-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathQuorum.v
61 lines (56 loc) · 2.23 KB
/
Quorum.v
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
(*
* Quorum intersection.
* Two quorums have a non-empty intersection.
*)
From FunProofs.Lib Require Import
Sets
Util.
Import EqDecNotations.
Section Intersect.
Variable A : Type.
Context `{EqDec A}.
Lemma disjoint_subset_card (s : set A) : forall ss1 ss2,
subset ss1 s -> subset ss2 s ->
~(exists x, Sets.In x ss1 /\ Sets.In x ss2) ->
card ss1 + card ss2 <= card s.
Proof.
induction s using set_ind; intros * Hsub1 Hsub2 Hdisj.
{ prename equiv into Heq; rewrite Heq in Hsub1, Hsub2.
apply subset_empty in Hsub1; apply subset_empty in Hsub2.
rewrite Hsub1, Hsub2, Heq; auto.
}
prename A into x; prename equiv into Heq; prename (Sets.In _ _) into Hin.
apply member_in_true in Hin.
rewrite (card_unroll ss1 x), (card_unroll ss2 x), (card_unroll s1 x), <- Heq, Hin.
apply member_in_true in Hin.
destruct (member _ ss1) eqn:Hin1, (member _ ss2) eqn:Hin2;
rewrite ?member_in_true, ?member_in_false in Hin1;
rewrite ?member_in_true, ?member_in_false in Hin2; cbn.
- exfalso; eauto.
- apply le_n_S, IHs1; rewrite ?Heq; auto using subset_remove_remove.
intros ?; destr *; eapply Hdisj; eauto using remove_in.
- rewrite Nat.add_comm; apply le_n_S, IHs1; rewrite ?Heq;
auto using subset_remove_remove.
intros ?; destr *; eapply Hdisj; eauto using remove_in.
- etransitivity; [eapply IHs1 |]; rewrite ?Heq; auto using subset_remove_remove.
intros ?; destr *; eapply Hdisj; eauto using remove_in.
Qed.
Lemma quorum_intersect (s ss1 ss2 : set A) :
subset ss1 s -> subset ss2 s ->
card s < card ss1 + card ss2 ->
exists x, Sets.In x ss1 /\ Sets.In x ss2.
Proof.
intros * Hsub1 Hsub2 Hcard.
enough (Hdisj: ~~(exists x, Sets.In x ss1 /\ Sets.In x ss2)).
- rewrite <- disjoint_false_correct in Hdisj |- *.
destruct (disjoint _ _); auto.
now exfalso; apply Hdisj.
- intros Hdisj; apply (disjoint_subset_card s) in Hdisj; auto.
lia.
Qed.
Corollary majority_intersect (s ss1 ss2 : set A) :
subset ss1 s -> subset ss2 s ->
card s < card ss1 * 2 -> card s < card ss2 * 2 ->
exists x, Sets.In x ss1 /\ Sets.In x ss2.
Proof. intros; eapply quorum_intersect with (s := s); eauto; lia. Qed.
End Intersect.