is target)) None)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
s: State
o: option Message
Hso: match size (MuddyUnion is ∖ {[target]}) with
| 0 =>
    (mkSt (st_obs (is target))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is target))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
{[target]} ⊆ MuddyUnion is by rewrite <- elem_of_subseteq_singleton.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_valid init
  (state_update MCVLSM is helper
     (mkSt (st_obs (is helper))
        (Some (mkRS 0 undecided))) target) None
∧ consistent
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_valid init (is target) None
∧ consistent
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided))))
      split.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_valid init (is target) None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
consistent
  (state_update MCVLSM is helper
     (mkSt (st_obs (is helper))
        (Some (mkRS 0 undecided))))
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_valid init (is target) None destruct (is target); cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
st_obs0: indexSet
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs0 ≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_valid init (mkSt st_obs0 None) None
        by constructor.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
consistent
  (state_update MCVLSM is helper
     (mkSt (st_obs (is helper))
        (Some (mkRS 0 undecided)))) apply (MC_obs_equiv_preserves_consistency is); [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
MC_obs_equivalence is
  (state_update MCVLSM is helper
     (mkSt (st_obs (is helper))
        (Some (mkRS 0 undecided))))
        by apply MC_state_update_preserves_obs_equiv.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: 0 < size (MuddyUnion is) - 1
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
H9: size (MuddyUnion is) ≥ 2
message_valid_transitions_from_to MC_composite_vlsm
  (state_update MCVLSM
     (state_update MCVLSM is helper
        (mkSt (st_obs (is helper))
           (Some (mkRS 0 undecided)))) target
     (mkSt
        (st_obs
           (state_update MCVLSM is helper
              (mkSt (st_obs (is helper))
                 (Some (mkRS 0 undecided))) target))
        (Some (mkRS 0 undecided)))) ?f [] by apply mvt_empty.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
IHround: ∀ target helper : index,
  target ∈ MuddyUnion is
  → helper ∈ MuddyUnion is
    → target ≠ helper
      → round < size (MuddyUnion is) - 1
        → finite_valid_trace
            MC_composite_vlsm is
            (MC_build_muddy_muddy_trace is
               target helper round)
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is target helper
     (S round)) cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
IHround: ∀ target helper : index,
  target ∈ MuddyUnion is
  → helper ∈ MuddyUnion is
    → target ≠ helper
      → round < size (MuddyUnion is) - 1
        → finite_valid_trace
            MC_composite_vlsm is
            (MC_build_muddy_muddy_trace is
               target helper round)
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is helper target round ++
   [{|
      l := existT target receive;
      input := Some (mkMsg helper round undecided);
      destination :=
        state_update MCVLSM
          (finite_trace_last is
             (MC_build_muddy_muddy_trace is helper
                target round)) target
          (mkSt
             (st_obs
                (finite_trace_last is
                   (MC_build_muddy_muddy_trace is
                      helper target round) target))
             (Some (mkRS (S round) undecided)));
      output := None
    |}])
    specialize (IHround helper target Hhelper Htarget).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
IHround: helper ≠ target
→ round < size (MuddyUnion is) - 1
  → finite_valid_trace MC_composite_vlsm is
      (MC_build_muddy_muddy_trace is helper
         target round)
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is helper target round ++
   [{|
      l := existT target receive;
      input := Some (mkMsg helper round undecided);
      destination :=
        state_update MCVLSM
          (finite_trace_last is
             (MC_build_muddy_muddy_trace is helper
                target round)) target
          (mkSt
             (st_obs
                (finite_trace_last is
                   (MC_build_muddy_muddy_trace is
                      helper target round) target))
             (Some (mkRS (S round) undecided)));
      output := None
    |}])
    spec IHround; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IHround: round < size (MuddyUnion is) - 1
→ finite_valid_trace MC_composite_vlsm is
    (MC_build_muddy_muddy_trace is helper
       target round)
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is helper target round ++
   [{|
      l := existT target receive;
      input := Some (mkMsg helper round undecided);
      destination :=
        state_update MCVLSM
          (finite_trace_last is
             (MC_build_muddy_muddy_trace is helper
                target round)) target
          (mkSt
             (st_obs
                (finite_trace_last is
                   (MC_build_muddy_muddy_trace is
                      helper target round) target))
             (Some (mkRS (S round) undecided)));
      output := None
    |}])
    spec IHround; [by lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IHround: finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is helper
     target round)
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is helper target round ++
   [{|
      l := existT target receive;
      input := Some (mkMsg helper round undecided);
      destination :=
        state_update MCVLSM
          (finite_trace_last is
             (MC_build_muddy_muddy_trace is helper
                target round)) target
          (mkSt
             (st_obs
                (finite_trace_last is
                   (MC_build_muddy_muddy_trace is
                      helper target round) target))
             (Some (mkRS (S round) undecided)));
      output := None
    |}])
    apply valid_trace_add_default_last in IHround as [IH IHinit].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: initial_state_prop is
finite_valid_trace MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is helper target round ++
   [{|
      l := existT target receive;
      input := Some (mkMsg helper round undecided);
      destination :=
        state_update MCVLSM
          (finite_trace_last is
             (MC_build_muddy_muddy_trace is helper
                target round)) target
          (mkSt
             (st_obs
                (finite_trace_last is
                   (MC_build_muddy_muddy_trace is
                      helper target round) target))
             (Some (mkRS (S round) undecided)));
      output := None
    |}])
    eapply valid_trace_forget_last.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: initial_state_prop is
finite_valid_trace_init_to MC_composite_vlsm is ?f
  (MC_build_muddy_muddy_trace is helper target round ++
   [{|
      l := existT target receive;
      input := Some (mkMsg helper round undecided);
      destination :=
        state_update MCVLSM
          (finite_trace_last is
             (MC_build_muddy_muddy_trace is helper
                target round)) target
          (mkSt
             (st_obs
                (finite_trace_last is
                   (MC_build_muddy_muddy_trace is
                      helper target round) target))
             (Some (mkRS (S round) undecided)));
      output := None
    |}])
    split; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: initial_state_prop is
finite_valid_trace_from_to MC_composite_vlsm is ?f
  (MC_build_muddy_muddy_trace is helper target round ++
   [{|
      l := existT target receive;
      input := Some (mkMsg helper round undecided);
      destination :=
        state_update MCVLSM
          (finite_trace_last is
             (MC_build_muddy_muddy_trace is helper
                target round)) target
          (mkSt
             (st_obs
                (finite_trace_last is
                   (MC_build_muddy_muddy_trace is
                      helper target round) target))
             (Some (mkRS (S round) undecided)));
      output := None
    |}])
    eapply finite_valid_trace_from_to_app; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: initial_state_prop is
finite_valid_trace_from_to MC_composite_vlsm
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round)) ?f
  [{|
     l := existT target receive;
     input := Some (mkMsg helper round undecided);
     destination :=
       state_update MCVLSM
         (finite_trace_last is
            (MC_build_muddy_muddy_trace is helper
               target round)) target
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_muddy_muddy_trace is
                     helper target round) target))
            (Some (mkRS (S round) undecided)));
     output := None
   |}]
    apply valid_trace_add_default_last, finite_valid_trace_singleton.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: initial_state_prop is
input_valid_transition MC_composite_vlsm
  (existT target receive)
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round), Some (mkMsg helper round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_muddy_muddy_trace is helper target
           round)) target
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_muddy_muddy_trace is helper
                 target round) target))
        (Some (mkRS (S round) undecided))), None)
    destruct (MC_build_muddy_muddy_trace_last_helper is helper target round)
      as (obs & Hlasthelper); [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: initial_state_prop is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
input_valid_transition MC_composite_vlsm
  (existT target receive)
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round), Some (mkMsg helper round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_muddy_muddy_trace is helper target
           round)) target
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_muddy_muddy_trace is helper
                 target round) target))
        (Some (mkRS (S round) undecided))), None)
    destruct (MC_build_muddy_muddy_trace_last_target is helper target round)
      as (obs' & Hlast).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: initial_state_prop is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
input_valid_transition MC_composite_vlsm
  (existT target receive)
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round), Some (mkMsg helper round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_muddy_muddy_trace is helper target
           round)) target
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_muddy_muddy_trace is helper
                 target round) target))
        (Some (mkRS (S round) undecided))), None)
    repeat split; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg helper round undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
MC_valid receive
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round) target)
  (Some (mkMsg helper round undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
match
  finite_trace_last is
    (MC_build_muddy_muddy_trace is helper target round)
    helper
with
| mkSt _ (Some (mkRS r status)) =>
    undecided = status ∧ round = r
    ∨ undecided = undecided ∧ round < r
| mkSt _ None => False
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
(let (si', om') :=
   MC_transition target receive
     (finite_trace_last is
        (MC_build_muddy_muddy_trace is helper target
           round) target)
     (Some (mkMsg helper round undecided)) in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_muddy_muddy_trace is helper target
          round)) target si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_muddy_muddy_trace is helper target
         round)) target
   (mkSt
      (st_obs
         (finite_trace_last is
            (MC_build_muddy_muddy_trace is helper
               target round) target))
      (Some (mkRS (S round) undecided))), None)
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round)) by apply valid_trace_last_pstate in IH.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg helper round undecided)) apply valid_trace_last_pstate in IH as Hfinal.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper
        target round))
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg helper round undecided))
      remember (finite_trace_last _ _) as final.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
final: state (composite_type MCVLSM)
Heqfinal: final =
finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round)
IH: finite_valid_trace_from_to MC_composite_vlsm is
  final
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: final target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: final helper =
mkSt obs' (Some (mkRS round undecided))
Hfinal: valid_state_prop MC_composite_vlsm final
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg helper round undecided))
      by apply MC_valid_message_from_valid_state with (s := final) (obs := obs').
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
MC_valid receive
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round) target)
  (Some (mkMsg helper round undecided)) rewrite Hlasthelper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
MC_valid receive
  (mkSt obs (Some (mkRS (round - 1) undecided)))
  (Some (mkMsg helper round undecided))
      by constructor.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
match
  finite_trace_last is
    (MC_build_muddy_muddy_trace is helper target round)
    helper
with
| mkSt _ (Some (mkRS r status)) =>
    undecided = status ∧ round = r
    ∨ undecided = undecided ∧ round < r
| mkSt _ None => False
end rewrite Hlast.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
undecided = undecided ∧ round = round
∨ undecided = undecided ∧ round < round
      by left.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
(let (si', om') :=
   MC_transition target receive
     (finite_trace_last is
        (MC_build_muddy_muddy_trace is helper target
           round) target)
     (Some (mkMsg helper round undecided)) in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_muddy_muddy_trace is helper target
          round)) target si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_muddy_muddy_trace is helper target
         round)) target
   (mkSt
      (st_obs
         (finite_trace_last is
            (MC_build_muddy_muddy_trace is helper
               target round) target))
      (Some (mkRS (S round) undecided))), None) rewrite Hlasthelper, MC_transition_equation_7; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
(let (si', om') :=
   MC_transition_clause_5 target obs (round - 1)
     helper (decide (helper ∈ obs)) round in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_muddy_muddy_trace is helper target
          round)) target si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_muddy_muddy_trace is helper target
         round)) target
   (mkSt obs (Some (mkRS (S round) undecided))), None)
      unfold MC_transition_clause_5.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
(let (si', om') :=
   (if decide (helper ∈ obs)
    then
     λ r' : nat,
       if decide (r' < round - 1)
       then
        (mkSt obs (Some (mkRS (round - 1) undecided)),
         None)
       else
        if decide (round - 1 <= r' < size obs - 1)
        then
         (mkSt obs (Some (mkRS (r' + 1) undecided)),
          None)
        else
         if decide (r' = size obs - 1)
         then
          (mkSt obs (Some (mkRS (r' + 1) muddy)), None)
         else
          (mkSt obs
             (Some (mkRS (round - 1) undecided)), None)
    else
     λ r' : nat,
       if decide (r' ≤ round - 1)
       then
        (mkSt obs (Some (mkRS (round - 1) undecided)),
         None)
       else
        if decide (round - 1 < r' < size obs)
        then
         (mkSt obs (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size obs)
         then (mkSt obs (Some (mkRS r' muddy)), None)
         else
          (mkSt obs
             (Some (mkRS (round - 1) undecided)), None))
     round in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_muddy_muddy_trace is helper target
          round)) target si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_muddy_muddy_trace is helper target
         round)) target
   (mkSt obs (Some (mkRS (S round) undecided))), None)
      assert (Hobsequiv : st_obs (is target) ≡ obs)
        by (rewrite st_obs_finite_valid_trace_from_to, Hlasthelper; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
(let (si', om') :=
   (if decide (helper ∈ obs)
    then
     λ r' : nat,
       if decide (r' < round - 1)
       then
        (mkSt obs (Some (mkRS (round - 1) undecided)),
         None)
       else
        if decide (round - 1 <= r' < size obs - 1)
        then
         (mkSt obs (Some (mkRS (r' + 1) undecided)),
          None)
        else
         if decide (r' = size obs - 1)
         then
          (mkSt obs (Some (mkRS (r' + 1) muddy)), None)
         else
          (mkSt obs
             (Some (mkRS (round - 1) undecided)), None)
    else
     λ r' : nat,
       if decide (r' ≤ round - 1)
       then
        (mkSt obs (Some (mkRS (round - 1) undecided)),
         None)
       else
        if decide (round - 1 < r' < size obs)
        then
         (mkSt obs (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size obs)
         then (mkSt obs (Some (mkRS r' muddy)), None)
         else
          (mkSt obs
             (Some (mkRS (round - 1) undecided)), None))
     round in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_muddy_muddy_trace is helper target
          round)) target si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_muddy_muddy_trace is helper target
         round)) target
   (mkSt obs (Some (mkRS (S round) undecided))), None)
      rewrite decide_True, decide_False, decide_True.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_muddy_muddy_trace is helper target
         round)) target
   (mkSt obs (Some (mkRS (round + 1) undecided))),
 None) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_muddy_muddy_trace is helper target
         round)) target
   (mkSt obs (Some (mkRS (S round) undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
round - 1 <= round < size obs - 1
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
¬ round < round - 1
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
helper ∈ obs
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_muddy_muddy_trace is helper target
         round)) target
   (mkSt obs (Some (mkRS (round + 1) undecided))),
 None) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_muddy_muddy_trace is helper target
         round)) target
   (mkSt obs (Some (mkRS (S round) undecided))), None) by replace (round + 1) with (S round) by lia.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
round - 1 <= round < size obs - 1 split; [by lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
round < size obs - 1
        rewrite MC_in_futures_preserves_muddy in Hround; [| by eexists].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
Hround: S round <
size
  (MuddyUnion
     (finite_trace_last is
        (MC_build_muddy_muddy_trace is helper
           target round))) - 1
round < size obs - 1
        rewrite <- MC_in_futures_preserves_muddy in Hround; [| by eexists].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
Hround: S round < size (MuddyUnion is) - 1
round < size obs - 1
        pose proof (Hnrmuddy := MC_muddy_number_of_muddy_seen is target Hcons Htarget).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
Hround: S round < size (MuddyUnion is) - 1
Hnrmuddy: size (st_obs (is target)) =
size (MuddyUnion is) - 1
round < size obs - 1
        by rewrite <- Hobsequiv; lia.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
¬ round < round - 1 by lia.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
helper ∈ obs rewrite <- Hobsequiv.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
helper ∈ st_obs (is target)
        destruct Hcons as [Hnempty ->].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
target, helper: index
Htarget: target ∈ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is) - 1
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is helper target
        round))
  (MC_build_muddy_muddy_trace is helper target
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper
     target round) target =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_muddy_muddy_trace is helper target
     round) helper =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is target) ≡ obs
helper ∈ MuddyUnion is ∖ {[target]}
        by set_solver.
Qed.

Fixpoint MC_build_clean_muddy_trace (is : composite_state MCVLSM)
  (target helper : index) (round : nat) : list (composite_transition_item MCVLSM) :=
match round with
| 0 =>
  let s := state_update MCVLSM is helper
    (mkSt (st_obs (is helper)) (Some (mkRS 0 undecided)))
  in
  let item0 := Build_transition_item (T := composite_type MCVLSM)
    (existT helper init) None s None
  in
  let item1 := Build_transition_item (T := composite_type MCVLSM)
    (existT target init) None
    (state_update MCVLSM s target
      (mkSt (st_obs (s target)) (Some (mkRS 0 undecided)))) None
  in [item0; item1]
| S n =>
  let tr := MC_build_clean_muddy_trace is target helper n in
  let s := finite_trace_last is tr in
  let item0 := Build_transition_item (T := composite_type MCVLSM)
    (existT helper receive) (Some (mkMsg target n undecided))
    (state_update MCVLSM s helper
      (mkSt (st_obs (s helper)) (Some (mkRS n undecided)))) None
  in
  let item1 := Build_transition_item (T := composite_type MCVLSM)
    (existT target receive) (Some (mkMsg helper n undecided))
    (state_update MCVLSM (destination item0) target
      (mkSt (st_obs (s target)) (Some (mkRS (S n) undecided)))) None
  in tr ++ [item0; item1]
end.

Lemma MC_build_clean_muddy_trace_last_target
  (is : composite_state MCVLSM)
  (target helper : index) (round : nat) :
    exists (obs : indexSet),
      finite_trace_last is (MC_build_clean_muddy_trace is target helper round) target
        =
      mkSt obs (Some (mkRS round undecided)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
∃ obs : indexSet,
  finite_trace_last is
    (MC_build_clean_muddy_trace is target helper round)
    target = mkSt obs (Some (mkRS round undecided))
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
∃ obs : indexSet,
  finite_trace_last is
    (MC_build_clean_muddy_trace is target helper round)
    target = mkSt obs (Some (mkRS round undecided))
  destruct round; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
∃ obs : indexSet,
  state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target
    (mkSt
       (st_obs
          (state_update MCVLSM is helper
             (mkSt (st_obs (is helper))
                (Some (mkRS 0 undecided))) target))
       (Some (mkRS 0 undecided))) target =
  mkSt obs (Some (mkRS 0 undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
∃ obs : indexSet,
  List.last
    (map destination
       (MC_build_clean_muddy_trace is target helper
          round ++
        [{|
           l := existT helper receive;
           input :=
             Some (mkMsg target round undecided);
           destination :=
             state_update MCVLSM
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round)) helper
               (mkSt
                  (st_obs
                     (finite_trace_last is
                       (MC_build_clean_muddy_trace is
                       target helper round) helper))
                  (Some (mkRS round undecided)));
           output := None
         |};
         {|
           l := existT target receive;
           input :=
             Some (mkMsg helper round undecided);
           destination :=
             state_update MCVLSM
               (state_update MCVLSM
                  (finite_trace_last is
                     (MC_build_clean_muddy_trace is
                       target helper round)) helper
                  (mkSt
                     (st_obs
                       (finite_trace_last is
                       (MC_build_clean_muddy_trace is
                       target helper round) helper))
                     (Some (mkRS round undecided))))
               target
               (mkSt
                  (st_obs
                     (finite_trace_last is
                       (MC_build_clean_muddy_trace is
                       target helper round) target))
                  (Some (mkRS (S round) undecided)));
           output := None
         |}])) is target =
  mkSt obs (Some (mkRS (S round) undecided))
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
∃ obs : indexSet,
  state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target
    (mkSt
       (st_obs
          (state_update MCVLSM is helper
             (mkSt (st_obs (is helper))
                (Some (mkRS 0 undecided))) target))
       (Some (mkRS 0 undecided))) target =
  mkSt obs (Some (mkRS 0 undecided)) by state_update_simpl; eexists.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
∃ obs : indexSet,
  List.last
    (map destination
       (MC_build_clean_muddy_trace is target helper
          round ++
        [{|
           l := existT helper receive;
           input :=
             Some (mkMsg target round undecided);
           destination :=
             state_update MCVLSM
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round)) helper
               (mkSt
                  (st_obs
                     (finite_trace_last is
                        (MC_build_clean_muddy_trace is
                           target helper round) helper))
                  (Some (mkRS round undecided)));
           output := None
         |};
         {|
           l := existT target receive;
           input :=
             Some (mkMsg helper round undecided);
           destination :=
             state_update MCVLSM
               (state_update MCVLSM
                  (finite_trace_last is
                     (MC_build_clean_muddy_trace is
                        target helper round)) helper
                  (mkSt
                     (st_obs
                        (finite_trace_last is
                           (MC_build_clean_muddy_trace
                              is target helper round)
                           helper))
                     (Some (mkRS round undecided))))
               target
               (mkSt
                  (st_obs
                     (finite_trace_last is
                        (MC_build_clean_muddy_trace is
                           target helper round) target))
                  (Some (mkRS (S round) undecided)));
           output := None
         |}])) is target =
  mkSt obs (Some (mkRS (S round) undecided)) rewrite map_app; cbn; rewrite last_app; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
∃ obs : indexSet,
  state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target
    (mkSt
       (st_obs
          (finite_trace_last is
             (MC_build_clean_muddy_trace is target
                helper round) target))
       (Some (mkRS (S round) undecided))) target =
  mkSt obs (Some (mkRS (S round) undecided))
    by state_update_simpl; eexists.
Qed.

Lemma MC_build_clean_muddy_trace_last_helper
  (is : composite_state MCVLSM)
  (target helper : index) (round : nat) :
    helper <> target ->
    exists (obs : indexSet),
      finite_trace_last is (MC_build_clean_muddy_trace is target helper round) helper
        =
      mkSt obs (Some (mkRS (round - 1) undecided)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
helper ≠ target
→ ∃ obs : indexSet,
    finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round) helper =
    mkSt obs (Some (mkRS (round - 1) undecided))
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
helper ≠ target
→ ∃ obs : indexSet,
    finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round) helper =
    mkSt obs (Some (mkRS (round - 1) undecided))
  intros Hneq.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
∃ obs : indexSet,
  finite_trace_last is
    (MC_build_clean_muddy_trace is target helper round)
    helper =
  mkSt obs (Some (mkRS (round - 1) undecided))
  destruct round; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hneq: helper ≠ target
∃ obs : indexSet,
  state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target
    (mkSt
       (st_obs
          (state_update MCVLSM is helper
             (mkSt (st_obs (is helper))
                (Some (mkRS 0 undecided))) target))
       (Some (mkRS 0 undecided))) helper =
  mkSt obs (Some (mkRS 0 undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
∃ obs : indexSet,
  List.last
    (map destination
       (MC_build_clean_muddy_trace is target helper
          round ++
        [{|
           l := existT helper receive;
           input :=
             Some (mkMsg target round undecided);
           destination :=
             state_update MCVLSM
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round)) helper
               (mkSt
                  (st_obs
                     (finite_trace_last is
                       (MC_build_clean_muddy_trace is
                       target helper round) helper))
                  (Some (mkRS round undecided)));
           output := None
         |};
         {|
           l := existT target receive;
           input :=
             Some (mkMsg helper round undecided);
           destination :=
             state_update MCVLSM
               (state_update MCVLSM
                  (finite_trace_last is
                     (MC_build_clean_muddy_trace is
                       target helper round)) helper
                  (mkSt
                     (st_obs
                       (finite_trace_last is
                       (MC_build_clean_muddy_trace is
                       target helper round) helper))
                     (Some (mkRS round undecided))))
               target
               (mkSt
                  (st_obs
                     (finite_trace_last is
                       (MC_build_clean_muddy_trace is
                       target helper round) target))
                  (Some (mkRS (S round) undecided)));
           output := None
         |}])) is helper =
  mkSt obs (Some (mkRS (round - 0) undecided))
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hneq: helper ≠ target
∃ obs : indexSet,
  state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target
    (mkSt
       (st_obs
          (state_update MCVLSM is helper
             (mkSt (st_obs (is helper))
                (Some (mkRS 0 undecided))) target))
       (Some (mkRS 0 undecided))) helper =
  mkSt obs (Some (mkRS 0 undecided)) by state_update_simpl; eexists.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
∃ obs : indexSet,
  List.last
    (map destination
       (MC_build_clean_muddy_trace is target helper
          round ++
        [{|
           l := existT helper receive;
           input :=
             Some (mkMsg target round undecided);
           destination :=
             state_update MCVLSM
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round)) helper
               (mkSt
                  (st_obs
                     (finite_trace_last is
                        (MC_build_clean_muddy_trace is
                           target helper round) helper))
                  (Some (mkRS round undecided)));
           output := None
         |};
         {|
           l := existT target receive;
           input :=
             Some (mkMsg helper round undecided);
           destination :=
             state_update MCVLSM
               (state_update MCVLSM
                  (finite_trace_last is
                     (MC_build_clean_muddy_trace is
                        target helper round)) helper
                  (mkSt
                     (st_obs
                        (finite_trace_last is
                           (MC_build_clean_muddy_trace
                              is target helper round)
                           helper))
                     (Some (mkRS round undecided))))
               target
               (mkSt
                  (st_obs
                     (finite_trace_last is
                        (MC_build_clean_muddy_trace is
                           target helper round) target))
                  (Some (mkRS (S round) undecided)));
           output := None
         |}])) is helper =
  mkSt obs (Some (mkRS (round - 0) undecided)) rewrite map_app; cbn; rewrite last_app; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
∃ obs : indexSet,
  state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target
    (mkSt
       (st_obs
          (finite_trace_last is
             (MC_build_clean_muddy_trace is target
                helper round) target))
       (Some (mkRS (S round) undecided))) helper =
  mkSt obs (Some (mkRS (round - 0) undecided))
    replace (round - 0) with round by lia.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hneq: helper ≠ target
∃ obs : indexSet,
  state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target
    (mkSt
       (st_obs
          (finite_trace_last is
             (MC_build_clean_muddy_trace is target
                helper round) target))
       (Some (mkRS (S round) undecided))) helper =
  mkSt obs (Some (mkRS round undecided))
    by state_update_simpl; eexists.
Qed.

Lemma MC_build_clean_muddy_trace_valid
  (is : composite_state MCVLSM)
  (target helper : index) (round : nat) :
  composite_initial_state_prop MCVLSM is ->
  consistent is ->
  target ∉ MuddyUnion is ->
  helper ∈ MuddyUnion is ->
  round < size (st_obs (is target)) ->
  size (MuddyUnion is) >= 2 ->
  finite_valid_trace MC_composite_vlsm is
    (MC_build_clean_muddy_trace is target helper round).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
composite_initial_state_prop MCVLSM is
→ consistent is
  → target ∉ MuddyUnion is
    → helper ∈ MuddyUnion is
      → round < size (st_obs (is target))
        → size (MuddyUnion is) ≥ 2
          → finite_valid_trace MC_composite_vlsm is
              (MC_build_clean_muddy_trace is target
                 helper round)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
composite_initial_state_prop MCVLSM is
→ consistent is
  → target ∉ MuddyUnion is
    → helper ∈ MuddyUnion is
      → round < size (st_obs (is target))
        → size (MuddyUnion is) ≥ 2
          → finite_valid_trace MC_composite_vlsm is
              (MC_build_clean_muddy_trace is target
                 helper round)
  intros Hinit Hcons Htarget Hhelper Hround Hsizemuddy.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hround: round < size (st_obs (is target))
Hsizemuddy: size (MuddyUnion is) ≥ 2
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper round)
  assert (Hdiff : target <> helper) by (intros ->; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hround: round < size (st_obs (is target))
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper round)
  revert Hround.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
round < size (st_obs (is target))
→ finite_valid_trace MC_composite_vlsm is
    (MC_build_clean_muddy_trace is target helper round)
  induction round as [| round IHround]; intros.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper 0)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
IHround: round < size (st_obs (is target))
→ finite_valid_trace MC_composite_vlsm is
    (MC_build_clean_muddy_trace is target
       helper round)
Hround: S round < size (st_obs (is target))
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper
     (S round))
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper 0) specialize (Hinit helper) as Hinithelper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: initial_state_prop (is helper)
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper 0)
    cbn in Hinithelper; unfold MC_initial_state_prop in Hinithelper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper 0)
    specialize (Hinit target) as Hinittarget.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: initial_state_prop (is target)
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper 0)
    cbn in Hinittarget; unfold MC_initial_state_prop in Hinittarget.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper 0)
    destruct Hcons as [Hmuddyunion Hconsobs].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper 0)
    specialize (Hconsobs helper) as Hconshelper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper 0)
    specialize (Hconsobs target) as Hconstarget.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper 0)
    eapply valid_trace_forget_last, finite_valid_trace_init_to_alt_equiv.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
finite_valid_trace_init_to_alt MC_composite_vlsm is 
  ?f (MC_build_clean_muddy_trace is target helper 0)
    constructor; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
message_valid_transitions_from_to MC_composite_vlsm is
  ?f (MC_build_clean_muddy_trace is target helper 0)
    repeat (apply mvt_extend); cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
(let (si', om') :=
   MC_transition helper init (is helper) None in
 (state_update MCVLSM is helper si', om')) =
(state_update MCVLSM is helper
   (mkSt (st_obs (is helper))
      (Some (mkRS 0 undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
MC_valid init (is helper) None ∧ consistent is
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
(let (si', om') :=
   MC_transition target init
     (state_update MCVLSM is helper
        (mkSt (st_obs (is helper))
           (Some (mkRS 0 undecided))) target) None in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt
      (st_obs
         (state_update MCVLSM is helper
            (mkSt (st_obs (is helper))
               (Some (mkRS 0 undecided))) target))
      (Some (mkRS 0 undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
MC_valid init
  (state_update MCVLSM is helper
     (mkSt (st_obs (is helper))
        (Some (mkRS 0 undecided))) target) None
∧ consistent
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided))))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
message_valid_transitions_from_to MC_composite_vlsm
  (state_update MCVLSM
     (state_update MCVLSM is helper
        (mkSt (st_obs (is helper))
           (Some (mkRS 0 undecided)))) target
     (mkSt
        (st_obs
           (state_update MCVLSM is helper
              (mkSt (st_obs (is helper))
                 (Some (mkRS 0 undecided))) target))
        (Some (mkRS 0 undecided)))) 
  ?f []
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
(let (si', om') :=
   MC_transition helper init (is helper) None in
 (state_update MCVLSM is helper si', om')) =
(state_update MCVLSM is helper
   (mkSt (st_obs (is helper))
      (Some (mkRS 0 undecided))), None) destruct (is helper) as [o_helper []] eqn: Hishelper; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
o_helper: indexSet
Hishelper: is helper = mkSt o_helper None
Hinithelper: st_rs (mkSt o_helper None) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt o_helper None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
(let (si', om') :=
   MC_transition helper init (mkSt o_helper None) None in
 (state_update MCVLSM is helper si', om')) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt o_helper None))
      (Some (mkRS 0 undecided))), None)
      rewrite MC_transition_equation_3; unfold MC_transition_clause_1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
o_helper: indexSet
Hishelper: is helper = mkSt o_helper None
Hinithelper: st_rs (mkSt o_helper None) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt o_helper None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
(let (si', om') :=
   match size o_helper with
   | 0 => (mkSt o_helper (Some (mkRS 0 muddy)), None)
   | S _ =>
       (mkSt o_helper (Some (mkRS 0 undecided)), None)
   end in
 (state_update MCVLSM is helper si', om')) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt o_helper None))
      (Some (mkRS 0 undecided))), None)
      case_match eqn: Hso.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
o_helper: indexSet
Hishelper: is helper = mkSt o_helper None
Hinithelper: st_rs (mkSt o_helper None) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt o_helper None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
s: State
o: option Message
Hso: match size o_helper with
| 0 =>
    (mkSt o_helper (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt o_helper (Some (mkRS 0 undecided)),
     None)
end = (s, o)
(state_update MCVLSM is helper s, o) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt o_helper None))
      (Some (mkRS 0 undecided))), None)
      replace o_helper with (st_obs (is helper)) in * by (rewrite Hishelper; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
o_helper: indexSet
Hishelper: is helper = mkSt (st_obs (is helper)) None
Hinithelper: st_rs (mkSt (st_obs (is helper)) None) =
None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt (st_obs (is helper)) None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
s: State
o: option Message
Hso: match size (st_obs (is helper)) with
| 0 =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
(state_update MCVLSM is helper s, o) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt (st_obs (is helper)) None))
      (Some (mkRS 0 undecided))), None)
      rewrite Hconsobs, size_difference, size_singleton in Hso.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
o_helper: indexSet
Hishelper: is helper = mkSt (st_obs (is helper)) None
Hinithelper: st_rs (mkSt (st_obs (is helper)) None) =
None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt (st_obs (is helper)) None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
s: State
o: option Message
Hso: match size (MuddyUnion is) - 1 with
| 0 =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
(state_update MCVLSM is helper s, o) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt (st_obs (is helper)) None))
      (Some (mkRS 0 undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
o_helper: indexSet
Hishelper: is helper = mkSt (st_obs (is helper)) None
Hinithelper: st_rs (mkSt (st_obs (is helper)) None) =
None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt (st_obs (is helper)) None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
s: State
o: option Message
Hso: match size (MuddyUnion is ∖ {[helper]}) with
| 0 =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
{[helper]} ⊆ MuddyUnion is
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
o_helper: indexSet
Hishelper: is helper = mkSt (st_obs (is helper)) None
Hinithelper: st_rs (mkSt (st_obs (is helper)) None) =
None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt (st_obs (is helper)) None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
s: State
o: option Message
Hso: match size (MuddyUnion is) - 1 with
| 0 =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
(state_update MCVLSM is helper s, o) =
(state_update MCVLSM is helper
   (mkSt (st_obs (mkSt (st_obs (is helper)) None))
      (Some (mkRS 0 undecided))), None) by case_match; inversion Hso; subst; [lia |].
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
o_helper: indexSet
Hishelper: is helper = mkSt (st_obs (is helper)) None
Hinithelper: st_rs (mkSt (st_obs (is helper)) None) =
None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (mkSt (st_obs (is helper)) None)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
s: State
o: option Message
Hso: match size (MuddyUnion is ∖ {[helper]}) with
| 0 =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 muddy)), None)
| S _ =>
    (mkSt (st_obs (is helper))
       (Some (mkRS 0 undecided)), None)
end = (s, o)
{[helper]} ⊆ MuddyUnion is by rewrite <- elem_of_subseteq_singleton.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
MC_valid init (is helper) None ∧ consistent is split; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
MC_valid init (is helper) None
      destruct (is helper); cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
st_obs0: indexSet
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs0 ≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
MC_valid init (mkSt st_obs0 None) None
      by constructor.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
(let (si', om') :=
   MC_transition target init
     (state_update MCVLSM is helper
        (mkSt (st_obs (is helper))
           (Some (mkRS 0 undecided))) target) None in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt
      (st_obs
         (state_update MCVLSM is helper
            (mkSt (st_obs (is helper))
               (Some (mkRS 0 undecided))) target))
      (Some (mkRS 0 undecided))), None) state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
(let (si', om') :=
   MC_transition target init (is target) None in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (is target))
      (Some (mkRS 0 undecided))), None)
      destruct (is target) as [o_target [|]] eqn: Histarget; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
(let (si', om') :=
   MC_transition target init (mkSt o_target None) None in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt o_target None))
      (Some (mkRS 0 undecided))), None)
      rewrite MC_transition_equation_3; unfold MC_transition_clause_1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
(let (si', om') :=
   match size o_target with
   | 0 => (mkSt o_target (Some (mkRS 0 muddy)), None)
   | S _ =>
       (mkSt o_target (Some (mkRS 0 undecided)), None)
   end in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt o_target None))
      (Some (mkRS 0 undecided))), None)
      destruct (decide (size o_target = 0)); cycle 1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
n: size o_target ≠ 0
(let (si', om') :=
   match size o_target with
   | 0 => (mkSt o_target (Some (mkRS 0 muddy)), None)
   | S _ =>
       (mkSt o_target (Some (mkRS 0 undecided)), None)
   end in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt o_target None))
      (Some (mkRS 0 undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
e: size o_target = 0
(let (si', om') :=
   match size o_target with
   | 0 => (mkSt o_target (Some (mkRS 0 muddy)), None)
   | S _ =>
       (mkSt o_target (Some (mkRS 0 undecided)), None)
   end in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt o_target None))
      (Some (mkRS 0 undecided))), None)
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
n: size o_target ≠ 0
(let (si', om') :=
   match size o_target with
   | 0 => (mkSt o_target (Some (mkRS 0 muddy)), None)
   | S _ =>
       (mkSt o_target (Some (mkRS 0 undecided)), None)
   end in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt o_target None))
      (Some (mkRS 0 undecided))), None) by cbn; repeat case_match; [lia | inversion H9].
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
e: size o_target = 0
(let (si', om') :=
   match size o_target with
   | 0 => (mkSt o_target (Some (mkRS 0 muddy)), None)
   | S _ =>
       (mkSt o_target (Some (mkRS 0 undecided)), None)
   end in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt o_target None))
      (Some (mkRS 0 undecided))), None) replace o_target with (st_obs (is target)) in e by (rewrite Histarget; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
e: size (st_obs (is target)) = 0
(let (si', om') :=
   match size o_target with
   | 0 => (mkSt o_target (Some (mkRS 0 muddy)), None)
   | S _ =>
       (mkSt o_target (Some (mkRS 0 undecided)), None)
   end in
 (state_update MCVLSM
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) target si', om')) =
(state_update MCVLSM
   (state_update MCVLSM is helper
      (mkSt (st_obs (is helper))
         (Some (mkRS 0 undecided)))) target
   (mkSt (st_obs (mkSt o_target None))
      (Some (mkRS 0 undecided))), None)
        rewrite Hconsobs, size_difference, size_singleton in e; [by lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
e: size (MuddyUnion is ∖ {[target]}) = 0
{[target]} ⊆ MuddyUnion is
        exfalso.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
e: size (MuddyUnion is ∖ {[target]}) = 0
False
        rewrite size_difference_alt in e.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
e: size (MuddyUnion is) -
size (MuddyUnion is ∩ {[target]}) = 0
False
        assert (Hsizeintersect : size (MuddyUnion is ∩ {[target]}) >= 2) by lia.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
e: size (MuddyUnion is) -
size (MuddyUnion is ∩ {[target]}) = 0
Hsizeintersect: size (MuddyUnion is ∩ {[target]}) ≥ 2
False
        assert (Hintersectleq1 : MuddyUnion is ∩ {[target]} ⊆ {[target]}) by set_solver.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
e: size (MuddyUnion is) -
size (MuddyUnion is ∩ {[target]}) = 0
Hsizeintersect: size (MuddyUnion is ∩ {[target]}) ≥ 2
Hintersectleq1: MuddyUnion is ∩ {[target]}
⊆ {[target]}
False
        apply subseteq_size in Hintersectleq1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
e: size (MuddyUnion is) -
size (MuddyUnion is ∩ {[target]}) = 0
Hsizeintersect: size (MuddyUnion is ∩ {[target]}) ≥ 2
Hintersectleq1: size (MuddyUnion is ∩ {[target]})
≤ size {[target]}
False
        rewrite size_singleton in Hintersectleq1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
o_target: indexSet
Histarget: is target = mkSt o_target None
Hround: 0 < size (st_obs (mkSt o_target None))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (mkSt o_target None) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (mkSt o_target None)
≡ MuddyUnion is ∖ {[target]}
e: size (MuddyUnion is) -
size (MuddyUnion is ∩ {[target]}) = 0
Hsizeintersect: size (MuddyUnion is ∩ {[target]}) ≥ 2
Hintersectleq1: size (MuddyUnion is ∩ {[target]}) ≤ 1
False
        by lia.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
MC_valid init
  (state_update MCVLSM is helper
     (mkSt (st_obs (is helper))
        (Some (mkRS 0 undecided))) target) None
∧ consistent
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided)))) state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
MC_valid init (is target) None
∧ consistent
    (state_update MCVLSM is helper
       (mkSt (st_obs (is helper))
          (Some (mkRS 0 undecided))))
      split.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
MC_valid init (is target) None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
consistent
  (state_update MCVLSM is helper
     (mkSt (st_obs (is helper))
        (Some (mkRS 0 undecided))))
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
MC_valid init (is target) None destruct (is target); cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
st_obs0: indexSet
Hround: 0 < size st_obs0
Hinithelper: st_rs (is helper) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs0 ≡ MuddyUnion is ∖ {[target]}
MC_valid init (mkSt st_obs0 None) None
        by constructor.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
consistent
  (state_update MCVLSM is helper
     (mkSt (st_obs (is helper))
        (Some (mkRS 0 undecided)))) apply (MC_obs_equiv_preserves_consistency is); [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
MC_obs_equivalence is
  (state_update MCVLSM is helper
     (mkSt (st_obs (is helper))
        (Some (mkRS 0 undecided))))
        by apply MC_state_update_preserves_obs_equiv.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
Hinit: composite_initial_state_prop MCVLSM is
Hmuddyunion: MuddyUnion is ≢ ∅
Hconsobs: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: 0 < size (st_obs (is target))
Hinithelper: st_rs (is helper) = None
Hinittarget: st_rs (is target) = None
Hconshelper: st_obs (is helper)
≡ MuddyUnion is ∖ {[helper]}
Hconstarget: st_obs (is target)
≡ MuddyUnion is ∖ {[target]}
message_valid_transitions_from_to MC_composite_vlsm
  (state_update MCVLSM
     (state_update MCVLSM is helper
        (mkSt (st_obs (is helper))
           (Some (mkRS 0 undecided)))) target
     (mkSt
        (st_obs
           (state_update MCVLSM is helper
              (mkSt (st_obs (is helper))
                 (Some (mkRS 0 undecided))) target))
        (Some (mkRS 0 undecided)))) ?f [] by apply mvt_empty.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
IHround: round < size (st_obs (is target))
→ finite_valid_trace MC_composite_vlsm is
    (MC_build_clean_muddy_trace is target
       helper round)
Hround: S round < size (st_obs (is target))
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper
     (S round)) spec IHround; [lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IHround: finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target
     helper round)
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper
     (S round))
    apply valid_trace_add_default_last in IHround as [IH IHinit].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
finite_valid_trace MC_composite_vlsm is
  (MC_build_clean_muddy_trace is target helper
     (S round))
    eapply valid_trace_forget_last.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
finite_valid_trace_init_to MC_composite_vlsm is ?f
  (MC_build_clean_muddy_trace is target helper
     (S round))
    split; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
finite_valid_trace_from_to MC_composite_vlsm is ?f
  (MC_build_clean_muddy_trace is target helper
     (S round))
    cbn; eapply finite_valid_trace_from_to_app; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
finite_valid_trace_from_to MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round)) ?f
  [{|
     l := existT helper receive;
     input := Some (mkMsg target round undecided);
     destination :=
       state_update MCVLSM
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round)) helper
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) helper))
            (Some (mkRS round undecided)));
     output := None
   |};
   {|
     l := existT target receive;
     input := Some (mkMsg helper round undecided);
     destination :=
       state_update MCVLSM
         (state_update MCVLSM
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round)) helper
            (mkSt
               (st_obs
                  (finite_trace_last is
                     (MC_build_clean_muddy_trace is
                        target helper round) helper))
               (Some (mkRS round undecided)))) target
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) target))
            (Some (mkRS (S round) undecided)));
     output := None
   |}]
    destruct (MC_build_clean_muddy_trace_last_helper is target helper round)
      as (obs & Hlasthelper); [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
finite_valid_trace_from_to MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round)) ?f
  [{|
     l := existT helper receive;
     input := Some (mkMsg target round undecided);
     destination :=
       state_update MCVLSM
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round)) helper
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) helper))
            (Some (mkRS round undecided)));
     output := None
   |};
   {|
     l := existT target receive;
     input := Some (mkMsg helper round undecided);
     destination :=
       state_update MCVLSM
         (state_update MCVLSM
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round)) helper
            (mkSt
               (st_obs
                  (finite_trace_last is
                     (MC_build_clean_muddy_trace is
                        target helper round) helper))
               (Some (mkRS round undecided)))) target
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) target))
            (Some (mkRS (S round) undecided)));
     output := None
   |}]
    destruct (MC_build_clean_muddy_trace_last_target is target helper round)
      as (obs' & Hlast).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
finite_valid_trace_from_to MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round)) ?f
  [{|
     l := existT helper receive;
     input := Some (mkMsg target round undecided);
     destination :=
       state_update MCVLSM
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round)) helper
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) helper))
            (Some (mkRS round undecided)));
     output := None
   |};
   {|
     l := existT target receive;
     input := Some (mkMsg helper round undecided);
     destination :=
       state_update MCVLSM
         (state_update MCVLSM
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round)) helper
            (mkSt
               (st_obs
                  (finite_trace_last is
                     (MC_build_clean_muddy_trace is
                        target helper round) helper))
               (Some (mkRS round undecided)))) target
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) target))
            (Some (mkRS (S round) undecided)));
     output := None
   |}]
    assert (Hvalidtr1 : input_valid_transition MC_composite_vlsm
      (existT helper receive)
      (finite_trace_last is (MC_build_clean_muddy_trace is target helper round),
        Some (mkMsg target round undecided))
      (state_update MCVLSM
        (finite_trace_last is (MC_build_clean_muddy_trace is target helper round))
        helper
        (mkSt (st_obs (finite_trace_last is (MC_build_clean_muddy_trace
          is target helper round) helper)) (Some (mkRS round undecided))),
          None)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round), Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
finite_valid_trace_from_to MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round)) ?f
  [{|
     l := existT helper receive;
     input := Some (mkMsg target round undecided);
     destination :=
       state_update MCVLSM
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round)) helper
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) helper))
            (Some (mkRS round undecided)));
     output := None
   |};
   {|
     l := existT target receive;
     input := Some (mkMsg helper round undecided);
     destination :=
       state_update MCVLSM
         (state_update MCVLSM
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round)) helper
            (mkSt
               (st_obs
                  (finite_trace_last is
                     (MC_build_clean_muddy_trace is
                       target helper round) helper))
               (Some (mkRS round undecided)))) target
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) target))
            (Some (mkRS (S round) undecided)));
     output := None
   |}]
    {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round), Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided))), None)
      repeat split; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg target round undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
MC_valid receive
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round) helper)
  (Some (mkMsg target round undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
match
  finite_trace_last is
    (MC_build_clean_muddy_trace is target helper round)
    target
with
| mkSt _ (Some (mkRS r status)) =>
    undecided = status ∧ round = r
    ∨ undecided = undecided ∧ round < r
| mkSt _ None => False
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
(let (si', om') :=
   MC_transition helper receive
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round) helper)
     (Some (mkMsg target round undecided)) in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt
      (st_obs
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round) helper))
      (Some (mkRS round undecided))), None)
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round)) by apply valid_trace_last_pstate in IH.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg target round undecided)) apply valid_trace_last_pstate in IH as Hfinal.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg target round undecided))
        by eapply MC_valid_message_from_valid_state.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
MC_valid receive
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round) helper)
  (Some (mkMsg target round undecided)) by rewrite Hlasthelper; constructor.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
match
  finite_trace_last is
    (MC_build_clean_muddy_trace is target helper round)
    target
with
| mkSt _ (Some (mkRS r status)) =>
    undecided = status ∧ round = r
    ∨ undecided = undecided ∧ round < r
| mkSt _ None => False
end by subst; rewrite Hlast; cbn; left.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
(let (si', om') :=
   MC_transition helper receive
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round) helper)
     (Some (mkMsg target round undecided)) in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt
      (st_obs
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round) helper))
      (Some (mkRS round undecided))), None) rewrite Hlasthelper, MC_transition_equation_7; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
(let (si', om') :=
   MC_transition_clause_5 helper obs (round - 1)
     target (decide (target ∈ obs)) round in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt obs (Some (mkRS round undecided))), None)
        assert (Hobsequiv : st_obs (is helper) ≡ obs)
          by (rewrite st_obs_finite_valid_trace_from_to, Hlasthelper; subst; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is helper) ≡ obs
(let (si', om') :=
   MC_transition_clause_5 helper obs (round - 1)
     target (decide (target ∈ obs)) round in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt obs (Some (mkRS round undecided))), None)
        destruct Hcons as [Hnempty Hcons].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is helper) ≡ obs
(let (si', om') :=
   MC_transition_clause_5 helper obs (round - 1)
     target (decide (target ∈ obs)) round in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt obs (Some (mkRS round undecided))), None)
        assert (Htargetobs : target ∉ obs).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is helper) ≡ obs
target ∉ obs
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is helper) ≡ obs
Htargetobs: target ∉ obs
(let (si', om') :=
   MC_transition_clause_5 helper obs 
     (round - 1) target 
     (decide (target ∈ obs)) round in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt obs (Some (mkRS round undecided))), None)
        {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is helper) ≡ obs
target ∉ obs
          rewrite <- Hobsequiv, Hcons.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is helper) ≡ obs
target ∉ MuddyUnion is ∖ {[helper]}
          by set_solver.
        }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is helper) ≡ obs
Htargetobs: target ∉ obs
(let (si', om') :=
   MC_transition_clause_5 helper obs (round - 1)
     target (decide (target ∈ obs)) round in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt obs (Some (mkRS round undecided))), None)
        unfold MC_transition_clause_5.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is helper) ≡ obs
Htargetobs: target ∉ obs
(let (si', om') :=
   (if decide (target ∈ obs)
    then
     λ r' : nat,
       if decide (r' < round - 1)
       then
        (mkSt obs (Some (mkRS (round - 1) undecided)),
         None)
       else
        if decide (round - 1 <= r' < size obs - 1)
        then
         (mkSt obs (Some (mkRS (r' + 1) undecided)),
          None)
        else
         if decide (r' = size obs - 1)
         then
          (mkSt obs (Some (mkRS (r' + 1) muddy)), None)
         else
          (mkSt obs
             (Some (mkRS (round - 1) undecided)), None)
    else
     λ r' : nat,
       if decide (r' ≤ round - 1)
       then
        (mkSt obs (Some (mkRS (round - 1) undecided)),
         None)
       else
        if decide (round - 1 < r' < size obs)
        then
         (mkSt obs (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size obs)
         then (mkSt obs (Some (mkRS r' muddy)), None)
         else
          (mkSt obs
             (Some (mkRS (round - 1) undecided)), None))
     round in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt obs (Some (mkRS round undecided))), None)
        rewrite decide_False by done.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hobsequiv: st_obs (is helper) ≡ obs
Htargetobs: target ∉ obs
(let (si', om') :=
   if decide (round ≤ round - 1)
   then
    (mkSt obs (Some (mkRS (round - 1) undecided)),
     None)
   else
    if decide (round - 1 < round < size obs)
    then
     (mkSt obs (Some (mkRS round undecided)), None)
    else
     if decide (round = size obs)
     then (mkSt obs (Some (mkRS round muddy)), None)
     else
      (mkSt obs (Some (mkRS (round - 1) undecided)),
       None) in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt obs (Some (mkRS round undecided))), None)
        destruct round; [by rewrite decide_True by lia; cbn; state_update_simpl |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S (S round) < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        (S round)))
  (MC_build_clean_muddy_trace is target helper
     (S round))
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper (S round)) helper =
mkSt obs
  (Some (mkRS (S round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     (S round)) target =
mkSt obs' (Some (mkRS (S round) undecided))
Hobsequiv: st_obs (is helper) ≡ obs
Htargetobs: target ∉ obs
(let (si', om') :=
   if decide (S round ≤ S round - 1)
   then
    (mkSt obs (Some (mkRS (S round - 1) undecided)),
     None)
   else
    if decide (S round - 1 < S round < size obs)
    then
     (mkSt obs (Some (mkRS (S round) undecided)), None)
    else
     if decide (S round = size obs)
     then
      (mkSt obs (Some (mkRS (S round) muddy)), None)
     else
      (mkSt obs (Some (mkRS (S round - 1) undecided)),
       None) in
 (state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          (S round))) helper si', om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         (S round))) helper
   (mkSt obs (Some (mkRS (S round) undecided))), None)
        rewrite decide_False, decide_True; [done | | by lia].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S (S round) < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        (S round)))
  (MC_build_clean_muddy_trace is target helper
     (S round))
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper (S round)) helper =
mkSt obs
  (Some (mkRS (S round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     (S round)) target =
mkSt obs' (Some (mkRS (S round) undecided))
Hobsequiv: st_obs (is helper) ≡ obs
Htargetobs: target ∉ obs
S round - 1 < S round < size obs
        split; [by lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S (S round) < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        (S round)))
  (MC_build_clean_muddy_trace is target helper
     (S round))
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper (S round)) helper =
mkSt obs
  (Some (mkRS (S round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     (S round)) target =
mkSt obs' (Some (mkRS (S round) undecided))
Hobsequiv: st_obs (is helper) ≡ obs
Htargetobs: target ∉ obs
S round < size obs
        rewrite Hcons, size_difference_alt in Hround.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S (S round) <
size (MuddyUnion is) -
size (MuddyUnion is ∩ {[target]})
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        (S round)))
  (MC_build_clean_muddy_trace is target helper
     (S round))
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper (S round)) helper =
mkSt obs
  (Some (mkRS (S round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     (S round)) target =
mkSt obs' (Some (mkRS (S round) undecided))
Hobsequiv: st_obs (is helper) ≡ obs
Htargetobs: target ∉ obs
S round < size obs
        rewrite <- Hobsequiv, Hcons, size_difference, size_singleton by set_solver.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S (S round) <
size (MuddyUnion is) -
size (MuddyUnion is ∩ {[target]})
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        (S round)))
  (MC_build_clean_muddy_trace is target helper
     (S round))
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper (S round)) helper =
mkSt obs
  (Some (mkRS (S round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     (S round)) target =
mkSt obs' (Some (mkRS (S round) undecided))
Hobsequiv: st_obs (is helper) ≡ obs
Htargetobs: target ∉ obs
S round < size (MuddyUnion is) - 1
        by lia.
    }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
finite_valid_trace_from_to MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round)) ?f
  [{|
     l := existT helper receive;
     input := Some (mkMsg target round undecided);
     destination :=
       state_update MCVLSM
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round)) helper
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) helper))
            (Some (mkRS round undecided)));
     output := None
   |};
   {|
     l := existT target receive;
     input := Some (mkMsg helper round undecided);
     destination :=
       state_update MCVLSM
         (state_update MCVLSM
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round)) helper
            (mkSt
               (st_obs
                  (finite_trace_last is
                     (MC_build_clean_muddy_trace is
                        target helper round) helper))
               (Some (mkRS round undecided)))) target
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) target))
            (Some (mkRS (S round) undecided)));
     output := None
   |}]
    constructor; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided)))) ?f
  [{|
     l := existT target receive;
     input := Some (mkMsg helper round undecided);
     destination :=
       state_update MCVLSM
         (state_update MCVLSM
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round)) helper
            (mkSt
               (st_obs
                  (finite_trace_last is
                     (MC_build_clean_muddy_trace is
                        target helper round) helper))
               (Some (mkRS round undecided)))) target
         (mkSt
            (st_obs
               (finite_trace_last is
                  (MC_build_clean_muddy_trace is
                     target helper round) target))
            (Some (mkRS (S round) undecided)));
     output := None
   |}]
    apply finite_valid_trace_from_to_singleton.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: initial_state_prop is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
input_valid_transition MC_composite_vlsm
  (existT target receive)
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided))),
   Some (mkMsg helper round undecided))
  (state_update MCVLSM
     (state_update MCVLSM
        (finite_trace_last is
           (MC_build_clean_muddy_trace is target
              helper round)) helper
        (mkSt
           (st_obs
              (finite_trace_last is
                 (MC_build_clean_muddy_trace is target
                    helper round) helper))
           (Some (mkRS round undecided)))) target
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) target))
        (Some (mkRS (S round) undecided))), None)
    repeat split; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
valid_state_prop MC_composite_vlsm
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided))))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg helper round undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
MC_valid receive
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided))) target)
  (Some (mkMsg helper round undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
match
  state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper
    (mkSt
       (st_obs
          (finite_trace_last is
             (MC_build_clean_muddy_trace is target
                helper round) helper))
       (Some (mkRS round undecided))) helper
with
| mkSt _ (Some (mkRS r status)) =>
    undecided = status ∧ round = r
    ∨ undecided = undecided ∧ round < r
| mkSt _ None => False
end
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
(let (si', om') :=
   MC_transition target receive
     (state_update MCVLSM
        (finite_trace_last is
           (MC_build_clean_muddy_trace is target
              helper round)) helper
        (mkSt
           (st_obs
              (finite_trace_last is
                 (MC_build_clean_muddy_trace is target
                    helper round) helper))
           (Some (mkRS round undecided))) target)
     (Some (mkMsg helper round undecided)) in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round) target))
      (Some (mkRS (S round) undecided))), None)
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
valid_state_prop MC_composite_vlsm
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided)))) by eapply input_valid_transition_destination.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg helper round undecided)) apply valid_trace_last_pstate in IH as Hfinal.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg helper round undecided))
      remember (state_update _ _ _ _) as final.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
final: ∀ j : index, state (MCVLSM j)
Heqfinal: final =
state_update MCVLSM
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round)) helper
  (mkSt
     (st_obs
        (finite_trace_last is
           (MC_build_clean_muddy_trace is
              target helper round) helper))
     (Some (mkRS round undecided)))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (final, None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg helper round undecided))
      apply input_valid_transition_out
        with (l := existT helper emit) (s := final) (s' := final) (om := None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
final: ∀ j : index, state (MCVLSM j)
Heqfinal: final =
state_update MCVLSM
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round)) helper
  (mkSt
     (st_obs
        (finite_trace_last is
           (MC_build_clean_muddy_trace is
              target helper round) helper))
     (Some (mkRS round undecided)))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (final, None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
input_valid_transition MC_composite_vlsm
  (existT helper emit) (final, None)
  (final, Some (mkMsg helper round undecided))
      repeat split; subst; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
valid_state_prop MC_composite_vlsm
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided))))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
MC_valid emit
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided))) helper) None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
(let (si', om') :=
   MC_transition helper emit
     (state_update MCVLSM
        (finite_trace_last is
           (MC_build_clean_muddy_trace is target
              helper round)) helper
        (mkSt
           (st_obs
              (finite_trace_last is
                 (MC_build_clean_muddy_trace is target
                    helper round) helper))
           (Some (mkRS round undecided))) helper) None in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) helper si',
  om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt
      (st_obs
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round) helper))
      (Some (mkRS round undecided))),
 Some (mkMsg helper round undecided))
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
valid_state_prop MC_composite_vlsm
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided)))) by eapply input_valid_transition_destination.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
MC_valid emit
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided))) helper) None by state_update_simpl; constructor.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
(let (si', om') :=
   MC_transition helper emit
     (state_update MCVLSM
        (finite_trace_last is
           (MC_build_clean_muddy_trace is target
              helper round)) helper
        (mkSt
           (st_obs
              (finite_trace_last is
                 (MC_build_clean_muddy_trace is target
                    helper round) helper))
           (Some (mkRS round undecided))) helper) None in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) helper si',
  om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt
      (st_obs
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round) helper))
      (Some (mkRS round undecided))),
 Some (mkMsg helper round undecided)) state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hfinal: valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round))
(let (si', om') :=
   MC_transition helper emit
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided))) None in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) helper si',
  om')) =
(state_update MCVLSM
   (finite_trace_last is
      (MC_build_clean_muddy_trace is target helper
         round)) helper
   (mkSt
      (st_obs
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round) helper))
      (Some (mkRS round undecided))),
 Some (mkMsg helper round undecided))
        by rewrite MC_transition_equation_5, state_update_twice.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
MC_valid receive
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace is target
                 helper round) helper))
        (Some (mkRS round undecided))) target)
  (Some (mkMsg helper round undecided)) rewrite Hlasthelper; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
MC_valid receive
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round)) helper
     (mkSt obs (Some (mkRS round undecided))) target)
  (Some (mkMsg helper round undecided))
      state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
MC_valid receive
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round) target)
  (Some (mkMsg helper round undecided))
      rewrite Hlast.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
MC_valid receive
  (mkSt obs' (Some (mkRS round undecided)))
  (Some (mkMsg helper round undecided))
      by constructor.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
match
  state_update MCVLSM
    (finite_trace_last is
       (MC_build_clean_muddy_trace is target helper
          round)) helper
    (mkSt
       (st_obs
          (finite_trace_last is
             (MC_build_clean_muddy_trace is target
                helper round) helper))
       (Some (mkRS round undecided))) helper
with
| mkSt _ (Some (mkRS r status)) =>
    undecided = status ∧ round = r
    ∨ undecided = undecided ∧ round < r
| mkSt _ None => False
end by state_update_simpl; left.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
(let (si', om') :=
   MC_transition target receive
     (state_update MCVLSM
        (finite_trace_last is
           (MC_build_clean_muddy_trace is target
              helper round)) helper
        (mkSt
           (st_obs
              (finite_trace_last is
                 (MC_build_clean_muddy_trace is target
                    helper round) helper))
           (Some (mkRS round undecided))) target)
     (Some (mkMsg helper round undecided)) in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round) target))
      (Some (mkRS (S round) undecided))), None) state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
(let (si', om') :=
   MC_transition target receive
     (finite_trace_last is
        (MC_build_clean_muddy_trace is target helper
           round) target)
     (Some (mkMsg helper round undecided)) in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (finite_trace_last is
            (MC_build_clean_muddy_trace is target
               helper round) target))
      (Some (mkRS (S round) undecided))), None)
      rewrite Hlast, MC_transition_equation_7.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
(let (si', om') :=
   MC_transition_clause_5 target obs' round helper
     (decide (helper ∈ obs')) round in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (mkSt obs' (Some (mkRS round undecided))))
      (Some (mkRS (S round) undecided))), None)
      unfold MC_transition_clause_5.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
(let (si', om') :=
   (if decide (helper ∈ obs')
    then
     λ r' : nat,
       if decide (r' < round)
       then
        (mkSt obs' (Some (mkRS round undecided)), None)
       else
        if decide (round <= r' < size obs' - 1)
        then
         (mkSt obs' (Some (mkRS (r' + 1) undecided)),
          None)
        else
         if decide (r' = size obs' - 1)
         then
          (mkSt obs' (Some (mkRS (r' + 1) muddy)),
           None)
         else
          (mkSt obs' (Some (mkRS round undecided)),
           None)
    else
     λ r' : nat,
       if decide (r' ≤ round)
       then
        (mkSt obs' (Some (mkRS round undecided)), None)
       else
        if decide (round < r' < size obs')
        then
         (mkSt obs' (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size obs')
         then (mkSt obs' (Some (mkRS r' muddy)), None)
         else
          (mkSt obs' (Some (mkRS round undecided)),
           None)) round in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (mkSt obs' (Some (mkRS round undecided))))
      (Some (mkRS (S round) undecided))), None)
      assert (Hobsequiv : st_obs (is target) ≡ obs')
        by (rewrite st_obs_finite_valid_trace_from_to, Hlast; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hcons: consistent is
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
(let (si', om') :=
   (if decide (helper ∈ obs')
    then
     λ r' : nat,
       if decide (r' < round)
       then
        (mkSt obs' (Some (mkRS round undecided)), None)
       else
        if decide (round <= r' < size obs' - 1)
        then
         (mkSt obs' (Some (mkRS (r' + 1) undecided)),
          None)
        else
         if decide (r' = size obs' - 1)
         then
          (mkSt obs' (Some (mkRS (r' + 1) muddy)),
           None)
         else
          (mkSt obs' (Some (mkRS round undecided)),
           None)
    else
     λ r' : nat,
       if decide (r' ≤ round)
       then
        (mkSt obs' (Some (mkRS round undecided)), None)
       else
        if decide (round < r' < size obs')
        then
         (mkSt obs' (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size obs')
         then (mkSt obs' (Some (mkRS r' muddy)), None)
         else
          (mkSt obs' (Some (mkRS round undecided)),
           None)) round in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (mkSt obs' (Some (mkRS round undecided))))
      (Some (mkRS (S round) undecided))), None)
      destruct Hcons as [Hnempty Hcons].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
(let (si', om') :=
   (if decide (helper ∈ obs')
    then
     λ r' : nat,
       if decide (r' < round)
       then
        (mkSt obs' (Some (mkRS round undecided)), None)
       else
        if decide (round <= r' < size obs' - 1)
        then
         (mkSt obs' (Some (mkRS (r' + 1) undecided)),
          None)
        else
         if decide (r' = size obs' - 1)
         then
          (mkSt obs' (Some (mkRS (r' + 1) muddy)),
           None)
         else
          (mkSt obs' (Some (mkRS round undecided)),
           None)
    else
     λ r' : nat,
       if decide (r' ≤ round)
       then
        (mkSt obs' (Some (mkRS round undecided)), None)
       else
        if decide (round < r' < size obs')
        then
         (mkSt obs' (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size obs')
         then (mkSt obs' (Some (mkRS r' muddy)), None)
         else
          (mkSt obs' (Some (mkRS round undecided)),
           None)) round in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (mkSt obs' (Some (mkRS round undecided))))
      (Some (mkRS (S round) undecided))), None)
      assert (Htargetobs : helper ∈ obs').index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
helper ∈ obs'
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
(let (si', om') :=
   (if decide (helper ∈ obs')
    then
     λ r' : nat,
       if decide (r' < round)
       then
        (mkSt obs' (Some (mkRS round undecided)), None)
       else
        if decide (round <= r' < size obs' - 1)
        then
         (mkSt obs' (Some (mkRS (r' + 1) undecided)),
          None)
        else
         if decide (r' = size obs' - 1)
         then
          (mkSt obs' (Some (mkRS (r' + 1) muddy)),
           None)
         else
          (mkSt obs' (Some (mkRS round undecided)),
           None)
    else
     λ r' : nat,
       if decide (r' ≤ round)
       then
        (mkSt obs' (Some (mkRS round undecided)), None)
       else
        if decide (round < r' < size obs')
        then
         (mkSt obs' (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size obs')
         then (mkSt obs' (Some (mkRS r' muddy)), None)
         else
          (mkSt obs' (Some (mkRS round undecided)),
           None)) round in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (mkSt obs' (Some (mkRS round undecided))))
      (Some (mkRS (S round) undecided))), None)
      {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
helper ∈ obs'
        rewrite <- Hobsequiv, Hcons.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
helper ∈ MuddyUnion is ∖ {[target]}
        by set_solver.
      }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
(let (si', om') :=
   (if decide (helper ∈ obs')
    then
     λ r' : nat,
       if decide (r' < round)
       then
        (mkSt obs' (Some (mkRS round undecided)), None)
       else
        if decide (round <= r' < size obs' - 1)
        then
         (mkSt obs' (Some (mkRS (r' + 1) undecided)),
          None)
        else
         if decide (r' = size obs' - 1)
         then
          (mkSt obs' (Some (mkRS (r' + 1) muddy)),
           None)
         else
          (mkSt obs' (Some (mkRS round undecided)),
           None)
    else
     λ r' : nat,
       if decide (r' ≤ round)
       then
        (mkSt obs' (Some (mkRS round undecided)), None)
       else
        if decide (round < r' < size obs')
        then
         (mkSt obs' (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size obs')
         then (mkSt obs' (Some (mkRS r' muddy)), None)
         else
          (mkSt obs' (Some (mkRS round undecided)),
           None)) round in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (mkSt obs' (Some (mkRS round undecided))))
      (Some (mkRS (S round) undecided))), None)
      rewrite decide_True by done.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
(let (si', om') :=
   if decide (round < round)
   then
    (mkSt obs' (Some (mkRS round undecided)), None)
   else
    if decide (round <= round < size obs' - 1)
    then
     (mkSt obs' (Some (mkRS (round + 1) undecided)),
      None)
    else
     if decide (round = size obs' - 1)
     then
      (mkSt obs' (Some (mkRS (round + 1) muddy)), None)
     else
      (mkSt obs' (Some (mkRS round undecided)), None) in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (mkSt obs' (Some (mkRS round undecided))))
      (Some (mkRS (S round) undecided))), None)
      rewrite decide_False by lia.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
(let (si', om') :=
   if decide (round <= round < size obs' - 1)
   then
    (mkSt obs' (Some (mkRS (round + 1) undecided)),
     None)
   else
    if decide (round = size obs' - 1)
    then
     (mkSt obs' (Some (mkRS (round + 1) muddy)), None)
    else
     (mkSt obs' (Some (mkRS round undecided)), None) in
 (state_update MCVLSM
    (state_update MCVLSM
       (finite_trace_last is
          (MC_build_clean_muddy_trace is target helper
             round)) helper
       (mkSt
          (st_obs
             (finite_trace_last is
                (MC_build_clean_muddy_trace is target
                   helper round) helper))
          (Some (mkRS round undecided)))) target si',
  om')) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (mkSt obs' (Some (mkRS round undecided))))
      (Some (mkRS (S round) undecided))), None)
      rewrite decide_True.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt obs' (Some (mkRS (round + 1) undecided))),
 None) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (mkSt obs' (Some (mkRS round undecided))))
      (Some (mkRS (S round) undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
round <= round < size obs' - 1
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt obs' (Some (mkRS (round + 1) undecided))),
 None) =
(state_update MCVLSM
   (state_update MCVLSM
      (finite_trace_last is
         (MC_build_clean_muddy_trace is target helper
            round)) helper
      (mkSt
         (st_obs
            (finite_trace_last is
               (MC_build_clean_muddy_trace is target
                  helper round) helper))
         (Some (mkRS round undecided)))) target
   (mkSt
      (st_obs
         (mkSt obs' (Some (mkRS round undecided))))
      (Some (mkRS (S round) undecided))), None) by replace (round + 1) with (S round) by lia.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
round <= round < size obs' - 1 split; [by lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
round < size obs' - 1
        rewrite <- Hobsequiv, Hcons.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (st_obs (is target))
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
round < size (MuddyUnion is ∖ {[target]}) - 1
        rewrite Hcons in Hround.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
is: composite_state MCVLSM
target, helper: index
round: nat
Hinit: composite_initial_state_prop MCVLSM is
Hnempty: MuddyUnion is ≢ ∅
Hcons: ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Htarget: target ∉ MuddyUnion is
Hhelper: helper ∈ MuddyUnion is
Hsizemuddy: size (MuddyUnion is) ≥ 2
Hdiff: target ≠ helper
Hround: S round < size (MuddyUnion is ∖ {[target]})
IH: finite_valid_trace_from_to MC_composite_vlsm is
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target helper
        round))
  (MC_build_clean_muddy_trace is target helper
     round)
IHinit: composite_initial_state_prop MCVLSM is
obs: indexSet
Hlasthelper: finite_trace_last is
  (MC_build_clean_muddy_trace is target
     helper round) helper =
mkSt obs
  (Some (mkRS (round - 1) undecided))
obs': indexSet
Hlast: finite_trace_last is
  (MC_build_clean_muddy_trace is target helper
     round) target =
mkSt obs' (Some (mkRS round undecided))
Hvalidtr1: input_valid_transition MC_composite_vlsm
  (existT helper receive)
  (finite_trace_last is
     (MC_build_clean_muddy_trace is target
        helper round),
   Some (mkMsg target round undecided))
  (state_update MCVLSM
     (finite_trace_last is
        (MC_build_clean_muddy_trace is
           target helper round)) helper
     (mkSt
        (st_obs
           (finite_trace_last is
              (MC_build_clean_muddy_trace
                 is target helper round)
              helper))
        (Some (mkRS round undecided))),
   None)
Hobsequiv: st_obs (is target) ≡ obs'
Htargetobs: helper ∈ obs'
round < size (MuddyUnion is ∖ {[target]}) - 1
        by lia.
Qed.

Lemma MC_build_valid_message (s : composite_state MCVLSM) (round : nat) :
  MC_non_initial_valid_state s ->
  length (enum index) > 1 ->
  forall (i : index), round < size (st_obs (s i)) ->
  valid_message_prop MC_composite_vlsm (mkMsg i round undecided).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
MC_non_initial_valid_state s
→ length (enum index) > 1
  → ∀ i : index,
      round < size (st_obs (s i))
      → valid_message_prop MC_composite_vlsm
          (mkMsg i round undecided)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
MC_non_initial_valid_state s
→ length (enum index) > 1
  → ∀ i : index,
      round < size (st_obs (s i))
      → valid_message_prop MC_composite_vlsm
          (mkMsg i round undecided)
  intros Hvalid Hlength i Hround.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
Hvalid: MC_non_initial_valid_state s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  apply MC_non_initial_valid_consistent in Hvalid as Hcons.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
Hvalid: MC_non_initial_valid_state s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
Hcons: consistent s
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  destruct Hvalid as [Hvalid Hnoninit].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
Hcons: consistent s
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  apply valid_state_has_trace in Hvalid as (is & tr & Hfromto & Hinit).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
Hcons: consistent s
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  destruct (Hcons) as [Hnemptys Hconss].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
Hcons: consistent s
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  rewrite <- MC_in_futures_preserves_consistency in Hcons; [| by eexists].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  destruct (Hcons) as [Hnempty Hcons'].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  assert (Hmuddyis : MuddyUnion is ≡ MuddyUnion s).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
MuddyUnion is ≡ MuddyUnion s
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
MuddyUnion is ≡ MuddyUnion s
    by apply MC_in_futures_preserves_muddy; exists tr.
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (st_obs (s i))
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  rewrite Hconss, <- Hmuddyis in Hround.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  assert (exists (j : index), j ∈ st_obs (is i)) as (j & Hj).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
∃ j : index, j ∈ st_obs (is i)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ st_obs (is i)
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
∃ j : index, j ∈ st_obs (is i)
    setoid_rewrite Hcons'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
∃ j : index, j ∈ MuddyUnion is ∖ {[i]}
    apply set_choose, size_non_empty_iff.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
size (MuddyUnion is ∖ {[i]}) ≠ 0
    by lia.
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ st_obs (is i)
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  apply MuddyUnion_elem in Hj as Hhelper.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ st_obs (is i)
Hhelper: j ∈ MuddyUnion is
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  rewrite Hcons' in Hj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  assert (Hdiff : i <> j) by set_solver.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  destruct (decide (i ∈ MuddyUnion is)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
e: i ∈ MuddyUnion is
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
e: i ∈ MuddyUnion is
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided) destruct (MC_build_muddy_muddy_trace_last_target is i j round) as (obsf & Hlasti).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
e: i ∈ MuddyUnion is
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_muddy_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
    eapply MC_valid_message_from_valid_state; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
e: i ∈ MuddyUnion is
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_muddy_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is i j round))
    destruct (MC_build_muddy_muddy_trace_valid is i j round Hinit Hcons e Hhelper Hdiff).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
e: i ∈ MuddyUnion is
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_muddy_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
round < size (MuddyUnion is) - 1
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
e: i ∈ MuddyUnion is
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_muddy_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
H9: finite_valid_trace_from MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is i j round)
H10: initial_state_prop is
valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is i j round))
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
e: i ∈ MuddyUnion is
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_muddy_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
round < size (MuddyUnion is) - 1 by rewrite size_difference, size_singleton in Hround; [| set_solver].
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
e: i ∈ MuddyUnion is
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_muddy_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
H9: finite_valid_trace_from MC_composite_vlsm is
  (MC_build_muddy_muddy_trace is i j round)
H10: initial_state_prop is
valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_muddy_muddy_trace is i j round)) by apply finite_valid_trace_last_pstate.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided) destruct (decide (size (MuddyUnion is) <= 1)); cycle 1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
n0: ¬ size (MuddyUnion is) ≤ 1
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
n0: ¬ size (MuddyUnion is) ≤ 1
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided) destruct (MC_build_clean_muddy_trace_last_target is i j round) as (obsf & Hlasti).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
n0: ¬ size (MuddyUnion is) ≤ 1
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_clean_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided)
      eapply MC_valid_message_from_valid_state; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
n0: ¬ size (MuddyUnion is) ≤ 1
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_clean_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is i j round))
      destruct (MC_build_clean_muddy_trace_valid is i j round Hinit Hcons n Hhelper); [| by lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
n0: ¬ size (MuddyUnion is) ≤ 1
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_clean_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
round < size (st_obs (is i))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
n0: ¬ size (MuddyUnion is) ≤ 1
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_clean_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
H9: finite_valid_trace_from MC_composite_vlsm is
  (MC_build_clean_muddy_trace is i j round)
H10: initial_state_prop is
valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is i j round))
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
n0: ¬ size (MuddyUnion is) ≤ 1
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_clean_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
round < size (st_obs (is i)) by rewrite <- Hcons' in Hround.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
n0: ¬ size (MuddyUnion is) ≤ 1
obsf: indexSet
Hlasti: finite_trace_last is
  (MC_build_clean_muddy_trace is i j round) i =
mkSt obsf (Some (mkRS round undecided))
H9: finite_valid_trace_from MC_composite_vlsm is
  (MC_build_clean_muddy_trace is i j round)
H10: initial_state_prop is
valid_state_prop MC_composite_vlsm
  (finite_trace_last is
     (MC_build_clean_muddy_trace is i j round)) by apply finite_valid_trace_last_pstate.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
valid_message_prop MC_composite_vlsm
  (mkMsg i round undecided) replace round with 0 by (rewrite size_difference_alt in Hround; lia).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
valid_message_prop MC_composite_vlsm
  (mkMsg i 0 undecided)
      apply MC_valid_message_from_valid_state with
        (s := state_update MCVLSM is i (mkSt (st_obs (is i)) (Some (mkRS 0 undecided))))
        (obs := st_obs (is i)); [| by state_update_simpl].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
valid_state_prop MC_composite_vlsm
  (state_update MCVLSM is i
     (mkSt (st_obs (is i)) (Some (mkRS 0 undecided))))
      apply input_valid_transition_destination
        with (l := existT i init) (s := is) (om := None) (om' := None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
input_valid_transition MC_composite_vlsm
  (existT i init) (is, None)
  (state_update MCVLSM is i
     (mkSt (st_obs (is i)) (Some (mkRS 0 undecided))),
   None)
      repeat split; subst; [by apply initial_state_is_valid | ..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
valid (existT i init) (is, None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
MuddyUnion is ≢ ∅
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
n0, x: index
x ∈ st_obs (is n0) → x ∈ MuddyUnion is ∖ {[n0]}
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
n0, x: index
x ∈ MuddyUnion is ∖ {[n0]} → x ∈ st_obs (is n0)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
transition (existT i init) (is, None) =
(state_update MCVLSM is i
   (mkSt (st_obs (is i)) (Some (mkRS 0 undecided))),
 None)
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
valid (existT i init) (is, None) specialize (Hinit i).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
Hinit: initial_state_prop (is i)
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
valid (existT i init) (is, None)
        cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
Hinit: MC_initial_state_prop (is i)
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
MC_valid init (is i) None
        unfold MC_initial_state_prop in Hinit.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
Hinit: st_rs (is i) = None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
MC_valid init (is i) None
        destruct (is i); cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
MC_valid init (mkSt st_obs0 None) None
        by constructor.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
MuddyUnion is ≢ ∅ done.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
n0, x: index
x ∈ st_obs (is n0) → x ∈ MuddyUnion is ∖ {[n0]} by cbn in *; apply Hcons'.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
n0, x: index
x ∈ MuddyUnion is ∖ {[n0]} → x ∈ st_obs (is n0) by apply Hcons'.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
transition (existT i init) (is, None) =
(state_update MCVLSM is i
   (mkSt (st_obs (is i)) (Some (mkRS 0 undecided))),
 None) cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
Hinit: initial_state_prop is
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
i: index
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
(let (si', om') := MC_transition i init (is i) None in
 (state_update MCVLSM is i si', om')) =
(state_update MCVLSM is i
   (mkSt (st_obs (is i)) (Some (mkRS 0 undecided))),
 None)
        specialize (Hinit i).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
Hinit: initial_state_prop (is i)
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
(let (si', om') := MC_transition i init (is i) None in
 (state_update MCVLSM is i si', om')) =
(state_update MCVLSM is i
   (mkSt (st_obs (is i)) (Some (mkRS 0 undecided))),
 None)
        destruct (is i) eqn: Hisi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: state MC_composite_vlsm
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
st_rs0: option RoundStatus
Hisi: is i = mkSt st_obs0 st_rs0
Hinit: initial_state_prop (mkSt st_obs0 st_rs0)
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 st_rs0) None in
 (state_update MCVLSM is i si', om')) =
(state_update MCVLSM is i
   (mkSt (st_obs (mkSt st_obs0 st_rs0))
      (Some (mkRS 0 undecided))), None)
        cbn in *; unfold MC_initial_state_prop in Hinit; cbn in Hinit; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM is i si', om')) =
(state_update MCVLSM is i
   (mkSt st_obs0 (Some (mkRS 0 undecided))), None)
        rewrite MC_transition_equation_3.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
(let (si', om') :=
   MC_transition_clause_1 i st_obs0 (size st_obs0) in
 (state_update MCVLSM is i si', om')) =
(state_update MCVLSM is i
   (mkSt st_obs0 (Some (mkRS 0 undecided))), None)
        unfold MC_transition_clause_1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
(let (si', om') :=
   match size st_obs0 with
   | 0 => (mkSt st_obs0 (Some (mkRS 0 muddy)), None)
   | S _ =>
       (mkSt st_obs0 (Some (mkRS 0 undecided)), None)
   end in
 (state_update MCVLSM is i si', om')) =
(state_update MCVLSM is i
   (mkSt st_obs0 (Some (mkRS 0 undecided))), None)
        replace st_obs0 with (st_obs (is i)); [| by rewrite Hisi].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
(let (si', om') :=
   match size (st_obs (is i)) with
   | 0 =>
       (mkSt (st_obs (is i)) (Some (mkRS 0 muddy)),
        None)
   | S _ =>
       (mkSt (st_obs (is i)) (Some (mkRS 0 undecided)),
        None)
   end in
 (state_update MCVLSM is i si', om')) =
(state_update MCVLSM is i
   (mkSt (st_obs (is i)) (Some (mkRS 0 undecided))),
 None)
        replace (size (st_obs (is i))) with 1; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
1 = size (st_obs (is i))
        rewrite Hcons', size_difference_alt.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
1 =
size (MuddyUnion is) - size (MuddyUnion is ∩ {[i]})
        assert (MuddyUnion is ∩ {[i]} ≡ ∅) as -> by set_solver.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
l: size (MuddyUnion is) ≤ 1
1 = size (MuddyUnion is) - size ∅
        destruct (size (MuddyUnion is)) eqn: Heq.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
Heq: size (MuddyUnion is) = 0
l: 0 ≤ 1
1 = 0 - size ∅
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
n0: nat
Heq: size (MuddyUnion is) = S n0
l: S n0 ≤ 1
1 = S n0 - size ∅
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
Heq: size (MuddyUnion is) = 0
l: 0 ≤ 1
1 = 0 - size ∅ by apply size_empty_inv in Heq.
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
round: nat
is: composite_state MCVLSM
tr: list transition_item
Hfromto: finite_valid_trace_from_to MC_composite_vlsm
  is s tr
i: index
st_obs0: indexSet
Hisi: is i = mkSt st_obs0 None
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
Hlength: length (enum index) > 1
Hround: round < size (MuddyUnion is ∖ {[i]})
Hnemptys: MuddyUnion s ≢ ∅
Hconss: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hcons: consistent is
Hnempty: MuddyUnion is ≢ ∅
Hcons': ∀ n : index,
  st_obs (is n) ≡ MuddyUnion is ∖ {[n]}
Hmuddyis: MuddyUnion is ≡ MuddyUnion s
j: index
Hj: j ∈ MuddyUnion is ∖ {[i]}
Hhelper: j ∈ MuddyUnion is
Hdiff: i ≠ j
n: i ∉ MuddyUnion is
n0: nat
Heq: size (MuddyUnion is) = S n0
l: S n0 ≤ 1
1 = S n0 - size ∅ by rewrite size_empty; lia.
Qed.

Lemma composite_initial_state_prop_not_None :
  forall (s : composite_state MCVLSM) (i : index),
    st_rs (s i) <> None ->
    ~ composite_initial_state_prop MCVLSM s.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s : composite_state MCVLSM) (i : index),
  st_rs (s i) ≠ None
  → ¬ composite_initial_state_prop MCVLSM s
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
∀ (s : composite_state MCVLSM) (i : index),
  st_rs (s i) ≠ None
  → ¬ composite_initial_state_prop MCVLSM s
  intros s i Hneq Hforall.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
Hneq: st_rs (s i) ≠ None
Hforall: composite_initial_state_prop MCVLSM s
False
  apply Forall_finite in Hforall.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
Hneq: st_rs (s i) ≠ None
Hforall: Forall
  (λ n : index, initial_state_prop (s n))
  (enum index)
False
  contradict Hforall.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
Hneq: st_rs (s i) ≠ None
¬ Forall (λ n : index, initial_state_prop (s n))
    (enum index)
  apply Exists_not_Forall, Exists_exists.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
i: index
Hneq: st_rs (s i) ≠ None
∃ x : index,
  x ∈ enum index
  ∧ (not ∘ (λ n : index, initial_state_prop (s n))) x
  by exists i; split; cbn; [apply elem_of_enum |].
Qed.

Lemma MC_valid_noequiv_valid (s : composite_state MCVLSM) (m : Message) :
  valid_state_prop MC_composite_vlsm s ->
  MC_no_equivocation s m ->
  length (enum index) > 1 ->
  valid_message_prop MC_composite_vlsm m.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
valid_state_prop MC_composite_vlsm s
→ MC_no_equivocation s m
  → length (enum index) > 1
    → valid_message_prop MC_composite_vlsm m
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
valid_state_prop MC_composite_vlsm s
→ MC_no_equivocation s m
  → length (enum index) > 1
    → valid_message_prop MC_composite_vlsm m
  intros Hs Hnoequiv Hlength.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: valid_state_prop MC_composite_vlsm s
Hnoequiv: MC_no_equivocation s m
Hlength: length (enum index) > 1
valid_message_prop MC_composite_vlsm m
  unfold MC_no_equivocation in Hnoequiv.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
m: Message
Hs: valid_state_prop MC_composite_vlsm s
Hnoequiv: match m with
| mkMsg n r' status' =>
    match s n with
    | mkSt _ (Some (mkRS r status)) =>
        status' = status ∧ r' = r
        ∨ status' = undecided ∧ r' < r
    | mkSt _ None => False
    end
end
Hlength: length (enum index) > 1
valid_message_prop MC_composite_vlsm m
  destruct m as [j rm statusm].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
statusm: ChildStatus
Hs: valid_state_prop MC_composite_vlsm s
Hnoequiv: match s j with
| mkSt _ (Some (mkRS r status)) =>
    statusm = status ∧ rm = r
    ∨ statusm = undecided ∧ rm < r
| mkSt _ None => False
end
Hlength: length (enum index) > 1
valid_message_prop MC_composite_vlsm
  (mkMsg j rm statusm)
  destruct (s j) as [oj [[rj statusj] |]] eqn: Hsjf; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
statusm: ChildStatus
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hnoequiv: statusm = statusj ∧ rm = rj
∨ statusm = undecided ∧ rm < rj
Hlength: length (enum index) > 1
valid_message_prop MC_composite_vlsm
  (mkMsg j rm statusm)
  destruct Hnoequiv as [[-> ->] | [-> Hrm]];
    [by eapply MC_valid_message_from_valid_state |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
valid_message_prop MC_composite_vlsm
  (mkMsg j rm undecided)
  assert (Hnivs : MC_non_initial_valid_state s).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
MC_non_initial_valid_state s
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
Hnivs: MC_non_initial_valid_state s
valid_message_prop MC_composite_vlsm
  (mkMsg j rm undecided)
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
MC_non_initial_valid_state s
    split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
¬ composite_initial_state_prop MCVLSM s
    eapply composite_initial_state_prop_not_None.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
st_rs (s ?i) ≠ None
    by rewrite Hsjf.
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
Hnivs: MC_non_initial_valid_state s
valid_message_prop MC_composite_vlsm
  (mkMsg j rm undecided)
  assert (Hcons : consistent s) by (apply MC_non_initial_valid_consistent; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
Hnivs: MC_non_initial_valid_state s
Hcons: consistent s
valid_message_prop MC_composite_vlsm
  (mkMsg j rm undecided)
  destruct Hcons as [Hnempty Hcons'].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
Hnivs: MC_non_initial_valid_state s
Hnempty: MuddyUnion s ≢ ∅
Hcons': ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
valid_message_prop MC_composite_vlsm
  (mkMsg j rm undecided)
  apply MC_composite_invariant_preservation in Hs as Hinvariants.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
Hnivs: MC_non_initial_valid_state s
Hnempty: MuddyUnion s ≢ ∅
Hcons': ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hinvariants: MC_composite_invariant s
valid_message_prop MC_composite_vlsm
  (mkMsg j rm undecided)
  destruct (Hinvariants j) as [| Hinvariant]; [by rewrite Hsjf in H9 |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
Hnivs: MC_non_initial_valid_state s
Hnempty: MuddyUnion s ≢ ∅
Hcons': ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hinvariants: MC_composite_invariant s
Hinvariant: MC_component_invariant s j
valid_message_prop MC_composite_vlsm
  (mkMsg j rm undecided)
  unfold MC_component_invariant, MC_component_invariant_helper in Hinvariant.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
Hnivs: MC_non_initial_valid_state s
Hnempty: MuddyUnion s ≢ ∅
Hcons': ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hinvariants: MC_composite_invariant s
Hinvariant: match state_status (st_rs (s j)) with
| undecided =>
    state_round (st_rs (s j)) <
    size (st_obs (s j))
| muddy =>
    state_round (st_rs (s j)) =
    size (st_obs (s j))
    ∧ size (MuddyUnion s) - 1 =
      size (st_obs (s j))
| clean =>
    state_round (st_rs (s j)) =
    size (st_obs (s j))
    ∧ size (MuddyUnion s) =
      size (st_obs (s j))
end
valid_message_prop MC_composite_vlsm
  (mkMsg j rm undecided)
  rewrite Hsjf in Hinvariant; cbn in Hinvariant.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
Hnivs: MC_non_initial_valid_state s
Hnempty: MuddyUnion s ≢ ∅
Hcons': ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hinvariants: MC_composite_invariant s
Hinvariant: match statusj with
| undecided => rj < size oj
| muddy =>
    rj = size oj
    ∧ size (MuddyUnion s) - 1 = size oj
| clean =>
    rj = size oj
    ∧ size (MuddyUnion s) = size oj
end
valid_message_prop MC_composite_vlsm
  (mkMsg j rm undecided)
  apply (MC_build_valid_message s); [done.. |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j = mkSt oj (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
Hnivs: MC_non_initial_valid_state s
Hnempty: MuddyUnion s ≢ ∅
Hcons': ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hinvariants: MC_composite_invariant s
Hinvariant: match statusj with
| undecided => rj < size oj
| muddy =>
    rj = size oj
    ∧ size (MuddyUnion s) - 1 = size oj
| clean =>
    rj = size oj
    ∧ size (MuddyUnion s) = size oj
end
rm < size (st_obs (s j))
  replace oj with (st_obs (s j)) in *; [| by rewrite Hsjf].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
j: index
rm: nat
Hs: valid_state_prop MC_composite_vlsm s
oj: indexSet
rj: nat
statusj: ChildStatus
Hsjf: s j =
mkSt (st_obs (s j)) (Some (mkRS rj statusj))
Hrm: rm < rj
Hlength: length (enum index) > 1
Hnivs: MC_non_initial_valid_state s
Hnempty: MuddyUnion s ≢ ∅
Hcons': ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hinvariants: MC_composite_invariant s
Hinvariant: match statusj with
| undecided => rj < size (st_obs (s j))
| muddy =>
    rj = size (st_obs (s j))
    ∧ size (MuddyUnion s) - 1 =
      size (st_obs (s j))
| clean =>
    rj = size (st_obs (s j))
    ∧ size (MuddyUnion s) =
      size (st_obs (s j))
end
rm < size (st_obs (s j))
  by case_match; lia.
Qed.

Progress

Lemma MC_undecided_muddy_to_muddy_increase_round
  (s : composite_state MCVLSM)
  (item : composite_transition_item MCVLSM) (i := projT1 (l item)) :
  projT2 (l item) = receive ->
  state_status (st_rs (s i)) = undecided ->
  message_status (input item) = muddy ->
  message_index (input item) i ∈ st_obs (s i) ->
  message_round (input item) = size (st_obs (s i)) ->
  input_valid_transition_item (MC_composite_vlsm) s item ->
  state_round (st_rs (destination item i)) > state_round (st_rs (s i)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
projT2 (l item) = receive
→ state_status (st_rs (s i)) = undecided
  → message_status (input item) = muddy
    → message_index (input item) i ∈ st_obs (s i)
      → message_round (input item) =
        size (st_obs (s i))
        → input_valid_transition_item
            MC_composite_vlsm s item
          → state_round (st_rs (destination item i)) >
            state_round (st_rs (s i))
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
projT2 (l item) = receive
→ state_status (st_rs (s i)) = undecided
  → message_status (input item) = muddy
    → message_index (input item) i ∈ st_obs (s i)
      → message_round (input item) =
        size (st_obs (s i))
        → input_valid_transition_item
            MC_composite_vlsm s item
          → state_round (st_rs (destination item i)) >
            state_round (st_rs (s i))
  intros Hl Hsundecided Hmmuddy Hmindex Hmround Hvalid.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
Hl: projT2 (l item) = receive
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status (input item) = muddy
Hmindex: message_index (input item) i ∈ st_obs (s i)
Hmround: message_round (input item) =
size (st_obs (s i))
Hvalid: input_valid_transition_item MC_composite_vlsm
  s item
state_round (st_rs (destination item i)) >
state_round (st_rs (s i))
  apply MC_transition_undecided_receive_muddy_round_obs with
    i (s i) (mkMsg (message_index (input item) i) (message_round (input item))
    (message_status (input item)))
    in Hsundecided as Htr; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
Hl: projT2 (l item) = receive
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status (input item) = muddy
Hmindex: message_index (input item) i ∈ st_obs (s i)
Hmround: message_round (input item) =
size (st_obs (s i))
Hvalid: input_valid_transition_item MC_composite_vlsm
  s item
Htr: MC_transition i receive
  (mkSt (st_obs (s i))
     (Some
        (mkRS (state_round (st_rs (s i)))
           (state_status (st_rs (s i))))))
  (Some
     (mkMsg
        (msg_index
           (mkMsg (message_index (input item) i)
              (message_round (input item))
              (message_status (input item))))
        (msg_round
           (mkMsg (message_index (input item) i)
              (message_round (input item))
              (message_status (input item))))
        (msg_status
           (mkMsg (message_index (input item) i)
              (message_round (input item))
              (message_status (input item)))))) =
(mkSt (st_obs (s i))
   (Some
      (mkRS
         (msg_round
            (mkMsg
               (message_index (input item) i)
               (message_round (input item))
               (message_status (input item))))
         muddy)), None)
state_round (st_rs (destination item i)) >
state_round (st_rs (s i))
  destruct item, l, Hvalid as [(Hs & _ & Hv & Hc) Ht].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = muddy
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = size (st_obs (s i))
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Htr: MC_transition i receive
  (mkSt (st_obs (s i))
     (Some
        (mkRS (state_round (st_rs (s i)))
           (state_status (st_rs (s i))))))
  (Some
     (mkMsg
        (msg_index
           (mkMsg
              (message_index
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}) i)
              (message_round
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}))
              (message_status
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}))))
        (msg_round
           (mkMsg
              (message_index
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}) i)
              (message_round
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}))
              (message_status
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}))))
        (msg_status
           (mkMsg
              (message_index
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}) i)
              (message_round
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}))
              (message_status
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |})))))) =
(mkSt (st_obs (s i))
   (Some
      (mkRS
         (msg_round
            (mkMsg
               (message_index
                  (VLSM.input
                     {|
                       l := existT x l;
                       input := input;
                       destination :=
                       destination;
                       output := output
                     |}) i)
               (message_round
                  (VLSM.input
                     {|
                       l := existT x l;
                       input := input;
                       destination :=
                       destination;
                       output := output
                     |}))
               (message_status
                  (VLSM.input
                     {|
                       l := existT x l;
                       input := input;
                       destination :=
                       destination;
                       output := output
                     |})))) muddy)), None)
state_round
  (st_rs
     (VLSM.destination
        {|
          l := existT x l;
          input := input;
          destination := destination;
          output := output
        |} i)) > state_round (st_rs (s i))
  cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
muddy
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x))
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x input)
        (from_option msg_round 0 input)
        (from_option msg_status undecided input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 input)
         muddy)), None)
state_round (st_rs (destination x)) >
state_round (st_rs (s x))
  assert (Hrounds : state_round (st_rs (s x)) < size (st_obs (s x))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
muddy
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x))
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x input)
        (from_option msg_round 0 input)
        (from_option msg_status undecided input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 input)
         muddy)), None)
state_round (st_rs (s x)) < size (st_obs (s x))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
muddy
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x))
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x input)
        (from_option msg_round 0 input)
        (from_option msg_status undecided input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 input)
         muddy)), None)
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
state_round (st_rs (destination x)) >
state_round (st_rs (s x))
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
muddy
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x))
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x input)
        (from_option msg_round 0 input)
        (from_option msg_status undecided input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 input)
         muddy)), None)
state_round (st_rs (s x)) < size (st_obs (s x))
    by apply MC_valid_noninitial_state_undecided_round_less_obs; [| inversion Hv |].
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
muddy
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x))
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x input)
        (from_option msg_round 0 input)
        (from_option msg_status undecided input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 input)
         muddy)), None)
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
state_round (st_rs (destination x)) >
state_round (st_rs (s x))
  inversion Hv; subst; cbn in Hsundecided.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hsundecided: state_status (st_rs (s x)) = undecided
m: Message
Hmround: from_option msg_round 0 (Some m) =
size (st_obs (s x))
Hmindex: from_option msg_index x (Some m)
∈ st_obs (s x)
Hmmuddy: from_option msg_status undecided (Some m) =
muddy
Hs: valid_state_prop MC_composite_vlsm s
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x (Some m))
        (from_option msg_round 0 (Some m))
        (from_option msg_status undecided
           (Some m)))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 (Some m))
         muddy)), None)
Hv: MC_valid receive (s x) (Some m)
Hc: MC_no_equivocation s m
Ht: (let (si', om') :=
   MC_transition x receive (s x) (Some m) in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
o: indexSet
rs: RoundStatus
H9: mkSt o (Some rs) = s x
state_round (st_rs (destination x)) >
state_round (st_rs (mkSt o (Some rs)))
  rewrite <- H9 in *; clear H9; destruct rs, m; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
destination: composite_state MCVLSM
output: option Message
i:= x: index
o: indexSet
rs_round0: nat
rs_status0: ChildStatus
Hsundecided: rs_status0 = undecided
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
Hmround: msg_round0 = size o
Hmindex: msg_index0 ∈ o
Hmmuddy: msg_status0 = muddy
Hs: valid_state_prop MC_composite_vlsm s
Htr: MC_transition x receive
  (mkSt o (Some (mkRS rs_round0 rs_status0)))
  (Some
     (mkMsg msg_index0 msg_round0 msg_status0)) =
(mkSt o (Some (mkRS msg_round0 muddy)), None)
Hv: MC_valid receive
  (mkSt o (Some (mkRS rs_round0 rs_status0)))
  (Some (mkMsg msg_index0 msg_round0 msg_status0))
Hc: match s msg_index0 with
| mkSt _ (Some (mkRS r status)) =>
    msg_status0 = status ∧ msg_round0 = r
    ∨ msg_status0 = undecided ∧ msg_round0 < r
| mkSt _ None => False
end
Ht: (let (si', om') :=
   MC_transition x receive
     (mkSt o (Some (mkRS rs_round0 rs_status0)))
     (Some
        (mkMsg msg_index0 msg_round0 msg_status0)) in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hrounds: rs_round0 < size o
state_round (st_rs (destination x)) > rs_round0
  by rewrite Htr in Ht; inversion Ht; subst; state_update_simpl; cbn; lia.
Qed.

Lemma MC_undecided_muddy_to_clean_increase_round
  (s : composite_state MCVLSM)
  (item : composite_transition_item MCVLSM) (i := projT1 (l item)) :
  projT2 (l item) = receive ->
  input_valid_transition_item (MC_composite_vlsm) s item ->
  state_status (st_rs (s i)) = undecided ->
  message_status (input item) = muddy ->
  message_index (input item) i ∈ st_obs (s i) ->
  message_round (input item) = size (st_obs (s i)) - 1 ->
  state_round (st_rs (destination item i)) > state_round (st_rs (s i)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
projT2 (l item) = receive
→ input_valid_transition_item MC_composite_vlsm s item
  → state_status (st_rs (s i)) = undecided
    → message_status (input item) = muddy
      → message_index (input item) i ∈ st_obs (s i)
        → message_round (input item) =
          size (st_obs (s i)) - 1
          → state_round (st_rs (destination item i)) >
            state_round (st_rs (s i))
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
projT2 (l item) = receive
→ input_valid_transition_item MC_composite_vlsm s item
  → state_status (st_rs (s i)) = undecided
    → message_status (input item) = muddy
      → message_index (input item) i ∈ st_obs (s i)
        → message_round (input item) =
          size (st_obs (s i)) - 1
          → state_round (st_rs (destination item i)) >
            state_round (st_rs (s i))
  intros Hl Hvalid Hsundecided Hmmuddy Hmindex Hmround.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
Hl: projT2 (l item) = receive
Hvalid: input_valid_transition_item MC_composite_vlsm
  s item
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status (input item) = muddy
Hmindex: message_index (input item) i ∈ st_obs (s i)
Hmround: message_round (input item) =
size (st_obs (s i)) - 1
state_round (st_rs (destination item i)) >
state_round (st_rs (s i))
  apply MC_transition_undecided_receive_muddy_round_obs_minus_one with
    i (s i) (mkMsg (message_index (input item) i) (message_round (input item))
    (message_status (input item)))
    in Hsundecided as Htr; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
Hl: projT2 (l item) = receive
Hvalid: input_valid_transition_item MC_composite_vlsm
  s item
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status (input item) = muddy
Hmindex: message_index (input item) i ∈ st_obs (s i)
Hmround: message_round (input item) =
size (st_obs (s i)) - 1
Htr: MC_transition i receive
  (mkSt (st_obs (s i))
     (Some
        (mkRS (state_round (st_rs (s i)))
           (state_status (st_rs (s i))))))
  (Some
     (mkMsg
        (msg_index
           (mkMsg (message_index (input item) i)
              (message_round (input item))
              (message_status (input item))))
        (msg_round
           (mkMsg (message_index (input item) i)
              (message_round (input item))
              (message_status (input item))))
        (msg_status
           (mkMsg (message_index (input item) i)
              (message_round (input item))
              (message_status (input item)))))) =
(mkSt (st_obs (s i))
   (Some
      (mkRS
         (msg_round
            (mkMsg
               (message_index (input item) i)
               (message_round (input item))
               (message_status (input item))) +
          1) clean)), None)
state_round (st_rs (destination item i)) >
state_round (st_rs (s i))
  destruct item, l, Hvalid as [(Hs & _ & Hv & Hc) Ht].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = muddy
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = size (st_obs (s i)) - 1
Htr: MC_transition i receive
  (mkSt (st_obs (s i))
     (Some
        (mkRS (state_round (st_rs (s i)))
           (state_status (st_rs (s i))))))
  (Some
     (mkMsg
        (msg_index
           (mkMsg
              (message_index
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}) i)
              (message_round
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}))
              (message_status
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}))))
        (msg_round
           (mkMsg
              (message_index
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}) i)
              (message_round
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}))
              (message_status
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}))))
        (msg_status
           (mkMsg
              (message_index
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}) i)
              (message_round
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |}))
              (message_status
                 (VLSM.input
                    {|
                      l := existT x l;
                      input := input;
                      destination := destination;
                      output := output
                    |})))))) =
(mkSt (st_obs (s i))
   (Some
      (mkRS
         (msg_round
            (mkMsg
               (message_index
                  (VLSM.input
                     {|
                       l := existT x l;
                       input := input;
                       destination :=
                       destination;
                       output := output
                     |}) i)
               (message_round
                  (VLSM.input
                     {|
                       l := existT x l;
                       input := input;
                       destination :=
                       destination;
                       output := output
                     |}))
               (message_status
                  (VLSM.input
                     {|
                       l := existT x l;
                       input := input;
                       destination :=
                       destination;
                       output := output
                     |}))) + 1) clean)), None)
state_round
  (st_rs
     (VLSM.destination
        {|
          l := existT x l;
          input := input;
          destination := destination;
          output := output
        |} i)) > state_round (st_rs (s i))
  cbn in *; subst i l.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
muddy
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x)) - 1
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x input)
        (from_option msg_round 0 input)
        (from_option msg_status undecided input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 input + 1)
         clean)), None)
state_round (st_rs (destination x)) >
state_round (st_rs (s x))
  assert (Hrounds : state_round (st_rs (s x)) < size (st_obs (s x))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
muddy
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x)) - 1
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x input)
        (from_option msg_round 0 input)
        (from_option msg_status undecided input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 input + 1)
         clean)), None)
state_round (st_rs (s x)) < size (st_obs (s x))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
muddy
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x)) - 1
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x input)
        (from_option msg_round 0 input)
        (from_option msg_status undecided input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 input + 1)
         clean)), None)
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
state_round (st_rs (destination x)) >
state_round (st_rs (s x))
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
muddy
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x)) - 1
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x input)
        (from_option msg_round 0 input)
        (from_option msg_status undecided input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 input + 1)
         clean)), None)
state_round (st_rs (s x)) < size (st_obs (s x))
    by apply MC_valid_noninitial_state_undecided_round_less_obs; [| inversion Hv |].
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
muddy
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x)) - 1
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x input)
        (from_option msg_round 0 input)
        (from_option msg_status undecided input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (from_option msg_round 0 input + 1)
         clean)), None)
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
state_round (st_rs (destination x)) >
state_round (st_rs (s x))
  inversion Hv; subst; cbn in Hsundecided.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
destination: composite_state MCVLSM
output: option Message
Hs: valid_state_prop MC_composite_vlsm s
m: Message
Hv: MC_valid receive (s x) (Some m)
Hc: MC_no_equivocation s m
Ht: (let (si', om') :=
   MC_transition x receive (s x) (Some m) in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hsundecided: state_status (st_rs (s x)) = undecided
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (from_option msg_index x (Some m))
        (from_option msg_round 0 (Some m))
        (from_option msg_status undecided
           (Some m)))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS
         (from_option msg_round 0 (Some m) + 1)
         clean)), None)
Hmround: from_option msg_round 0 (Some m) =
size (st_obs (s x)) - 1
Hmindex: from_option msg_index x (Some m)
∈ st_obs (s x)
Hmmuddy: from_option msg_status undecided (Some m) =
muddy
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
o: indexSet
rs: RoundStatus
H9: mkSt o (Some rs) = s x
state_round (st_rs (destination x)) >
state_round (st_rs (mkSt o (Some rs)))
  rewrite <- H9 in *; clear H9; destruct rs, m; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
destination: composite_state MCVLSM
output: option Message
Hs: valid_state_prop MC_composite_vlsm s
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
o: indexSet
rs_round0: nat
rs_status0: ChildStatus
Hv: MC_valid receive
  (mkSt o (Some (mkRS rs_round0 rs_status0)))
  (Some (mkMsg msg_index0 msg_round0 msg_status0))
Hc: match s msg_index0 with
| mkSt _ (Some (mkRS r status)) =>
    msg_status0 = status ∧ msg_round0 = r
    ∨ msg_status0 = undecided ∧ msg_round0 < r
| mkSt _ None => False
end
Ht: (let (si', om') :=
   MC_transition x receive
     (mkSt o (Some (mkRS rs_round0 rs_status0)))
     (Some
        (mkMsg msg_index0 msg_round0 msg_status0)) in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hsundecided: rs_status0 = undecided
Htr: MC_transition x receive
  (mkSt o (Some (mkRS rs_round0 rs_status0)))
  (Some
     (mkMsg msg_index0 msg_round0 msg_status0)) =
(mkSt o (Some (mkRS (msg_round0 + 1) clean)),
 None)
Hmround: msg_round0 = size o - 1
Hmindex: msg_index0 ∈ o
Hmmuddy: msg_status0 = muddy
Hrounds: rs_round0 < size o
state_round (st_rs (destination x)) > rs_round0
  by rewrite Htr in Ht; inversion Ht; subst; state_update_simpl; cbn; lia.
Qed.

Lemma MC_undecided_muddy_increase_round
  (s : composite_state MCVLSM)
  (item : composite_transition_item MCVLSM) (i := projT1 (l item)) :
  projT2 (l item) = receive ->
  input_valid_transition_item (MC_composite_vlsm) s item ->
  state_status (st_rs (s i)) = undecided ->
  message_status (input item) = muddy ->
  message_index (input item) i ∈ st_obs (s i) ->
  message_round (input item) = size (st_obs (s i)) - 1 \/
    message_round (input item) = size (st_obs (s i)) ->
  state_round (st_rs (destination item i)) > state_round (st_rs (s i)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
projT2 (l item) = receive
→ input_valid_transition_item MC_composite_vlsm s item
  → state_status (st_rs (s i)) = undecided
    → message_status (input item) = muddy
      → message_index (input item) i ∈ st_obs (s i)
        → message_round (input item) =
          size (st_obs (s i)) - 1
          ∨ message_round (input item) =
            size (st_obs (s i))
          → state_round (st_rs (destination item i)) >
            state_round (st_rs (s i))
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
projT2 (l item) = receive
→ input_valid_transition_item MC_composite_vlsm s item
  → state_status (st_rs (s i)) = undecided
    → message_status (input item) = muddy
      → message_index (input item) i ∈ st_obs (s i)
        → message_round (input item) =
          size (st_obs (s i)) - 1
          ∨ message_round (input item) =
            size (st_obs (s i))
          → state_round (st_rs (destination item i)) >
            state_round (st_rs (s i))
  intros Hl Hvalid Hsundecided Hmmuddy Hmindex [].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
Hl: projT2 (l item) = receive
Hvalid: input_valid_transition_item MC_composite_vlsm
  s item
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status (input item) = muddy
Hmindex: message_index (input item) i ∈ st_obs (s i)
H9: message_round (input item) =
size (st_obs (s i)) - 1
state_round (st_rs (destination item i)) >
state_round (st_rs (s i))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
Hl: projT2 (l item) = receive
Hvalid: input_valid_transition_item MC_composite_vlsm
  s item
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status (input item) = muddy
Hmindex: message_index (input item) i ∈ st_obs (s i)
H9: message_round (input item) = size (st_obs (s i))
state_round (st_rs (destination item i)) >
state_round (st_rs (s i))
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
Hl: projT2 (l item) = receive
Hvalid: input_valid_transition_item MC_composite_vlsm
  s item
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status (input item) = muddy
Hmindex: message_index (input item) i ∈ st_obs (s i)
H9: message_round (input item) =
size (st_obs (s i)) - 1
state_round (st_rs (destination item i)) >
state_round (st_rs (s i)) by apply MC_undecided_muddy_to_clean_increase_round.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
Hl: projT2 (l item) = receive
Hvalid: input_valid_transition_item MC_composite_vlsm
  s item
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status (input item) = muddy
Hmindex: message_index (input item) i ∈ st_obs (s i)
H9: message_round (input item) = size (st_obs (s i))
state_round (st_rs (destination item i)) >
state_round (st_rs (s i)) by apply MC_undecided_muddy_to_muddy_increase_round.
Qed.

Lemma MC_undecided_undecided_increase_round
  (s : composite_state MCVLSM)
  (item : composite_transition_item MCVLSM) (i := projT1 (l item)) :
  projT2 (l item) = receive ->
  input_valid_transition_item (MC_composite_vlsm) s item ->
  state_status (st_rs (s i)) = undecided ->
  message_status (input item) = undecided ->
  message_index (input item) i ∈ st_obs (s i) ->
  state_round (st_rs (s i)) <= message_round (input item) < size (st_obs (s i)) - 1 ->
  state_round (st_rs (destination item i)) > state_round (st_rs (s i)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
projT2 (l item) = receive
→ input_valid_transition_item MC_composite_vlsm s item
  → state_status (st_rs (s i)) = undecided
    → message_status (input item) = undecided
      → message_index (input item) i ∈ st_obs (s i)
        → state_round (st_rs (s i)) <=
          message_round (input item) <
          size (st_obs (s i)) - 1
          → state_round (st_rs (destination item i)) >
            state_round (st_rs (s i))
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
projT2 (l item) = receive
→ input_valid_transition_item MC_composite_vlsm s item
  → state_status (st_rs (s i)) = undecided
    → message_status (input item) = undecided
      → message_index (input item) i ∈ st_obs (s i)
        → state_round (st_rs (s i)) <=
          message_round (input item) <
          size (st_obs (s i)) - 1
          → state_round (st_rs (destination item i)) >
            state_round (st_rs (s i))
  intros Hl Hvalid Hsundecided Hmmuddy Hmindex Hmround.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
Hl: projT2 (l item) = receive
Hvalid: input_valid_transition_item MC_composite_vlsm
  s item
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status (input item) = undecided
Hmindex: message_index (input item) i ∈ st_obs (s i)
Hmround: state_round (st_rs (s i)) <=
message_round (input item) <
size (st_obs (s i)) - 1
state_round (st_rs (destination item i)) >
state_round (st_rs (s i))
  destruct item, l, Hvalid as [(Hs & _ & Hv & Hc) Ht].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = undecided
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: state_round (st_rs (s i)) <=
message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) < size (st_obs (s i)) - 1
state_round
  (st_rs
     (VLSM.destination
        {|
          l := existT x l;
          input := input;
          destination := destination;
          output := output
        |} i)) > state_round (st_rs (s i))
  assert (Hrounds : state_round (st_rs (s x)) < size (st_obs (s x))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = undecided
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: state_round (st_rs (s i)) <=
message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) < size (st_obs (s i)) - 1
state_round (st_rs (s x)) < size (st_obs (s x))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = undecided
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: state_round (st_rs (s i)) <=
message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) < size (st_obs (s i)) - 1
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
state_round
  (st_rs
     (VLSM.destination
        {|
          l := existT x l;
          input := input;
          destination := destination;
          output := output
        |} i)) > state_round (st_rs (s i))
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = undecided
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: state_round (st_rs (s i)) <=
message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) < size (st_obs (s i)) - 1
state_round (st_rs (s x)) < size (st_obs (s x))
    by apply MC_valid_noninitial_state_undecided_round_less_obs;
      cbn in *; subst; [| inversion Hv |].
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = undecided
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: state_round (st_rs (s i)) <=
message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) < size (st_obs (s i)) - 1
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
state_round
  (st_rs
     (VLSM.destination
        {|
          l := existT x l;
          input := input;
          destination := destination;
          output := output
        |} i)) > state_round (st_rs (s i))
  apply MC_transition_undecided_receive_undecided_round_lt_obs_minus_one with
    i (s i) (mkMsg (message_index input i) (message_round input)
    (message_status input))
    in Hsundecided as Htr; cbn in *; subst; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
undecided
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: state_round (st_rs (s x)) <=
from_option msg_round 0 input <
size (st_obs (s x)) - 1
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (message_index input x)
        (message_round input)
        (message_status input))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (message_round input + 1)
         (state_status (st_rs (s x))))), None)
state_round (st_rs (destination x)) >
state_round (st_rs (s x))
  inversion Hv; subst; cbn in Hsundecided |- *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hs: valid_state_prop MC_composite_vlsm s
m: Message
Hv: MC_valid receive (s x) (Some m)
Hc: MC_no_equivocation s m
Ht: (let (si', om') :=
   MC_transition x receive (s x) (Some m) in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hsundecided: state_status (st_rs (s x)) = undecided
Hmround: state_round (st_rs (s x)) <=
from_option msg_round 0 (Some m) <
size (st_obs (s x)) - 1
Hmindex: from_option msg_index x (Some m)
∈ st_obs (s x)
Hmmuddy: from_option msg_status undecided (Some m) =
undecided
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (message_index (Some m) x)
        (message_round (Some m))
        (message_status (Some m)))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (message_round (Some m) + 1)
         (state_status (st_rs (s x))))), None)
o: indexSet
rs: RoundStatus
H9: mkSt o (Some rs) = s x
state_round (st_rs (destination x)) > rs_round rs
  rewrite <- H9 in *; clear H9; destruct rs, m; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hs: valid_state_prop MC_composite_vlsm s
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
o: indexSet
rs_round0: nat
rs_status0: ChildStatus
Hv: MC_valid receive
  (mkSt o (Some (mkRS rs_round0 rs_status0)))
  (Some (mkMsg msg_index0 msg_round0 msg_status0))
Hc: match s msg_index0 with
| mkSt _ (Some (mkRS r status)) =>
    msg_status0 = status ∧ msg_round0 = r
    ∨ msg_status0 = undecided ∧ msg_round0 < r
| mkSt _ None => False
end
Ht: (let (si', om') :=
   MC_transition x receive
     (mkSt o (Some (mkRS rs_round0 rs_status0)))
     (Some
        (mkMsg msg_index0 msg_round0 msg_status0)) in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hsundecided: rs_status0 = undecided
Hmround: rs_round0 <= msg_round0 < size o - 1
Hmindex: msg_index0 ∈ o
Hmmuddy: msg_status0 = undecided
Hrounds: rs_round0 < size o
Htr: MC_transition x receive
  (mkSt o (Some (mkRS rs_round0 rs_status0)))
  (Some
     (mkMsg msg_index0 msg_round0 msg_status0)) =
(mkSt o
   (Some (mkRS (msg_round0 + 1) rs_status0)),
 None)
state_round (st_rs (destination x)) > rs_round0
  by rewrite Htr in Ht; inversion Ht; subst; state_update_simpl; cbn; lia.
Qed.

Lemma MC_undecided_undecided_to_muddy_increase_round
  (s : composite_state MCVLSM)
  (item : composite_transition_item MCVLSM) (i := projT1 (l item)) :
  projT2 (l item) = receive ->
  input_valid_transition_item (MC_composite_vlsm) s item ->
  state_status (st_rs (s i)) = undecided ->
  message_status (input item) = undecided ->
  message_index (input item) i ∈ st_obs (s i) ->
  message_round (input item) = size (st_obs (s i)) - 1 ->
  state_round (st_rs (destination item i)) > state_round (st_rs (s i)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
projT2 (l item) = receive
→ input_valid_transition_item MC_composite_vlsm s item
  → state_status (st_rs (s i)) = undecided
    → message_status (input item) = undecided
      → message_index (input item) i ∈ st_obs (s i)
        → message_round (input item) =
          size (st_obs (s i)) - 1
          → state_round (st_rs (destination item i)) >
            state_round (st_rs (s i))
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
projT2 (l item) = receive
→ input_valid_transition_item MC_composite_vlsm s item
  → state_status (st_rs (s i)) = undecided
    → message_status (input item) = undecided
      → message_index (input item) i ∈ st_obs (s i)
        → message_round (input item) =
          size (st_obs (s i)) - 1
          → state_round (st_rs (destination item i)) >
            state_round (st_rs (s i))
  intros Hl Hvalid Hsundecided Hmmuddy Hmindex Hmround.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
item: composite_transition_item MCVLSM
i:= projT1 (l item): index
Hl: projT2 (l item) = receive
Hvalid: input_valid_transition_item MC_composite_vlsm
  s item
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status (input item) = undecided
Hmindex: message_index (input item) i ∈ st_obs (s i)
Hmround: message_round (input item) =
size (st_obs (s i)) - 1
state_round (st_rs (destination item i)) >
state_round (st_rs (s i))
  destruct item, l, Hvalid as [(Hs & _ & Hv & Hc) Ht].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = undecided
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = size (st_obs (s i)) - 1
state_round
  (st_rs
     (VLSM.destination
        {|
          l := existT x l;
          input := input;
          destination := destination;
          output := output
        |} i)) > state_round (st_rs (s i))
  assert (Hrounds : state_round (st_rs (s x)) < size (st_obs (s x))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = undecided
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = size (st_obs (s i)) - 1
state_round (st_rs (s x)) < size (st_obs (s x))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = undecided
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = size (st_obs (s i)) - 1
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
state_round
  (st_rs
     (VLSM.destination
        {|
          l := existT x l;
          input := input;
          destination := destination;
          output := output
        |} i)) > state_round (st_rs (s i))
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = undecided
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = size (st_obs (s i)) - 1
state_round (st_rs (s x)) < size (st_obs (s x))
    by apply MC_valid_noninitial_state_undecided_round_less_obs;
      cbn in *; subst; [| inversion Hv |].
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
l: label (MCVLSM x)
input: option Message
destination: state (composite_type MCVLSM)
output: option Message
i:= projT1
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}): index
Hl: projT2
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = receive
Hs: valid_state_prop MC_composite_vlsm s
Hv: valid
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Hc: MC_constraint
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hsundecided: state_status (st_rs (s i)) = undecided
Hmmuddy: message_status
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = undecided
Hmindex: message_index
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) i ∈ st_obs (s i)
Hmround: message_round
  (VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) = size (st_obs (s i)) - 1
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
state_round
  (st_rs
     (VLSM.destination
        {|
          l := existT x l;
          input := input;
          destination := destination;
          output := output
        |} i)) > state_round (st_rs (s i))
  apply MC_transition_undecided_receive_undecided_round_obs_minus_one with
    i (s i) (mkMsg (message_index input i) (message_round input)
    (message_status input)) in Hsundecided
    as Htr; cbn in *; subst; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
input: option Message
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hs: valid_state_prop MC_composite_vlsm s
Ht: (let (si', om') :=
   MC_transition x receive (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hc: match input with
| Some m => MC_no_equivocation s m
| None => True
end
Hv: MC_valid receive (s x) input
Hsundecided: state_status (st_rs (s x)) = undecided
Hmmuddy: from_option msg_status undecided input =
undecided
Hmindex: from_option msg_index x input ∈ st_obs (s x)
Hmround: from_option msg_round 0 input =
size (st_obs (s x)) - 1
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (message_index input x)
        (message_round input)
        (message_status input))) =
(mkSt (st_obs (s x))
   (Some (mkRS (message_round input + 1) muddy)),
 None)
state_round (st_rs (destination x)) >
state_round (st_rs (s x))
  inversion Hv; subst; cbn in Hsundecided.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hs: valid_state_prop MC_composite_vlsm s
m: Message
Hv: MC_valid receive (s x) (Some m)
Hc: MC_no_equivocation s m
Ht: (let (si', om') :=
   MC_transition x receive (s x) (Some m) in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hsundecided: state_status (st_rs (s x)) = undecided
Hmround: from_option msg_round 0 (Some m) =
size (st_obs (s x)) - 1
Hmindex: from_option msg_index x (Some m)
∈ st_obs (s x)
Hmmuddy: from_option msg_status undecided (Some m) =
undecided
Hrounds: state_round (st_rs (s x)) <
size (st_obs (s x))
Htr: MC_transition x receive
  (mkSt (st_obs (s x))
     (Some
        (mkRS (state_round (st_rs (s x)))
           (state_status (st_rs (s x))))))
  (Some
     (mkMsg (message_index (Some m) x)
        (message_round (Some m))
        (message_status (Some m)))) =
(mkSt (st_obs (s x))
   (Some
      (mkRS (message_round (Some m) + 1) muddy)),
 None)
o: indexSet
rs: RoundStatus
H9: mkSt o (Some rs) = s x
state_round (st_rs (destination x)) >
state_round (st_rs (mkSt o (Some rs)))
  rewrite <- H9 in *; clear H9; destruct rs, m; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
x: index
destination: composite_state MCVLSM
output: option Message
i:= x: index
Hs: valid_state_prop MC_composite_vlsm s
msg_index0: index
msg_round0: nat
msg_status0: ChildStatus
o: indexSet
rs_round0: nat
rs_status0: ChildStatus
Hv: MC_valid receive
  (mkSt o (Some (mkRS rs_round0 rs_status0)))
  (Some (mkMsg msg_index0 msg_round0 msg_status0))
Hc: match s msg_index0 with
| mkSt _ (Some (mkRS r status)) =>
    msg_status0 = status ∧ msg_round0 = r
    ∨ msg_status0 = undecided ∧ msg_round0 < r
| mkSt _ None => False
end
Ht: (let (si', om') :=
   MC_transition x receive
     (mkSt o (Some (mkRS rs_round0 rs_status0)))
     (Some
        (mkMsg msg_index0 msg_round0 msg_status0)) in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hsundecided: rs_status0 = undecided
Hmround: msg_round0 = size o - 1
Hmindex: msg_index0 ∈ o
Hmmuddy: msg_status0 = undecided
Hrounds: rs_round0 < size o
Htr: MC_transition x receive
  (mkSt o (Some (mkRS rs_round0 rs_status0)))
  (Some
     (mkMsg msg_index0 msg_round0 msg_status0)) =
(mkSt o (Some (mkRS (msg_round0 + 1) muddy)),
 None)
state_round (st_rs (destination x)) > rs_round0
  by rewrite Htr in Ht; inversion Ht; subst; state_update_simpl; cbn; lia.
Qed.

Definition MC_transition_item_update s j i st rs : transition_item :=
{|
  l := existT i receive : composite_label MCVLSM;
  input := Some (mkMsg j (state_round (st_rs (s j))) st);
  destination := state_update MCVLSM s i (mkSt (st_obs (s i)) (Some rs));
  output := None
|}.

The progress lemma MC_progress ensures that from any valid non-initial composite state, there is a valid transition to a new composite state, in which at least one component has greater round than before the transition.

This result will be further used in the proof of the correctness theorem. To prove the progress lemma, we proceed by case analysis. We distinguish two main cases:

at least one component is in an initial state, so we can use an init transition to prove our goal;
else, we have to obtain two convenient components and build a transition between them, that results in an increased round number.

Lemma MC_progress (s : composite_state MCVLSM) :
  MC_non_initial_valid_state s ->
  ~ MC_final_state s ->
  length (enum index) > 1 ->
  exists (item : composite_transition_item MCVLSM) (i := projT1 (l item)),
  input_valid_transition_item (MC_composite_vlsm) s item /\
  state_round_inc (destination item i) > state_round_inc (s i).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
MC_non_initial_valid_state s
→ ¬ MC_final_state s
  → length (enum index) > 1
    → ∃ item : composite_transition_item MCVLSM,
        let i := projT1 (l item) in
        input_valid_transition_item MC_composite_vlsm
          s item
        ∧ state_round_inc (destination item i) >
          state_round_inc (s i)
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
MC_non_initial_valid_state s
→ ¬ MC_final_state s
  → length (enum index) > 1
    → ∃ item : composite_transition_item MCVLSM,
        let i := projT1 (l item) in
        input_valid_transition_item MC_composite_vlsm
          s item
        ∧ state_round_inc (destination item i) >
          state_round_inc (s i)
  unfold MC_final_state.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
MC_non_initial_valid_state s
→ ¬ (∀ n : index,
       state_status (st_rs (s n)) ≠ undecided)
  → length (enum index) > 1
    → ∃ item : composite_transition_item MCVLSM,
        input_valid_transition_item MC_composite_vlsm
          s item
        ∧ state_round_inc
            (destination item (projT1 (l item))) >
          state_round_inc (s (projT1 (l item)))
  rewrite <- Forall_finite.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
MC_non_initial_valid_state s
→ ¬ Forall
      (λ x : index,
         state_status (st_rs (s x)) ≠ undecided)
      (enum index)
  → length (enum index) > 1
    → ∃ item : composite_transition_item MCVLSM,
        input_valid_transition_item MC_composite_vlsm
          s item
        ∧ state_round_inc
            (destination item (projT1 (l item))) >
          state_round_inc (s (projT1 (l item)))
  intros Hs Hall.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
  destruct (decide (exists i, MC_initial_state_prop (s i))) as [(i & He) |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) destruct (size (st_obs (s i))) eqn: Hobssi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
Hobssi: size (st_obs (s i)) = 0
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
n: nat
Hobssi: size (st_obs (s i)) = S n
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
Hobssi: size (st_obs (s i)) = 0
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) exists (Build_transition_item (T := composite_type MCVLSM) (existT i init) None
        (state_update MCVLSM s i (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)))) None); cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i init;
    input := None;
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)));
    output := None
  |}
∧ state_round_inc
    (state_update MCVLSM s i
       (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))) i) >
  state_round_inc (s i)
      state_update_simpl; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i init;
    input := None;
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)));
    output := None
  |} ∧ 1 > state_round_inc (s i)
      unfold state_round_inc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i init;
    input := None;
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)));
    output := None
  |}
∧ 1 >
  match st_rs (s i) with
  | Some rs => S (rs_round rs)
  | None => 0
  end
      unfold MC_initial_state_prop in He; rewrite He.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i init;
    input := None;
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)));
    output := None
  |} ∧ 1 > 0
      split; [| by lia].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i init;
    input := None;
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)));
    output := None
  |}
      repeat split; cbn; [by apply Hs | ..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
MC_valid init (s i) None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
MuddyUnion s ≢ ∅
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
n, x: index
x ∈ st_obs (s n) → x ∈ MuddyUnion s ∖ {[n]}
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
n, x: index
x ∈ MuddyUnion s ∖ {[n]} → x ∈ st_obs (s n)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
(let (si', om') := MC_transition i init (s i) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))), None)
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
MC_valid init (s i) None destruct (s i); cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
st_obs0: indexSet
Hobssi: size st_obs0 = 0
H9: length (enum index) > 1
MC_valid init (mkSt st_obs0 None) None
        by constructor.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
MuddyUnion s ≢ ∅ by apply MC_non_initial_valid_consistent in Hs as [].
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
n, x: index
x ∈ st_obs (s n) → x ∈ MuddyUnion s ∖ {[n]} by apply MC_non_initial_valid_consistent in Hs as []; set_solver.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
n, x: index
x ∈ MuddyUnion s ∖ {[n]} → x ∈ st_obs (s n) by apply MC_non_initial_valid_consistent in Hs as []; set_solver.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
Hobssi: size (st_obs (s i)) = 0
H9: length (enum index) > 1
(let (si', om') := MC_transition i init (s i) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))), None) destruct (s i); cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
st_obs0: indexSet
Hobssi: size st_obs0 = 0
H9: length (enum index) > 1
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt st_obs0 (Some (mkRS 0 muddy))), None)
        funelim (MC_transition i init (mkSt st_obs0 None) None); try done.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o: indexSet
Heq: size o = 0
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
st_obs0: indexSet
Hobssi: size st_obs0 = 0
H9: length (enum index) > 1
H10: init = init
H11: mkSt o None = mkSt st_obs0 None
Heqcall: (mkSt o (Some (mkRS 0 muddy)), None) =
MC_transition i init (mkSt st_obs0 None)
  None
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt st_obs0 (Some (mkRS 0 muddy))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o: indexSet
n: nat
Heq: size o = S n
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
st_obs0: indexSet
Hobssi: size st_obs0 = 0
H9: length (enum index) > 1
H10: init = init
H11: mkSt o None = mkSt st_obs0 None
Heqcall: (mkSt o (Some (mkRS 0 undecided)), None) =
MC_transition i init (mkSt st_obs0 None)
  None
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt st_obs0 (Some (mkRS 0 muddy))), None)
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o: indexSet
Heq: size o = 0
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
st_obs0: indexSet
Hobssi: size st_obs0 = 0
H9: length (enum index) > 1
H10: init = init
H11: mkSt o None = mkSt st_obs0 None
Heqcall: (mkSt o (Some (mkRS 0 muddy)), None) =
MC_transition i init (mkSt st_obs0 None)
  None
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt st_obs0 (Some (mkRS 0 muddy))), None) by rewrite <- Heqcall; inversion H11.
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o: indexSet
n: nat
Heq: size o = S n
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
st_obs0: indexSet
Hobssi: size st_obs0 = 0
H9: length (enum index) > 1
H10: init = init
H11: mkSt o None = mkSt st_obs0 None
Heqcall: (mkSt o (Some (mkRS 0 undecided)), None) =
MC_transition i init (mkSt st_obs0 None)
  None
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt st_obs0 (Some (mkRS 0 muddy))), None) by inversion H10; congruence.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
n: nat
Hobssi: size (st_obs (s i)) = S n
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) exists (Build_transition_item (T := composite_type MCVLSM) (existT i init) None
        (state_update MCVLSM s i (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)))) None); cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i init;
    input := None;
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)));
    output := None
  |}
∧ state_round_inc
    (state_update MCVLSM s i
       (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)))
       i) > state_round_inc (s i)
      state_update_simpl; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i init;
    input := None;
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)));
    output := None
  |} ∧ 1 > state_round_inc (s i)
      unfold state_round_inc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: MC_initial_state_prop (s i)
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i init;
    input := None;
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)));
    output := None
  |}
∧ 1 >
  match st_rs (s i) with
  | Some rs => S (rs_round rs)
  | None => 0
  end
      unfold MC_initial_state_prop in He; rewrite He.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i init;
    input := None;
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)));
    output := None
  |} ∧ 1 > 0
      split; [| by lia].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i init;
    input := None;
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)));
    output := None
  |}
      repeat split; cbn; [by apply Hs | ..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
MC_valid init (s i) None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
MuddyUnion s ≢ ∅
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
n0, x: index
x ∈ st_obs (s n0) → x ∈ MuddyUnion s ∖ {[n0]}
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
n0, x: index
x ∈ MuddyUnion s ∖ {[n0]} → x ∈ st_obs (s n0)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
(let (si', om') := MC_transition i init (s i) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))),
 None)
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
MC_valid init (s i) None destruct (s i); cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
st_obs0: indexSet
n: nat
Hobssi: size st_obs0 = S n
H9: length (enum index) > 1
MC_valid init (mkSt st_obs0 None) None
        by constructor.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
MuddyUnion s ≢ ∅ by apply MC_non_initial_valid_consistent in Hs as [].
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
n0, x: index
x ∈ st_obs (s n0) → x ∈ MuddyUnion s ∖ {[n0]} apply MC_non_initial_valid_consistent in Hs as []; set_solver.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
n0, x: index
x ∈ MuddyUnion s ∖ {[n0]} → x ∈ st_obs (s n0) apply MC_non_initial_valid_consistent in Hs as []; set_solver.
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
He: st_rs (s i) = None
n: nat
Hobssi: size (st_obs (s i)) = S n
H9: length (enum index) > 1
(let (si', om') := MC_transition i init (s i) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))),
 None) destruct (s i); cbn in *; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
i: index
st_obs0: indexSet
n: nat
Hobssi: size st_obs0 = S n
H9: length (enum index) > 1
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt st_obs0 (Some (mkRS 0 undecided))), None)
        funelim (MC_transition i init (mkSt st_obs0 None) None); try done.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o: indexSet
Heq: size o = 0
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
st_obs0: indexSet
n: nat
Hobssi: size st_obs0 = S n
H9: length (enum index) > 1
H10: init = init
H11: mkSt o None = mkSt st_obs0 None
Heqcall: (mkSt o (Some (mkRS 0 muddy)), None) =
MC_transition i init (mkSt st_obs0 None)
  None
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt st_obs0 (Some (mkRS 0 undecided))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o: indexSet
n: nat
Heq: size o = S n
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
st_obs0: indexSet
n0: nat
Hobssi: size st_obs0 = S n0
H9: length (enum index) > 1
H10: init = init
H11: mkSt o None = mkSt st_obs0 None
Heqcall: (mkSt o (Some (mkRS 0 undecided)), None) =
MC_transition i init (mkSt st_obs0 None)
  None
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt st_obs0 (Some (mkRS 0 undecided))), None)
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o: indexSet
Heq: size o = 0
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
st_obs0: indexSet
n: nat
Hobssi: size st_obs0 = S n
H9: length (enum index) > 1
H10: init = init
H11: mkSt o None = mkSt st_obs0 None
Heqcall: (mkSt o (Some (mkRS 0 muddy)), None) =
MC_transition i init (mkSt st_obs0 None)
  None
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt st_obs0 (Some (mkRS 0 undecided))), None) by inversion H10; congruence.
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
i: index
o: indexSet
n: nat
Heq: size o = S n
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
st_obs0: indexSet
n0: nat
Hobssi: size st_obs0 = S n0
H9: length (enum index) > 1
H10: init = init
H11: mkSt o None = mkSt st_obs0 None
Heqcall: (mkSt o (Some (mkRS 0 undecided)), None) =
MC_transition i init (mkSt st_obs0 None)
  None
(let (si', om') :=
   MC_transition i init (mkSt st_obs0 None) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt st_obs0 (Some (mkRS 0 undecided))), None) by rewrite <- Heqcall; inversion H11.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: ¬ Forall
    (λ x : index,
       state_status (st_rs (s x)) ≠ undecided)
    (enum index)
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) apply not_Forall_Exists in Hall; [| by typeclasses eauto].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
Hall: Exists
  (not
   ∘ (λ x : index,
        state_status (st_rs (s x)) ≠ undecided))
  (enum index)
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
    apply Exists_exists in Hall as (i & _ & Hi); cbn in Hi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
    assert (Hundecided : state_status (st_rs (s i)) = undecided).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
state_status (st_rs (s i)) = undecided
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
    {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
state_status (st_rs (s i)) = undecided
      by destruct (decide (state_status (st_rs (s i)) = undecided)).
    }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
    assert (Hcons : consistent s) by (apply MC_non_initial_valid_consistent; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
    destruct (decide (exists (j : index), state_status (st_rs (s j)) = muddy))
      as [(j & He) |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) destruct (decide (i ∈ st_obs (s j))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) exists (Build_transition_item (T := composite_type MCVLSM) (existT i receive)
          (Some (mkMsg j (state_round (st_rs (s j))) muddy))
          (state_update MCVLSM s i (mkSt (st_obs (s i))
          (Some (mkRS (state_round (st_rs (s j))) muddy)))) None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j))) muddy)));
    output := None
  |}
∧ state_round_inc
    (destination
       {|
         l := existT i receive;
         input :=
           Some
             (mkMsg j (state_round (st_rs (s j)))
                muddy);
         destination :=
           state_update MCVLSM s i
             (mkSt (st_obs (s i))
                (Some
                   (mkRS (state_round (st_rs (s j)))
                      muddy)));
         output := None
       |}
       (projT1
          (l
             {|
               l := existT i receive;
               input :=
                 Some
                   (mkMsg j
                      (state_round (st_rs (s j)))
                      muddy);
               destination :=
                 state_update MCVLSM s i
                   (mkSt (st_obs (s i))
                      (Some
                         (mkRS
                            (state_round (st_rs (s j)))
                            muddy)));
               output := None
             |}))) >
  state_round_inc
    (s
       (projT1
          (l
             {|
               l := existT i receive;
               input :=
                 Some
                   (mkMsg j
                      (state_round (st_rs (s j)))
                      muddy);
               destination :=
                 state_update MCVLSM s i
                   (mkSt (st_obs (s i))
                      (Some
                         (mkRS
                            (state_round (st_rs (s j)))
                            muddy)));
               output := None
             |})))
        cbn; state_update_simpl; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j))) muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j))) >
  state_round_inc (s i)
        unfold MC_non_initial_valid_state in Hs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: valid_state_prop MC_composite_vlsm s
∧ ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j))) muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j))) >
  state_round_inc (s i)
        destruct Hs as [Hvalid Hnoninitial].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j))) muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j))) >
  state_round_inc (s i)
        cut (input_valid_transition_item MC_composite_vlsm s
          (MC_transition_item_update s j i muddy (mkRS (state_round (st_rs (s j))) muddy))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT i receive;
      input :=
        Some
          (mkMsg j (state_round (st_rs (s j))) muddy);
      destination :=
        state_update MCVLSM s i
          (mkSt (st_obs (s i))
             (Some
                (mkRS (state_round (st_rs (s j)))
                   muddy)));
      output := None
    |}
  ∧ S (state_round (st_rs (s j))) >
    state_round_inc (s i)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
        {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT i receive;
      input :=
        Some
          (mkMsg j (state_round (st_rs (s j))) muddy);
      destination :=
        state_update MCVLSM s i
          (mkSt (st_obs (s i))
             (Some
                (mkRS (state_round (st_rs (s j)))
                   muddy)));
      output := None
    |}
  ∧ S (state_round (st_rs (s j))) >
    state_round_inc (s i)
          intros Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j))) muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j))) >
  state_round_inc (s i)
          destruct (Ht) as [(_ & Hm & Hv & Hc) _].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j))) muddy)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j))) muddy)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j))) muddy)))
Hc: MC_constraint
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j))) muddy)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j))) muddy)))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j))) muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j))) >
  state_round_inc (s i)
          unfold MC_constraint, l, input in Hc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j))) muddy)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j))) muddy)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j))) muddy)))
Hc: let (x, l0) :=
  let (l, _, _, _) :=
    MC_transition_item_update s j i muddy
      (mkRS (state_round (st_rs (s j))) muddy) in
  l in
match l0 with
| init => consistent s
| emit => True
| receive =>
    match
      (let (_, input, _, _) :=
         MC_transition_item_update s j i muddy
           (mkRS (state_round (st_rs (s j)))
              muddy) in
       input)
    with
    | Some m => MC_no_equivocation s m
    | None => True
    end
end
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j))) muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j))) >
  state_round_inc (s i)
          apply MC_valid_noequiv_muddy in Hc; cbn in *; [| done ..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hc: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1 ∧ 
j ∈ MuddyUnion s
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j))) muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j))) >
  state_round_inc (s i)
          destruct Hc as [Hroundj Hj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j))) muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j))) >
  state_round_inc (s i)
          destruct Hcons as [Hmuddy Hobs].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j))) muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j))) >
  state_round_inc (s i)
          split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
S (state_round (st_rs (s j))) > state_round_inc (s i)
          apply MC_undecided_muddy_to_muddy_increase_round in Ht; cbn in Ht |- *; try done.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: state_round
  (st_rs
     (state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)))
                 muddy))) i)) >
state_round (st_rs (s i))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
S (state_round (st_rs (s j))) > state_round_inc (s i)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
j ∈ st_obs (s i)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
state_round (st_rs (s j)) = size (st_obs (s i))
          -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: state_round
  (st_rs
     (state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)))
                 muddy))) i)) >
state_round (st_rs (s i))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
S (state_round (st_rs (s j))) > state_round_inc (s i) state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: state_round
  (st_rs
     (mkSt (st_obs (s i))
        (Some
           (mkRS (state_round (st_rs (s j)))
              muddy)))) >
state_round (st_rs (s i))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
S (state_round (st_rs (s j))) > state_round_inc (s i)
            unfold state_round_inc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: state_round
  (st_rs
     (mkSt (st_obs (s i))
        (Some
           (mkRS (state_round (st_rs (s j)))
              muddy)))) >
state_round (st_rs (s i))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
S (state_round (st_rs (s j))) >
match st_rs (s i) with
| Some rs => S (rs_round rs)
| None => 0
end
            by case_match; cbn in Ht; lia.
          -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
j ∈ st_obs (s i) destruct (decide (i = j)); [by subst |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
n0: i ≠ j
j ∈ st_obs (s i)
            rewrite Hobs in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ MuddyUnion s ∖ {[j]}
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
n0: i ≠ j
j ∈ MuddyUnion s ∖ {[i]}
            by clear - Hj n e; set_solver.
          -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
state_round (st_rs (s j)) = size (st_obs (s i)) rewrite Hroundj, MC_muddy_number_of_muddy_seen; [done.. |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
i ∈ MuddyUnion s
            rewrite (Hobs j) in e.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ MuddyUnion s ∖ {[j]}
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hv: MC_valid receive (s i)
  (Some
     (mkMsg j (state_round (st_rs (s j))) muddy))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
i ∈ MuddyUnion s
            by clear - e; set_solver.
        }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
        assert (Hnoequiv : MC_no_equivocation s (mkMsg j (state_round (st_rs (s j))) muddy)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j))) muddy)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
        {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j))) muddy)
          unfold MC_no_equivocation.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
match s j with
| mkSt _ (Some (mkRS r status)) =>
    muddy = status ∧ state_round (st_rs (s j)) = r
    ∨ muddy = undecided
      ∧ state_round (st_rs (s j)) < r
| mkSt _ None => False
end
          by repeat case_match; [rewrite <- H10; left; rewrite H10, <- He |].
        }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
        destruct (s i) eqn: Hsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
st_rs0: option RoundStatus
Hsi: s i = mkSt st_obs0 st_rs0
Hi: ¬ state_status (st_rs (mkSt st_obs0 st_rs0))
  ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status
  (st_rs (mkSt st_obs0 st_rs0)) =
undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
        destruct st_rs0; [| by contradict n; eexists; rewrite Hsi].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
r: RoundStatus
Hsi: s i = mkSt st_obs0 (Some r)
Hi: ¬ state_status (st_rs (mkSt st_obs0 (Some r)))
  ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status
  (st_rs (mkSt st_obs0 (Some r))) =
undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
        destruct r as [ri sti].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
sti: ChildStatus
Hsi: s i = mkSt st_obs0 (Some (mkRS ri sti))
Hi: ¬ state_status
    (st_rs (mkSt st_obs0 (Some (mkRS ri sti))))
  ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS ri sti)))) =
undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
        cbn in Hundecided; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j))) muddy))
        repeat split; cbn; [done | | | done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg j (state_round (st_rs (s j))) muddy))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
MC_valid receive (s i)
  (Some (mkMsg j (state_round (st_rs (s j))) muddy))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
(let (si', om') :=
   MC_transition i receive 
     (s i)
     (Some (mkMsg j (state_round (st_rs (s j))) muddy)) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None)
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg j (state_round (st_rs (s j))) muddy)) by eapply MC_valid_noequiv_valid.
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
MC_valid receive (s i)
  (Some (mkMsg j (state_round (st_rs (s j))) muddy)) by rewrite Hsi; constructor.
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
(let (si', om') :=
   MC_transition i receive (s i)
     (Some (mkMsg j (state_round (st_rs (s j))) muddy)) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None) rewrite Hsi, MC_transition_equation_8.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
(let (si', om') :=
   MC_transition_clause_4 i st_obs0 ri j
     (decide (j ∈ st_obs0))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None)
           unfold MC_transition_clause_4.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None)
           apply MC_composite_invariant_preservation in Hvalid.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None)
           destruct (Hvalid j) as [| Hinvariant]; [by contradict n; eexists |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hinvariant: MC_component_invariant s j
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None)
           unfold MC_component_invariant, MC_component_invariant_helper in Hinvariant.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hinvariant: match state_status (st_rs (s j)) with
| undecided =>
    state_round (st_rs (s j)) <
    size (st_obs (s j))
| muddy =>
    state_round (st_rs (s j)) =
    size (st_obs (s j))
    ∧ size (MuddyUnion s) - 1 =
      size (st_obs (s j))
| clean =>
    state_round (st_rs (s j)) =
    size (st_obs (s j))
    ∧ size (MuddyUnion s) =
      size (st_obs (s j))
end
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None)
           rewrite He in Hinvariant.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hinvariant: state_round (st_rs (s j)) =
size (st_obs (s j))
∧ size (MuddyUnion s) - 1 =
  size (st_obs (s j))
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None)
           destruct Hinvariant as [Hroundj Hobsj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hroundj: state_round (st_rs (s j)) =
size (st_obs (s j))
Hobsj: size (MuddyUnion s) - 1 = size (st_obs (s j))
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None)
           symmetry in Hobsj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hroundj: state_round (st_rs (s j)) =
size (st_obs (s j))
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None)
           apply MC_muddy_number_of_muddy_seen_iff in Hobsj as Hjmuddy; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hroundj: state_round (st_rs (s j)) =
size (st_obs (s j))
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (state_round (st_rs (s j))) muddy))),
 None)
           rewrite Hroundj, Hobsj in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (size (MuddyUnion s) - 1) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (size (MuddyUnion s) - 1) muddy))),
 None)
           replace st_obs0 with (st_obs (s i)) by (rewrite Hsi; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
(let (si', om') :=
   (if decide (j ∈ st_obs (s i))
    then
     λ r' : nat,
       if decide (r' = size (st_obs (s i)))
       then
        (mkSt (st_obs (s i)) (Some (mkRS r' muddy)),
         None)
       else
        if decide (r' = size (st_obs (s i)) - 1)
        then
         (mkSt (st_obs (s i))
            (Some (mkRS (r' + 1) clean)), None)
        else
         (mkSt (st_obs (s i))
            (Some (mkRS ri undecided)), None)
    else
     λ _ : nat,
       (mkSt (st_obs (s i)) (Some (mkRS ri undecided)),
        None)) (size (MuddyUnion s) - 1) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt (st_obs (s i))
            (Some (mkRS ri undecided))))
      (Some (mkRS (size (MuddyUnion s) - 1) muddy))),
 None)
           rewrite decide_True.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
(let (si', om') :=
   if
    decide
      (size (MuddyUnion s) - 1 = size (st_obs (s i)))
   then
    (mkSt (st_obs (s i))
       (Some (mkRS (size (MuddyUnion s) - 1) muddy)),
     None)
   else
    if
     decide
       (size (MuddyUnion s) - 1 =
        size (st_obs (s i)) - 1)
    then
     (mkSt (st_obs (s i))
        (Some
           (mkRS (size (MuddyUnion s) - 1 + 1) clean)),
      None)
    else
     (mkSt (st_obs (s i)) (Some (mkRS ri undecided)),
      None) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt (st_obs (s i))
            (Some (mkRS ri undecided))))
      (Some (mkRS (size (MuddyUnion s) - 1) muddy))),
 None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
j ∈ st_obs (s i)
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
(let (si', om') :=
   if
    decide
      (size (MuddyUnion s) - 1 = size (st_obs (s i)))
   then
    (mkSt (st_obs (s i))
       (Some (mkRS (size (MuddyUnion s) - 1) muddy)),
     None)
   else
    if
     decide
       (size (MuddyUnion s) - 1 =
        size (st_obs (s i)) - 1)
    then
     (mkSt (st_obs (s i))
        (Some
           (mkRS (size (MuddyUnion s) - 1 + 1) clean)),
      None)
    else
     (mkSt (st_obs (s i)) (Some (mkRS ri undecided)),
      None) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt (st_obs (s i))
            (Some (mkRS ri undecided))))
      (Some (mkRS (size (MuddyUnion s) - 1) muddy))),
 None) rewrite decide_True; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
size (MuddyUnion s) - 1 = size (st_obs (s i))
              by symmetry; apply MC_muddy_number_of_muddy_seen_iff;
                [| by apply MuddyUnion_elem in e].
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
j ∈ st_obs (s i) destruct Hcons as [Hinit ->].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hinit: MuddyUnion s ≢ ∅
j: index
He: state_status (st_rs (s j)) = muddy
e: i ∈ st_obs (s j)
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
j ∈ MuddyUnion s ∖ {[i]}
              by destruct (decide (i = j)); [subst; rewrite Hsi in He | set_solver].
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) exists (Build_transition_item (T := composite_type MCVLSM) (existT i receive)
          (Some (mkMsg j (state_round (st_rs (s j))) muddy))
          (state_update MCVLSM s i (mkSt (st_obs (s i))
          (Some (mkRS (state_round (st_rs (s j)) + 1) clean)))) None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 clean)));
    output := None
  |}
∧ state_round_inc
    (destination
       {|
         l := existT i receive;
         input :=
           Some
             (mkMsg j (state_round (st_rs (s j)))
                muddy);
         destination :=
           state_update MCVLSM s i
             (mkSt (st_obs (s i))
                (Some
                   (mkRS
                      (state_round (st_rs (s j)) + 1)
                      clean)));
         output := None
       |}
       (projT1
          (l
             {|
               l := existT i receive;
               input :=
                 Some
                   (mkMsg j
                      (state_round (st_rs (s j)))
                      muddy);
               destination :=
                 state_update MCVLSM s i
                   (mkSt (st_obs (s i))
                      (Some
                         (mkRS
                            (state_round (st_rs (s j)) +
                             1) clean)));
               output := None
             |}))) >
  state_round_inc
    (s
       (projT1
          (l
             {|
               l := existT i receive;
               input :=
                 Some
                   (mkMsg j
                      (state_round (st_rs (s j)))
                      muddy);
               destination :=
                 state_update MCVLSM s i
                   (mkSt (st_obs (s i))
                      (Some
                         (mkRS
                            (state_round (st_rs (s j)) +
                             1) clean)));
               output := None
             |})))
        cbn; state_update_simpl; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 clean)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s i)
        unfold MC_non_initial_valid_state in Hs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: valid_state_prop MC_composite_vlsm s
∧ ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 clean)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s i)
        destruct Hs as [Hvalid Hnoninitial].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 clean)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s i)
        destruct (Hcons) as [Hmuddy Hobs].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 clean)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s i)
        cut (input_valid_transition_item MC_composite_vlsm s
          (MC_transition_item_update s j i muddy (mkRS (state_round (st_rs (s j)) + 1) clean))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT i receive;
      input :=
        Some
          (mkMsg j (state_round (st_rs (s j))) muddy);
      destination :=
        state_update MCVLSM s i
          (mkSt (st_obs (s i))
             (Some
                (mkRS (state_round (st_rs (s j)) + 1)
                   clean)));
      output := None
    |}
  ∧ S (state_round (st_rs (s j)) + 1) >
    state_round_inc (s i)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
        {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT i receive;
      input :=
        Some
          (mkMsg j (state_round (st_rs (s j))) muddy);
      destination :=
        state_update MCVLSM s i
          (mkSt (st_obs (s i))
             (Some
                (mkRS (state_round (st_rs (s j)) + 1)
                   clean)));
      output := None
    |}
  ∧ S (state_round (st_rs (s j)) + 1) >
    state_round_inc (s i)
          intros Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 clean)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s i)
          destruct (Ht) as [(_ & Hm & Hv & Hc) _].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hc: MC_constraint
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 clean)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s i)
          unfold MC_constraint, l, input in Hc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hc: let (x, l0) :=
  let (l, _, _, _) :=
    MC_transition_item_update s j i muddy
      (mkRS (state_round (st_rs (s j)) + 1) clean) in
  l in
match l0 with
| init => consistent s
| emit => True
| receive =>
    match
      (let (_, input, _, _) :=
         MC_transition_item_update s j i muddy
           (mkRS (state_round (st_rs (s j)) + 1)
              clean) in
       input)
    with
    | Some m => MC_no_equivocation s m
    | None => True
    end
end
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 clean)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s i)
          apply MC_valid_noequiv_muddy in Hc; cbn in Hc; [| done ..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hc: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1 ∧ 
j ∈ MuddyUnion s
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 clean)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s i)
          destruct Hc as [Hroundj Hj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT i receive;
    input :=
      Some (mkMsg j (state_round (st_rs (s j))) muddy);
    destination :=
      state_update MCVLSM s i
        (mkSt (st_obs (s i))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 clean)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s i)
          split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
S (state_round (st_rs (s j)) + 1) >
state_round_inc (s i)
          apply MC_undecided_muddy_to_clean_increase_round in Ht; cbn; [| done.. | |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: state_round
  (st_rs
     (destination
        (MC_transition_item_update s j i muddy
           (mkRS (state_round (st_rs (s j)) + 1)
              clean))
        (projT1
           (l
              (MC_transition_item_update s j i
                 muddy
                 (mkRS
                    (state_round (st_rs (s j)) +
                     1) clean)))))) >
state_round
  (st_rs
     (s
        (projT1
           (l
              (MC_transition_item_update s j i
                 muddy
                 (mkRS
                    (state_round (st_rs (s j)) +
                     1) clean))))))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
S (state_round (st_rs (s j)) + 1) >
state_round_inc (s i)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
j ∈ st_obs (s i)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
state_round (st_rs (s j)) = size (st_obs (s i)) - 1
          -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: state_round
  (st_rs
     (destination
        (MC_transition_item_update s j i muddy
           (mkRS (state_round (st_rs (s j)) + 1)
              clean))
        (projT1
           (l
              (MC_transition_item_update s j i
                 muddy
                 (mkRS
                    (state_round (st_rs (s j)) +
                     1) clean)))))) >
state_round
  (st_rs
     (s
        (projT1
           (l
              (MC_transition_item_update s j i
                 muddy
                 (mkRS
                    (state_round (st_rs (s j)) +
                     1) clean))))))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
S (state_round (st_rs (s j)) + 1) >
state_round_inc (s i) cbn in Ht; state_update_simpl; cbn in Ht; unfold state_round_inc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: state_round (st_rs (s j)) + 1 >
state_round (st_rs (s i))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
S (state_round (st_rs (s j)) + 1) >
match st_rs (s i) with
| Some rs => S (rs_round rs)
| None => 0
end
            by case_match; cbn in Ht; lia.
          -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
j ∈ st_obs (s i) destruct (decide (i = j)); [by subst; rewrite He in Hundecided |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
n1: i ≠ j
j ∈ st_obs (s i)
            rewrite Hobs in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ MuddyUnion s ∖ {[j]}
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
n1: i ≠ j
j ∈ MuddyUnion s ∖ {[i]}
            by clear - Hj n n1; set_solver.
          -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
state_round (st_rs (s j)) = size (st_obs (s i)) - 1 rewrite Hroundj, MC_clean_number_of_muddy_seen; [done .. |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
i ∉ MuddyUnion s
            rewrite (Hobs j) in n0.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ MuddyUnion s ∖ {[j]}
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
i ∉ MuddyUnion s
            destruct (decide (i = j)); [by subst; congruence |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ MuddyUnion s ∖ {[j]}
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hv: valid
  (l
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
  (s,
   input
     (MC_transition_item_update s j i muddy
        (mkRS (state_round (st_rs (s j)) + 1)
           clean)))
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hj: j ∈ MuddyUnion s
n1: i ≠ j
i ∉ MuddyUnion s
            by clear - n0 n1; set_solver.
        }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
        assert (Hnoequiv :  MC_no_equivocation s (mkMsg j (state_round (st_rs (s j))) muddy)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j))) muddy)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
        {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j))) muddy)
          unfold MC_no_equivocation.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
match s j with
| mkSt _ (Some (mkRS r status)) =>
    muddy = status ∧ state_round (st_rs (s j)) = r
    ∨ muddy = undecided
      ∧ state_round (st_rs (s j)) < r
| mkSt _ None => False
end
          by repeat case_match; [rewrite <- H10; left; rewrite H10, <- He |].
        }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
        destruct (s i) eqn: Hsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
st_rs0: option RoundStatus
Hsi: s i = mkSt st_obs0 st_rs0
Hi: ¬ state_status (st_rs (mkSt st_obs0 st_rs0))
  ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status
  (st_rs (mkSt st_obs0 st_rs0)) =
undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
        destruct st_rs0; [| by contradict n; eexists; rewrite Hsi].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
r: RoundStatus
Hsi: s i = mkSt st_obs0 (Some r)
Hi: ¬ state_status (st_rs (mkSt st_obs0 (Some r)))
  ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status
  (st_rs (mkSt st_obs0 (Some r))) =
undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
        destruct r as [ri sti].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
sti: ChildStatus
Hsi: s i = mkSt st_obs0 (Some (mkRS ri sti))
Hi: ¬ state_status
    (st_rs (mkSt st_obs0 (Some (mkRS ri sti))))
  ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS ri sti)))) =
undecided
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
        cbn in Hundecided; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j i muddy
     (mkRS (state_round (st_rs (s j)) + 1) clean))
        repeat split; cbn; [done | | | done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg j (state_round (st_rs (s j))) muddy))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
MC_valid receive (s i)
  (Some (mkMsg j (state_round (st_rs (s j))) muddy))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
(let (si', om') :=
   MC_transition i receive 
     (s i)
     (Some (mkMsg j (state_round (st_rs (s j))) muddy)) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None)
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
option_valid_message_prop MC_composite_vlsm
  (Some (mkMsg j (state_round (st_rs (s j))) muddy)) by eapply MC_valid_noequiv_valid.
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
MC_valid receive (s i)
  (Some (mkMsg j (state_round (st_rs (s j))) muddy)) by rewrite Hsi; constructor.
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
(let (si', om') :=
   MC_transition i receive (s i)
     (Some (mkMsg j (state_round (st_rs (s j))) muddy)) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None) rewrite Hsi, MC_transition_equation_8.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
(let (si', om') :=
   MC_transition_clause_4 i st_obs0 ri j
     (decide (j ∈ st_obs0))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None)
           unfold MC_transition_clause_4.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None)
           apply MC_composite_invariant_preservation in Hvalid.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None)
           destruct (Hvalid j) as [| Hinvariant]; [by contradict n; eexists |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hinvariant: MC_component_invariant s j
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None)
           unfold MC_component_invariant, MC_component_invariant_helper in Hinvariant.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hinvariant: match state_status (st_rs (s j)) with
| undecided =>
    state_round (st_rs (s j)) <
    size (st_obs (s j))
| muddy =>
    state_round (st_rs (s j)) =
    size (st_obs (s j))
    ∧ size (MuddyUnion s) - 1 =
      size (st_obs (s j))
| clean =>
    state_round (st_rs (s j)) =
    size (st_obs (s j))
    ∧ size (MuddyUnion s) =
      size (st_obs (s j))
end
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None)
           rewrite He in Hinvariant.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hinvariant: state_round (st_rs (s j)) =
size (st_obs (s j))
∧ size (MuddyUnion s) - 1 =
  size (st_obs (s j))
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None)
           destruct Hinvariant as [Hroundj Hobsj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hroundj: state_round (st_rs (s j)) =
size (st_obs (s j))
Hobsj: size (MuddyUnion s) - 1 = size (st_obs (s j))
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None)
           symmetry in Hobsj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hroundj: state_round (st_rs (s j)) =
size (st_obs (s j))
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None)
           apply MC_muddy_number_of_muddy_seen_iff in Hobsj as Hjmuddy; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     muddy)
Hroundj: state_round (st_rs (s j)) =
size (st_obs (s j))
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) clean))),
 None)
           rewrite Hroundj, Hobsj in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' = size st_obs0)
       then
        (mkSt st_obs0 (Some (mkRS r' muddy)), None)
       else
        if decide (r' = size st_obs0 - 1)
        then
         (mkSt st_obs0 (Some (mkRS (r' + 1) clean)),
          None)
        else
         (mkSt st_obs0 (Some (mkRS ri undecided)),
          None)
    else
     λ _ : nat,
       (mkSt st_obs0 (Some (mkRS ri undecided)), None))
     (size (MuddyUnion s) - 1) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS ri undecided))))
      (Some (mkRS (size (MuddyUnion s) - 1 + 1) clean))),
 None)
           replace st_obs0 with (st_obs (s i)) by (rewrite Hsi; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
(let (si', om') :=
   (if decide (j ∈ st_obs (s i))
    then
     λ r' : nat,
       if decide (r' = size (st_obs (s i)))
       then
        (mkSt (st_obs (s i)) (Some (mkRS r' muddy)),
         None)
       else
        if decide (r' = size (st_obs (s i)) - 1)
        then
         (mkSt (st_obs (s i))
            (Some (mkRS (r' + 1) clean)), None)
        else
         (mkSt (st_obs (s i))
            (Some (mkRS ri undecided)), None)
    else
     λ _ : nat,
       (mkSt (st_obs (s i)) (Some (mkRS ri undecided)),
        None)) (size (MuddyUnion s) - 1) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt
      (st_obs
         (mkSt (st_obs (s i))
            (Some (mkRS ri undecided))))
      (Some (mkRS (size (MuddyUnion s) - 1 + 1) clean))),
 None)
           rewrite decide_True; [rewrite decide_False; [rewrite decide_True |] |]; [done | ..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
size (MuddyUnion s) - 1 = size (st_obs (s i)) - 1
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
size (MuddyUnion s) - 1 ≠ size (st_obs (s i))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
j ∈ st_obs (s i)
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
size (MuddyUnion s) - 1 = size (st_obs (s i)) - 1 destruct (decide (i = j)) as [-> |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
j: index
Hsi: s j = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
He: state_status (st_rs (s j)) = muddy
n0: j ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
size (MuddyUnion s) - 1 = size (st_obs (s j)) - 1
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
size (MuddyUnion s) - 1 = size (st_obs (s i)) - 1
              **index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
j: index
Hsi: s j = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
He: state_status (st_rs (s j)) = muddy
n0: j ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
size (MuddyUnion s) - 1 = size (st_obs (s j)) - 1 by rewrite Hsi in He.
              **index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
size (MuddyUnion s) - 1 = size (st_obs (s i)) - 1 rewrite Hobs in n0.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ MuddyUnion s ∖ {[j]}
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
size (MuddyUnion s) - 1 = size (st_obs (s i)) - 1
                 assert (HinotinMuddy : i ∉ MuddyUnion s) by set_solver.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ MuddyUnion s ∖ {[j]}
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
HinotinMuddy: i ∉ MuddyUnion s
size (MuddyUnion s) - 1 = size (st_obs (s i)) - 1
                 by apply MC_clean_number_of_muddy_seen in HinotinMuddy; [rewrite HinotinMuddy |].
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
size (MuddyUnion s) - 1 ≠ size (st_obs (s i)) destruct (decide (i = j)) as [-> |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
j: index
Hsi: s j = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
He: state_status (st_rs (s j)) = muddy
n0: j ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
size (MuddyUnion s) - 1 ≠ size (st_obs (s j))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
size (MuddyUnion s) - 1 ≠ size (st_obs (s i))
              **index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
j: index
Hsi: s j = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
He: state_status (st_rs (s j)) = muddy
n0: j ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
size (MuddyUnion s) - 1 ≠ size (st_obs (s j)) by rewrite Hsi in He.
              **index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
size (MuddyUnion s) - 1 ≠ size (st_obs (s i)) rewrite Hobs in n0.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ MuddyUnion s ∖ {[j]}
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
size (MuddyUnion s) - 1 ≠ size (st_obs (s i))
                 assert (HinotinMuddy : i ∉ MuddyUnion s) by set_solver.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ MuddyUnion s ∖ {[j]}
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
HinotinMuddy: i ∉ MuddyUnion s
size (MuddyUnion s) - 1 ≠ size (st_obs (s i))
                 apply MC_clean_number_of_muddy_seen in HinotinMuddy; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ MuddyUnion s ∖ {[j]}
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
HinotinMuddy: size (st_obs (s i)) =
size (MuddyUnion s)
size (MuddyUnion s) - 1 ≠ size (st_obs (s i))
                 by destruct (decide (size (MuddyUnion s) = 0)); [apply size_empty_iff in e | lia].
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
j ∈ st_obs (s i) rewrite Hobs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
j ∈ MuddyUnion s ∖ {[i]}
              destruct (decide (i = j)) as [-> |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
j: index
Hsi: s j = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
He: state_status (st_rs (s j)) = muddy
n0: j ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
j ∈ MuddyUnion s ∖ {[j]}
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
j ∈ MuddyUnion s ∖ {[i]}
              **index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
j: index
Hsi: s j = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
He: state_status (st_rs (s j)) = muddy
n0: j ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
j ∈ MuddyUnion s ∖ {[j]} by rewrite Hsi in He.
              **index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninitial: ¬ composite_initial_state_prop MCVLSM s
i: index
st_obs0: indexSet
ri: nat
Hi: ¬ state_status
    (st_rs
       (mkSt st_obs0 (Some (mkRS ri undecided))))
  ≠ undecided
Hsi: s i = mkSt st_obs0 (Some (mkRS ri undecided))
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hcons: consistent s
j: index
He: state_status (st_rs (s j)) = muddy
n0: i ∉ st_obs (s j)
H9: length (enum index) > 1
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hnoequiv: MC_no_equivocation s
  (mkMsg j (size (MuddyUnion s) - 1) muddy)
Hroundj: state_round (st_rs (s j)) =
size (MuddyUnion s) - 1
Hobsj: size (st_obs (s j)) = size (MuddyUnion s) - 1
Hjmuddy: j ∈ MuddyUnion s
n1: i ≠ j
j ∈ MuddyUnion s ∖ {[i]} by set_solver.
    +index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hcons: consistent s
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) destruct Hcons as [Hmuddy Hobs].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      assert (exists (j : index), j ∈ MuddyUnion s) as (j & Hjmuddyunion)
        by (apply set_choose in Hmuddy; done).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: MC_non_initial_valid_state s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      unfold MC_non_initial_valid_state in Hs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hs: valid_state_prop MC_composite_vlsm s
∧ ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      destruct Hs as [Hvalid Hnoninit].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      pose proof Hvalid as Hvalid'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': valid_state_prop MC_composite_vlsm s
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      apply MC_composite_invariant_preservation_inductive in Hvalid'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      assert (exists (k : index), k ∈ st_obs (s j)) as (k & Hkobs).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
∃ k : index, k ∈ st_obs (s j)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
∃ k : index, k ∈ st_obs (s j)
        apply set_choose, size_non_empty_iff.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
size (st_obs (s j)) ≠ 0
        destruct (Hvalid' j) as [| Hinvariant]; [by contradiction n; eexists |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
Hinvariant: MC_component_invariant_inductive s j
size (st_obs (s j)) ≠ 0
        inversion Hinvariant; [by lia | | by contradict n0; eexists].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
Hinvariant: MC_component_invariant_inductive s j
s0: index → State
i0: index
H9: state_status (st_rs (s j)) = clean
H10: state_round (st_rs (s j)) = size (st_obs (s j))
H11: size (MuddyUnion s) = size (st_obs (s j))
H12: s0 = s
H13: i0 = j
size (st_obs (s j)) ≠ 0
        apply MC_muddy_number_of_muddy_seen in Hjmuddyunion; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: size (st_obs (s j)) =
size (MuddyUnion s) - 1
Hvalid': MC_composite_invariant_inductive s
Hinvariant: MC_component_invariant_inductive s j
s0: index → State
i0: index
H9: state_status (st_rs (s j)) = clean
H10: state_round (st_rs (s j)) = size (st_obs (s j))
H11: size (MuddyUnion s) = size (st_obs (s j))
H12: s0 = s
H13: i0 = j
size (st_obs (s j)) ≠ 0
        by apply size_non_empty_iff in Hmuddy; lia.
      }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      assert (Hkundecided : state_status (st_rs (s k)) = undecided).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
state_status (st_rs (s k)) = undecided
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
state_status (st_rs (s k)) = undecided
        destruct (Hvalid' k) as [| Hinvariantk]; [by contradict n; eexists |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hinvariantk: MC_component_invariant_inductive s k
state_status (st_rs (s k)) = undecided
        unfold MC_component_invariant in Hinvariantk.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hinvariantk: MC_component_invariant_inductive s k
state_status (st_rs (s k)) = undecided
        inversion Hinvariantk; [done | | by contradict n0; eexists].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hinvariantk: MC_component_invariant_inductive s k
s0: index → State
i0: index
H9: state_status (st_rs (s k)) = clean
H10: state_round (st_rs (s k)) = size (st_obs (s k))
H11: size (MuddyUnion s) = size (st_obs (s k))
H12: s0 = s
H13: i0 = k
state_status (st_rs (s k)) = undecided
        apply MuddyUnion_elem, MC_muddy_number_of_muddy_seen in Hkobs; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: size (st_obs (s k)) = size (MuddyUnion s) - 1
Hinvariantk: MC_component_invariant_inductive s k
s0: index → State
i0: index
H9: state_status (st_rs (s k)) = clean
H10: state_round (st_rs (s k)) = size (st_obs (s k))
H11: size (MuddyUnion s) = size (st_obs (s k))
H12: s0 = s
H13: i0 = k
state_status (st_rs (s k)) = undecided
        by apply size_non_empty_iff in Hmuddy; lia.
      }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      assert (Hkinvariant : state_round (st_rs (s k)) < size (st_obs (s k))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
state_round (st_rs (s k)) < size (st_obs (s k))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
state_round (st_rs (s k)) < size (st_obs (s k))
        destruct (Hvalid' k) as [| Hkinvariant]; [by contradict n; eexists |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: MC_component_invariant_inductive s k
state_round (st_rs (s k)) < size (st_obs (s k))
        inversion Hkinvariant; [done | | by contradict n0; eexists].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: MC_component_invariant_inductive s k
s0: index → State
i0: index
H9: state_status (st_rs (s k)) = clean
H10: state_round (st_rs (s k)) = size (st_obs (s k))
H11: size (MuddyUnion s) = size (st_obs (s k))
H12: s0 = s
H13: i0 = k
state_round (st_rs (s k)) < size (st_obs (s k))
        apply MuddyUnion_elem, MC_muddy_number_of_muddy_seen in Hkobs; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: size (st_obs (s k)) = size (MuddyUnion s) - 1
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: MC_component_invariant_inductive s k
s0: index → State
i0: index
H9: state_status (st_rs (s k)) = clean
H10: state_round (st_rs (s k)) = size (st_obs (s k))
H11: size (MuddyUnion s) = size (st_obs (s k))
H12: s0 = s
H13: i0 = k
state_round (st_rs (s k)) < size (st_obs (s k))
        by rewrite Hkobs in H11; apply size_non_empty_iff in Hmuddy; lia.
      }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      assert (Hjundecided : state_status (st_rs (s j)) = undecided).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
state_status (st_rs (s j)) = undecided
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
state_status (st_rs (s j)) = undecided
        destruct (Hvalid' j) as [| Hinvariantj]; [by contradict n; eexists |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hinvariantj: MC_component_invariant_inductive s j
state_status (st_rs (s j)) = undecided
        unfold MC_component_invariant in Hinvariantj.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hinvariantj: MC_component_invariant_inductive s j
state_status (st_rs (s j)) = undecided
        inversion Hinvariantj; [done | | by contradict n0; eexists].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hinvariantj: MC_component_invariant_inductive s j
s0: index → State
i0: index
H9: state_status (st_rs (s j)) = clean
H10: state_round (st_rs (s j)) = size (st_obs (s j))
H11: size (MuddyUnion s) = size (st_obs (s j))
H12: s0 = s
H13: i0 = j
state_status (st_rs (s j)) = undecided
        apply MC_muddy_number_of_muddy_seen in Hjmuddyunion; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: size (st_obs (s j)) =
size (MuddyUnion s) - 1
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hinvariantj: MC_component_invariant_inductive s j
s0: index → State
i0: index
H9: state_status (st_rs (s j)) = clean
H10: state_round (st_rs (s j)) = size (st_obs (s j))
H11: size (MuddyUnion s) = size (st_obs (s j))
H12: s0 = s
H13: i0 = j
state_status (st_rs (s j)) = undecided
        by apply size_non_empty_iff in Hmuddy; lia.
      }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      assert (Hjinvariant : state_round (st_rs (s j)) < size (st_obs (s j))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
state_round (st_rs (s j)) < size (st_obs (s j))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
state_round (st_rs (s j)) < size (st_obs (s j))
        destruct (Hvalid' j) as [| Hjinvariant]; [by contradict n; eexists |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: MC_component_invariant_inductive s j
state_round (st_rs (s j)) < size (st_obs (s j))
        inversion Hjinvariant; [done | | by contradict n0; eexists].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: MC_component_invariant_inductive s j
s0: index → State
i0: index
H9: state_status (st_rs (s j)) = clean
H10: state_round (st_rs (s j)) = size (st_obs (s j))
H11: size (MuddyUnion s) = size (st_obs (s j))
H12: s0 = s
H13: i0 = j
state_round (st_rs (s j)) < size (st_obs (s j))
        apply MC_muddy_number_of_muddy_seen in Hjmuddyunion; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: size (st_obs (s j)) =
size (MuddyUnion s) - 1
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: MC_component_invariant_inductive s j
s0: index → State
i0: index
H9: state_status (st_rs (s j)) = clean
H10: state_round (st_rs (s j)) = size (st_obs (s j))
H11: size (MuddyUnion s) = size (st_obs (s j))
H12: s0 = s
H13: i0 = j
state_round (st_rs (s j)) < size (st_obs (s j))
        by rewrite Hjmuddyunion in H11; apply size_non_empty_iff in Hmuddy; lia.
      }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      assert (Hjk_eq_size_muddy : size (st_obs (s j)) = size (st_obs (s k))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
size (st_obs (s j)) = size (st_obs (s k))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
size (st_obs (s j)) = size (st_obs (s k))
        apply MC_muddy_number_of_muddy_seen in Hjmuddyunion; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: size (st_obs (s j)) =
size (MuddyUnion s) - 1
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
size (st_obs (s j)) = size (st_obs (s k))
        apply MuddyUnion_elem, MC_muddy_number_of_muddy_seen in Hkobs; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: size (st_obs (s j)) =
size (MuddyUnion s) - 1
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: size (st_obs (s k)) = size (MuddyUnion s) - 1
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
size (st_obs (s j)) = size (st_obs (s k))
        by rewrite <- Hjmuddyunion in Hkobs.
      }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      assert (Hjobs : j ∈ st_obs (s k)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
j ∈ st_obs (s k)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
j ∈ st_obs (s k)
        rewrite Hobs.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
j ∈ MuddyUnion s ∖ {[k]}
        destruct (decide (j = k)) as [-> |]; [| set_solver].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
k: index
Hkobs: k ∈ st_obs (s k)
Hjmuddyunion: k ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjk_eq_size_muddy: size (st_obs (s k)) =
size (st_obs (s k))
Hjinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s k)) = undecided
k ∈ MuddyUnion s ∖ {[k]}
        by rewrite Hobs in Hkobs; set_solver.
      }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      destruct (decide (state_round (st_rs (s j)) < state_round (st_rs (s k)))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (VLSM.l item))) >
      state_round_inc (s (projT1 (VLSM.l item)))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (VLSM.l item))) >
      state_round_inc (s (projT1 (VLSM.l item))) destruct (decide (state_round (st_rs (s k)) = size (st_obs (s j)) - 1))
          as [Heqobsminus1 | Hneqobsminus1].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (VLSM.l item))) >
      state_round_inc (s (projT1 (VLSM.l item)))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (VLSM.l item))) >
      state_round_inc (s (projT1 (VLSM.l item)))
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (VLSM.l item))) >
      state_round_inc (s (projT1 (VLSM.l item))) exists (Build_transition_item (T := composite_type MCVLSM) (existT j receive)
             (Some (mkMsg k (state_round (st_rs (s k))) undecided))
             (state_update MCVLSM s j (mkSt (st_obs (s j))
             (Some (mkRS (state_round (st_rs (s k)) + 1) muddy)))) None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 muddy)));
    output := None
  |}
∧ state_round_inc
    (destination
       {|
         l := existT j receive;
         input :=
           Some
             (mkMsg k (state_round (st_rs (s k)))
                undecided);
         destination :=
           state_update MCVLSM s j
             (mkSt (st_obs (s j))
                (Some
                   (mkRS
                      (state_round (st_rs (s k)) + 1)
                      muddy)));
         output := None
       |}
       (projT1
          (VLSM.l
             {|
               l := existT j receive;
               input :=
                 Some
                   (mkMsg k
                      (state_round (st_rs (s k)))
                      undecided);
               destination :=
                 state_update MCVLSM s j
                   (mkSt (st_obs (s j))
                      (Some
                         (mkRS
                            (state_round (st_rs (s k)) +
                             1) muddy)));
               output := None
             |}))) >
  state_round_inc
    (s
       (projT1
          (VLSM.l
             {|
               l := existT j receive;
               input :=
                 Some
                   (mkMsg k
                      (state_round (st_rs (s k)))
                      undecided);
               destination :=
                 state_update MCVLSM s j
                   (mkSt (st_obs (s j))
                      (Some
                         (mkRS
                            (state_round (st_rs (s k)) +
                             1) muddy)));
               output := None
             |})))
           cbn; state_update_simpl; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s k)) + 1) >
  state_round_inc (s j)
           cut (input_valid_transition_item MC_composite_vlsm s
             (MC_transition_item_update s k j undecided
             (mkRS (state_round (st_rs (s k)) + 1) muddy))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT j receive;
      input :=
        Some
          (mkMsg k (state_round (st_rs (s k)))
             undecided);
      destination :=
        state_update MCVLSM s j
          (mkSt (st_obs (s j))
             (Some
                (mkRS (state_round (st_rs (s k)) + 1)
                   muddy)));
      output := None
    |}
  ∧ S (state_round (st_rs (s k)) + 1) >
    state_round_inc (s j)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
           {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT j receive;
      input :=
        Some
          (mkMsg k (state_round (st_rs (s k)))
             undecided);
      destination :=
        state_update MCVLSM s j
          (mkSt (st_obs (s j))
             (Some
                (mkRS (state_round (st_rs (s k)) + 1)
                   muddy)));
      output := None
    |}
  ∧ S (state_round (st_rs (s k)) + 1) >
    state_round_inc (s j)
             intro Ht; destruct (id Ht) as [(_ & Hm & Hv & Hc) _].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hc: MC_constraint
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s k)) + 1) >
  state_round_inc (s j)
             unfold MC_constraint, input in Hc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hc: let (x, l0) :=
  VLSM.l
    (MC_transition_item_update s k j undecided
       (mkRS (state_round (st_rs (s k)) + 1)
          muddy)) in
match l0 with
| init => consistent s
| emit => True
| receive =>
    match
      (let (_, input, _, _) :=
         MC_transition_item_update s k j
           undecided
           (mkRS (state_round (st_rs (s k)) + 1)
              muddy) in
       input)
    with
    | Some m => MC_no_equivocation s m
    | None => True
    end
end
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s k)) + 1) >
  state_round_inc (s j)
             apply MC_valid_noequiv_valid in Hc; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hc: valid_message_prop MC_composite_vlsm
  (mkMsg k (state_round (st_rs (s k))) undecided)
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s k)) + 1) >
  state_round_inc (s j)
             cbn in Hc; destruct Hc as [Hroundk Hk].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s k)) + 1) >
  state_round_inc (s j)
             split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
S (state_round (st_rs (s k)) + 1) >
state_round_inc (s j)
             apply MC_undecided_undecided_to_muddy_increase_round in Ht; try done.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: state_round
  (st_rs
     (destination
        (MC_transition_item_update s k j
           undecided
           (mkRS (state_round (st_rs (s k)) + 1)
              muddy))
        (projT1
           (VLSM.l
              (MC_transition_item_update s k j
                 undecided
                 (mkRS
                    (state_round (st_rs (s k)) +
                     1) muddy)))))) >
state_round
  (st_rs
     (s
        (projT1
           (VLSM.l
              (MC_transition_item_update s k j
                 undecided
                 (mkRS
                    (state_round (st_rs (s k)) +
                     1) muddy))))))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
S (state_round (st_rs (s k)) + 1) >
state_round_inc (s j)
             cbn in Ht; state_update_simpl; cbn in Ht; unfold state_round_inc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: state_round (st_rs (s k)) + 1 >
state_round (st_rs (s j))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
S (state_round (st_rs (s k)) + 1) >
match st_rs (s j) with
| Some rs => S (rs_round rs)
| None => 0
end
             case_match; [| by lia].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
r: RoundStatus
H10: st_rs (s j) = Some r
Hjundecided: state_status (Some r) = undecided
Hjinvariant: state_round (Some r) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (Some r) < state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: state_round (st_rs (s k)) + 1 >
state_round (Some r)
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           muddy)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
S (state_round (st_rs (s k)) + 1) > S (rs_round r)
             remember (state_round (st_rs (s k))) as roundk; unfold state_round in Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
roundk: nat
Heqroundk: roundk = state_round (st_rs (s k))
Hkinvariant: roundk < size (st_obs (s k))
r: RoundStatus
H10: st_rs (s j) = Some r
Hjundecided: state_status (Some r) = undecided
Hjinvariant: state_round (Some r) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (Some r) < roundk
Heqobsminus1: roundk = size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: roundk + 1 > from_option rs_round 0 (Some r)
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (roundk + 1) muddy)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (roundk + 1) muddy)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (roundk + 1) muddy)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk (Some (mkMsg k roundk undecided))
S (roundk + 1) > S (rs_round r)
             by cbn in Ht; lia.
           }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
           assert (Hnoequiv :  MC_no_equivocation s
            (mkMsg k (state_round (st_rs (s k))) undecided)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k))) undecided)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
           {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k))) undecided)
             by unfold MC_no_equivocation; repeat case_match;
               cbn in *; [left; split | lia].
           }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
           pose proof Hjundecided as Hjundecided'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
Hjundecided': state_status (st_rs (s j)) = undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
           destruct (s j) eqn: Hsj in Hjundecided'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
st_obs0: indexSet
st_rs0: option RoundStatus
Hsj: s j = mkSt st_obs0 st_rs0
Hjundecided': state_status
  (st_rs (mkSt st_obs0 st_rs0)) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
           destruct st_rs0; [| by contradict n; eexists; rewrite Hsj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
st_obs0: indexSet
r: RoundStatus
Hsj: s j = mkSt st_obs0 (Some r)
Hjundecided': state_status
  (st_rs (mkSt st_obs0 (Some r))) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
           destruct r as [rj stj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) muddy))
           repeat split; only 1,4: done; cbn;
             [by eapply MC_valid_noequiv_valid | by rewrite Hsj; constructor |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
(let (si', om') :=
   MC_transition j receive (s j)
     (Some
        (mkMsg k (state_round (st_rs (s k))) undecided)) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt (st_obs (s j))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1) muddy))),
 None)
           pose proof Hjundecided as Hjundecided''.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
Hjundecided'': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   MC_transition j receive (s j)
     (Some
        (mkMsg k (state_round (st_rs (s k))) undecided)) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt (st_obs (s j))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1) muddy))),
 None)
           rewrite Hsj; rewrite Hsj in Hjundecided; cbn in Hjundecided; rewrite Hjundecided.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hjundecided: stj = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
Hjundecided'': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   MC_transition j receive
     (mkSt st_obs0 (Some (mkRS rj undecided)))
     (Some
        (mkMsg k (state_round (st_rs (s k))) undecided)) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rj undecided))))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1) muddy))),
 None)
           rewrite MC_transition_equation_7.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hjundecided: stj = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
Hjundecided'': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   MC_transition_clause_5 j st_obs0 rj k
     (decide (k ∈ st_obs0))
     (state_round (st_rs (s k))) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rj undecided))))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1) muddy))),
 None) unfold MC_transition_clause_5.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hjundecided: stj = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
Hjundecided'': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   (if decide (k ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' < rj)
       then
        (mkSt st_obs0 (Some (mkRS rj undecided)), None)
       else
        if decide (rj <= r' < size st_obs0 - 1)
        then
         (mkSt st_obs0
            (Some (mkRS (r' + 1) undecided)), None)
        else
         if decide (r' = size st_obs0 - 1)
         then
          (mkSt st_obs0 (Some (mkRS (r' + 1) muddy)),
           None)
         else
          (mkSt st_obs0 (Some (mkRS rj undecided)),
           None)
    else
     λ r' : nat,
       if decide (r' ≤ rj)
       then
        (mkSt st_obs0 (Some (mkRS rj undecided)), None)
       else
        if decide (rj < r' < size st_obs0)
        then
         (mkSt st_obs0 (Some (mkRS r' undecided)),
          None)
        else
         if decide (r' = size st_obs0)
         then
          (mkSt st_obs0 (Some (mkRS r' muddy)), None)
         else
          (mkSt st_obs0 (Some (mkRS rj undecided)),
           None)) (state_round (st_rs (s k))) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rj undecided))))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1) muddy))),
 None)
           replace st_obs0 with (st_obs (s j)); [| by rewrite Hsj];
             replace rj with (state_round (st_rs (s j))); [| by rewrite Hsj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hjundecided: stj = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Heqobsminus1: state_round (st_rs (s k)) =
size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
Hjundecided'': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   (if decide (k ∈ st_obs (s j))
    then
     λ r' : nat,
       if decide (r' < state_round (st_rs (s j)))
       then
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s j)))
                 undecided)), None)
       else
        if
         decide
           (state_round (st_rs (s j)) <= r' <
            size (st_obs (s j)) - 1)
        then
         (mkSt (st_obs (s j))
            (Some (mkRS (r' + 1) undecided)), None)
        else
         if decide (r' = size (st_obs (s j)) - 1)
         then
          (mkSt (st_obs (s j))
             (Some (mkRS (r' + 1) muddy)), None)
         else
          (mkSt (st_obs (s j))
             (Some
                (mkRS (state_round (st_rs (s j)))
                   undecided)), None)
    else
     λ r' : nat,
       if decide (r' ≤ state_round (st_rs (s j)))
       then
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s j)))
                 undecided)), None)
       else
        if
         decide
           (state_round (st_rs (s j)) < r' <
            size (st_obs (s j)))
        then
         (mkSt (st_obs (s j))
            (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size (st_obs (s j)))
         then
          (mkSt (st_obs (s j)) (Some (mkRS r' muddy)),
           None)
         else
          (mkSt (st_obs (s j))
             (Some
                (mkRS (state_round (st_rs (s j)))
                   undecided)), None))
     (state_round (st_rs (s k))) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt
      (st_obs
         (mkSt (st_obs (s j))
            (Some
               (mkRS (state_round (st_rs (s j)))
                  undecided))))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1) muddy))),
 None)
           by rewrite decide_True, decide_False, decide_False, decide_True; [| lia .. |].
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (VLSM.l item))) >
      state_round_inc (s (projT1 (VLSM.l item))) exists (Build_transition_item (T := composite_type MCVLSM) (existT j receive)
             (Some (mkMsg k (state_round (st_rs (s k))) undecided))
             (state_update MCVLSM s j (mkSt (st_obs (s j))
             (Some (mkRS (state_round (st_rs (s k)) + 1) undecided)))) None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 undecided)));
    output := None
  |}
∧ state_round_inc
    (destination
       {|
         l := existT j receive;
         input :=
           Some
             (mkMsg k (state_round (st_rs (s k)))
                undecided);
         destination :=
           state_update MCVLSM s j
             (mkSt (st_obs (s j))
                (Some
                   (mkRS
                      (state_round (st_rs (s k)) + 1)
                      undecided)));
         output := None
       |}
       (projT1
          (VLSM.l
             {|
               l := existT j receive;
               input :=
                 Some
                   (mkMsg k
                      (state_round (st_rs (s k)))
                      undecided);
               destination :=
                 state_update MCVLSM s j
                   (mkSt (st_obs (s j))
                      (Some
                         (mkRS
                            (state_round (st_rs (s k)) +
                             1) undecided)));
               output := None
             |}))) >
  state_round_inc
    (s
       (projT1
          (VLSM.l
             {|
               l := existT j receive;
               input :=
                 Some
                   (mkMsg k
                      (state_round (st_rs (s k)))
                      undecided);
               destination :=
                 state_update MCVLSM s j
                   (mkSt (st_obs (s j))
                      (Some
                         (mkRS
                            (state_round (st_rs (s k)) +
                             1) undecided)));
               output := None
             |})))
           cbn; state_update_simpl; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s k)) + 1) >
  state_round_inc (s j)
           cut (input_valid_transition_item MC_composite_vlsm s
             (MC_transition_item_update s k j undecided
             (mkRS (state_round (st_rs (s k)) + 1) undecided))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) undecided))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT j receive;
      input :=
        Some
          (mkMsg k (state_round (st_rs (s k)))
             undecided);
      destination :=
        state_update MCVLSM s j
          (mkSt (st_obs (s j))
             (Some
                (mkRS (state_round (st_rs (s k)) + 1)
                   undecided)));
      output := None
    |}
  ∧ S (state_round (st_rs (s k)) + 1) >
    state_round_inc (s j)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) undecided))
           {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) undecided))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT j receive;
      input :=
        Some
          (mkMsg k (state_round (st_rs (s k)))
             undecided);
      destination :=
        state_update MCVLSM s j
          (mkSt (st_obs (s j))
             (Some
                (mkRS (state_round (st_rs (s k)) + 1)
                   undecided)));
      output := None
    |}
  ∧ S (state_round (st_rs (s k)) + 1) >
    state_round_inc (s j)
             intro Ht; destruct (id Ht) as [(_ & Hm & Hv & Hc) _].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hc: MC_constraint
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s k)) + 1) >
  state_round_inc (s j)
             unfold MC_constraint, input in Hc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hc: let (x, l0) :=
  VLSM.l
    (MC_transition_item_update s k j undecided
       (mkRS (state_round (st_rs (s k)) + 1)
          undecided)) in
match l0 with
| init => consistent s
| emit => True
| receive =>
    match
      (let (_, input, _, _) :=
         MC_transition_item_update s k j
           undecided
           (mkRS (state_round (st_rs (s k)) + 1)
              undecided) in
       input)
    with
    | Some m => MC_no_equivocation s m
    | None => True
    end
end
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s k)) + 1) >
  state_round_inc (s j)
             apply MC_valid_noequiv_valid in Hc; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hc: valid_message_prop MC_composite_vlsm
  (mkMsg k (state_round (st_rs (s k))) undecided)
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s k)) + 1) >
  state_round_inc (s j)
             cbn in Hc; destruct Hc as [Hroundk Hk].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT j receive;
    input :=
      Some
        (mkMsg k (state_round (st_rs (s k))) undecided);
    destination :=
      state_update MCVLSM s j
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s k)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s k)) + 1) >
  state_round_inc (s j)
             split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
S (state_round (st_rs (s k)) + 1) >
state_round_inc (s j)
             apply MC_undecided_undecided_increase_round in Ht; try done.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: state_round
  (st_rs
     (destination
        (MC_transition_item_update s k j
           undecided
           (mkRS (state_round (st_rs (s k)) + 1)
              undecided))
        (projT1
           (VLSM.l
              (MC_transition_item_update s k j
                 undecided
                 (mkRS
                    (state_round (st_rs (s k)) +
                     1) undecided)))))) >
state_round
  (st_rs
     (s
        (projT1
           (VLSM.l
              (MC_transition_item_update s k j
                 undecided
                 (mkRS
                    (state_round (st_rs (s k)) +
                     1) undecided))))))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
S (state_round (st_rs (s k)) + 1) >
state_round_inc (s j)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
state_round
  (st_rs
     (s
        (projT1
           (VLSM.l
              (MC_transition_item_update s k j
                 undecided
                 (mkRS (state_round (st_rs (s k)) + 1)
                    undecided)))))) <=
message_round
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided))) <
size
  (st_obs
     (s
        (projT1
           (VLSM.l
              (MC_transition_item_update s k j
                 undecided
                 (mkRS (state_round (st_rs (s k)) + 1)
                    undecided)))))) - 1
             -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: state_round
  (st_rs
     (destination
        (MC_transition_item_update s k j
           undecided
           (mkRS (state_round (st_rs (s k)) + 1)
              undecided))
        (projT1
           (VLSM.l
              (MC_transition_item_update s k j
                 undecided
                 (mkRS
                    (state_round (st_rs (s k)) +
                     1) undecided)))))) >
state_round
  (st_rs
     (s
        (projT1
           (VLSM.l
              (MC_transition_item_update s k j
                 undecided
                 (mkRS
                    (state_round (st_rs (s k)) +
                     1) undecided))))))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
S (state_round (st_rs (s k)) + 1) >
state_round_inc (s j) cbn in Ht; state_update_simpl; cbn in Ht;
                 unfold state_round_inc; case_match; [| by lia].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
r: RoundStatus
H10: st_rs (s j) = Some r
Hjundecided: state_status (Some r) = undecided
Hjinvariant: state_round (Some r) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (Some r) < state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: state_round (st_rs (s k)) + 1 >
state_round (Some r)
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
S (state_round (st_rs (s k)) + 1) > S (rs_round r)
               remember (state_round (st_rs (s k))) as roundk.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
roundk: nat
Heqroundk: roundk = state_round (st_rs (s k))
Hkinvariant: roundk < size (st_obs (s k))
r: RoundStatus
H10: st_rs (s j) = Some r
Hjundecided: state_status (Some r) = undecided
Hjinvariant: state_round (Some r) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (Some r) < roundk
Hneqobsminus1: roundk ≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: roundk + 1 > state_round (Some r)
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (roundk + 1) undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (roundk + 1) undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (roundk + 1) undecided)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk (Some (mkMsg k roundk undecided))
S (roundk + 1) > S (rs_round r)
               unfold state_round in Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
roundk: nat
Heqroundk: roundk = state_round (st_rs (s k))
Hkinvariant: roundk < size (st_obs (s k))
r: RoundStatus
H10: st_rs (s j) = Some r
Hjundecided: state_status (Some r) = undecided
Hjinvariant: state_round (Some r) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (Some r) < roundk
Hneqobsminus1: roundk ≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: roundk + 1 > from_option rs_round 0 (Some r)
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (roundk + 1) undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (roundk + 1) undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (roundk + 1) undecided)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk (Some (mkMsg k roundk undecided))
S (roundk + 1) > S (rs_round r)
               by cbn in Ht; lia.
             -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hv: valid
  (VLSM.l
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided)))
Hroundk: state MC_composite_vlsm
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
state_round
  (st_rs
     (s
        (projT1
           (VLSM.l
              (MC_transition_item_update s k j
                 undecided
                 (mkRS (state_round (st_rs (s k)) + 1)
                    undecided)))))) <=
message_round
  (input
     (MC_transition_item_update s k j undecided
        (mkRS (state_round (st_rs (s k)) + 1)
           undecided))) <
size
  (st_obs
     (s
        (projT1
           (VLSM.l
              (MC_transition_item_update s k j
                 undecided
                 (mkRS (state_round (st_rs (s k)) + 1)
                    undecided)))))) - 1 cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
Hv: MC_valid receive (s j)
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
Hroundk: composite_state MCVLSM
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
state_round (st_rs (s j)) <=
state_round (st_rs (s k)) < size (st_obs (s j)) - 1 split; [lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
Hv: MC_valid receive (s j)
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
Hroundk: composite_state MCVLSM
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
state_round (st_rs (s k)) < size (st_obs (s j)) - 1
               apply MC_composite_invariant_preservation in Hvalid.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
Hv: MC_valid receive (s j)
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
Hroundk: composite_state MCVLSM
Hk: valid_state_message_prop MC_composite_vlsm
  Hroundk
  (Some
     (mkMsg k (state_round (st_rs (s k)))
        undecided))
state_round (st_rs (s k)) < size (st_obs (s j)) - 1
               by rewrite Hjk_eq_size_muddy; lia.
           }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) undecided))
           assert (Hnoequiv :  MC_no_equivocation s
             (mkMsg k (state_round (st_rs (s k))) undecided)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k))) undecided)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) undecided))
           {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k))) undecided)
             by unfold MC_no_equivocation; repeat case_match; [left | cbn in *; lia].
           }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) undecided))
           pose proof Hjundecided as Hjundecided'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
Hjundecided': state_status (st_rs (s j)) = undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) undecided))
           destruct (s j) eqn: Hsj in Hjundecided'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
st_obs0: indexSet
st_rs0: option RoundStatus
Hsj: s j = mkSt st_obs0 st_rs0
Hjundecided': state_status
  (st_rs (mkSt st_obs0 st_rs0)) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) undecided))
           destruct st_rs0; [| by contradict n; eexists; rewrite Hsj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
st_obs0: indexSet
r: RoundStatus
Hsj: s j = mkSt st_obs0 (Some r)
Hjundecided': state_status
  (st_rs (mkSt st_obs0 (Some r))) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) undecided))
           destruct r as [rj stj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s k j undecided
     (mkRS (state_round (st_rs (s k)) + 1) undecided))
           repeat split; only 1,4: done; cbn;
             [by eapply MC_valid_noequiv_valid | rewrite Hsj; constructor |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
(let (si', om') :=
   MC_transition j receive (s j)
     (Some
        (mkMsg k (state_round (st_rs (s k))) undecided)) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt (st_obs (s j))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1)
            undecided))), None)
           pose proof Hjundecided as Hjundecided''.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
Hjundecided'': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   MC_transition j receive (s j)
     (Some
        (mkMsg k (state_round (st_rs (s k))) undecided)) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt (st_obs (s j))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1)
            undecided))), None)
           rewrite Hsj; rewrite Hsj in Hjundecided; cbn in Hjundecided; rewrite Hjundecided.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hjundecided: stj = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
Hjundecided'': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   MC_transition j receive
     (mkSt st_obs0 (Some (mkRS rj undecided)))
     (Some
        (mkMsg k (state_round (st_rs (s k))) undecided)) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rj undecided))))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1)
            undecided))), None)
           rewrite MC_transition_equation_7.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hjundecided: stj = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
Hjundecided'': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   MC_transition_clause_5 j st_obs0 rj k
     (decide (k ∈ st_obs0))
     (state_round (st_rs (s k))) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rj undecided))))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1)
            undecided))), None) unfold MC_transition_clause_5.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hjundecided: stj = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
Hjundecided'': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   (if decide (k ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' < rj)
       then
        (mkSt st_obs0 (Some (mkRS rj undecided)), None)
       else
        if decide (rj <= r' < size st_obs0 - 1)
        then
         (mkSt st_obs0
            (Some (mkRS (r' + 1) undecided)), None)
        else
         if decide (r' = size st_obs0 - 1)
         then
          (mkSt st_obs0 (Some (mkRS (r' + 1) muddy)),
           None)
         else
          (mkSt st_obs0 (Some (mkRS rj undecided)),
           None)
    else
     λ r' : nat,
       if decide (r' ≤ rj)
       then
        (mkSt st_obs0 (Some (mkRS rj undecided)), None)
       else
        if decide (rj < r' < size st_obs0)
        then
         (mkSt st_obs0 (Some (mkRS r' undecided)),
          None)
        else
         if decide (r' = size st_obs0)
         then
          (mkSt st_obs0 (Some (mkRS r' muddy)), None)
         else
          (mkSt st_obs0 (Some (mkRS rj undecided)),
           None)) (state_round (st_rs (s k))) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rj undecided))))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1)
            undecided))), None)
           replace st_obs0 with (st_obs (s j)); [| by rewrite Hsj];
             replace rj with (state_round (st_rs (s j))); [| by rewrite Hsj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
st_obs0: indexSet
rj: nat
stj: ChildStatus
Hjundecided: stj = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
l: state_round (st_rs (s j)) <
state_round (st_rs (s k))
Hneqobsminus1: state_round (st_rs (s k))
≠ size (st_obs (s j)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg k (state_round (st_rs (s k)))
     undecided)
Hsj: s j = mkSt st_obs0 (Some (mkRS rj stj))
Hjundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rj stj)))) =
undecided
Hjundecided'': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   (if decide (k ∈ st_obs (s j))
    then
     λ r' : nat,
       if decide (r' < state_round (st_rs (s j)))
       then
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s j)))
                 undecided)), None)
       else
        if
         decide
           (state_round (st_rs (s j)) <= r' <
            size (st_obs (s j)) - 1)
        then
         (mkSt (st_obs (s j))
            (Some (mkRS (r' + 1) undecided)), None)
        else
         if decide (r' = size (st_obs (s j)) - 1)
         then
          (mkSt (st_obs (s j))
             (Some (mkRS (r' + 1) muddy)), None)
         else
          (mkSt (st_obs (s j))
             (Some
                (mkRS (state_round (st_rs (s j)))
                   undecided)), None)
    else
     λ r' : nat,
       if decide (r' ≤ state_round (st_rs (s j)))
       then
        (mkSt (st_obs (s j))
           (Some
              (mkRS (state_round (st_rs (s j)))
                 undecided)), None)
       else
        if
         decide
           (state_round (st_rs (s j)) < r' <
            size (st_obs (s j)))
        then
         (mkSt (st_obs (s j))
            (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size (st_obs (s j)))
         then
          (mkSt (st_obs (s j)) (Some (mkRS r' muddy)),
           None)
         else
          (mkSt (st_obs (s j))
             (Some
                (mkRS (state_round (st_rs (s j)))
                   undecided)), None))
     (state_round (st_rs (s k))) in
 (state_update MCVLSM s j si', om')) =
(state_update MCVLSM s j
   (mkSt
      (st_obs
         (mkSt (st_obs (s j))
            (Some
               (mkRS (state_round (st_rs (s j)))
                  undecided))))
      (Some
         (mkRS (state_round (st_rs (s k)) + 1)
            undecided))), None)
           by rewrite decide_True, decide_False, decide_True; [| lia.. |].
      *index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) destruct (decide (state_round (st_rs (s j)) = size (st_obs (s k)) - 1)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item)))
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) exists (Build_transition_item (T := composite_type MCVLSM) (existT k receive)
             (Some (mkMsg j (state_round (st_rs (s j))) undecided))
             (state_update MCVLSM s k (mkSt (st_obs (s k))
             (Some (mkRS (state_round (st_rs (s j)) + 1) muddy)))) None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 muddy)));
    output := None
  |}
∧ state_round_inc
    (destination
       {|
         l := existT k receive;
         input :=
           Some
             (mkMsg j (state_round (st_rs (s j)))
                undecided);
         destination :=
           state_update MCVLSM s k
             (mkSt (st_obs (s k))
                (Some
                   (mkRS
                      (state_round (st_rs (s j)) + 1)
                      muddy)));
         output := None
       |}
       (projT1
          (l
             {|
               l := existT k receive;
               input :=
                 Some
                   (mkMsg j
                      (state_round (st_rs (s j)))
                      undecided);
               destination :=
                 state_update MCVLSM s k
                   (mkSt (st_obs (s k))
                      (Some
                         (mkRS
                            (state_round (st_rs (s j)) +
                             1) muddy)));
               output := None
             |}))) >
  state_round_inc
    (s
       (projT1
          (l
             {|
               l := existT k receive;
               input :=
                 Some
                   (mkMsg j
                      (state_round (st_rs (s j)))
                      undecided);
               destination :=
                 state_update MCVLSM s k
                   (mkSt (st_obs (s k))
                      (Some
                         (mkRS
                            (state_round (st_rs (s j)) +
                             1) muddy)));
               output := None
             |})))
           cbn; state_update_simpl; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
           cut (input_valid_transition_item MC_composite_vlsm s
             (MC_transition_item_update s j k undecided
             (mkRS (state_round (st_rs (s j)) + 1) muddy))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT k receive;
      input :=
        Some
          (mkMsg j (state_round (st_rs (s j)))
             undecided);
      destination :=
        state_update MCVLSM s k
          (mkSt (st_obs (s k))
             (Some
                (mkRS (state_round (st_rs (s j)) + 1)
                   muddy)));
      output := None
    |}
  ∧ S (state_round (st_rs (s j)) + 1) >
    state_round_inc (s k)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
           {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT k receive;
      input :=
        Some
          (mkMsg j (state_round (st_rs (s j)))
             undecided);
      destination :=
        state_update MCVLSM s k
          (mkSt (st_obs (s k))
             (Some
                (mkRS (state_round (st_rs (s j)) + 1)
                   muddy)));
      output := None
    |}
  ∧ S (state_round (st_rs (s j)) + 1) >
    state_round_inc (s k)
             intros Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
             destruct (Ht) as [(_ & Hm & Hv & Hc) _].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hc: MC_constraint
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
             unfold MC_constraint, input in Hc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hc: let (x, l0) :=
  l
    (MC_transition_item_update s j k undecided
       (mkRS (state_round (st_rs (s j)) + 1)
          muddy)) in
match l0 with
| init => consistent s
| emit => True
| receive =>
    match
      (let (_, input, _, _) :=
         MC_transition_item_update s j k
           undecided
           (mkRS (state_round (st_rs (s j)) + 1)
              muddy) in
       input)
    with
    | Some m => MC_no_equivocation s m
    | None => True
    end
end
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
             apply MC_valid_noequiv_valid in Hc; cbn in Hc; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hc: valid_message_prop MC_composite_vlsm
  (mkMsg j (state_round (st_rs (s j))) undecided)
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
             destruct Hc as [Hroundj Hj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hroundj: state MC_composite_vlsm
Hj: valid_state_message_prop MC_composite_vlsm
  Hroundj
  (Some
     (mkMsg j (state_round (st_rs (s j)))
        undecided))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 muddy)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
             split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hroundj: state MC_composite_vlsm
Hj: valid_state_message_prop MC_composite_vlsm
  Hroundj
  (Some
     (mkMsg j (state_round (st_rs (s j)))
        undecided))
S (state_round (st_rs (s j)) + 1) >
state_round_inc (s k)
             apply MC_undecided_undecided_to_muddy_increase_round in Ht; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: state_round
  (st_rs
     (destination
        (MC_transition_item_update s j k
           undecided
           (mkRS (state_round (st_rs (s j)) + 1)
              muddy))
        (projT1
           (l
              (MC_transition_item_update s j k
                 undecided
                 (mkRS
                    (state_round (st_rs (s j)) +
                     1) muddy)))))) >
state_round
  (st_rs
     (s
        (projT1
           (l
              (MC_transition_item_update s j k
                 undecided
                 (mkRS
                    (state_round (st_rs (s j)) +
                     1) muddy))))))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hroundj: state MC_composite_vlsm
Hj: valid_state_message_prop MC_composite_vlsm
  Hroundj
  (Some
     (mkMsg j (state_round (st_rs (s j)))
        undecided))
S (state_round (st_rs (s j)) + 1) >
state_round_inc (s k)
             cbn in Ht; state_update_simpl; cbn in Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: state_round (st_rs (s j)) + 1 >
state_round (st_rs (s k))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hroundj: state MC_composite_vlsm
Hj: valid_state_message_prop MC_composite_vlsm
  Hroundj
  (Some
     (mkMsg j (state_round (st_rs (s j)))
        undecided))
S (state_round (st_rs (s j)) + 1) >
state_round_inc (s k)
             unfold state_round_inc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: state_round (st_rs (s j)) + 1 >
state_round (st_rs (s k))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           muddy)))
Hroundj: state MC_composite_vlsm
Hj: valid_state_message_prop MC_composite_vlsm
  Hroundj
  (Some
     (mkMsg j (state_round (st_rs (s j)))
        undecided))
S (state_round (st_rs (s j)) + 1) >
match st_rs (s k) with
| Some rs => S (rs_round rs)
| None => 0
end
             by case_match; cbn in Ht; lia.
           }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
           assert (Hnoequiv :  MC_no_equivocation s
             (mkMsg j (state_round (st_rs (s j))) undecided)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j))) undecided)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
           {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j))) undecided)
             by unfold MC_no_equivocation; repeat case_match; cbn in *;
               [left | contradict n; eexists; rewrite H10].
           }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
           pose proof (Hkundecided' := Hkundecided).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hkundecided': state_status (st_rs (s k)) = undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
           destruct (s k) eqn: Hsk in Hkundecided'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
st_rs0: option RoundStatus
Hsk: s k = mkSt st_obs0 st_rs0
Hkundecided': state_status
  (st_rs (mkSt st_obs0 st_rs0)) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
           destruct st_rs0; [| by contradict n; eexists; rewrite Hsk].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
r: RoundStatus
Hsk: s k = mkSt st_obs0 (Some r)
Hkundecided': state_status
  (st_rs (mkSt st_obs0 (Some r))) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
           destruct r as [rk stk].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) muddy))
           repeat split; cbn; [done | | | done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
MC_valid receive (s k)
  (Some
     (mkMsg j (state_round (st_rs (s j))) undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
(let (si', om') :=
   MC_transition k receive 
     (s k)
     (Some
        (mkMsg j (state_round (st_rs (s j))) undecided)) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt (st_obs (s k))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) muddy))),
 None)
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) undecided)) by eapply MC_valid_noequiv_valid.
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
MC_valid receive (s k)
  (Some
     (mkMsg j (state_round (st_rs (s j))) undecided)) by rewrite Hsk; constructor.
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
(let (si', om') :=
   MC_transition k receive (s k)
     (Some
        (mkMsg j (state_round (st_rs (s j))) undecided)) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt (st_obs (s k))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) muddy))),
 None) pose proof (Hkundecided'' := Hkundecided').index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided', Hkundecided'': state_status
  (st_rs
     (mkSt st_obs0
        (Some (mkRS rk stk)))) =
undecided
(let (si', om') :=
   MC_transition k receive (s k)
     (Some
        (mkMsg j (state_round (st_rs (s j))) undecided)) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt (st_obs (s k))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) muddy))),
 None)
              rewrite Hsk in Hkundecided |- *; cbn in Hkundecided; rewrite Hkundecided.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hkundecided: stk = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided', Hkundecided'': state_status
  (st_rs
     (mkSt st_obs0
        (Some (mkRS rk stk)))) =
undecided
(let (si', om') :=
   MC_transition k receive
     (mkSt st_obs0 (Some (mkRS rk undecided)))
     (Some
        (mkMsg j (state_round (st_rs (s j))) undecided)) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rk undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) muddy))),
 None)
              rewrite MC_transition_equation_7.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hkundecided: stk = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided', Hkundecided'': state_status
  (st_rs
     (mkSt st_obs0
        (Some (mkRS rk stk)))) =
undecided
(let (si', om') :=
   MC_transition_clause_5 k st_obs0 rk j
     (decide (j ∈ st_obs0))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rk undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) muddy))),
 None)
              unfold MC_transition_clause_5.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hkundecided: stk = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided', Hkundecided'': state_status
  (st_rs
     (mkSt st_obs0
        (Some (mkRS rk stk)))) =
undecided
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' < rk)
       then
        (mkSt st_obs0 (Some (mkRS rk undecided)), None)
       else
        if decide (rk <= r' < size st_obs0 - 1)
        then
         (mkSt st_obs0
            (Some (mkRS (r' + 1) undecided)), None)
        else
         if decide (r' = size st_obs0 - 1)
         then
          (mkSt st_obs0 (Some (mkRS (r' + 1) muddy)),
           None)
         else
          (mkSt st_obs0 (Some (mkRS rk undecided)),
           None)
    else
     λ r' : nat,
       if decide (r' ≤ rk)
       then
        (mkSt st_obs0 (Some (mkRS rk undecided)), None)
       else
        if decide (rk < r' < size st_obs0)
        then
         (mkSt st_obs0 (Some (mkRS r' undecided)),
          None)
        else
         if decide (r' = size st_obs0)
         then
          (mkSt st_obs0 (Some (mkRS r' muddy)), None)
         else
          (mkSt st_obs0 (Some (mkRS rk undecided)),
           None)) (state_round (st_rs (s j))) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rk undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) muddy))),
 None)
              replace st_obs0 with (st_obs (s k)); [| by rewrite Hsk].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hkundecided: stk = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided', Hkundecided'': state_status
  (st_rs
     (mkSt st_obs0
        (Some (mkRS rk stk)))) =
undecided
(let (si', om') :=
   (if decide (j ∈ st_obs (s k))
    then
     λ r' : nat,
       if decide (r' < rk)
       then
        (mkSt (st_obs (s k))
           (Some (mkRS rk undecided)), None)
       else
        if decide (rk <= r' < size (st_obs (s k)) - 1)
        then
         (mkSt (st_obs (s k))
            (Some (mkRS (r' + 1) undecided)), None)
        else
         if decide (r' = size (st_obs (s k)) - 1)
         then
          (mkSt (st_obs (s k))
             (Some (mkRS (r' + 1) muddy)), None)
         else
          (mkSt (st_obs (s k))
             (Some (mkRS rk undecided)), None)
    else
     λ r' : nat,
       if decide (r' ≤ rk)
       then
        (mkSt (st_obs (s k))
           (Some (mkRS rk undecided)), None)
       else
        if decide (rk < r' < size (st_obs (s k)))
        then
         (mkSt (st_obs (s k))
            (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size (st_obs (s k)))
         then
          (mkSt (st_obs (s k)) (Some (mkRS r' muddy)),
           None)
         else
          (mkSt (st_obs (s k))
             (Some (mkRS rk undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt
      (st_obs
         (mkSt (st_obs (s k))
            (Some (mkRS rk undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) muddy))),
 None)
              replace rk with (state_round (st_rs (s k))); [| by rewrite Hsk].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hkundecided: stk = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
e: state_round (st_rs (s j)) =
size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided', Hkundecided'': state_status
  (st_rs
     (mkSt st_obs0
        (Some (mkRS rk stk)))) =
undecided
(let (si', om') :=
   (if decide (j ∈ st_obs (s k))
    then
     λ r' : nat,
       if decide (r' < state_round (st_rs (s k)))
       then
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s k)))
                 undecided)), None)
       else
        if
         decide
           (state_round (st_rs (s k)) <= r' <
            size (st_obs (s k)) - 1)
        then
         (mkSt (st_obs (s k))
            (Some (mkRS (r' + 1) undecided)), None)
        else
         if decide (r' = size (st_obs (s k)) - 1)
         then
          (mkSt (st_obs (s k))
             (Some (mkRS (r' + 1) muddy)), None)
         else
          (mkSt (st_obs (s k))
             (Some
                (mkRS (state_round (st_rs (s k)))
                   undecided)), None)
    else
     λ r' : nat,
       if decide (r' ≤ state_round (st_rs (s k)))
       then
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s k)))
                 undecided)), None)
       else
        if
         decide
           (state_round (st_rs (s k)) < r' <
            size (st_obs (s k)))
        then
         (mkSt (st_obs (s k))
            (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size (st_obs (s k)))
         then
          (mkSt (st_obs (s k)) (Some (mkRS r' muddy)),
           None)
         else
          (mkSt (st_obs (s k))
             (Some
                (mkRS (state_round (st_rs (s k)))
                   undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt
      (st_obs
         (mkSt (st_obs (s k))
            (Some
               (mkRS (state_round (st_rs (s k)))
                  undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1) muddy))),
 None)
              by rewrite decide_True, decide_False, decide_False, decide_True; [| | lia.. |].
        --index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
length (enum index) > 1
→ ∃ item : composite_transition_item MCVLSM,
    input_valid_transition_item MC_composite_vlsm s
      item
    ∧ state_round_inc
        (destination item (projT1 (l item))) >
      state_round_inc (s (projT1 (l item))) exists (Build_transition_item (T := composite_type MCVLSM) (existT k receive)
             (Some (mkMsg j (state_round (st_rs (s j))) undecided))
             (state_update MCVLSM s k (mkSt (st_obs (s k))
             (Some (mkRS (state_round (st_rs (s j)) + 1) undecided)))) None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 undecided)));
    output := None
  |}
∧ state_round_inc
    (destination
       {|
         l := existT k receive;
         input :=
           Some
             (mkMsg j (state_round (st_rs (s j)))
                undecided);
         destination :=
           state_update MCVLSM s k
             (mkSt (st_obs (s k))
                (Some
                   (mkRS
                      (state_round (st_rs (s j)) + 1)
                      undecided)));
         output := None
       |}
       (projT1
          (l
             {|
               l := existT k receive;
               input :=
                 Some
                   (mkMsg j
                      (state_round (st_rs (s j)))
                      undecided);
               destination :=
                 state_update MCVLSM s k
                   (mkSt (st_obs (s k))
                      (Some
                         (mkRS
                            (state_round (st_rs (s j)) +
                             1) undecided)));
               output := None
             |}))) >
  state_round_inc
    (s
       (projT1
          (l
             {|
               l := existT k receive;
               input :=
                 Some
                   (mkMsg j
                      (state_round (st_rs (s j)))
                      undecided);
               destination :=
                 state_update MCVLSM s k
                   (mkSt (st_obs (s k))
                      (Some
                         (mkRS
                            (state_round (st_rs (s j)) +
                             1) undecided)));
               output := None
             |})))
           cbn; state_update_simpl; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
           cut (input_valid_transition_item MC_composite_vlsm s
             (MC_transition_item_update s j k undecided
             (mkRS (state_round (st_rs (s j)) + 1) undecided))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) undecided))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT k receive;
      input :=
        Some
          (mkMsg j (state_round (st_rs (s j)))
             undecided);
      destination :=
        state_update MCVLSM s k
          (mkSt (st_obs (s k))
             (Some
                (mkRS (state_round (st_rs (s j)) + 1)
                   undecided)));
      output := None
    |}
  ∧ S (state_round (st_rs (s j)) + 1) >
    state_round_inc (s k)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) undecided))
           {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) undecided))
→ input_valid_transition_item MC_composite_vlsm s
    {|
      l := existT k receive;
      input :=
        Some
          (mkMsg j (state_round (st_rs (s j)))
             undecided);
      destination :=
        state_update MCVLSM s k
          (mkSt (st_obs (s k))
             (Some
                (mkRS (state_round (st_rs (s j)) + 1)
                   undecided)));
      output := None
    |}
  ∧ S (state_round (st_rs (s j)) + 1) >
    state_round_inc (s k)
             intros Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1)
        undecided))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
             destruct (Ht) as [(_ & Hm & Hv & Hc) _].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hc: MC_constraint
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
             unfold MC_constraint, input in Hc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hc: let (x, l0) :=
  l
    (MC_transition_item_update s j k undecided
       (mkRS (state_round (st_rs (s j)) + 1)
          undecided)) in
match l0 with
| init => consistent s
| emit => True
| receive =>
    match
      (let (_, input, _, _) :=
         MC_transition_item_update s j k
           undecided
           (mkRS (state_round (st_rs (s j)) + 1)
              undecided) in
       input)
    with
    | Some m => MC_no_equivocation s m
    | None => True
    end
end
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
             apply MC_valid_noequiv_valid in Hc; cbn in Hc; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hc: valid_message_prop MC_composite_vlsm
  (mkMsg j (state_round (st_rs (s j))) undecided)
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
             destruct Hc as [Hroundj Hj].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hroundj: state MC_composite_vlsm
Hj: valid_state_message_prop MC_composite_vlsm
  Hroundj
  (Some
     (mkMsg j (state_round (st_rs (s j)))
        undecided))
input_valid_transition_item MC_composite_vlsm s
  {|
    l := existT k receive;
    input :=
      Some
        (mkMsg j (state_round (st_rs (s j))) undecided);
    destination :=
      state_update MCVLSM s k
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s j)) + 1)
                 undecided)));
    output := None
  |}
∧ S (state_round (st_rs (s j)) + 1) >
  state_round_inc (s k)
             split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1)
        undecided))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hroundj: state MC_composite_vlsm
Hj: valid_state_message_prop MC_composite_vlsm
  Hroundj
  (Some
     (mkMsg j (state_round (st_rs (s j)))
        undecided))
S (state_round (st_rs (s j)) + 1) >
state_round_inc (s k)
             apply MC_undecided_undecided_increase_round in Ht;
               [| done.. | by cbn in *; lia].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: state_round
  (st_rs
     (destination
        (MC_transition_item_update s j k
           undecided
           (mkRS (state_round (st_rs (s j)) + 1)
              undecided))
        (projT1
           (l
              (MC_transition_item_update s j k
                 undecided
                 (mkRS
                    (state_round (st_rs (s j)) +
                     1) undecided)))))) >
state_round
  (st_rs
     (s
        (projT1
           (l
              (MC_transition_item_update s j k
                 undecided
                 (mkRS
                    (state_round (st_rs (s j)) +
                     1) undecided))))))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hroundj: state MC_composite_vlsm
Hj: valid_state_message_prop MC_composite_vlsm
  Hroundj
  (Some
     (mkMsg j (state_round (st_rs (s j)))
        undecided))
S (state_round (st_rs (s j)) + 1) >
state_round_inc (s k)
             unfold state_round_inc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: state_round
  (st_rs
     (destination
        (MC_transition_item_update s j k
           undecided
           (mkRS (state_round (st_rs (s j)) + 1)
              undecided))
        (projT1
           (l
              (MC_transition_item_update s j k
                 undecided
                 (mkRS
                    (state_round (st_rs (s j)) +
                     1) undecided)))))) >
state_round
  (st_rs
     (s
        (projT1
           (l
              (MC_transition_item_update s j k
                 undecided
                 (mkRS
                    (state_round (st_rs (s j)) +
                     1) undecided))))))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hroundj: state MC_composite_vlsm
Hj: valid_state_message_prop MC_composite_vlsm
  Hroundj
  (Some
     (mkMsg j (state_round (st_rs (s j)))
        undecided))
S (state_round (st_rs (s j)) + 1) >
match st_rs (s k) with
| Some rs => S (rs_round rs)
| None => 0
end
             cbn in Ht; state_update_simpl; cbn in Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Ht: state_round (st_rs (s j)) + 1 >
state_round (st_rs (s k))
Hm: option_valid_message_prop MC_composite_vlsm
  (input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hv: valid
  (l
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
  (s,
   input
     (MC_transition_item_update s j k undecided
        (mkRS (state_round (st_rs (s j)) + 1)
           undecided)))
Hroundj: state MC_composite_vlsm
Hj: valid_state_message_prop MC_composite_vlsm
  Hroundj
  (Some
     (mkMsg j (state_round (st_rs (s j)))
        undecided))
S (state_round (st_rs (s j)) + 1) >
match st_rs (s k) with
| Some rs => S (rs_round rs)
| None => 0
end
             by case_match; cbn in Ht; lia.
           }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) undecided))
           assert (Hnoequiv :  MC_no_equivocation s
             (mkMsg j (state_round (st_rs (s j))) undecided)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j))) undecided)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) undecided))
           {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j))) undecided)
             unfold MC_no_equivocation; repeat case_match; cbn in n1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
st_obs0: indexSet
st_rs0: option RoundStatus
r: RoundStatus
rs_round0: nat
rs_status0: ChildStatus
H12: r = mkRS rs_round0 rs_status0
H11: st_rs0 = Some (mkRS rs_round0 rs_status0)
H10: s j =
mkSt st_obs0 (Some (mkRS rs_round0 rs_status0))
Hkobs: k
∈ st_obs
    (mkSt st_obs0
       (Some (mkRS rs_round0 rs_status0)))
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status
  (st_rs
     (mkSt st_obs0
        (Some
           (mkRS rs_round0 rs_status0)))) =
undecided
Hjinvariant: state_round
  (st_rs
     (mkSt st_obs0
        (Some
           (mkRS rs_round0 rs_status0)))) <
size
  (st_obs
     (mkSt st_obs0
        (Some
           (mkRS rs_round0 rs_status0))))
Hjk_eq_size_muddy: size
  (st_obs
     (mkSt st_obs0
        (Some
           (mkRS rs_round0
              rs_status0)))) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ rs_round0 < state_round (st_rs (s k))
n2: state_round
  (st_rs
     (mkSt st_obs0
        (Some (mkRS rs_round0 rs_status0))))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
undecided = rs_status0
∧ state_round
    (st_rs
       (mkSt st_obs0
          (Some (mkRS rs_round0 rs_status0)))) =
  rs_round0
∨ undecided = undecided
  ∧ state_round
      (st_rs
         (mkSt st_obs0
            (Some (mkRS rs_round0 rs_status0)))) <
    rs_round0
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
st_obs0: indexSet
st_rs0: option RoundStatus
H11: st_rs0 = None
H10: s j = mkSt st_obs0 None
Hkobs: k ∈ st_obs (mkSt st_obs0 None)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (mkSt st_obs0 None)) =
undecided
Hjinvariant: state_round (st_rs (mkSt st_obs0 None)) <
size (st_obs (mkSt st_obs0 None))
Hjk_eq_size_muddy: size (st_obs (mkSt st_obs0 None)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ 0 < state_round (st_rs (s k))
n2: state_round (st_rs (mkSt st_obs0 None))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
False
             -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
st_obs0: indexSet
st_rs0: option RoundStatus
r: RoundStatus
rs_round0: nat
rs_status0: ChildStatus
H12: r = mkRS rs_round0 rs_status0
H11: st_rs0 = Some (mkRS rs_round0 rs_status0)
H10: s j =
mkSt st_obs0 (Some (mkRS rs_round0 rs_status0))
Hkobs: k
∈ st_obs
    (mkSt st_obs0
       (Some (mkRS rs_round0 rs_status0)))
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status
  (st_rs
     (mkSt st_obs0
        (Some
           (mkRS rs_round0 rs_status0)))) =
undecided
Hjinvariant: state_round
  (st_rs
     (mkSt st_obs0
        (Some
           (mkRS rs_round0 rs_status0)))) <
size
  (st_obs
     (mkSt st_obs0
        (Some
           (mkRS rs_round0 rs_status0))))
Hjk_eq_size_muddy: size
  (st_obs
     (mkSt st_obs0
        (Some
           (mkRS rs_round0
              rs_status0)))) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ rs_round0 < state_round (st_rs (s k))
n2: state_round
  (st_rs
     (mkSt st_obs0
        (Some (mkRS rs_round0 rs_status0))))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
undecided = rs_status0
∧ state_round
    (st_rs
       (mkSt st_obs0
          (Some (mkRS rs_round0 rs_status0)))) =
  rs_round0
∨ undecided = undecided
  ∧ state_round
      (st_rs
         (mkSt st_obs0
            (Some (mkRS rs_round0 rs_status0)))) <
    rs_round0 by rewrite <- H10; left; rewrite H10.
             -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
st_obs0: indexSet
st_rs0: option RoundStatus
H11: st_rs0 = None
H10: s j = mkSt st_obs0 None
Hkobs: k ∈ st_obs (mkSt st_obs0 None)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (mkSt st_obs0 None)) =
undecided
Hjinvariant: state_round (st_rs (mkSt st_obs0 None)) <
size (st_obs (mkSt st_obs0 None))
Hjk_eq_size_muddy: size (st_obs (mkSt st_obs0 None)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ 0 < state_round (st_rs (s k))
n2: state_round (st_rs (mkSt st_obs0 None))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
False by contradict n; eexists; rewrite H10.
           }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) undecided))
           pose proof (Hkundecided' := Hkundecided).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hkundecided': state_status (st_rs (s k)) = undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) undecided))
           destruct (s k) eqn: Hsk in Hkundecided'.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
st_rs0: option RoundStatus
Hsk: s k = mkSt st_obs0 st_rs0
Hkundecided': state_status
  (st_rs (mkSt st_obs0 st_rs0)) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) undecided))
           destruct st_rs0; [| by contradict n; eexists; rewrite Hsk].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
r: RoundStatus
Hsk: s k = mkSt st_obs0 (Some r)
Hkundecided': state_status
  (st_rs (mkSt st_obs0 (Some r))) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) undecided))
           destruct r as [rk stk].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
input_valid_transition_item MC_composite_vlsm s
  (MC_transition_item_update s j k undecided
     (mkRS (state_round (st_rs (s j)) + 1) undecided))
           repeat split; cbn; [done | | | done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
MC_valid receive (s k)
  (Some
     (mkMsg j (state_round (st_rs (s j))) undecided))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
(let (si', om') :=
   MC_transition k receive 
     (s k)
     (Some
        (mkMsg j (state_round (st_rs (s j))) undecided)) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt (st_obs (s k))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1)
            undecided))), None)
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
option_valid_message_prop MC_composite_vlsm
  (Some
     (mkMsg j (state_round (st_rs (s j))) undecided)) by eapply MC_valid_noequiv_valid.
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
MC_valid receive (s k)
  (Some
     (mkMsg j (state_round (st_rs (s j))) undecided)) by rewrite Hsk; constructor.
           ++index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
(let (si', om') :=
   MC_transition k receive (s k)
     (Some
        (mkMsg j (state_round (st_rs (s j))) undecided)) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt (st_obs (s k))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1)
            undecided))), None) pose proof (Hjundecided' := Hjundecided).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
Hkundecided: state_status (st_rs (s k)) = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
Hjundecided': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   MC_transition k receive (s k)
     (Some
        (mkMsg j (state_round (st_rs (s j))) undecided)) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt (st_obs (s k))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1)
            undecided))), None)
              rewrite Hsk in Hkundecided |- *; cbn in Hkundecided; rewrite Hkundecided.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hkundecided: stk = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
Hjundecided': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   MC_transition k receive
     (mkSt st_obs0 (Some (mkRS rk undecided)))
     (Some
        (mkMsg j (state_round (st_rs (s j))) undecided)) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rk undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1)
            undecided))), None)
              rewrite MC_transition_equation_7.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hkundecided: stk = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
Hjundecided': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   MC_transition_clause_5 k st_obs0 rk j
     (decide (j ∈ st_obs0))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rk undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1)
            undecided))), None)
              unfold MC_transition_clause_5.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hkundecided: stk = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
Hjundecided': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   (if decide (j ∈ st_obs0)
    then
     λ r' : nat,
       if decide (r' < rk)
       then
        (mkSt st_obs0 (Some (mkRS rk undecided)), None)
       else
        if decide (rk <= r' < size st_obs0 - 1)
        then
         (mkSt st_obs0
            (Some (mkRS (r' + 1) undecided)), None)
        else
         if decide (r' = size st_obs0 - 1)
         then
          (mkSt st_obs0 (Some (mkRS (r' + 1) muddy)),
           None)
         else
          (mkSt st_obs0 (Some (mkRS rk undecided)),
           None)
    else
     λ r' : nat,
       if decide (r' ≤ rk)
       then
        (mkSt st_obs0 (Some (mkRS rk undecided)), None)
       else
        if decide (rk < r' < size st_obs0)
        then
         (mkSt st_obs0 (Some (mkRS r' undecided)),
          None)
        else
         if decide (r' = size st_obs0)
         then
          (mkSt st_obs0 (Some (mkRS r' muddy)), None)
         else
          (mkSt st_obs0 (Some (mkRS rk undecided)),
           None)) (state_round (st_rs (s j))) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt
      (st_obs
         (mkSt st_obs0 (Some (mkRS rk undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1)
            undecided))), None)
              replace st_obs0 with (st_obs (s k)); [| by rewrite Hsk].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hkundecided: stk = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
Hjundecided': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   (if decide (j ∈ st_obs (s k))
    then
     λ r' : nat,
       if decide (r' < rk)
       then
        (mkSt (st_obs (s k))
           (Some (mkRS rk undecided)), None)
       else
        if decide (rk <= r' < size (st_obs (s k)) - 1)
        then
         (mkSt (st_obs (s k))
            (Some (mkRS (r' + 1) undecided)), None)
        else
         if decide (r' = size (st_obs (s k)) - 1)
         then
          (mkSt (st_obs (s k))
             (Some (mkRS (r' + 1) muddy)), None)
         else
          (mkSt (st_obs (s k))
             (Some (mkRS rk undecided)), None)
    else
     λ r' : nat,
       if decide (r' ≤ rk)
       then
        (mkSt (st_obs (s k))
           (Some (mkRS rk undecided)), None)
       else
        if decide (rk < r' < size (st_obs (s k)))
        then
         (mkSt (st_obs (s k))
            (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size (st_obs (s k)))
         then
          (mkSt (st_obs (s k)) (Some (mkRS r' muddy)),
           None)
         else
          (mkSt (st_obs (s k))
             (Some (mkRS rk undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt
      (st_obs
         (mkSt (st_obs (s k))
            (Some (mkRS rk undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1)
            undecided))), None)
              replace rk with (state_round (st_rs (s k))); [| by rewrite Hsk].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
Hnoninit: ¬ composite_initial_state_prop MCVLSM s
i: index
Hi: ¬ state_status (st_rs (s i)) ≠ undecided
n: ¬ (∃ i : index, MC_initial_state_prop (s i))
Hundecided: state_status (st_rs (s i)) = undecided
Hmuddy: MuddyUnion s ≢ ∅
Hobs: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
n0: ¬ (∃ j : index,
     state_status (st_rs (s j)) = muddy)
j: index
Hjmuddyunion: j ∈ MuddyUnion s
Hvalid': MC_composite_invariant_inductive s
k: index
Hkobs: k ∈ st_obs (s j)
st_obs0: indexSet
rk: nat
stk: ChildStatus
Hkundecided: stk = undecided
Hkinvariant: state_round (st_rs (s k)) <
size (st_obs (s k))
Hjundecided: state_status (st_rs (s j)) = undecided
Hjinvariant: state_round (st_rs (s j)) <
size (st_obs (s j))
Hjk_eq_size_muddy: size (st_obs (s j)) =
size (st_obs (s k))
Hjobs: j ∈ st_obs (s k)
n1: ¬ state_round (st_rs (s j)) <
  state_round (st_rs (s k))
n2: state_round (st_rs (s j))
≠ size (st_obs (s k)) - 1
H9: length (enum index) > 1
Hnoequiv: MC_no_equivocation s
  (mkMsg j (state_round (st_rs (s j)))
     undecided)
Hsk: s k = mkSt st_obs0 (Some (mkRS rk stk))
Hkundecided': state_status
  (st_rs
     (mkSt st_obs0 (Some (mkRS rk stk)))) =
undecided
Hjundecided': state_status (st_rs (s j)) = undecided
(let (si', om') :=
   (if decide (j ∈ st_obs (s k))
    then
     λ r' : nat,
       if decide (r' < state_round (st_rs (s k)))
       then
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s k)))
                 undecided)), None)
       else
        if
         decide
           (state_round (st_rs (s k)) <= r' <
            size (st_obs (s k)) - 1)
        then
         (mkSt (st_obs (s k))
            (Some (mkRS (r' + 1) undecided)), None)
        else
         if decide (r' = size (st_obs (s k)) - 1)
         then
          (mkSt (st_obs (s k))
             (Some (mkRS (r' + 1) muddy)), None)
         else
          (mkSt (st_obs (s k))
             (Some
                (mkRS (state_round (st_rs (s k)))
                   undecided)), None)
    else
     λ r' : nat,
       if decide (r' ≤ state_round (st_rs (s k)))
       then
        (mkSt (st_obs (s k))
           (Some
              (mkRS (state_round (st_rs (s k)))
                 undecided)), None)
       else
        if
         decide
           (state_round (st_rs (s k)) < r' <
            size (st_obs (s k)))
        then
         (mkSt (st_obs (s k))
            (Some (mkRS r' undecided)), None)
        else
         if decide (r' = size (st_obs (s k)))
         then
          (mkSt (st_obs (s k)) (Some (mkRS r' muddy)),
           None)
         else
          (mkSt (st_obs (s k))
             (Some
                (mkRS (state_round (st_rs (s k)))
                   undecided)), None))
     (state_round (st_rs (s j))) in
 (state_update MCVLSM s k si', om')) =
(state_update MCVLSM s k
   (mkSt
      (st_obs
         (mkSt (st_obs (s k))
            (Some
               (mkRS (state_round (st_rs (s k)))
                  undecided))))
      (Some
         (mkRS (state_round (st_rs (s j)) + 1)
            undecided))), None)
              by rewrite decide_True, decide_False, decide_True; [| lia.. |].
Qed.

Safety

Lemma MC_round_bound (s : composite_state MCVLSM) :
  valid_state_prop MC_composite_vlsm s ->
  forall (i : index), state_round_inc (s i) <= size (st_obs (s i)) + 1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
valid_state_prop MC_composite_vlsm s
→ ∀ i : index,
    state_round_inc (s i) ≤ size (st_obs (s i)) + 1
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
valid_state_prop MC_composite_vlsm s
→ ∀ i : index,
    state_round_inc (s i) ≤ size (st_obs (s i)) + 1
  intros Hvalid i.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: valid_state_prop MC_composite_vlsm s
i: index
state_round_inc (s i) ≤ size (st_obs (s i)) + 1
  apply MC_composite_invariant_preservation in Hvalid.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: MC_composite_invariant s
i: index
state_round_inc (s i) ≤ size (st_obs (s i)) + 1
  unfold MC_composite_invariant in Hvalid.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: ∀ i : index,
  initial_state_prop (s i)
  ∨ MC_component_invariant s i
i: index
state_round_inc (s i) ≤ size (st_obs (s i)) + 1
  unfold state_round_inc.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: ∀ i : index,
  initial_state_prop (s i)
  ∨ MC_component_invariant s i
i: index
match st_rs (s i) with
| Some rs => S (rs_round rs)
| None => 0
end ≤ size (st_obs (s i)) + 1
  destruct (Hvalid i) as [Hinit | Hinv].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: ∀ i : index,
  initial_state_prop (s i)
  ∨ MC_component_invariant s i
i: index
Hinit: initial_state_prop (s i)
match st_rs (s i) with
| Some rs => S (rs_round rs)
| None => 0
end ≤ size (st_obs (s i)) + 1
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: ∀ i : index,
  initial_state_prop (s i)
  ∨ MC_component_invariant s i
i: index
Hinv: MC_component_invariant s i
match st_rs (s i) with
| Some rs => S (rs_round rs)
| None => 0
end ≤ size (st_obs (s i)) + 1
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: ∀ i : index,
  initial_state_prop (s i)
  ∨ MC_component_invariant s i
i: index
Hinit: initial_state_prop (s i)
match st_rs (s i) with
| Some rs => S (rs_round rs)
| None => 0
end ≤ size (st_obs (s i)) + 1 cbn in Hinit; unfold MC_initial_state_prop in Hinit.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: ∀ i : index,
  initial_state_prop (s i)
  ∨ MC_component_invariant s i
i: index
Hinit: st_rs (s i) = None
match st_rs (s i) with
| Some rs => S (rs_round rs)
| None => 0
end ≤ size (st_obs (s i)) + 1
    rewrite Hinit.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: ∀ i : index,
  initial_state_prop (s i)
  ∨ MC_component_invariant s i
i: index
Hinit: st_rs (s i) = None
0 ≤ size (st_obs (s i)) + 1
    by lia.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: ∀ i : index,
  initial_state_prop (s i)
  ∨ MC_component_invariant s i
i: index
Hinv: MC_component_invariant s i
match st_rs (s i) with
| Some rs => S (rs_round rs)
| None => 0
end ≤ size (st_obs (s i)) + 1 unfold MC_component_invariant, MC_component_invariant_helper in Hinv.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: ∀ i : index,
  initial_state_prop (s i)
  ∨ MC_component_invariant s i
i: index
Hinv: match state_status (st_rs (s i)) with
| undecided =>
    state_round (st_rs (s i)) <
    size (st_obs (s i))
| muddy =>
    state_round (st_rs (s i)) =
    size (st_obs (s i))
    ∧ size (MuddyUnion s) - 1 =
      size (st_obs (s i))
| clean =>
    state_round (st_rs (s i)) =
    size (st_obs (s i))
    ∧ size (MuddyUnion s) = size (st_obs (s i))
end
match st_rs (s i) with
| Some rs => S (rs_round rs)
| None => 0
end ≤ size (st_obs (s i)) + 1
    destruct (st_rs (s i)) as [[round status] |]; cbn in *; [| by lia].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hvalid: ∀ i : index,
  MC_initial_state_prop (s i)
  ∨ MC_component_invariant s i
i: index
round: nat
status: ChildStatus
Hinv: match status with
| undecided => round < size (st_obs (s i))
| muddy =>
    round = size (st_obs (s i))
    ∧ size (MuddyUnion s) - 1 =
      size (st_obs (s i))
| clean =>
    round = size (st_obs (s i))
    ∧ size (MuddyUnion s) = size (st_obs (s i))
end
S round ≤ size (st_obs (s i)) + 1
    by destruct status; lia.
Qed.

Definition steps_until_final_component (s : State) : nat :=
  size (st_obs s) + 1 - state_round_inc s.

Definition steps_until_final_composite (s : composite_state MCVLSM) : nat :=
  sum_list_with (fun i => steps_until_final_component (s i)) (enum index).

The main result states that, from any non-initial valid state, there is a trace to a final state.

Theorem MC_safety (Hindex : length (enum index) > 1) (s : composite_state MCVLSM) :
  MC_non_initial_valid_state s ->
  exists (tr : list (composite_transition_item MCVLSM)) (sf : composite_state MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr /\ MC_final_state sf.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
MC_non_initial_valid_state s
→ ∃ (tr : list (composite_transition_item MCVLSM)) 
    (sf : composite_state MCVLSM),
    finite_valid_trace_from_to MC_composite_vlsm s sf
      tr ∧ MC_final_state sf
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
MC_non_initial_valid_state s
→ ∃ (tr : list (composite_transition_item MCVLSM)) 
    (sf : composite_state MCVLSM),
    finite_valid_trace_from_to MC_composite_vlsm s sf
      tr ∧ MC_final_state sf
  remember (steps_until_final_composite s) as nr_steps.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
nr_steps: nat
Heqnr_steps: nr_steps = steps_until_final_composite s
MC_non_initial_valid_state s
→ ∃ (tr : list (composite_transition_item MCVLSM)) 
    (sf : composite_state MCVLSM),
    finite_valid_trace_from_to MC_composite_vlsm s sf
      tr ∧ MC_final_state sf
  revert s Heqnr_steps.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
∀ s : composite_state MCVLSM,
  nr_steps = steps_until_final_composite s
  → MC_non_initial_valid_state s
    → ∃ (tr : list (composite_transition_item MCVLSM)) 
        (sf : composite_state MCVLSM),
        finite_valid_trace_from_to MC_composite_vlsm s
          sf tr ∧ MC_final_state sf
  induction nr_steps as [nr_steps Hind] using (well_founded_induction Wf_nat.lt_wf).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
∀ s : composite_state MCVLSM,
  nr_steps = steps_until_final_composite s
  → MC_non_initial_valid_state s
    → ∃ (tr : list (composite_transition_item MCVLSM)) 
        (sf : composite_state MCVLSM),
        finite_valid_trace_from_to MC_composite_vlsm s
          sf tr ∧ MC_final_state sf
  intros ? ? Hnoninitvalid.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  destruct (decide (MC_final_state s));
    [by exists [], s; constructor; [constructor; apply Hnoninitvalid |] |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  pose proof (Hrounds := MC_round_bound s (proj1 Hnoninitvalid)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  apply MC_progress in Hnoninitvalid as Hprogress; [| done..].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
Hprogress: ∃ item : composite_transition_item MCVLSM,
  let i := projT1 (l item) in
  input_valid_transition_item
    MC_composite_vlsm s item
  ∧ state_round_inc (destination item i) >
    state_round_inc (s i)
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  destruct Hprogress as (item & Hitem & Hround).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  apply input_valid_transition_destination in Hitem as Hdest.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  pose proof (Hrounddest := MC_round_bound (destination item) Hdest).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
Hrounddest: ∀ i : index,
  state_round_inc (destination item i)
  ≤ size (st_obs (destination item i)) +
    1
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  assert (Hdestvalid : MC_non_initial_valid_state (destination item)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
Hrounddest: ∀ i : index,
  state_round_inc (destination item i)
  ≤ size (st_obs (destination item i)) +
    1
MC_non_initial_valid_state (destination item)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
Hrounddest: ∀ i : index,
  state_round_inc (destination item i)
  ≤ size (st_obs (destination item i)) +
    1
Hdestvalid: MC_non_initial_valid_state
  (destination item)
∃ (tr : list (composite_transition_item MCVLSM)) 
  (sf : composite_state MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
Hrounddest: ∀ i : index,
  state_round_inc (destination item i)
  ≤ size (st_obs (destination item i)) +
    1
MC_non_initial_valid_state (destination item)
    destruct item, l; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hitem: input_valid_transition_item MC_composite_vlsm
  s
  {|
    l := existT x l;
    input := input;
    destination := destination;
    output := output
  |}
Hround: state_round_inc (destination x) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
MC_non_initial_valid_state destination
    split; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hitem: input_valid_transition_item MC_composite_vlsm
  s
  {|
    l := existT x l;
    input := input;
    destination := destination;
    output := output
  |}
Hround: state_round_inc (destination x) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
¬ composite_initial_state_prop MCVLSM destination
    intros Hinit.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hitem: input_valid_transition_item MC_composite_vlsm
  s
  {|
    l := existT x l;
    input := input;
    destination := destination;
    output := output
  |}
Hround: state_round_inc (destination x) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
Hinit: composite_initial_state_prop MCVLSM
  destination
False
    specialize (Hinit x).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hitem: input_valid_transition_item MC_composite_vlsm
  s
  {|
    l := existT x l;
    input := input;
    destination := destination;
    output := output
  |}
Hround: state_round_inc (destination x) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
Hinit: initial_state_prop (destination x)
False
    cbn in Hinit; unfold MC_initial_state_prop in Hinit.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hitem: input_valid_transition_item MC_composite_vlsm
  s
  {|
    l := existT x l;
    input := input;
    destination := destination;
    output := output
  |}
Hround: state_round_inc (destination x) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
Hinit: st_rs (destination x) = None
False
    destruct (destination x); cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hitem: input_valid_transition_item MC_composite_vlsm
  s
  {|
    l := existT x l;
    input := input;
    destination := destination;
    output := output
  |}
st_obs0: indexSet
st_rs0: option RoundStatus
Hround: state_round_inc (mkSt st_obs0 st_rs0) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
Hinit: st_rs0 = None
False
    unfold state_round_inc in Hround; cbn in Hround; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
Hind: ∀ y : nat,
  y < steps_until_final_composite s
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hitem: input_valid_transition_item MC_composite_vlsm
  s
  {|
    l := existT x l;
    input := input;
    destination := destination;
    output := output
  |}
st_obs0: indexSet
Hround: 0 >
match st_rs (s x) with
| Some rs => S (rs_round rs)
| None => 0
end
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
False
    by lia.
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
Hrounddest: ∀ i : index,
  state_round_inc (destination item i)
  ≤ size (st_obs (destination item i)) +
    1
Hdestvalid: MC_non_initial_valid_state
  (destination item)
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  eapply Hind in Hdestvalid; [.. | done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
Hrounddest: ∀ i : index,
  state_round_inc (destination item i)
  ≤ size (st_obs (destination item i)) +
    1
Hdestvalid: ∃ (tr : list
          (composite_transition_item
             MCVLSM)) (sf : 
                       composite_state
                       MCVLSM),
  finite_valid_trace_from_to
    MC_composite_vlsm (destination item)
    sf tr ∧ MC_final_state sf
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
Hrounddest: ∀ i : index,
  state_round_inc (destination item i)
  ≤ size (st_obs (destination item i)) +
    1
Hdestvalid: MC_non_initial_valid_state
  (destination item)
steps_until_final_composite (destination item) <
nr_steps
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
Hrounddest: ∀ i : index,
  state_round_inc (destination item i)
  ≤ size (st_obs (destination item i)) +
    1
Hdestvalid: ∃ (tr : list
          (composite_transition_item
             MCVLSM)) (sf : 
                       composite_state
                       MCVLSM),
  finite_valid_trace_from_to
    MC_composite_vlsm (destination item)
    sf tr ∧ MC_final_state sf
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    destruct Hdestvalid as (tr & sf & Htr & Hsf).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
Hrounddest: ∀ i : index,
  state_round_inc (destination item i)
  ≤ size (st_obs (destination item i)) +
    1
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (destination item) sf tr
Hsf: MC_final_state sf
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_from_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    by exists (item :: tr), sf; split; [destruct item; constructor |].
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
item: composite_transition_item MCVLSM
Hitem: input_valid_transition_item MC_composite_vlsm
  s item
Hround: state_round_inc
  (destination item (projT1 (l item))) >
state_round_inc (s (projT1 (l item)))
Hdest: valid_state_prop MC_composite_vlsm
  (destination item)
Hrounddest: ∀ i : index,
  state_round_inc (destination item i)
  ≤ size (st_obs (destination item i)) +
    1
Hdestvalid: MC_non_initial_valid_state
  (destination item)
steps_until_final_composite (destination item) <
nr_steps
  destruct item, l; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hitem: input_valid_transition_item MC_composite_vlsm
  s
  {|
    l := existT x l;
    input := input;
    destination := destination;
    output := output
  |}
Hround: state_round_inc (destination x) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
Hdestvalid: MC_non_initial_valid_state destination
steps_until_final_composite destination < nr_steps
  destruct Hitem as [Hv Ht].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hv: input_valid MC_composite_vlsm
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: transition
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hround: state_round_inc (destination x) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
Hdestvalid: MC_non_initial_valid_state destination
steps_until_final_composite destination < nr_steps
  unfold transition in Ht.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hv: input_valid MC_composite_vlsm
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
Ht: (let
   (initial_state_prop, initial_state, _,
    initial_message_prop, initial_message,
    transition, _) :=
   vlsm_machine MC_composite_vlsm in
 transition)
  (VLSM.l
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |})
  (s,
   VLSM.input
     {|
       l := existT x l;
       input := input;
       destination := destination;
       output := output
     |}) =
(VLSM.destination
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |},
 VLSM.output
   {|
     l := existT x l;
     input := input;
     destination := destination;
     output := output
   |})
Hround: state_round_inc (destination x) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
Hdestvalid: MC_non_initial_valid_state destination
steps_until_final_composite destination < nr_steps
  apply MC_trans_preserves_obs_equiv in Ht as Hobs; cbn in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hv: valid_state_prop MC_composite_vlsm s
∧ option_valid_message_prop MC_composite_vlsm
    input
  ∧ MC_valid l (s x) input
    ∧ match l with
      | init => consistent s
      | emit => True
      | receive =>
          match input with
          | Some m => MC_no_equivocation s m
          | None => True
          end
      end
Ht: (let (si', om') :=
   MC_transition x l (s x) input in
 (state_update MCVLSM s x si', om')) =
(destination, output)
Hround: state_round_inc (destination x) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
Hdestvalid: MC_non_initial_valid_state destination
Hobs: MC_obs_equivalence s destination
steps_until_final_composite destination < nr_steps
  destruct (MC_transition x l (s x)) eqn: Htx.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
nr_steps: nat
Hind: ∀ y : nat,
  y < nr_steps
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
s: composite_state MCVLSM
Heqnr_steps: nr_steps = steps_until_final_composite s
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input: option Message
destination: composite_state MCVLSM
output: option Message
Hv: valid_state_prop MC_composite_vlsm s
∧ option_valid_message_prop MC_composite_vlsm
    input
  ∧ MC_valid l (s x) input
    ∧ match l with
      | init => consistent s
      | emit => True
      | receive =>
          match input with
          | Some m => MC_no_equivocation s m
          | None => True
          end
      end
s0: State
o: option Message
Htx: MC_transition x l (s x) input = (s0, o)
Ht: (state_update MCVLSM s x s0, o) =
(destination, output)
Hround: state_round_inc (destination x) >
state_round_inc (s x)
Hdest: valid_state_prop MC_composite_vlsm destination
Hrounddest: ∀ i : index,
  state_round_inc (destination i)
  ≤ size (st_obs (destination i)) + 1
Hdestvalid: MC_non_initial_valid_state destination
Hobs: MC_obs_equivalence s destination
steps_until_final_composite destination < nr_steps
  inversion Ht; subst.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
Hind: ∀ y : nat,
  y < steps_until_final_composite s
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input, output: option Message
Hv: valid_state_prop MC_composite_vlsm s
∧ option_valid_message_prop MC_composite_vlsm
    input
  ∧ MC_valid l (s x) input
    ∧ match l with
      | init => consistent s
      | emit => True
      | receive =>
          match input with
          | Some m => MC_no_equivocation s m
          | None => True
          end
      end
s0: State
Htx: MC_transition x l (s x) input = (s0, output)
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hdestvalid: MC_non_initial_valid_state
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hdest: valid_state_prop MC_composite_vlsm
  (state_update MCVLSM s x s0)
Hround: state_round_inc
  (state_update MCVLSM s x s0 x) >
state_round_inc (s x)
Ht: (state_update MCVLSM s x s0, output) =
(state_update MCVLSM s x s0, output)
steps_until_final_composite
  (state_update MCVLSM s x s0) <
steps_until_final_composite s
  state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
Hind: ∀ y : nat,
  y < steps_until_final_composite s
  → ∀ s : composite_state MCVLSM,
      y = steps_until_final_composite s
      → MC_non_initial_valid_state s
        → ∃ (tr : list
                    (composite_transition_item
                       MCVLSM)) 
            (sf : composite_state MCVLSM),
            finite_valid_trace_from_to
              MC_composite_vlsm s sf tr
            ∧ MC_final_state sf
Hnoninitvalid: MC_non_initial_valid_state s
n: ¬ MC_final_state s
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
l: Label
input, output: option Message
Hv: valid_state_prop MC_composite_vlsm s
∧ option_valid_message_prop MC_composite_vlsm
    input
  ∧ MC_valid l (s x) input
    ∧ match l with
      | init => consistent s
      | emit => True
      | receive =>
          match input with
          | Some m => MC_no_equivocation s m
          | None => True
          end
      end
s0: State
Htx: MC_transition x l (s x) input = (s0, output)
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hdestvalid: MC_non_initial_valid_state
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hdest: valid_state_prop MC_composite_vlsm
  (state_update MCVLSM s x s0)
Hround: state_round_inc s0 > state_round_inc (s x)
Ht: (state_update MCVLSM s x s0, output) =
(state_update MCVLSM s x s0, output)
steps_until_final_composite
  (state_update MCVLSM s x s0) <
steps_until_final_composite s
  clear - Hround Hobs Hrounds Hrounddest.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
steps_until_final_composite
  (state_update MCVLSM s x s0) <
steps_until_final_composite s
  unfold steps_until_final_composite.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s x s0 i)) (enum index) <
sum_list_with
  (λ i : index, steps_until_final_component (s i))
  (enum index)
  assert (Hxelem : x ∈ enum index) by apply elem_of_enum.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
Hxelem: x ∈ enum index
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s x s0 i)) (enum index) <
sum_list_with
  (λ i : index, steps_until_final_component (s i))
  (enum index)
  pose proof (Hnodup := NoDup_enum index).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
Hxelem: x ∈ enum index
Hnodup: NoDup (enum index)
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s x s0 i)) (enum index) <
sum_list_with
  (λ i : index, steps_until_final_component (s i))
  (enum index)
  revert Hxelem Hnodup.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
x ∈ enum index
→ NoDup (enum index)
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s x s0 i))
      (enum index) <
    sum_list_with
      (λ i : index, steps_until_final_component (s i))
      (enum index)
  generalize (enum index) as is.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
∀ is : list index,
  x ∈ is
  → NoDup is
    → sum_list_with
        (λ i : index,
           steps_until_final_component
             (state_update MCVLSM s x s0 i)) is <
      sum_list_with
        (λ i : index,
           steps_until_final_component (s i)) is
  induction is; [by inversion 1 |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
a: index
is: list index
IHis: x ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s x s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
x ∈ a :: is
→ NoDup (a :: is)
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s x s0 i)) (a :: is) <
    sum_list_with
      (λ i : index, steps_until_final_component (s i))
      (a :: is)
  rewrite elem_of_cons, NoDup_cons; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
a: index
is: list index
IHis: x ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s x s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
x = a ∨ x ∈ is
→ (a ∉ is) ∧ NoDup is
  → steps_until_final_component
      (state_update MCVLSM s x s0 a) +
    sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s x s0 i)) is <
    steps_until_final_component (s a) +
    sum_list_with
      (λ i : index, steps_until_final_component (s i))
      is
  intros [-> | Hx] [Ha Hnodup]; cycle 1.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
a: index
is: list index
IHis: x ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s x s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Hx: x ∈ is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component
  (state_update MCVLSM s x s0 a) +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s x s0 i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
s0: State
a: index
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s a s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s a s0 i)) +
    1
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s a s0)
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component
  (state_update MCVLSM s a s0 a) +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
a: index
is: list index
IHis: x ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s x s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Hx: x ∈ is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component
  (state_update MCVLSM s x s0 a) +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s x s0 i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is rewrite state_update_neq; [| by set_solver].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
a: index
is: list index
IHis: x ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s x s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Hx: x ∈ is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component (s a) +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s x s0 i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
    specialize (IHis Hx Hnodup).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
x: index
s0: State
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s x s0)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s x s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s x s0 i)) +
    1
Hround: state_round_inc s0 > state_round_inc (s x)
a: index
is: list index
IHis: sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s x s0 i)) is <
sum_list_with
  (λ i : index,
     steps_until_final_component (s i)) is
Hx: x ∈ is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component (s a) +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s x s0 i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
    by lia.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
s0: State
a: index
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s a s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s a s0 i)) +
    1
Hobs: MC_obs_equivalence s
  (state_update MCVLSM s a s0)
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component
  (state_update MCVLSM s a s0 a) +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is specialize (Hobs a).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
Hrounds: ∀ i : index,
  state_round_inc (s i)
  ≤ size (st_obs (s i)) + 1
s0: State
a: index
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s a s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s a s0 i)) +
    1
Hobs: st_obs (s a)
≡ st_obs (state_update MCVLSM s a s0 a)
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component
  (state_update MCVLSM s a s0 a) +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
    specialize (Hrounds a).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: ∀ i : index,
  state_round_inc
    (state_update MCVLSM s a s0 i)
  ≤ size
      (st_obs
         (state_update MCVLSM s a s0 i)) +
    1
Hobs: st_obs (s a)
≡ st_obs (state_update MCVLSM s a s0 a)
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component
  (state_update MCVLSM s a s0 a) +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
    specialize (Hrounddest a).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc
  (state_update MCVLSM s a s0 a)
≤ size
    (st_obs
       (state_update MCVLSM s a s0 a)) +
  1
Hobs: st_obs (s a)
≡ st_obs (state_update MCVLSM s a s0 a)
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component
  (state_update MCVLSM s a s0 a) +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
    state_update_simpl.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component s0 +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
    cut (sum_list_with (fun i => steps_until_final_component (state_update MCVLSM s a s0 i)) is =
      sum_list_with (fun i => steps_until_final_component (s i)) is).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is =
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
→ steps_until_final_component s0 +
  sum_list_with
    (λ i : index,
       steps_until_final_component
         (state_update MCVLSM s a s0 i)) is <
  steps_until_final_component (s a) +
  sum_list_with
    (λ i : index, steps_until_final_component (s i))
    is
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is =
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
    {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is =
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
→ steps_until_final_component s0 +
  sum_list_with
    (λ i : index,
       steps_until_final_component
         (state_update MCVLSM s a s0 i)) is <
  steps_until_final_component (s a) +
  sum_list_with
    (λ i : index, steps_until_final_component (s i))
    is
      intros ->.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
steps_until_final_component s0 +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is <
steps_until_final_component (s a) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
      unfold steps_until_final_component in *.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         size
           (st_obs
              (state_update MCVLSM s a s0 i)) +
         1 -
         state_round_inc
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         size (st_obs (s i)) + 1 -
         state_round_inc (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
size (st_obs s0) + 1 - state_round_inc s0 +
sum_list_with
  (λ i : index,
     size (st_obs (s i)) + 1 - state_round_inc (s i))
  is <
size (st_obs (s a)) + 1 - state_round_inc (s a) +
sum_list_with
  (λ i : index,
     size (st_obs (s i)) + 1 - state_round_inc (s i))
  is
      by destruct s0 as (obs0 & [[round0 status0] |]),
        (s a) as (obsa & [[rounda statusa] |]);
        cbn in *; rewrite Hobs; lia.
    }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
is: list index
IHis: a ∈ is
→ NoDup is
  → sum_list_with
      (λ i : index,
         steps_until_final_component
           (state_update MCVLSM s a s0 i)) is <
    sum_list_with
      (λ i : index,
         steps_until_final_component (s i)) is
Ha: a ∉ is
Hnodup: NoDup is
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is =
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
    clear IHis Hnodup.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
is: list index
Ha: a ∉ is
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is =
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
    revert Ha.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
is: list index
a ∉ is
→ sum_list_with
    (λ i : index,
       steps_until_final_component
         (state_update MCVLSM s a s0 i)) is =
  sum_list_with
    (λ i : index, steps_until_final_component (s i))
    is
    induction is; cbn; [done |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
a0: index
is: list index
IHis: a ∉ is
→ sum_list_with
    (λ i : index,
       steps_until_final_component
         (state_update MCVLSM s a s0 i)) is =
  sum_list_with
    (λ i : index,
       steps_until_final_component (s i)) is
a ∉ a0 :: is
→ steps_until_final_component
    (state_update MCVLSM s a s0 a0) +
  sum_list_with
    (λ i : index,
       steps_until_final_component
         (state_update MCVLSM s a s0 i)) is =
  steps_until_final_component (s a0) +
  sum_list_with
    (λ i : index, steps_until_final_component (s i))
    is
    rewrite not_elem_of_cons.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
a0: index
is: list index
IHis: a ∉ is
→ sum_list_with
    (λ i : index,
       steps_until_final_component
         (state_update MCVLSM s a s0 i)) is =
  sum_list_with
    (λ i : index,
       steps_until_final_component (s i)) is
a ≠ a0 ∧ a ∉ is
→ steps_until_final_component
    (state_update MCVLSM s a s0 a0) +
  sum_list_with
    (λ i : index,
       steps_until_final_component
         (state_update MCVLSM s a s0 i)) is =
  steps_until_final_component (s a0) +
  sum_list_with
    (λ i : index, steps_until_final_component (s i))
    is
    intros [Hdiff Hnotelem].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
s: composite_state MCVLSM
a: index
Hrounds: state_round_inc (s a)
≤ size (st_obs (s a)) + 1
s0: State
Hround: state_round_inc s0 > state_round_inc (s a)
Hrounddest: state_round_inc s0 ≤ size (st_obs s0) + 1
Hobs: st_obs (s a) ≡ st_obs s0
a0: index
is: list index
IHis: a ∉ is
→ sum_list_with
    (λ i : index,
       steps_until_final_component
         (state_update MCVLSM s a s0 i)) is =
  sum_list_with
    (λ i : index,
       steps_until_final_component (s i)) is
Hdiff: a ≠ a0
Hnotelem: a ∉ is
steps_until_final_component
  (state_update MCVLSM s a s0 a0) +
sum_list_with
  (λ i : index,
     steps_until_final_component
       (state_update MCVLSM s a s0 i)) is =
steps_until_final_component (s a0) +
sum_list_with
  (λ i : index, steps_until_final_component (s i)) is
    by rewrite IHis; [state_update_simpl |].
Qed.

This corollary states that final states are reachable from initial consistent states. This is weaker then the MC_safety result, and is proved using it.

Corollary MC_safety_initial
  (Hindex : length (enum index) > 1) (s : composite_state MCVLSM) (i : index):
  composite_initial_state_prop MCVLSM s ->
  consistent s ->
  exists (tr : list (composite_transition_item MCVLSM))
    (sf : composite_state MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr /\ MC_final_state sf.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
composite_initial_state_prop MCVLSM s
→ consistent s
  → ∃ (tr : list (composite_transition_item MCVLSM)) 
      (sf : composite_state MCVLSM),
      finite_valid_trace_init_to MC_composite_vlsm s
        sf tr ∧ MC_final_state sf
Proof.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
composite_initial_state_prop MCVLSM s
→ consistent s
  → ∃ (tr : list (composite_transition_item MCVLSM)) 
      (sf : composite_state MCVLSM),
      finite_valid_trace_init_to MC_composite_vlsm s
        sf tr ∧ MC_final_state sf
  intros Hinit [Hnempty Hcons].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: composite_initial_state_prop MCVLSM s
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  unfold composite_initial_state_prop in Hinit; cbn in Hinit.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  assert (Hsi : s i = mkSt (st_obs (s i)) None).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
s i = mkSt (st_obs (s i)) None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
∃ (tr : list (composite_transition_item MCVLSM)) 
  (sf : composite_state MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
s i = mkSt (st_obs (s i)) None
    destruct (s i) eqn: Hsi.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
st_obs0: indexSet
st_rs0: option RoundStatus
Hsi: s i = mkSt st_obs0 st_rs0
mkSt st_obs0 st_rs0 =
mkSt (st_obs (mkSt st_obs0 st_rs0)) None
    unfold MC_initial_state_prop in Hinit; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, st_rs (s n) = None
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
st_obs0: indexSet
st_rs0: option RoundStatus
Hsi: s i = mkSt st_obs0 st_rs0
mkSt st_obs0 st_rs0 = mkSt st_obs0 None
    replace st_rs0 with (st_rs (s i)); [| by rewrite Hsi].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, st_rs (s n) = None
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
st_obs0: indexSet
st_rs0: option RoundStatus
Hsi: s i = mkSt st_obs0 st_rs0
mkSt st_obs0 (st_rs (s i)) = mkSt st_obs0 None
    by rewrite Hinit.
  }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  destruct (decide (size (st_obs (s i)) = 0)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
∃ (tr : list (composite_transition_item MCVLSM)) 
  (sf : composite_state MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf remember (Build_transition_item (T := composite_type MCVLSM)
      (existT i init) None (state_update MCVLSM s i (mkSt (st_obs (s i))
      (Some (mkRS 0 muddy)))) None) as item.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    assert (Hvalidtr : input_valid_transition MC_composite_vlsm (existT i init) (s, None)
      (state_update MCVLSM s i (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))),
      None)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))), None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
∃ (tr : list (composite_transition_item MCVLSM)) 
  (sf : composite_state MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))), None)
      repeat split; cbn; [| | | done | by rewrite Hcons.. |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
valid_state_prop MC_composite_vlsm s
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
MC_valid init (s i) None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
(let (si', om') := MC_transition i init (s i) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))), None)
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
valid_state_prop MC_composite_vlsm s by apply initial_state_is_valid.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
MC_valid init (s i) None by rewrite Hsi; constructor.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
(let (si', om') := MC_transition i init (s i) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))), None) rewrite Hsi, MC_transition_equation_3.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
(let (si', om') :=
   MC_transition_clause_1 i (st_obs (s i))
     (size (st_obs (s i))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (mkSt (st_obs (s i)) None))
      (Some (mkRS 0 muddy))), None)
        unfold MC_transition_clause_1; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
(let (si', om') :=
   match size (st_obs (s i)) with
   | 0 =>
       (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)),
        None)
   | S _ =>
       (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)),
        None)
   end in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))), None)
        by rewrite e.
    }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    assert (Hvalids' : MC_non_initial_valid_state (state_update MCVLSM s i
      (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
MC_non_initial_valid_state
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
Hvalids': MC_non_initial_valid_state
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))))
∃ (tr : list (composite_transition_item MCVLSM)) 
  (sf : composite_state MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
MC_non_initial_valid_state
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
      split.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
valid_state_prop MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
¬ composite_initial_state_prop MCVLSM
    (state_update MCVLSM s i
       (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
valid_state_prop MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)))) by eapply input_valid_transition_destination.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
¬ composite_initial_state_prop MCVLSM
    (state_update MCVLSM s i
       (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)))) eapply composite_initial_state_prop_not_None with i.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
st_rs
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))) i)
≠ None
        by state_update_simpl; cbn.
    }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
Hvalids': MC_non_initial_valid_state
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))))
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    apply MC_safety in Hvalids'; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
Hvalids': ∃ (tr : list
          (composite_transition_item MCVLSM)) 
  (sf : composite_state MCVLSM),
  finite_valid_trace_from_to
    MC_composite_vlsm
    (state_update MCVLSM s i
       (mkSt (st_obs (s i))
          (Some (mkRS 0 muddy)))) sf tr
  ∧ MC_final_state sf
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    destruct Hvalids' as (tr & sf & Htr & Hsf).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
  sf tr
Hsf: MC_final_state sf
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    exists ([item] ++ tr), sf.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
  sf tr
Hsf: MC_final_state sf
finite_valid_trace_init_to MC_composite_vlsm s sf
  ([item] ++ tr) ∧ MC_final_state sf
    do 2 (split; [| done]).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
  sf tr
Hsf: MC_final_state sf
finite_valid_trace_from_to MC_composite_vlsm s sf
  ([item] ++ tr)
    eapply finite_valid_trace_from_to_app; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
  sf tr
Hsf: MC_final_state sf
finite_valid_trace_from_to MC_composite_vlsm s
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
  [item]
    rewrite Heqitem.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
e: size (st_obs (s i)) = 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 muddy)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 muddy))), None)
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
  sf tr
Hsf: MC_final_state sf
finite_valid_trace_from_to MC_composite_vlsm s
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 muddy))))
  [{|
     l := existT i init;
     input := None;
     destination :=
       state_update MCVLSM s i
         (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)));
     output := None
   |}]
    by apply finite_valid_trace_from_to_singleton.
  -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf remember (Build_transition_item (T := composite_type MCVLSM)
      (existT i init) None (state_update MCVLSM s i (mkSt (st_obs (s i))
      (Some (mkRS 0 undecided)))) None) as item.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    assert (Hvalidtr : input_valid_transition MC_composite_vlsm (existT i init) (s, None)
      (state_update MCVLSM s i (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))),
      None)).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))),
   None)
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
∃ (tr : list (composite_transition_item MCVLSM)) 
  (sf : composite_state MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))),
   None)
      repeat split; cbn; [| | | done | by rewrite Hcons.. |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
valid_state_prop MC_composite_vlsm s
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
option_valid_message_prop MC_composite_vlsm None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
MC_valid init (s i) None
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
(let (si', om') := MC_transition i init (s i) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))),
 None)
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
valid_state_prop MC_composite_vlsm s by apply initial_state_is_valid.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
option_valid_message_prop MC_composite_vlsm None by apply option_valid_message_None.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
MC_valid init (s i) None by rewrite Hsi; constructor.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
(let (si', om') := MC_transition i init (s i) None in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))),
 None) rewrite Hsi, MC_transition_equation_3.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
(let (si', om') :=
   MC_transition_clause_1 i (st_obs (s i))
     (size (st_obs (s i))) in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (mkSt (st_obs (s i)) None))
      (Some (mkRS 0 undecided))), None)
        unfold MC_transition_clause_1; cbn.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
(let (si', om') :=
   match size (st_obs (s i)) with
   | 0 =>
       (mkSt (st_obs (s i)) (Some (mkRS 0 muddy)),
        None)
   | S _ =>
       (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)),
        None)
   end in
 (state_update MCVLSM s i si', om')) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))),
 None)
        repeat case_match; [lia |].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n0: nat
H10: size (st_obs (s i)) = S n0
n: S n0 ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
s0: State
o: option Message
H9: (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)),
 None) = (s0, o)
(state_update MCVLSM s i s0, o) =
(state_update MCVLSM s i
   (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))),
 None)
        by inversion H9.
    }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    assert (Hvalids' : MC_non_initial_valid_state (state_update MCVLSM s i
      (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))))).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
MC_non_initial_valid_state
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
Hvalids': MC_non_initial_valid_state
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))))
∃ (tr : list (composite_transition_item MCVLSM)) 
  (sf : composite_state MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    {index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
MC_non_initial_valid_state
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))))
      split.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
valid_state_prop MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))))
index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
¬ composite_initial_state_prop MCVLSM
    (state_update MCVLSM s i
       (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))))
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
valid_state_prop MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)))) by eapply input_valid_transition_destination.
      -index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
¬ composite_initial_state_prop MCVLSM
    (state_update MCVLSM s i
       (mkSt (st_obs (s i)) (Some (mkRS 0 undecided)))) eapply composite_initial_state_prop_not_None with i.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
st_rs
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))) i)
≠ None
        by state_update_simpl; cbn.
    }index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
Hvalids': MC_non_initial_valid_state
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))))
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    apply MC_safety in Hvalids'; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
Hvalids': ∃ (tr : list
          (composite_transition_item MCVLSM)) 
  (sf : composite_state MCVLSM),
  finite_valid_trace_from_to
    MC_composite_vlsm
    (state_update MCVLSM s i
       (mkSt (st_obs (s i))
          (Some (mkRS 0 undecided)))) sf tr
  ∧ MC_final_state sf
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    destruct Hvalids' as (tr & sf & Htr & Hsf).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided)))) sf tr
Hsf: MC_final_state sf
∃ (tr : list (composite_transition_item MCVLSM)) (sf : 
                                                 composite_state
                                                 MCVLSM),
  finite_valid_trace_init_to MC_composite_vlsm s sf tr
  ∧ MC_final_state sf
    exists ([item] ++ tr), sf.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided)))) sf tr
Hsf: MC_final_state sf
finite_valid_trace_init_to MC_composite_vlsm s sf
  ([item] ++ tr) ∧ MC_final_state sf
    do 2 (split; [| done]).index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided)))) sf tr
Hsf: MC_final_state sf
finite_valid_trace_from_to MC_composite_vlsm s sf
  ([item] ++ tr)
    eapply finite_valid_trace_from_to_app; [| done].index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided)))) sf tr
Hsf: MC_final_state sf
finite_valid_trace_from_to MC_composite_vlsm s
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))))
  [item]
    rewrite Heqitem.index: Type
EqDecision0: EqDecision index
H: finite.Finite index
H0: Inhabited index
indexSet: Type
H1: ElemOf index indexSet
H2: Empty indexSet
H3: Singleton index indexSet
H4: Union indexSet
H5: Intersection indexSet
H6: Difference indexSet
H7: Elements index indexSet
EqDecision1: EqDecision index
H8: FinSet index indexSet
Hindex: length (enum index) > 1
s: composite_state MCVLSM
i: index
Hinit: ∀ n : index, MC_initial_state_prop (s n)
Hnempty: MuddyUnion s ≢ ∅
Hcons: ∀ n : index,
  st_obs (s n) ≡ MuddyUnion s ∖ {[n]}
Hsi: s i = mkSt (st_obs (s i)) None
n: size (st_obs (s i)) ≠ 0
item: transition_item
Heqitem: item =
{|
  l := existT i init;
  input := None;
  destination :=
    state_update MCVLSM s i
      (mkSt (st_obs (s i))
         (Some (mkRS 0 undecided)));
  output := None
|}
Hvalidtr: input_valid_transition MC_composite_vlsm
  (existT i init) (s, None)
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided))), None)
tr: list (composite_transition_item MCVLSM)
sf: composite_state MCVLSM
Htr: finite_valid_trace_from_to MC_composite_vlsm
  (state_update MCVLSM s i
     (mkSt (st_obs (s i))
        (Some (mkRS 0 undecided)))) sf tr
Hsf: MC_final_state sf
finite_valid_trace_from_to MC_composite_vlsm s
  (state_update MCVLSM s i
     (mkSt (st_obs (s i)) (Some (mkRS 0 undecided))))
  [{|
     l := existT i init;
     input := None;
     destination :=
       state_update MCVLSM s i
         (mkSt (st_obs (s i))
            (Some (mkRS 0 undecided)));
     output := None
   |}]
    by apply finite_valid_trace_from_to_singleton.
Qed.

End sec_muddy.