|
|
|---|
|
|
|
|---|
Calculate an initial system state.
(system-init correct-vals) → systate
The initial state of the sytem is determined by the addresses of the correct validators.
We prove that every system state calculated by this function satisfies the predicate that characterized initial states.
Function:
(defun system-init-loop (correct-vals valmap) (declare (xargs :guard (and (address-setp correct-vals) (address-validator-state-mapp valmap)))) (let ((__function__ 'system-init-loop)) (declare (ignorable __function__)) (b* (((when (emptyp (address-set-fix correct-vals))) (address-validator-state-map-fix valmap)) (valmap (omap::update (head correct-vals) (validator-init) valmap))) (system-init-loop (tail correct-vals) valmap))))
Theorem:
(defthm address-validator-state-mapp-of-system-init-loop (implies (address-validator-state-mapp valmap) (b* ((new-valmap (system-init-loop correct-vals valmap))) (address-validator-state-mapp new-valmap))) :rule-classes :rewrite)
Theorem:
(defthm system-init-loop-of-address-set-fix-correct-vals (equal (system-init-loop (address-set-fix correct-vals) valmap) (system-init-loop correct-vals valmap)))
Theorem:
(defthm system-init-loop-address-set-equiv-congruence-on-correct-vals (implies (address-set-equiv correct-vals correct-vals-equiv) (equal (system-init-loop correct-vals valmap) (system-init-loop correct-vals-equiv valmap))) :rule-classes :congruence)
Theorem:
(defthm in-of-keys-of-system-init-loop (implies (address-validator-state-mapp valmap) (equal (in val (omap::keys (system-init-loop correct-vals valmap))) (or (in val (address-set-fix correct-vals)) (in val (omap::keys valmap))))))
Theorem:
(defthm keys-of-system-init-loop (implies (address-validator-state-mapp valmap) (equal (omap::keys (system-init-loop correct-vals valmap)) (union (address-set-fix correct-vals) (omap::keys valmap)))))
Theorem:
(defthm lookup-of-system-init-loop (implies (address-validator-state-mapp valmap) (equal (omap::lookup val (system-init-loop correct-vals valmap)) (if (in val (address-set-fix correct-vals)) (validator-init) (omap::lookup val valmap)))))
Function:
(defun system-init (correct-vals) (declare (xargs :guard (address-setp correct-vals))) (let ((__function__ 'system-init)) (declare (ignorable __function__)) (b* ((valmap (system-init-loop correct-vals nil))) (make-system-state :validators valmap :network nil))))
Theorem:
(defthm system-statep-of-system-init (b* ((systate (system-init correct-vals))) (system-statep systate)) :rule-classes :rewrite)
Theorem:
(defthm system-initp-of-system-init (system-initp (system-init correct-vals)))
Theorem:
(defthm system-init-of-address-set-fix-correct-vals (equal (system-init (address-set-fix correct-vals)) (system-init correct-vals)))
Theorem:
(defthm system-init-address-set-equiv-congruence-on-correct-vals (implies (address-set-equiv correct-vals correct-vals-equiv) (equal (system-init correct-vals) (system-init correct-vals-equiv))) :rule-classes :congruence)