|
|
|---|
|
|
|
|---|
Certificates from the DAGs of a set of (correct) validators.
(validators-certs vals systate) → certs
We union the DAGs of the given validators.
Function:
(defun validators-certs (vals systate) (declare (xargs :guard (and (address-setp vals) (system-statep systate)))) (declare (xargs :guard (subset vals (correct-addresses systate)))) (let ((__function__ 'validators-certs)) (declare (ignorable __function__)) (b* (((when (or (not (mbt (address-setp vals))) (emptyp vals))) nil) (vstate (get-validator-state (head vals) systate))) (union (validator-state->dag vstate) (validators-certs (tail vals) systate)))))
Theorem:
(defthm certificate-setp-of-validators-certs (b* ((certs (validators-certs vals systate))) (certificate-setp certs)) :rule-classes :rewrite)
Theorem:
(defthm in-of-validators-certs-when-in-some-dag (implies (and (address-setp vals) (subset vals (correct-addresses systate)) (in val vals) (in cert (validator-state->dag (get-validator-state val systate)))) (in cert (validators-certs vals systate))))
Theorem:
(defthm validators-certs-of-address-set-fix-vals (equal (validators-certs (address-set-fix vals) systate) (validators-certs vals systate)))
Theorem:
(defthm validators-certs-address-set-equiv-congruence-on-vals (implies (address-set-equiv vals vals-equiv) (equal (validators-certs vals systate) (validators-certs vals-equiv systate))) :rule-classes :congruence)
Theorem:
(defthm validators-certs-of-system-state-fix-systate (equal (validators-certs vals (system-state-fix systate)) (validators-certs vals systate)))
Theorem:
(defthm validators-certs-system-state-equiv-congruence-on-systate (implies (system-state-equiv systate systate-equiv) (equal (validators-certs vals systate) (validators-certs vals systate-equiv))) :rule-classes :congruence)