For each operation called for by the traversal algorithms, we prove
that the commit generation preconditions are met.
-WIP WHAT ABOUT PROVING ALL THE TRAVERSAL RESULTS
+\subsection{Reachability and coverage}
+
+We ensure Tip Covers Reachable as follows:
+
+\begin{itemize}
+\item We do not generate any commits $\in \py$ other than
+ during $\alg{Merge-Tip}(\py)$;
+\item So at the start of $\alg{Merge-Tip}(\py)$,
+ $ \pendsof{\allreach}{\py} = \pendsof{\allsrcs}{\py} $
+\item $\alg{Merge-tip}$ arranges that when it is done
+ $\tippy \ge \pendsof{\allreach}{\py}$ --- see below.
+\end{itemize}
+
+A corrolary is as follows:
+\statement{Tip Covers Superior Reachable} {
+ \bigforall_{\pd \isdep \pc}
+ \tipdy \ge \pendsof{\allreachof{\pcy}}{\pdy}
+}
+\proof{
+ No commits $\in \pdy$ are created other than during
+ $\alg{Merge-Tip}(\pd)$, which runs (and has thus completed)
+ before $\alg{Merge-Tip}(\pcy)$
+ So $\pendsof{\allreachof{\pcy}}{\pdy} =
+ \pendsof{\allreachof{\pdy}}{\pdy}$.
+}
\subsection{Traversal Lemmas}
-Firstly, some lemmas.
\statement{Tip Correct Contents}{
\tipcy \haspatch \pa E
\equiv
~ian / topbloke-formulae.git / blobdiff