enrich EINV-Props , SINV-Props with functions epd2pd : epaydetails × (transactionid → nat) × (transactionid → nat) → PayDetails; emsg2msg : emessage × (transactionid → nat) × (transactionid → nat) → message; eether2ether : emessageset × (transactionid → nat) × (transactionid → nat) → messageset; . .tids : emessageset → tidset; . .tids : epaydetailsset → tidset; eexLog2exLog : epaydetailsset × (transactionid → nat) × (transactionid → nat) → PayDetailsSet; RVA : messageset → messageset; predicates outbox-EQ : name × (name → emessage) × (name → message) × (transactionid → nat) × (transactionid → nat); eether-EQ-ether : emessageset × messageset × (transactionid → nat) × (transactionid → nat); variables fromseqno, toseqno : transactionid → nat; tid0, tid1, tid2 : transactionid; axioms epd2pd-def : ⊦ epd2pd(epd, fromseqno, toseqno) = mkpd(epd .from, fromseqno(epd .tid), epd .to, toseqno(epd .tid), epd .value); used for : s, ls ; emsg2msg-def : ⊦ emsg2msg(emsg, fromseqno, toseqno) = ((isEReq(emsg) ⊃ Req(epd2pd(emsg .pd, fromseqno, toseqno)) ; (isEVal(emsg) ⊃ Val(epd2pd(emsg .pd, fromseqno, toseqno)); (isEAck(emsg) ⊃ Ack(epd2pd(emsg .pd, fromseqno, toseqno)); ⊥)) ) ) ; used for : s, ls ; eether2ether-empty : ⊦ eether2ether(∅, fromseqno, toseqno) = ∅; used for : s, ls; eether2ether-rec : ⊦ eether2ether(eether ++ emsg, fromseqno, toseqno) = ((emsg ≠ none ⊃ eether2ether(eether, fromseqno, toseqno) ++ emsg2msg(emsg, fromseqno, toseqno); eether2ether(eether, fromseqno, toseqno))) ; used for : s, ls ; RVA-def : ⊦ RVA(ether) = {λ msg. msg ∈ ether ∧ (isReq(msg) ∨ isVal(msg) ∨ isAck(msg))} ; eether-tids-rec : ⊦ (eether ++ emsg) .tids = ((emsg ≠ none ⊃ eether .tids ++ emsg .tid; eether .tids)); used for : s, ls; epds-tids-rec : ⊦ (epds ++ epd) .tids = epds .tids ++ epd .tid; used for : s, ls; eexLog2exLog-empty : ⊦ eexLog2exLog(∅, fromseqno, toseqno) = ∅; eexLog2exLog-rec : ⊦ eexLog2exLog(epds ++ epd, fromseqno, toseqno) = eexLog2exLog(epds, fromseqno, toseqno) ++ epd2pd(epd, fromseqno, toseqno); outbox-EQ-def : ⊦ outbox-EQ(na, eoutbox, soutbox, fromseqno, toseqno) ↔ (∀ na0, na1, tid, n. (isNone(eoutbox(na)) → isNone(soutbox(na)) ∨ isStartTo(soutbox(na))) ∧ (eoutbox(na) = EReq(mkepd(na0, na1, n, tid)) → soutbox(na) = Req(mkpd(na0, fromseqno(tid), na1, toseqno(tid), n))) ∧ (eoutbox(na) = EVal(mkepd(na0, na1, n, tid)) → soutbox(na) = Val(mkpd(na0, fromseqno(tid), na1, toseqno(tid), n)))) ; end enrich