Skip to content

Instantly share code, notes, and snippets.

@konnov

konnov/MC3_system.tla

Created April 28, 2026 10:26
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save konnov/38af0cbd45b68da819cd76f70859ed94 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save konnov/38af0cbd45b68da819cd76f70859ed94 to your computer and use it in GitHub Desktop.
Download ZIP
Generated TLA+ specification of ZooKeeper f9865650ed34749d2b6c57a71e2f961a16347eb1
Raw
MC3_system.tla
------------------------------ MODULE MC3_system ------------------------------
\* an instance to run the model checker
EXTENDS Integers, FiniteSets, Sequences, TLC
REPLICA == {1, 2, 3}
IUT_REPLICA == 1
PERSIST_IUT_STATE == TRUE
QUORUMS == {{1, 2}, {1, 3}, {2, 3}, {1, 2, 3}}
REPLICA_PERMS == {(1 :> 1) @@ (2 :> 2) @@ (3 :> 3), (1 :> 1) @@ (2 :> 3) @@ (3 :> 2), (1 :> 2) @@ (2 :> 1) @@ (3 :> 3), (1 :> 2) @@ (2 :> 3) @@ (3 :> 1), (1 :> 3) @@ (2 :> 1) @@ (3 :> 2), (1 :> 3) @@ (2 :> 2) @@ (3 :> 1)}
CRASHED == {v_0 \in {0}: FALSE}
MAX_HISTORY == 4
MAX_EPOCH == 8
MAX_CLIENT_SESSIONS == 2
election_addr == [r1 \in {1, 2, 3} |-> IF (r1 = 1)
THEN "localhost:3881"
ELSE IF (r1 = 2) THEN "localhost:3882" ELSE "localhost:3883"]
quorum_addr == [r2 \in {1, 2, 3} |-> IF (r2 = 1)
THEN "localhost:2881"
ELSE IF (r2 = 2) THEN "localhost:2882" ELSE "localhost:2883"]
tcp_channels == {[clientAddr |-> "localhost:3882", kind |-> "election", serverAddr |-> "localhost:3881"], [clientAddr |-> "localhost:3883", kind |-> "election", serverAddr |-> "localhost:3881"], [clientAddr |-> "localhost:3881", kind |-> "election", serverAddr |-> "localhost:3882"], [clientAddr |-> "localhost:3883", kind |-> "election", serverAddr |-> "localhost:3882"], [clientAddr |-> "localhost:3881", kind |-> "election", serverAddr |-> "localhost:3883"], [clientAddr |-> "localhost:3882", kind |-> "election", serverAddr |-> "localhost:3883"], [clientAddr |-> "localhost:2882", kind |-> "quorum", serverAddr |-> "localhost:2881"], [clientAddr |-> "localhost:2883", kind |-> "quorum", serverAddr |-> "localhost:2881"], [clientAddr |-> "localhost:2881", kind |-> "quorum", serverAddr |-> "localhost:2882"], [clientAddr |-> "localhost:2883", kind |-> "quorum", serverAddr |-> "localhost:2882"], [clientAddr |-> "localhost:2881", kind |-> "quorum", serverAddr |-> "localhost:2883"], [clientAddr |-> "localhost:2882", kind |-> "quorum", serverAddr |-> "localhost:2883"]}
VARIABLES
\* @type: Int -> Int;
replica_id,
\* @type: Str;
last_turn,
\* @type: Int -> Str;
proc_status,
\* @type: Crash(Int) | NoAction(UNIT) | OnStarted(Int) | OnStopped(Int) | Start(Int) | Stop(Int);
process_action,
\* @type: {clientAddr: Str, kind: Str, serverAddr: Str} -> Str;
tcp_status,
\* @type: Accept({clientAddr: Str, kind: Str, serverAddr: Str}) | Connect({clientAddr: Str, kind: Str, serverAddr: Str}) | Disconnect({clientAddr: Str, kind: Str, serverAddr: Str}) | HalfClose({clientAddr: Str, kind: Str, serverAddr: Str}) | NoTcpAction(UNIT) | Refused({clientAddr: Str, kind: Str, serverAddr: Str}) | Reset({clientAddr: Str, kind: Str, serverAddr: Str});
tcp_action,
\* @type: Int;
quorum_reconnect_hint,
\* @type: Int -> Str;
fle_role,
\* @type: Int -> Int;
fle_logical_clock,
\* @type: Int -> {leader: Int, peerEpoch: Int, zxid: Int};
fle_proposed_vote,
\* @type: Int -> {leader: Int, peerEpoch: Int, zxid: Int};
fle_current_vote,
\* @type: Int -> Int -> {round: Int, state: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}};
fle_recv_votes,
\* @type: Int -> Int -> {round: Int, state: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}};
fle_out_of_election,
\* @type: Int -> Bool;
fle_wait_finalize,
\* @type: Set({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
fle_sent_messages,
\* @type: Set({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
fle_historical_messages,
\* @type: BecomeFollower({replica: Int}) | BecomeLeader({replica: Int}) | NoFleAction(UNIT) | RcvNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}) | RestartElection({replica: Int}) | SendNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
fle_action,
\* @type: Int -> Str;
zab_state,
\* @type: Int -> Int;
zab_accepted_epoch,
\* @type: Int -> Int;
zab_current_epoch,
\* @type: Int -> Int;
zab_persisted_accepted_epoch,
\* @type: Int -> Int;
zab_persisted_current_epoch,
\* @type: Int -> Bool;
zab_epoch_established,
\* @type: Int -> Int;
zab_established_epoch,
\* @type: Int -> Set(Int);
zab_epoch_connecting_followers,
\* @type: Int -> Int;
zab_last_zxid,
\* @type: Int -> Str;
zab_sync,
\* @type: Int -> Bool;
zab_post_uptodate_ack_pending,
\* @type: Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int});
zab_open_proposals,
\* @type: Seq({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int});
zab_forwarded_writes,
\* @type: Seq({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int});
zab_staged_forwarded_writes,
\* @type: Seq({dataVersion: Int, leader: Int, op: Str, path: Str, session: Int});
zab_staged_direct_writes,
\* @type: Seq({dataVersion: Int, leader: Int, op: Str, path: Str, source: Str, zxid: Int});
zab_pending_proposals,
\* @type: Int;
zab_committed_zxid,
\* @type: Int -> Seq({epoch: Int, op: Str, path: Str, value: Int, zxid: Int});
zab_history,
\* @type: Int -> {index: Int, zxid: Int};
zab_last_committed,
\* @type: Int -> Int;
zab_retained_start,
\* @type: Int -> Set(Int);
epoch_leader,
\* @type: Bool;
zab_node_exists,
\* @type: Str -> Bool;
zab_visible_exists,
\* @type: Str -> Int;
zab_visible_data_version,
\* @type: Str -> Int;
zab_visible_zxid,
\* @type: Bool;
zab_seen_forwarded_request,
\* @type: Bool;
zab_committed_forwarded,
\* @type: Int -> Set(Int);
zab_client_sessions,
\* @type: AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
zab_action
INSTANCE system
===============================================================================
Raw
system.tla
-------------------------------- MODULE system --------------------------------
EXTENDS Integers, FiniteSets, Sequences, Variants, Apalache
CONSTANTS
\* @type: Set(Int);
REPLICA,
\* @type: Int;
IUT_REPLICA,
\* @type: Bool;
PERSIST_IUT_STATE,
\* @type: Set(Set(Int));
QUORUMS,
\* @type: Set(Int -> Int);
REPLICA_PERMS,
\* @type: Set(Int);
CRASHED,
\* @type: Int;
MAX_HISTORY,
\* @type: Int;
MAX_EPOCH,
\* @type: Int;
MAX_CLIENT_SESSIONS,
\* @type: Int -> Str;
election_addr,
\* @type: Int -> Str;
quorum_addr,
\* @type: Set({clientAddr: Str, kind: Str, serverAddr: Str});
tcp_channels
VARIABLES
\* @type: Int -> Int;
replica_id,
\* @type: Str;
last_turn,
\* @type: Int -> Str;
proc_status,
\* @type: Crash(Int) | NoAction(UNIT) | OnStarted(Int) | OnStopped(Int) | Start(Int) | Stop(Int);
process_action,
\* @type: {clientAddr: Str, kind: Str, serverAddr: Str} -> Str;
tcp_status,
\* @type: Accept({clientAddr: Str, kind: Str, serverAddr: Str}) | Connect({clientAddr: Str, kind: Str, serverAddr: Str}) | Disconnect({clientAddr: Str, kind: Str, serverAddr: Str}) | HalfClose({clientAddr: Str, kind: Str, serverAddr: Str}) | NoTcpAction(UNIT) | Refused({clientAddr: Str, kind: Str, serverAddr: Str}) | Reset({clientAddr: Str, kind: Str, serverAddr: Str});
tcp_action,
\* @type: Int;
quorum_reconnect_hint,
\* @type: Int -> Str;
fle_role,
\* @type: Int -> Int;
fle_logical_clock,
\* @type: Int -> {leader: Int, peerEpoch: Int, zxid: Int};
fle_proposed_vote,
\* @type: Int -> {leader: Int, peerEpoch: Int, zxid: Int};
fle_current_vote,
\* @type: Int -> Int -> {round: Int, state: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}};
fle_recv_votes,
\* @type: Int -> Int -> {round: Int, state: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}};
fle_out_of_election,
\* @type: Int -> Bool;
fle_wait_finalize,
\* @type: Set({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
fle_sent_messages,
\* @type: Set({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
fle_historical_messages,
\* @type: BecomeFollower({replica: Int}) | BecomeLeader({replica: Int}) | NoFleAction(UNIT) | RcvNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}) | RestartElection({replica: Int}) | SendNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
fle_action,
\* @type: Int -> Str;
zab_state,
\* @type: Int -> Int;
zab_accepted_epoch,
\* @type: Int -> Int;
zab_current_epoch,
\* @type: Int -> Int;
zab_persisted_accepted_epoch,
\* @type: Int -> Int;
zab_persisted_current_epoch,
\* @type: Int -> Bool;
zab_epoch_established,
\* @type: Int -> Int;
zab_established_epoch,
\* @type: Int -> Set(Int);
zab_epoch_connecting_followers,
\* @type: Int -> Int;
zab_last_zxid,
\* @type: Int -> Str;
zab_sync,
\* @type: Int -> Bool;
zab_post_uptodate_ack_pending,
\* @type: Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int});
zab_open_proposals,
\* @type: Seq({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int});
zab_forwarded_writes,
\* @type: Seq({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int});
zab_staged_forwarded_writes,
\* @type: Seq({dataVersion: Int, leader: Int, op: Str, path: Str, session: Int});
zab_staged_direct_writes,
\* @type: Seq({dataVersion: Int, leader: Int, op: Str, path: Str, source: Str, zxid: Int});
zab_pending_proposals,
\* @type: Int;
zab_committed_zxid,
\* @type: Int -> Seq({epoch: Int, op: Str, path: Str, value: Int, zxid: Int});
zab_history,
\* @type: Int -> {index: Int, zxid: Int};
zab_last_committed,
\* @type: Int -> Int;
zab_retained_start,
\* @type: Int -> Set(Int);
epoch_leader,
\* @type: Bool;
zab_node_exists,
\* @type: Str -> Bool;
zab_visible_exists,
\* @type: Str -> Int;
zab_visible_data_version,
\* @type: Str -> Int;
zab_visible_zxid,
\* @type: Bool;
zab_seen_forwarded_request,
\* @type: Bool;
zab_committed_forwarded,
\* @type: Int -> Set(Int);
zab_client_sessions,
\* @type: AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
zab_action
\* @type: (Int) => Crash(Int) | NoAction(UNIT) | OnStarted(Int) | OnStopped(Int) | Start(Int) | Stop(Int);
UnionCtor_sonic_placing_stallion_Crash(payload) == Variant("Crash", payload)
\* @type: Crash(Int) | NoAction(UNIT) | OnStarted(Int) | OnStopped(Int) | Start(Int) | Stop(Int);
UnionCtor_sonic_placing_stallion_NoAction == Variant("NoAction", "U_OF_UNIT")
\* @type: (Int) => Crash(Int) | NoAction(UNIT) | OnStarted(Int) | OnStopped(Int) | Start(Int) | Stop(Int);
UnionCtor_sonic_placing_stallion_OnStarted(payload) == Variant("OnStarted", payload)
\* @type: (Int) => Crash(Int) | NoAction(UNIT) | OnStarted(Int) | OnStopped(Int) | Start(Int) | Stop(Int);
UnionCtor_sonic_placing_stallion_OnStopped(payload) == Variant("OnStopped", payload)
\* @type: (Int) => Crash(Int) | NoAction(UNIT) | OnStarted(Int) | OnStopped(Int) | Start(Int) | Stop(Int);
UnionCtor_sonic_placing_stallion_Start(payload) == Variant("Start", payload)
\* @type: (Int) => Crash(Int) | NoAction(UNIT) | OnStarted(Int) | OnStopped(Int) | Start(Int) | Stop(Int);
UnionCtor_sonic_placing_stallion_Stop(payload) == Variant("Stop", payload)
\* @type: ({clientAddr: Str, kind: Str, serverAddr: Str}) => Accept({clientAddr: Str, kind: Str, serverAddr: Str}) | Connect({clientAddr: Str, kind: Str, serverAddr: Str}) | Disconnect({clientAddr: Str, kind: Str, serverAddr: Str}) | HalfClose({clientAddr: Str, kind: Str, serverAddr: Str}) | NoTcpAction(UNIT) | Refused({clientAddr: Str, kind: Str, serverAddr: Str}) | Reset({clientAddr: Str, kind: Str, serverAddr: Str});
UnionCtor_minor_hiring_magpie_Accept(payload) == Variant("Accept", payload)
\* @type: ({clientAddr: Str, kind: Str, serverAddr: Str}) => Accept({clientAddr: Str, kind: Str, serverAddr: Str}) | Connect({clientAddr: Str, kind: Str, serverAddr: Str}) | Disconnect({clientAddr: Str, kind: Str, serverAddr: Str}) | HalfClose({clientAddr: Str, kind: Str, serverAddr: Str}) | NoTcpAction(UNIT) | Refused({clientAddr: Str, kind: Str, serverAddr: Str}) | Reset({clientAddr: Str, kind: Str, serverAddr: Str});
UnionCtor_minor_hiring_magpie_Connect(payload) == Variant("Connect", payload)
\* @type: ({clientAddr: Str, kind: Str, serverAddr: Str}) => Accept({clientAddr: Str, kind: Str, serverAddr: Str}) | Connect({clientAddr: Str, kind: Str, serverAddr: Str}) | Disconnect({clientAddr: Str, kind: Str, serverAddr: Str}) | HalfClose({clientAddr: Str, kind: Str, serverAddr: Str}) | NoTcpAction(UNIT) | Refused({clientAddr: Str, kind: Str, serverAddr: Str}) | Reset({clientAddr: Str, kind: Str, serverAddr: Str});
UnionCtor_minor_hiring_magpie_Disconnect(payload) == Variant("Disconnect", payload)
\* @type: ({clientAddr: Str, kind: Str, serverAddr: Str}) => Accept({clientAddr: Str, kind: Str, serverAddr: Str}) | Connect({clientAddr: Str, kind: Str, serverAddr: Str}) | Disconnect({clientAddr: Str, kind: Str, serverAddr: Str}) | HalfClose({clientAddr: Str, kind: Str, serverAddr: Str}) | NoTcpAction(UNIT) | Refused({clientAddr: Str, kind: Str, serverAddr: Str}) | Reset({clientAddr: Str, kind: Str, serverAddr: Str});
UnionCtor_minor_hiring_magpie_HalfClose(payload) == Variant("HalfClose", payload)
\* @type: Accept({clientAddr: Str, kind: Str, serverAddr: Str}) | Connect({clientAddr: Str, kind: Str, serverAddr: Str}) | Disconnect({clientAddr: Str, kind: Str, serverAddr: Str}) | HalfClose({clientAddr: Str, kind: Str, serverAddr: Str}) | NoTcpAction(UNIT) | Refused({clientAddr: Str, kind: Str, serverAddr: Str}) | Reset({clientAddr: Str, kind: Str, serverAddr: Str});
UnionCtor_minor_hiring_magpie_NoTcpAction == Variant("NoTcpAction", "U_OF_UNIT")
\* @type: ({clientAddr: Str, kind: Str, serverAddr: Str}) => Accept({clientAddr: Str, kind: Str, serverAddr: Str}) | Connect({clientAddr: Str, kind: Str, serverAddr: Str}) | Disconnect({clientAddr: Str, kind: Str, serverAddr: Str}) | HalfClose({clientAddr: Str, kind: Str, serverAddr: Str}) | NoTcpAction(UNIT) | Refused({clientAddr: Str, kind: Str, serverAddr: Str}) | Reset({clientAddr: Str, kind: Str, serverAddr: Str});
UnionCtor_minor_hiring_magpie_Refused(payload) == Variant("Refused", payload)
\* @type: ({clientAddr: Str, kind: Str, serverAddr: Str}) => Accept({clientAddr: Str, kind: Str, serverAddr: Str}) | Connect({clientAddr: Str, kind: Str, serverAddr: Str}) | Disconnect({clientAddr: Str, kind: Str, serverAddr: Str}) | HalfClose({clientAddr: Str, kind: Str, serverAddr: Str}) | NoTcpAction(UNIT) | Refused({clientAddr: Str, kind: Str, serverAddr: Str}) | Reset({clientAddr: Str, kind: Str, serverAddr: Str});
UnionCtor_minor_hiring_magpie_Reset(payload) == Variant("Reset", payload)
\* @type: ({replica: Int}) => BecomeFollower({replica: Int}) | BecomeLeader({replica: Int}) | NoFleAction(UNIT) | RcvNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}) | RestartElection({replica: Int}) | SendNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
UnionCtor_rough_jumping_emu_BecomeFollower(payload) == Variant("BecomeFollower", payload)
\* @type: ({replica: Int}) => BecomeFollower({replica: Int}) | BecomeLeader({replica: Int}) | NoFleAction(UNIT) | RcvNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}) | RestartElection({replica: Int}) | SendNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
UnionCtor_rough_jumping_emu_BecomeLeader(payload) == Variant("BecomeLeader", payload)
\* @type: BecomeFollower({replica: Int}) | BecomeLeader({replica: Int}) | NoFleAction(UNIT) | RcvNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}) | RestartElection({replica: Int}) | SendNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
UnionCtor_rough_jumping_emu_NoFleAction == Variant("NoFleAction", "U_OF_UNIT")
\* @type: ({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}) => BecomeFollower({replica: Int}) | BecomeLeader({replica: Int}) | NoFleAction(UNIT) | RcvNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}) | RestartElection({replica: Int}) | SendNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
UnionCtor_rough_jumping_emu_RcvNotification(payload) == Variant("RcvNotification", payload)
\* @type: ({replica: Int}) => BecomeFollower({replica: Int}) | BecomeLeader({replica: Int}) | NoFleAction(UNIT) | RcvNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}) | RestartElection({replica: Int}) | SendNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
UnionCtor_rough_jumping_emu_RestartElection(payload) == Variant("RestartElection", payload)
\* @type: ({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}) => BecomeFollower({replica: Int}) | BecomeLeader({replica: Int}) | NoFleAction(UNIT) | RcvNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}) | RestartElection({replica: Int}) | SendNotification({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}});
UnionCtor_rough_jumping_emu_SendNotification(payload) == Variant("SendNotification", payload)
\* @type: ({follower: Int, leader: Int, zxid: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_AckNewLeader(payload) == Variant("AckNewLeader", payload)
\* @type: ({follower: Int, leader: Int, zxid: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_AckProposal(payload) == Variant("AckProposal", payload)
\* @type: ({leader: Int, zxid: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_AdvanceRetention(payload) == Variant("AdvanceRetention", payload)
\* @type: ({replica: Int, session: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_ClientConnect(payload) == Variant("ClientConnect", payload)
\* @type: ({path: Str, replica: Int, session: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_ClientCreate(payload) == Variant("ClientCreate", payload)
\* @type: ({path: Str, replica: Int, session: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_ClientDelete(payload) == Variant("ClientDelete", payload)
\* @type: ({path: Str, replica: Int, session: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_ClientExists(payload) == Variant("ClientExists", payload)
\* @type: ({path: Str, replica: Int, session: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_ClientGetChildren(payload) == Variant("ClientGetChildren", payload)
\* @type: ({path: Str, replica: Int, session: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_ClientGetData(payload) == Variant("ClientGetData", payload)
\* @type: ({replica: Int, session: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_ClientPing(payload) == Variant("ClientPing", payload)
\* @type: ({dataVersion: Int, path: Str, replica: Int, session: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_ClientSetData(payload) == Variant("ClientSetData", payload)
\* @type: AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_NoZabAction == Variant("NoZabAction", "U_OF_UNIT")
\* @type: ({follower: Int, leader: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_QuorumConnect(payload) == Variant("QuorumConnect", payload)
\* @type: ({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendAckEpoch(payload) == Variant("SendAckEpoch", payload)
\* @type: ({follower: Int, leader: Int, zxid: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendCommit(payload) == Variant("SendCommit", payload)
\* @type: ({follower: Int, leader: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendDiff(payload) == Variant("SendDiff", payload)
\* @type: ({acceptedEpoch: Int, follower: Int, leader: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendFollowerInfo(payload) == Variant("SendFollowerInfo", payload)
\* @type: ({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendForwardedRequest(payload) == Variant("SendForwardedRequest", payload)
\* @type: ({follower: Int, leader: Int, newEpoch: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendLeaderInfo(payload) == Variant("SendLeaderInfo", payload)
\* @type: ({follower: Int, leader: Int, zxid: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendNewLeader(payload) == Variant("SendNewLeader", payload)
\* @type: ({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendProposal(payload) == Variant("SendProposal", payload)
\* @type: ({follower: Int, leader: Int, zxid: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendSnap(payload) == Variant("SendSnap", payload)
\* @type: ({follower: Int, leader: Int, zxid: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendTrunc(payload) == Variant("SendTrunc", payload)
\* @type: ({follower: Int, leader: Int}) => AckNewLeader({follower: Int, leader: Int, zxid: Int}) | AckProposal({follower: Int, leader: Int, zxid: Int}) | AdvanceRetention({leader: Int, zxid: Int}) | ClientConnect({replica: Int, session: Int}) | ClientCreate({path: Str, replica: Int, session: Int}) | ClientDelete({path: Str, replica: Int, session: Int}) | ClientExists({path: Str, replica: Int, session: Int}) | ClientGetChildren({path: Str, replica: Int, session: Int}) | ClientGetData({path: Str, replica: Int, session: Int}) | ClientPing({replica: Int, session: Int}) | ClientSetData({dataVersion: Int, path: Str, replica: Int, session: Int}) | NoZabAction(UNIT) | QuorumConnect({follower: Int, leader: Int}) | SendAckEpoch({epoch: Int, follower: Int, lastZxid: Int, leader: Int}) | SendCommit({follower: Int, leader: Int, zxid: Int}) | SendDiff({follower: Int, leader: Int}) | SendFollowerInfo({acceptedEpoch: Int, follower: Int, leader: Int}) | SendForwardedRequest({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) | SendLeaderInfo({follower: Int, leader: Int, newEpoch: Int}) | SendNewLeader({follower: Int, leader: Int, zxid: Int}) | SendProposal({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, zxid: Int}) | SendSnap({follower: Int, leader: Int, zxid: Int}) | SendTrunc({follower: Int, leader: Int, zxid: Int}) | SendUpToDate({follower: Int, leader: Int});
UnionCtor_new_seeing_kingfisher_SendUpToDate(payload) == Variant("SendUpToDate", payload)
\* @type: (a, b, c, d) => <<a, b, c, d>>;
WSMkTuple4(x0, x1, x2, x3) ==
<<x0, x1, x2, x3>>
\* @type: Seq(a);
WSMkSeq0 ==
<<>>
Agreement ==
\A i0 \in REPLICA: \A j1 \in REPLICA: (/\ /\ /\ (fle_role[i0] = "FOLLOWING")
/\ (zab_last_committed[i0].index > 0)
/\ (fle_role[j1] = "FOLLOWING")
/\ (zab_last_committed[j1].index > 0)) => (\A idx12 \in (0)..((MAX_HISTORY - 1)): \A idx23 \in (0)..((MAX_HISTORY - 1)): \/ \/ \/ (idx12 >= zab_last_committed[i0].index)
\/ (idx23 >= zab_last_committed[j1].index)
\/ \E idx_j4 \in (0)..((MAX_HISTORY - 1)): /\ (idx_j4 < zab_last_committed[j1].index)
/\ /\ (zab_history[j1][(idx_j4) + 1].zxid = zab_history[i0][(idx12) + 1].zxid)
/\ (zab_history[j1][(idx_j4) + 1].value = zab_history[i0][(idx12) + 1].value)
\/ \E idx_i5 \in (0)..((MAX_HISTORY - 1)): /\ (idx_i5 < zab_last_committed[i0].index)
/\ /\ (zab_history[i0][(idx_i5) + 1].zxid = zab_history[j1][(idx23) + 1].zxid)
/\ (zab_history[i0][(idx_i5) + 1].value = zab_history[j1][(idx23) + 1].value))
AllInv ==
/\ \A i6 \in REPLICA: \A j7 \in REPLICA: (/\ /\ /\ (fle_role[i6] = "LEADING")
/\ \/ (zab_state[i6] = "synchronization")
\/ (zab_state[i6] = "broadcast")
/\ /\ (fle_role[j7] = "LEADING")
/\ \/ (zab_state[j7] = "synchronization")
\/ (zab_state[j7] = "broadcast")
/\ (zab_accepted_epoch[i6] = zab_accepted_epoch[j7])) => ((i6 = j7))
/\ \A epoch8 \in (1)..(MAX_EPOCH): (Cardinality(epoch_leader[epoch8]) <= 1)
/\ \A i9 \in REPLICA: \A j10 \in REPLICA: \/ ~(/\ (zab_last_committed[i9].index < zab_last_committed[j10].index)
/\ (zab_last_committed[i9].index > 0))
\/ /\ \A index11 \in (0)..((MAX_HISTORY - 1)): \/ (index11 >= zab_last_committed[i9].index)
\/ /\ (zab_history[i9][(index11) + 1].zxid = zab_history[j10][(index11) + 1].zxid)
/\ (zab_history[i9][(index11) + 1].value = zab_history[j10][(index11) + 1].value)
/\ \/ ~(/\ ~((zab_last_committed[i9].index < zab_last_committed[j10].index))
/\ (zab_last_committed[j10].index > 0))
\/ \A index12 \in (0)..((MAX_HISTORY - 1)): \/ (index12 >= zab_last_committed[j10].index)
\/ /\ (zab_history[i9][(index12) + 1].zxid = zab_history[j10][(index12) + 1].zxid)
/\ (zab_history[i9][(index12) + 1].value = zab_history[j10][(index12) + 1].value)
/\ \A i13 \in REPLICA: \A j14 \in REPLICA: (/\ /\ /\ (fle_role[i13] = "FOLLOWING")
/\ (zab_last_committed[i13].index > 0)
/\ (fle_role[j14] = "FOLLOWING")
/\ (zab_last_committed[j14].index > 0)) => (\A idx115 \in (0)..((MAX_HISTORY - 1)): \A idx216 \in (0)..((MAX_HISTORY - 1)): \/ \/ \/ (idx115 >= zab_last_committed[i13].index)
\/ (idx216 >= zab_last_committed[j14].index)
\/ \E idx_j17 \in (0)..((MAX_HISTORY - 1)): /\ (idx_j17 < zab_last_committed[j14].index)
/\ /\ (zab_history[j14][(idx_j17) + 1].zxid = zab_history[i13][(idx115) + 1].zxid)
/\ (zab_history[j14][(idx_j17) + 1].value = zab_history[i13][(idx115) + 1].value)
\/ \E idx_i18 \in (0)..((MAX_HISTORY - 1)): /\ (idx_i18 < zab_last_committed[i13].index)
/\ /\ (zab_history[i13][(idx_i18) + 1].zxid = zab_history[j14][(idx216) + 1].zxid)
/\ (zab_history[i13][(idx_i18) + 1].value = zab_history[j14][(idx216) + 1].value))
/\ \A i19 \in REPLICA: \A j20 \in REPLICA: (/\ (zab_last_committed[i19].index >= 2)
/\ (zab_last_committed[j20].index >= 2)) => (\A idx_i121 \in (0)..((MAX_HISTORY - 1)): \A idx_i222 \in (0)..((MAX_HISTORY - 1)): \/ \/ \/ \/ (idx_i121 >= (zab_last_committed[i19].index - 1))
\/ (idx_i222 <= idx_i121)
\/ (idx_i222 >= zab_last_committed[i19].index)
\/ ~(\E idx23 \in (0)..((MAX_HISTORY - 1)): /\ (idx23 < zab_last_committed[j20].index)
/\ /\ (zab_history[i19][(idx_i222) + 1].zxid = zab_history[j20][(idx23) + 1].zxid)
/\ (zab_history[i19][(idx_i222) + 1].value = zab_history[j20][(idx23) + 1].value))
\/ \E idx_j224 \in (0)..((MAX_HISTORY - 1)): /\ /\ /\ (idx_j224 < zab_last_committed[j20].index)
/\ /\ (zab_history[i19][(idx_i222) + 1].zxid = zab_history[j20][(idx_j224) + 1].zxid)
/\ (zab_history[i19][(idx_i222) + 1].value = zab_history[j20][(idx_j224) + 1].value)
/\ (idx_j224 > 0)
/\ \E idx_j125 \in (0)..((MAX_HISTORY - 1)): /\ (idx_j125 < idx_j224)
/\ /\ (zab_history[i19][(idx_i121) + 1].zxid = zab_history[j20][(idx_j125) + 1].zxid)
/\ (zab_history[i19][(idx_i121) + 1].value = zab_history[j20][(idx_j125) + 1].value))
/\ \A i26 \in REPLICA: ((zab_last_committed[i26].index >= 2)) => (\A idx127 \in (0)..((MAX_HISTORY - 1)): \A idx228 \in (0)..((MAX_HISTORY - 1)): \/ \/ \/ (idx127 >= zab_last_committed[i26].index)
\/ (idx228 >= zab_last_committed[i26].index)
\/ ~((zab_history[i26][(idx127) + 1].epoch < zab_history[i26][(idx228) + 1].epoch))
\/ (idx127 < idx228))
/\ \A replica29 \in REPLICA: (/\ \/ (proc_status[replica29] = "UP")
\/ /\ (replica29 = IUT_REPLICA)
/\ (proc_status[replica29] = "STARTING")
/\ fle_wait_finalize[replica29]) => (\/ (Cardinality({quorum30 \in QUORUMS: /\ (Cardinality({member31 \in quorum30: (member31 = replica29)}) = 1)
/\ (Cardinality({member32 \in quorum30: IF (member32 = replica29)
THEN TRUE
ELSE /\ (fle_recv_votes[replica29][member32].round = fle_logical_clock[replica29])
/\ (fle_recv_votes[replica29][member32].vote = fle_proposed_vote[replica29])}) = Cardinality(quorum30))}) > 0)
\/ /\ (Cardinality({quorum33 \in QUORUMS: (Cardinality({member34 \in quorum33: /\ \/ (fle_out_of_election[replica29][member34].state = "FOLLOWING")
\/ (fle_out_of_election[replica29][member34].state = "LEADING")
/\ /\ (fle_out_of_election[replica29][member34].vote.leader = [round |-> fle_logical_clock[replica29], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica29]].vote.leader)
/\ (fle_out_of_election[replica29][member34].vote.peerEpoch = [round |-> fle_logical_clock[replica29], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica29]].vote.peerEpoch)}) = Cardinality(quorum33))}) > 0)
/\ IF (fle_proposed_vote[replica29].leader = replica_id[replica29])
THEN (fle_logical_clock[replica29] = fle_logical_clock[replica29])
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_404(acc35, member36) == IF (replica_id[member36] = fle_proposed_vote[replica29].leader)
THEN member36
ELSE acc35
IN ApaFoldSet(set_reduce_404, 0, REPLICA) /= 0)
/\ (fle_out_of_election[replica29][LET (* @type: (Int, Int) => Int; *)
set_reduce_405(acc35, member36) == IF (replica_id[member36] = fle_proposed_vote[replica29].leader)
THEN member36
ELSE acc35
IN ApaFoldSet(set_reduce_405, 0, REPLICA)].state = "LEADING"))
/\ \A replica37 \in REPLICA: (/\ \/ (proc_status[replica37] = "UP")
\/ /\ (replica37 = IUT_REPLICA)
/\ (proc_status[replica37] = "STARTING")
/\ /\ (fle_role[replica37] = "FOLLOWING")
/\ (zab_sync[replica37] /= "synced")) => (/\ /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_406(acc38, member39) == IF (replica_id[member39] = fle_current_vote[replica37].leader)
THEN member39
ELSE acc38
IN ApaFoldSet(set_reduce_406, 0, REPLICA) /= 0)
/\ (fle_current_vote[replica37].leader /= replica_id[replica37])
/\ \/ (Cardinality({quorum40 \in QUORUMS: /\ (Cardinality({member41 \in quorum40: (member41 = replica37)}) = 1)
/\ (Cardinality({member42 \in quorum40: IF (member42 = replica37)
THEN TRUE
ELSE /\ (fle_recv_votes[replica37][member42].round = fle_logical_clock[replica37])
/\ (fle_recv_votes[replica37][member42].vote = fle_proposed_vote[replica37])}) = Cardinality(quorum40))}) > 0)
\/ /\ (Cardinality({quorum43 \in QUORUMS: (Cardinality({member44 \in quorum43: /\ \/ (fle_out_of_election[replica37][member44].state = "FOLLOWING")
\/ (fle_out_of_election[replica37][member44].state = "LEADING")
/\ /\ (fle_out_of_election[replica37][member44].vote.leader = [round |-> fle_logical_clock[replica37], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica37]].vote.leader)
/\ (fle_out_of_election[replica37][member44].vote.peerEpoch = [round |-> fle_logical_clock[replica37], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica37]].vote.peerEpoch)}) = Cardinality(quorum43))}) > 0)
/\ IF (fle_proposed_vote[replica37].leader = replica_id[replica37])
THEN (fle_logical_clock[replica37] = fle_logical_clock[replica37])
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_407(acc45, member46) == IF (replica_id[member46] = fle_proposed_vote[replica37].leader)
THEN member46
ELSE acc45
IN ApaFoldSet(set_reduce_407, 0, REPLICA) /= 0)
/\ (fle_out_of_election[replica37][LET (* @type: (Int, Int) => Int; *)
set_reduce_408(acc45, member46) == IF (replica_id[member46] = fle_proposed_vote[replica37].leader)
THEN member46
ELSE acc45
IN ApaFoldSet(set_reduce_408, 0, REPLICA)].state = "LEADING"))
/\ \A replica47 \in REPLICA: (/\ \/ (proc_status[replica47] = "UP")
\/ /\ (replica47 = IUT_REPLICA)
/\ (proc_status[replica47] = "STARTING")
/\ /\ (fle_role[replica47] = "LEADING")
/\ ~(/\ (fle_role[replica47] = "LEADING")
/\ \/ (zab_state[replica47] = "synchronization")
\/ (zab_state[replica47] = "broadcast"))) => (/\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_409(acc48, member49) == IF (replica_id[member49] = fle_current_vote[replica47].leader)
THEN member49
ELSE acc48
IN ApaFoldSet(set_reduce_409, 0, REPLICA) /= 0)
/\ \/ \/ (Cardinality({quorum50 \in QUORUMS: /\ (Cardinality({member51 \in quorum50: (member51 = replica47)}) = 1)
/\ (Cardinality({member52 \in quorum50: IF (member52 = replica47)
THEN TRUE
ELSE /\ (fle_recv_votes[replica47][member52].round = fle_logical_clock[replica47])
/\ (fle_recv_votes[replica47][member52].vote = IF /\ (fle_role[replica47] = "LEADING")
/\ (zab_state[replica47] = "discovery")
THEN [leader |-> replica_id[replica47], peerEpoch |-> zab_persisted_current_epoch[replica47], zxid |-> zab_last_zxid[replica47]]
ELSE [leader |-> replica_id[replica47], peerEpoch |-> zab_current_epoch[replica47], zxid |-> zab_last_zxid[replica47]])}) = Cardinality(quorum50))}) > 0)
\/ /\ (fle_proposed_vote[replica47].leader = replica_id[replica47])
/\ (Cardinality({quorum53 \in QUORUMS: /\ (Cardinality({member54 \in quorum53: (member54 = replica47)}) = 1)
/\ (Cardinality({member55 \in quorum53: IF (member55 = replica47)
THEN TRUE
ELSE /\ (fle_recv_votes[replica47][member55].round = fle_logical_clock[replica47])
/\ (fle_recv_votes[replica47][member55].vote = fle_proposed_vote[replica47])}) = Cardinality(quorum53))}) > 0)
\/ /\ (fle_proposed_vote[replica47].leader = replica_id[replica47])
/\ /\ (Cardinality({quorum56 \in QUORUMS: (Cardinality({member57 \in quorum56: /\ \/ (fle_out_of_election[replica47][member57].state = "FOLLOWING")
\/ (fle_out_of_election[replica47][member57].state = "LEADING")
/\ /\ (fle_out_of_election[replica47][member57].vote.leader = [round |-> fle_logical_clock[replica47], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica47]].vote.leader)
/\ (fle_out_of_election[replica47][member57].vote.peerEpoch = [round |-> fle_logical_clock[replica47], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica47]].vote.peerEpoch)}) = Cardinality(quorum56))}) > 0)
/\ IF (fle_proposed_vote[replica47].leader = replica_id[replica47])
THEN (fle_logical_clock[replica47] = fle_logical_clock[replica47])
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_410(acc58, member59) == IF (replica_id[member59] = fle_proposed_vote[replica47].leader)
THEN member59
ELSE acc58
IN ApaFoldSet(set_reduce_410, 0, REPLICA) /= 0)
/\ (fle_out_of_election[replica47][LET (* @type: (Int, Int) => Int; *)
set_reduce_411(acc58, member59) == IF (replica_id[member59] = fle_proposed_vote[replica47].leader)
THEN member59
ELSE acc58
IN ApaFoldSet(set_reduce_411, 0, REPLICA)].state = "LEADING"))
/\ \A replica60 \in REPLICA: (/\ \/ (proc_status[replica60] = "UP")
\/ /\ (replica60 = IUT_REPLICA)
/\ (proc_status[replica60] = "STARTING")
/\ \/ (fle_role[replica60] = "FOLLOWING")
\/ (fle_role[replica60] = "LEADING")) => ((LET (* @type: (Int, Int) => Int; *)
set_reduce_412(acc61, member62) == IF (replica_id[member62] = fle_current_vote[replica60].leader)
THEN member62
ELSE acc61
IN ApaFoldSet(set_reduce_412, 0, REPLICA) /= 0))
AtLeastOneCommitted ==
~(\E replica63 \in REPLICA: (zab_last_committed[replica63].index >= 1))
AtLeastTwoCommitted ==
~(\E replica64 \in REPLICA: (zab_last_committed[replica64].index >= 2))
CommittedSubtreeVisible ==
~(/\ /\ /\ zab_visible_exists["/p2"]
/\ zab_visible_exists["/p2/c3"]
/\ (zab_visible_zxid["/p2"] > 0)
/\ (zab_visible_zxid["/p2/c3"] > 0))
DiffPathTaken ==
~((VariantTag(zab_action) = "SendDiff"))
FirstWriteCommittedOnQuorum ==
~(\E quorum65 \in QUORUMS: (Cardinality({member66 \in quorum65: ~((zab_last_committed[member66].index >= 1))}) = 0))
FleFollowerFinalizationSound ==
\A replica67 \in REPLICA: (/\ \/ (proc_status[replica67] = "UP")
\/ /\ (replica67 = IUT_REPLICA)
/\ (proc_status[replica67] = "STARTING")
/\ /\ (fle_role[replica67] = "FOLLOWING")
/\ (zab_sync[replica67] /= "synced")) => (/\ /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_413(acc68, member69) == IF (replica_id[member69] = fle_current_vote[replica67].leader)
THEN member69
ELSE acc68
IN ApaFoldSet(set_reduce_413, 0, REPLICA) /= 0)
/\ (fle_current_vote[replica67].leader /= replica_id[replica67])
/\ \/ (Cardinality({quorum70 \in QUORUMS: /\ (Cardinality({member71 \in quorum70: (member71 = replica67)}) = 1)
/\ (Cardinality({member72 \in quorum70: IF (member72 = replica67)
THEN TRUE
ELSE /\ (fle_recv_votes[replica67][member72].round = fle_logical_clock[replica67])
/\ (fle_recv_votes[replica67][member72].vote = fle_proposed_vote[replica67])}) = Cardinality(quorum70))}) > 0)
\/ /\ (Cardinality({quorum73 \in QUORUMS: (Cardinality({member74 \in quorum73: /\ \/ (fle_out_of_election[replica67][member74].state = "FOLLOWING")
\/ (fle_out_of_election[replica67][member74].state = "LEADING")
/\ /\ (fle_out_of_election[replica67][member74].vote.leader = [round |-> fle_logical_clock[replica67], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica67]].vote.leader)
/\ (fle_out_of_election[replica67][member74].vote.peerEpoch = [round |-> fle_logical_clock[replica67], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica67]].vote.peerEpoch)}) = Cardinality(quorum73))}) > 0)
/\ IF (fle_proposed_vote[replica67].leader = replica_id[replica67])
THEN (fle_logical_clock[replica67] = fle_logical_clock[replica67])
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_414(acc75, member76) == IF (replica_id[member76] = fle_proposed_vote[replica67].leader)
THEN member76
ELSE acc75
IN ApaFoldSet(set_reduce_414, 0, REPLICA) /= 0)
/\ (fle_out_of_election[replica67][LET (* @type: (Int, Int) => Int; *)
set_reduce_415(acc75, member76) == IF (replica_id[member76] = fle_proposed_vote[replica67].leader)
THEN member76
ELSE acc75
IN ApaFoldSet(set_reduce_415, 0, REPLICA)].state = "LEADING"))
FleLeaderFinalizationSound ==
\A replica77 \in REPLICA: (/\ \/ (proc_status[replica77] = "UP")
\/ /\ (replica77 = IUT_REPLICA)
/\ (proc_status[replica77] = "STARTING")
/\ /\ (fle_role[replica77] = "LEADING")
/\ ~(/\ (fle_role[replica77] = "LEADING")
/\ \/ (zab_state[replica77] = "synchronization")
\/ (zab_state[replica77] = "broadcast"))) => (/\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_416(acc78, member79) == IF (replica_id[member79] = fle_current_vote[replica77].leader)
THEN member79
ELSE acc78
IN ApaFoldSet(set_reduce_416, 0, REPLICA) /= 0)
/\ \/ \/ (Cardinality({quorum80 \in QUORUMS: /\ (Cardinality({member81 \in quorum80: (member81 = replica77)}) = 1)
/\ (Cardinality({member82 \in quorum80: IF (member82 = replica77)
THEN TRUE
ELSE /\ (fle_recv_votes[replica77][member82].round = fle_logical_clock[replica77])
/\ (fle_recv_votes[replica77][member82].vote = IF /\ (fle_role[replica77] = "LEADING")
/\ (zab_state[replica77] = "discovery")
THEN [leader |-> replica_id[replica77], peerEpoch |-> zab_persisted_current_epoch[replica77], zxid |-> zab_last_zxid[replica77]]
ELSE [leader |-> replica_id[replica77], peerEpoch |-> zab_current_epoch[replica77], zxid |-> zab_last_zxid[replica77]])}) = Cardinality(quorum80))}) > 0)
\/ /\ (fle_proposed_vote[replica77].leader = replica_id[replica77])
/\ (Cardinality({quorum83 \in QUORUMS: /\ (Cardinality({member84 \in quorum83: (member84 = replica77)}) = 1)
/\ (Cardinality({member85 \in quorum83: IF (member85 = replica77)
THEN TRUE
ELSE /\ (fle_recv_votes[replica77][member85].round = fle_logical_clock[replica77])
/\ (fle_recv_votes[replica77][member85].vote = fle_proposed_vote[replica77])}) = Cardinality(quorum83))}) > 0)
\/ /\ (fle_proposed_vote[replica77].leader = replica_id[replica77])
/\ /\ (Cardinality({quorum86 \in QUORUMS: (Cardinality({member87 \in quorum86: /\ \/ (fle_out_of_election[replica77][member87].state = "FOLLOWING")
\/ (fle_out_of_election[replica77][member87].state = "LEADING")
/\ /\ (fle_out_of_election[replica77][member87].vote.leader = [round |-> fle_logical_clock[replica77], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica77]].vote.leader)
/\ (fle_out_of_election[replica77][member87].vote.peerEpoch = [round |-> fle_logical_clock[replica77], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica77]].vote.peerEpoch)}) = Cardinality(quorum86))}) > 0)
/\ IF (fle_proposed_vote[replica77].leader = replica_id[replica77])
THEN (fle_logical_clock[replica77] = fle_logical_clock[replica77])
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_417(acc88, member89) == IF (replica_id[member89] = fle_proposed_vote[replica77].leader)
THEN member89
ELSE acc88
IN ApaFoldSet(set_reduce_417, 0, REPLICA) /= 0)
/\ (fle_out_of_election[replica77][LET (* @type: (Int, Int) => Int; *)
set_reduce_418(acc88, member89) == IF (replica_id[member89] = fle_proposed_vote[replica77].leader)
THEN member89
ELSE acc88
IN ApaFoldSet(set_reduce_418, 0, REPLICA)].state = "LEADING"))
FleOutOfElectionKnownLeader ==
\A replica90 \in REPLICA: (/\ \/ (proc_status[replica90] = "UP")
\/ /\ (replica90 = IUT_REPLICA)
/\ (proc_status[replica90] = "STARTING")
/\ \/ (fle_role[replica90] = "FOLLOWING")
\/ (fle_role[replica90] = "LEADING")) => ((LET (* @type: (Int, Int) => Int; *)
set_reduce_419(acc91, member92) == IF (replica_id[member92] = fle_current_vote[replica90].leader)
THEN member92
ELSE acc91
IN ApaFoldSet(set_reduce_419, 0, REPLICA) /= 0))
FleWaitFinalizeSound ==
\A replica93 \in REPLICA: (/\ \/ (proc_status[replica93] = "UP")
\/ /\ (replica93 = IUT_REPLICA)
/\ (proc_status[replica93] = "STARTING")
/\ fle_wait_finalize[replica93]) => (\/ (Cardinality({quorum94 \in QUORUMS: /\ (Cardinality({member95 \in quorum94: (member95 = replica93)}) = 1)
/\ (Cardinality({member96 \in quorum94: IF (member96 = replica93)
THEN TRUE
ELSE /\ (fle_recv_votes[replica93][member96].round = fle_logical_clock[replica93])
/\ (fle_recv_votes[replica93][member96].vote = fle_proposed_vote[replica93])}) = Cardinality(quorum94))}) > 0)
\/ /\ (Cardinality({quorum97 \in QUORUMS: (Cardinality({member98 \in quorum97: /\ \/ (fle_out_of_election[replica93][member98].state = "FOLLOWING")
\/ (fle_out_of_election[replica93][member98].state = "LEADING")
/\ /\ (fle_out_of_election[replica93][member98].vote.leader = [round |-> fle_logical_clock[replica93], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica93]].vote.leader)
/\ (fle_out_of_election[replica93][member98].vote.peerEpoch = [round |-> fle_logical_clock[replica93], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica93]].vote.peerEpoch)}) = Cardinality(quorum97))}) > 0)
/\ IF (fle_proposed_vote[replica93].leader = replica_id[replica93])
THEN (fle_logical_clock[replica93] = fle_logical_clock[replica93])
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_420(acc99, member100) == IF (replica_id[member100] = fle_proposed_vote[replica93].leader)
THEN member100
ELSE acc99
IN ApaFoldSet(set_reduce_420, 0, REPLICA) /= 0)
/\ (fle_out_of_election[replica93][LET (* @type: (Int, Int) => Int; *)
set_reduce_421(acc99, member100) == IF (replica_id[member100] = fle_proposed_vote[replica93].leader)
THEN member100
ELSE acc99
IN ApaFoldSet(set_reduce_421, 0, REPLICA)].state = "LEADING"))
ForwardedRequestReceived ==
~((Len(LET (* @type: ({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}) => Bool; *)
list_filter_422(proposal101) == (proposal101.source = "forwarded")
IN SelectSeq(zab_open_proposals, list_filter_422)) > 0))
ForwardedRequestSent ==
~((VariantTag(zab_action) = "SendForwardedRequest"))
ForwardedWriteCommitted ==
~(zab_committed_forwarded)
GlobalPrimaryOrder ==
\A i102 \in REPLICA: ((zab_last_committed[i102].index >= 2)) => (\A idx1103 \in (0)..((MAX_HISTORY - 1)): \A idx2104 \in (0)..((MAX_HISTORY - 1)): \/ \/ \/ (idx1103 >= zab_last_committed[i102].index)
\/ (idx2104 >= zab_last_committed[i102].index)
\/ ~((zab_history[i102][(idx1103) + 1].epoch < zab_history[i102][(idx2104) + 1].epoch))
\/ (idx1103 < idx2104))
HeadCommitPendingWithTailPresent ==
~(/\ (Len(zab_open_proposals) >= 2)
/\ (Cardinality(zab_open_proposals[(0) + 1].commits_sent) > 0))
Init ==
/\ /\ \E rid \in REPLICA_PERMS:
/\ replica_id = rid
/\ proc_status = [r105 \in REPLICA |-> IF (r105 \in CRASHED)
THEN "DOWN"
ELSE IF (r105 = IUT_REPLICA) THEN "STARTING" ELSE "UP"]
/\ last_turn = "tester"
/\ process_action = UnionCtor_sonic_placing_stallion_NoAction
/\ tcp_status = [v_106 \in tcp_channels |-> "open"]
/\ tcp_action = UnionCtor_minor_hiring_magpie_NoTcpAction
/\ quorum_reconnect_hint = 0
/\ fle_role = [v_107 \in REPLICA |-> "LOOKING"]
/\ fle_logical_clock = [r108 \in REPLICA |-> IF (r108 \in CRASHED)
THEN 0
ELSE 1]
/\ fle_current_vote = [r109 \in REPLICA |-> [leader |-> rid[r109], peerEpoch |-> 0, zxid |-> 0]]
/\ fle_proposed_vote = [r109 \in REPLICA |-> [leader |-> rid[r109], peerEpoch |-> 0, zxid |-> 0]]
/\ fle_recv_votes = [v_111 \in REPLICA |-> [v_110 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]]]
/\ fle_out_of_election = [v_112 \in REPLICA |-> [v_110 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]]]
/\ fle_wait_finalize = [v_113 \in REPLICA |-> FALSE]
/\ fle_sent_messages = LET (* @type: (Set({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}), Int) => Set({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}); *)
set_reduce_423(acc115, r116) == (acc115 \union {[electionEpoch |-> 1, receiver |-> recv118, sender |-> r116, senderState |-> "LOOKING", vote |-> [leader |-> rid[r116], peerEpoch |-> 0, zxid |-> 0]]: recv118 \in {recv117 \in REPLICA: (recv117 /= r116)}})
IN ApaFoldSet(set_reduce_423, {}, {r114 \in REPLICA: ~((r114 \in CRASHED))})
/\ fle_historical_messages = LET (* @type: (Set({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}), Int) => Set({electionEpoch: Int, receiver: Int, sender: Int, senderState: Str, vote: {leader: Int, peerEpoch: Int, zxid: Int}}); *)
set_reduce_424(acc115, r116) == (acc115 \union {[electionEpoch |-> 1, receiver |-> recv118, sender |-> r116, senderState |-> "LOOKING", vote |-> [leader |-> rid[r116], peerEpoch |-> 0, zxid |-> 0]]: recv118 \in {recv117 \in REPLICA: (recv117 /= r116)}})
IN ApaFoldSet(set_reduce_424, {}, {r114 \in REPLICA: ~((r114 \in CRASHED))})
/\ fle_action = UnionCtor_rough_jumping_emu_NoFleAction
/\ zab_state = [v_119 \in REPLICA |-> "idle"]
/\ zab_accepted_epoch = [v_120 \in REPLICA |-> 0]
/\ zab_current_epoch = [v_121 \in REPLICA |-> 0]
/\ zab_persisted_accepted_epoch = [v_122 \in REPLICA |-> 0]
/\ zab_persisted_current_epoch = [v_123 \in REPLICA |-> 0]
/\ zab_epoch_established = [v_124 \in REPLICA |-> FALSE]
/\ zab_established_epoch = [v_125 \in REPLICA |-> 0]
/\ zab_epoch_connecting_followers = [v_126 \in REPLICA |-> {v_127 \in {0}: FALSE}]
/\ zab_last_zxid = [v_128 \in REPLICA |-> 0]
/\ zab_sync = [v_129 \in REPLICA |-> "none"]
/\ zab_post_uptodate_ack_pending = [v_130 \in REPLICA |-> FALSE]
/\ zab_open_proposals = WSMkSeq0
/\ zab_forwarded_writes = WSMkSeq0
/\ zab_staged_forwarded_writes = WSMkSeq0
/\ zab_staged_direct_writes = WSMkSeq0
/\ zab_pending_proposals = WSMkSeq0
/\ zab_history = [v_131 \in REPLICA |-> WSMkSeq0]
/\ zab_last_committed = [v_132 \in REPLICA |-> [index |-> 0, zxid |-> 0]]
/\ zab_retained_start = [v_133 \in REPLICA |-> 0]
/\ epoch_leader = [v_134 \in (1)..(MAX_EPOCH) |-> {v__135 \in REPLICA: FALSE}]
/\ zab_node_exists = FALSE
/\ zab_visible_exists = [v_136 \in {"/p1", "/p1/c1", "/p1/c2", "/p2", "/p2/c3"} |-> FALSE]
/\ zab_visible_data_version = [v_137 \in {"/p1", "/p1/c1", "/p1/c2", "/p2", "/p2/c3"} |-> 0]
/\ zab_visible_zxid = [v_138 \in {"/p1", "/p1/c1", "/p1/c2", "/p2", "/p2/c3"} |-> 0]
/\ zab_seen_forwarded_request = FALSE
/\ zab_committed_forwarded = FALSE
/\ zab_committed_zxid = 0
/\ zab_client_sessions = [v_139 \in REPLICA |-> {v_140 \in (1)..(MAX_CLIENT_SESSIONS): FALSE}]
/\ zab_action = UnionCtor_new_seeing_kingfisher_NoZabAction
LeaderRetentionAdvanced ==
~(\E replica141 \in REPLICA: (zab_retained_start[replica141] > 0))
Leadership1 ==
\A i142 \in REPLICA: \A j143 \in REPLICA: (/\ /\ /\ (fle_role[i142] = "LEADING")
/\ \/ (zab_state[i142] = "synchronization")
\/ (zab_state[i142] = "broadcast")
/\ /\ (fle_role[j143] = "LEADING")
/\ \/ (zab_state[j143] = "synchronization")
\/ (zab_state[j143] = "broadcast")
/\ (zab_accepted_epoch[i142] = zab_accepted_epoch[j143])) => ((i142 = j143))
Leadership2 ==
\A epoch144 \in (1)..(MAX_EPOCH): (Cardinality(epoch_leader[epoch144]) <= 1)
NewleaderSent ==
~((VariantTag(zab_action) = "SendNewLeader"))
ParentWithTwoChildrenVisible ==
~(/\ /\ zab_visible_exists["/p1"]
/\ zab_visible_exists["/p1/c1"]
/\ zab_visible_exists["/p1/c2"])
PrefixConsistency ==
\A i145 \in REPLICA: \A j146 \in REPLICA: \/ ~(/\ (zab_last_committed[i145].index < zab_last_committed[j146].index)
/\ (zab_last_committed[i145].index > 0))
\/ /\ \A index147 \in (0)..((MAX_HISTORY - 1)): \/ (index147 >= zab_last_committed[i145].index)
\/ /\ (zab_history[i145][(index147) + 1].zxid = zab_history[j146][(index147) + 1].zxid)
/\ (zab_history[i145][(index147) + 1].value = zab_history[j146][(index147) + 1].value)
/\ \/ ~(/\ ~((zab_last_committed[i145].index < zab_last_committed[j146].index))
/\ (zab_last_committed[j146].index > 0))
\/ \A index148 \in (0)..((MAX_HISTORY - 1)): \/ (index148 >= zab_last_committed[j146].index)
\/ /\ (zab_history[i145][(index148) + 1].zxid = zab_history[j146][(index148) + 1].zxid)
/\ (zab_history[i145][(index148) + 1].value = zab_history[j146][(index148) + 1].value)
ProposalHasQuorumAcks ==
~((Len(LET (* @type: ({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}) => Bool; *)
list_filter_425(proposal149) == \E quorum150 \in QUORUMS: (Cardinality({member151 \in quorum150: ~((member151 \in (proposal149.acked_by \union {replica152 \in REPLICA: (fle_role[replica152] = "LEADING")})))}) = 0)
IN SelectSeq(zab_open_proposals, list_filter_425)) > 0))
ProposalInFlight ==
~((Len(zab_open_proposals) > 0))
QuorumRecoveryCompleted ==
~(\E quorum153 \in QUORUMS: /\ \E member154 \in quorum153: (fle_role[member154] = "LEADING")
/\ (Cardinality({member155 \in quorum153: ~(\/ (fle_role[member155] = "LEADING")
\/ /\ (fle_role[member155] = "FOLLOWING")
/\ (zab_sync[member155] = "synced"))}) = 0))
SecondWriteCommittedOnQuorum ==
~(\E quorum156 \in QUORUMS: (Cardinality({member157 \in quorum156: ~((zab_last_committed[member157].index >= 2))}) = 0))
SnapPathTaken ==
~((VariantTag(zab_action) = "SendSnap"))
SomeFollowerSynced ==
~(\E replica158 \in REPLICA: /\ (fle_role[replica158] = "FOLLOWING")
/\ (zab_sync[replica158] = "synced"))
Step ==
\/ lab_proc ::
\/ lab_start ::
/\ \E r \in REPLICA:
/\ tcp_action' = UnionCtor_minor_hiring_magpie_NoTcpAction
/\ fle_action' = UnionCtor_rough_jumping_emu_NoFleAction
/\ zab_action' = UnionCtor_new_seeing_kingfisher_NoZabAction
/\ quorum_reconnect_hint' = 0
/\ last_turn' = "tester"
/\ ("tester" = "tester")
/\ (proc_status[r] = "DOWN")
/\ proc_status' = [proc_status EXCEPT ![r] = IF (r = IUT_REPLICA)
THEN "STARTING"
ELSE "UP"]
/\ fle_logical_clock' = [fle_logical_clock EXCEPT ![r] = 1]
/\ process_action' = UnionCtor_sonic_placing_stallion_Start(r)
/\ fle_role' = [replica160 \in REPLICA |-> IF (replica160 = r)
THEN "LOOKING"
ELSE fle_role[replica160]]
/\ fle_current_vote' = [replica161 \in REPLICA |-> IF (replica161 = r)
THEN IF /\ (replica161 = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN [leader |-> replica_id[replica161], peerEpoch |-> 0, zxid |-> 0]
ELSE [leader |-> replica_id[replica161], peerEpoch |-> zab_current_epoch[replica161], zxid |-> zab_last_zxid[replica161]]
ELSE fle_current_vote[replica161]]
/\ fle_proposed_vote' = [replica162 \in REPLICA |-> IF (replica162 = r)
THEN IF /\ (replica162 = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN [leader |-> replica_id[replica162], peerEpoch |-> 0, zxid |-> 0]
ELSE [leader |-> replica_id[replica162], peerEpoch |-> zab_current_epoch[replica162], zxid |-> zab_last_zxid[replica162]]
ELSE fle_proposed_vote[replica162]]
/\ fle_recv_votes' = [replica163 \in REPLICA |-> IF (replica163 = r)
THEN [v_159 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]]
ELSE fle_recv_votes[replica163]]
/\ fle_out_of_election' = [replica164 \in REPLICA |-> IF (replica164 = r)
THEN [v_159 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]]
ELSE fle_out_of_election[replica164]]
/\ fle_wait_finalize' = [replica165 \in REPLICA |-> IF (replica165 = r)
THEN FALSE
ELSE fle_wait_finalize[replica165]]
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> 1, receiver |-> recv167, sender |-> r, senderState |-> "LOOKING", vote |-> IF /\ (r = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN [leader |-> replica_id[r], peerEpoch |-> 0, zxid |-> 0]
ELSE [leader |-> replica_id[r], peerEpoch |-> zab_current_epoch[r], zxid |-> zab_last_zxid[r]]]: recv167 \in {recv166 \in REPLICA: (recv166 /= r)}})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> 1, receiver |-> recv167, sender |-> r, senderState |-> "LOOKING", vote |-> IF /\ (r = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN [leader |-> replica_id[r], peerEpoch |-> 0, zxid |-> 0]
ELSE [leader |-> replica_id[r], peerEpoch |-> zab_current_epoch[r], zxid |-> zab_last_zxid[r]]]: recv167 \in {recv166 \in REPLICA: (recv166 /= r)}})
/\ zab_state' = [replica168 \in REPLICA |-> IF (replica168 = r)
THEN "idle"
ELSE zab_state[replica168]]
/\ zab_accepted_epoch' = [replica169 \in REPLICA |-> IF /\ (replica169 = r)
/\ /\ (replica169 = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN 0
ELSE zab_accepted_epoch[replica169]]
/\ zab_current_epoch' = [replica170 \in REPLICA |-> IF /\ (replica170 = r)
/\ /\ (replica170 = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN 0
ELSE zab_current_epoch[replica170]]
/\ zab_persisted_accepted_epoch' = [replica171 \in REPLICA |-> IF /\ (replica171 = r)
/\ /\ (replica171 = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN 0
ELSE zab_persisted_accepted_epoch[replica171]]
/\ zab_persisted_current_epoch' = [replica172 \in REPLICA |-> IF /\ (replica172 = r)
/\ /\ (replica172 = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN 0
ELSE zab_persisted_current_epoch[replica172]]
/\ zab_established_epoch' = [replica173 \in REPLICA |-> IF (replica173 = r)
THEN 0
ELSE zab_established_epoch[replica173]]
/\ zab_last_zxid' = [replica174 \in REPLICA |-> IF /\ (replica174 = r)
/\ /\ (replica174 = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN 0
ELSE zab_last_zxid[replica174]]
/\ zab_history' = [replica175 \in REPLICA |-> IF /\ (replica175 = r)
/\ /\ (replica175 = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN WSMkSeq0
ELSE zab_history[replica175]]
/\ zab_last_committed' = [replica176 \in REPLICA |-> IF /\ (replica176 = r)
/\ /\ (replica176 = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN [index |-> 0, zxid |-> 0]
ELSE zab_last_committed[replica176]]
/\ zab_retained_start' = [replica177 \in REPLICA |-> IF /\ (replica177 = r)
/\ /\ (replica177 = IUT_REPLICA)
/\ ~(PERSIST_IUT_STATE)
THEN 0
ELSE zab_retained_start[replica177]]
/\ zab_sync' = [replica178 \in REPLICA |-> IF (replica178 = r)
THEN "none"
ELSE zab_sync[replica178]]
/\ zab_epoch_established' = [replica179 \in REPLICA |-> IF (replica179 = r)
THEN FALSE
ELSE zab_epoch_established[replica179]]
/\ zab_epoch_connecting_followers' = [replica180 \in REPLICA |-> IF (replica180 = r)
THEN {v_181 \in {0}: FALSE}
ELSE zab_epoch_connecting_followers[replica180]]
/\ zab_post_uptodate_ack_pending' = [replica182 \in REPLICA |-> IF (replica182 = r)
THEN FALSE
ELSE zab_post_uptodate_ack_pending[replica182]]
/\ zab_open_proposals' = IF (Cardinality({replica183 \in {r}: ([replica160 \in REPLICA |-> IF (replica160 = r)
THEN "LOOKING"
ELSE fle_role[replica160]][replica183] = "LEADING")}) > 0)
THEN WSMkSeq0
ELSE LET (* @type: (Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}), Int) => Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}); *)
set_reduce_426(acc184, replica185) == LET (* @type: (Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}), {acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}) => Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}); *)
list_reduce_427(acc186, proposal187) == Append(acc186, [acked_by |-> {member189 \in proposal187.acked_by: (member189 /= replica185)}, commits_sent |-> {member190 \in proposal187.commits_sent: (member190 /= replica185)}, dataVersion |-> proposal187.dataVersion, op |-> proposal187.op, path |-> proposal187.path, sent_to |-> {member188 \in proposal187.sent_to: (member188 /= replica185)}, source |-> proposal187.source, zxid |-> proposal187.zxid])
IN ApaFoldSeqLeft(list_reduce_427, WSMkSeq0, acc184)
IN ApaFoldSet(set_reduce_426, zab_open_proposals, {r})
/\ zab_forwarded_writes' = LET (* @type: ({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_428(forwarded191) == /\ ~((forwarded191.follower \in {r}))
/\ ~((forwarded191.leader \in {r}))
IN SelectSeq(zab_forwarded_writes, list_filter_428)
/\ zab_staged_forwarded_writes' = LET (* @type: ({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_429(forwarded192) == /\ ~((forwarded192.follower \in {r}))
/\ ~((forwarded192.leader \in {r}))
IN SelectSeq(zab_staged_forwarded_writes, list_filter_429)
/\ zab_staged_direct_writes' = LET (* @type: ({dataVersion: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_430(staged193) == ~((staged193.leader \in {r}))
IN SelectSeq(zab_staged_direct_writes, list_filter_430)
/\ zab_pending_proposals' = LET (* @type: ({dataVersion: Int, leader: Int, op: Str, path: Str, source: Str, zxid: Int}) => Bool; *)
list_filter_431(proposal194) == ~((proposal194.leader \in {r}))
IN SelectSeq(zab_pending_proposals, list_filter_431)
/\ zab_client_sessions' = [replica195 \in REPLICA |-> IF (replica195 = r)
THEN {v_196 \in (1)..(MAX_CLIENT_SESSIONS): FALSE}
ELSE zab_client_sessions[replica195]]
/\ tcp_status' = [ch197 \in tcp_channels |-> IF /\ /\ (tcp_status[ch197] = "closed")
/\ \/ \/ \/ (ch197.serverAddr = election_addr[r])
\/ (ch197.clientAddr = election_addr[r])
\/ (ch197.serverAddr = quorum_addr[r])
\/ (ch197.clientAddr = quorum_addr[r])
/\ (Cardinality({r2198 \in REPLICA: /\ /\ (r2198 /= r)
/\ \/ \/ \/ (ch197.serverAddr = election_addr[r2198])
\/ (ch197.clientAddr = election_addr[r2198])
\/ (ch197.serverAddr = quorum_addr[r2198])
\/ (ch197.clientAddr = quorum_addr[r2198])
/\ ([proc_status EXCEPT ![r] = IF (r = IUT_REPLICA)
THEN "STARTING"
ELSE "UP"][r2198] = "UP")}) > 0)
THEN "open"
ELSE tcp_status[ch197]]
\/ lab_on_started ::
/\ \E r \in REPLICA:
/\ tcp_action' = UnionCtor_minor_hiring_magpie_NoTcpAction
/\ fle_action' = UnionCtor_rough_jumping_emu_NoFleAction
/\ zab_action' = UnionCtor_new_seeing_kingfisher_NoZabAction
/\ quorum_reconnect_hint' = 0
/\ zab_epoch_established' = [replica199 \in REPLICA |-> IF (replica199 = r)
THEN FALSE
ELSE zab_epoch_established[replica199]]
/\ zab_established_epoch' = [replica200 \in REPLICA |-> IF (replica200 = r)
THEN 0
ELSE zab_established_epoch[replica200]]
/\ zab_epoch_connecting_followers' = [replica201 \in REPLICA |-> IF (replica201 = r)
THEN {v_202 \in {0}: FALSE}
ELSE zab_epoch_connecting_followers[replica201]]
/\ last_turn' = "iut"
/\ ("iut" = "iut")
/\ (r = IUT_REPLICA)
/\ (proc_status[r] = "STARTING")
/\ proc_status' = [proc_status EXCEPT ![r] = "UP"]
/\ fle_logical_clock' = [fle_logical_clock EXCEPT ![r] = 1]
/\ process_action' = UnionCtor_sonic_placing_stallion_OnStarted(r)
/\ UNCHANGED <<tcp_status, fle_role, fle_proposed_vote, fle_current_vote, fle_recv_votes, fle_out_of_election, fle_wait_finalize, fle_sent_messages, fle_historical_messages, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_pending_proposals, zab_history, zab_last_committed, zab_retained_start, zab_client_sessions>>
\/ lab_on_stopped ::
/\ \E r \in REPLICA:
/\ tcp_action' = UnionCtor_minor_hiring_magpie_NoTcpAction
/\ fle_action' = UnionCtor_rough_jumping_emu_NoFleAction
/\ zab_action' = UnionCtor_new_seeing_kingfisher_NoZabAction
/\ quorum_reconnect_hint' = 0
/\ zab_epoch_established' = [replica203 \in REPLICA |-> IF (replica203 = r)
THEN FALSE
ELSE zab_epoch_established[replica203]]
/\ zab_established_epoch' = [replica204 \in REPLICA |-> IF (replica204 = r)
THEN 0
ELSE zab_established_epoch[replica204]]
/\ zab_epoch_connecting_followers' = [replica205 \in REPLICA |-> IF (replica205 = r)
THEN {v_206 \in {0}: FALSE}
ELSE zab_epoch_connecting_followers[replica205]]
/\ last_turn' = "iut"
/\ ("iut" = "iut")
/\ (r = IUT_REPLICA)
/\ (proc_status[r] = "STOPPING")
/\ proc_status' = [proc_status EXCEPT ![r] = "DOWN"]
/\ process_action' = UnionCtor_sonic_placing_stallion_OnStopped(r)
/\ UNCHANGED <<tcp_status, fle_role, fle_logical_clock, fle_proposed_vote, fle_current_vote, fle_recv_votes, fle_out_of_election, fle_wait_finalize, fle_sent_messages, fle_historical_messages, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_pending_proposals, zab_history, zab_last_committed, zab_retained_start, zab_client_sessions>>
/\ UNCHANGED <<zab_committed_zxid, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded>>
\/ lab_tcp ::
/\ \E next_turn \in {"tester", "iut"}:
/\ process_action' = UnionCtor_sonic_placing_stallion_NoAction
/\ fle_action' = UnionCtor_rough_jumping_emu_NoFleAction
/\ zab_action' = UnionCtor_new_seeing_kingfisher_NoZabAction
/\ last_turn' = next_turn
/\ \/ lab_tcp_connect(next_turn) ::
/\ \E ch \in tcp_channels:
/\ \/ /\ (next_turn = "iut")
/\ \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
\/ /\ (next_turn = "tester")
/\ ~(\/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881"))
/\ \/ \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
\/ (proc_status[IF \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
THEN 1
ELSE IF \/ (ch.clientAddr = "localhost:3882")
\/ (ch.clientAddr = "localhost:2882")
THEN 2
ELSE IF \/ (ch.clientAddr = "localhost:3883")
\/ (ch.clientAddr = "localhost:2883")
THEN 3
ELSE IF \/ (ch.clientAddr = "localhost:3884")
\/ (ch.clientAddr = "localhost:2884")
THEN 4
ELSE IF \/ (ch.clientAddr = "localhost:3885")
\/ (ch.clientAddr = "localhost:2885")
THEN 5
ELSE IF \/ (ch.clientAddr = "localhost:3886")
\/ (ch.clientAddr = "localhost:2886")
THEN 6
ELSE 7] = "UP")
/\ \/ (tcp_status[ch] = "open")
\/ (tcp_status[ch] = "closed")
/\ tcp_status' = [tcp_status EXCEPT ![ch] = IF \/ \/ (ch.serverAddr = "localhost:3881")
\/ (ch.serverAddr = "localhost:2881")
\/ \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
THEN "connecting"
ELSE "connected"]
/\ quorum_reconnect_hint' = IF (ch.kind = "quorum")
THEN IF \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
THEN 1
ELSE IF \/ (ch.clientAddr = "localhost:3882")
\/ (ch.clientAddr = "localhost:2882")
THEN 2
ELSE IF \/ (ch.clientAddr = "localhost:3883")
\/ (ch.clientAddr = "localhost:2883")
THEN 3
ELSE IF \/ (ch.clientAddr = "localhost:3884")
\/ (ch.clientAddr = "localhost:2884")
THEN 4
ELSE IF \/ (ch.clientAddr = "localhost:3885")
\/ (ch.clientAddr = "localhost:2885")
THEN 5
ELSE IF \/ (ch.clientAddr = "localhost:3886")
\/ (ch.clientAddr = "localhost:2886")
THEN 6
ELSE 7
ELSE quorum_reconnect_hint
/\ tcp_action' = UnionCtor_minor_hiring_magpie_Connect(ch)
\/ lab_tcp_accept(next_turn) ::
/\ \E ch \in tcp_channels:
/\ (next_turn = "iut")
/\ \/ \/ (ch.serverAddr = "localhost:3881")
\/ (ch.serverAddr = "localhost:2881")
\/ (proc_status[IF \/ (ch.serverAddr = "localhost:3881")
\/ (ch.serverAddr = "localhost:2881")
THEN 1
ELSE IF \/ (ch.serverAddr = "localhost:3882")
\/ (ch.serverAddr = "localhost:2882")
THEN 2
ELSE IF \/ (ch.serverAddr = "localhost:3883")
\/ (ch.serverAddr = "localhost:2883")
THEN 3
ELSE IF \/ (ch.serverAddr = "localhost:3884")
\/ (ch.serverAddr = "localhost:2884")
THEN 4
ELSE IF \/ (ch.serverAddr = "localhost:3885")
\/ (ch.serverAddr = "localhost:2885")
THEN 5
ELSE IF \/ (ch.serverAddr = "localhost:3886")
\/ (ch.serverAddr = "localhost:2886")
THEN 6
ELSE 7] = "UP")
/\ \/ \/ (tcp_status[ch] = "connecting")
\/ (tcp_status[ch] = "open")
\/ (tcp_status[ch] = "closed")
/\ tcp_status' = [tcp_status EXCEPT ![ch] = "connected"]
/\ quorum_reconnect_hint' = IF (ch.kind = "quorum")
THEN IF \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
THEN 1
ELSE IF \/ (ch.clientAddr = "localhost:3882")
\/ (ch.clientAddr = "localhost:2882")
THEN 2
ELSE IF \/ (ch.clientAddr = "localhost:3883")
\/ (ch.clientAddr = "localhost:2883")
THEN 3
ELSE IF \/ (ch.clientAddr = "localhost:3884")
\/ (ch.clientAddr = "localhost:2884")
THEN 4
ELSE IF \/ (ch.clientAddr = "localhost:3885")
\/ (ch.clientAddr = "localhost:2885")
THEN 5
ELSE IF \/ (ch.clientAddr = "localhost:3886")
\/ (ch.clientAddr = "localhost:2886")
THEN 6
ELSE 7
ELSE quorum_reconnect_hint
/\ tcp_action' = UnionCtor_minor_hiring_magpie_Accept(ch)
\/ lab_tcp_disconnect(next_turn) ::
/\ \E ch \in tcp_channels:
/\ \/ /\ (next_turn = "tester")
/\ \/ ~(\/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881"))
\/ ~(\/ (ch.serverAddr = "localhost:3881")
\/ (ch.serverAddr = "localhost:2881"))
\/ /\ (next_turn = "iut")
/\ \/ \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
\/ \/ (ch.serverAddr = "localhost:3881")
\/ (ch.serverAddr = "localhost:2881")
/\ \/ \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
\/ (proc_status[IF \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
THEN 1
ELSE IF \/ (ch.clientAddr = "localhost:3882")
\/ (ch.clientAddr = "localhost:2882")
THEN 2
ELSE IF \/ (ch.clientAddr = "localhost:3883")
\/ (ch.clientAddr = "localhost:2883")
THEN 3
ELSE IF \/ (ch.clientAddr = "localhost:3884")
\/ (ch.clientAddr = "localhost:2884")
THEN 4
ELSE IF \/ (ch.clientAddr = "localhost:3885")
\/ (ch.clientAddr = "localhost:2885")
THEN 5
ELSE IF \/ (ch.clientAddr = "localhost:3886")
\/ (ch.clientAddr = "localhost:2886")
THEN 6
ELSE 7] = "UP")
/\ \/ (tcp_status[ch] = "connected")
\/ (tcp_status[ch] = "half_closed")
/\ tcp_status' = [tcp_status EXCEPT ![ch] = "closed"]
/\ quorum_reconnect_hint' = 0
/\ tcp_action' = UnionCtor_minor_hiring_magpie_Disconnect(ch)
\/ lab_tcp_half_close(next_turn) ::
/\ \E ch \in tcp_channels:
/\ \/ /\ (next_turn = "tester")
/\ \/ ~(\/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881"))
\/ ~(\/ (ch.serverAddr = "localhost:3881")
\/ (ch.serverAddr = "localhost:2881"))
\/ /\ (next_turn = "iut")
/\ \/ \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
\/ \/ (ch.serverAddr = "localhost:3881")
\/ (ch.serverAddr = "localhost:2881")
/\ \/ \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
\/ (proc_status[IF \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
THEN 1
ELSE IF \/ (ch.clientAddr = "localhost:3882")
\/ (ch.clientAddr = "localhost:2882")
THEN 2
ELSE IF \/ (ch.clientAddr = "localhost:3883")
\/ (ch.clientAddr = "localhost:2883")
THEN 3
ELSE IF \/ (ch.clientAddr = "localhost:3884")
\/ (ch.clientAddr = "localhost:2884")
THEN 4
ELSE IF \/ (ch.clientAddr = "localhost:3885")
\/ (ch.clientAddr = "localhost:2885")
THEN 5
ELSE IF \/ (ch.clientAddr = "localhost:3886")
\/ (ch.clientAddr = "localhost:2886")
THEN 6
ELSE 7] = "UP")
/\ (tcp_status[ch] = "connected")
/\ tcp_status' = [tcp_status EXCEPT ![ch] = "half_closed"]
/\ quorum_reconnect_hint' = 0
/\ tcp_action' = UnionCtor_minor_hiring_magpie_HalfClose(ch)
\/ lab_tcp_reset(next_turn) ::
/\ \E ch \in tcp_channels:
/\ \/ /\ (next_turn = "tester")
/\ \/ ~(\/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881"))
\/ ~(\/ (ch.serverAddr = "localhost:3881")
\/ (ch.serverAddr = "localhost:2881"))
\/ /\ (next_turn = "iut")
/\ \/ \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
\/ \/ (ch.serverAddr = "localhost:3881")
\/ (ch.serverAddr = "localhost:2881")
/\ \/ \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
\/ (proc_status[IF \/ (ch.clientAddr = "localhost:3881")
\/ (ch.clientAddr = "localhost:2881")
THEN 1
ELSE IF \/ (ch.clientAddr = "localhost:3882")
\/ (ch.clientAddr = "localhost:2882")
THEN 2
ELSE IF \/ (ch.clientAddr = "localhost:3883")
\/ (ch.clientAddr = "localhost:2883")
THEN 3
ELSE IF \/ (ch.clientAddr = "localhost:3884")
\/ (ch.clientAddr = "localhost:2884")
THEN 4
ELSE IF \/ (ch.clientAddr = "localhost:3885")
\/ (ch.clientAddr = "localhost:2885")
THEN 5
ELSE IF \/ (ch.clientAddr = "localhost:3886")
\/ (ch.clientAddr = "localhost:2886")
THEN 6
ELSE 7] = "UP")
/\ (tcp_status[ch] /= "closed")
/\ tcp_status' = [tcp_status EXCEPT ![ch] = "closed"]
/\ quorum_reconnect_hint' = 0
/\ tcp_action' = UnionCtor_minor_hiring_magpie_Reset(ch)
\/ lab_tcp_refused(next_turn) ::
/\ \E ch \in tcp_channels:
/\ (next_turn = "iut")
/\ (tcp_status[ch] = "connecting")
/\ tcp_status' = [tcp_status EXCEPT ![ch] = "closed"]
/\ quorum_reconnect_hint' = 0
/\ tcp_action' = UnionCtor_minor_hiring_magpie_Refused(ch)
/\ UNCHANGED <<proc_status, fle_role, fle_logical_clock, fle_proposed_vote, fle_current_vote, fle_recv_votes, fle_out_of_election, fle_wait_finalize, fle_sent_messages, fle_historical_messages, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_pending_proposals, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_fle ::
/\ \E next_turn \in {"tester", "iut"}:
/\ process_action' = UnionCtor_sonic_placing_stallion_NoAction
/\ tcp_action' = UnionCtor_minor_hiring_magpie_NoTcpAction
/\ zab_action' = UnionCtor_new_seeing_kingfisher_NoZabAction
/\ last_turn' = next_turn
/\ \/ lab_fle_send_notification(next_turn) ::
/\ \E sender \in REPLICA:
/\ \E receiver \in REPLICA:
/\ (sender /= receiver)
/\ ((next_turn = "iut") = (sender = IUT_REPLICA))
/\ \/ (proc_status[sender] = "UP")
\/ /\ (sender = IUT_REPLICA)
/\ (proc_status[sender] = "STARTING")
/\ \/ (sender = IUT_REPLICA)
\/ \/ (tcp_status[[clientAddr |-> election_addr[IF (sender < receiver)
THEN receiver
ELSE sender], kind |-> "election", serverAddr |-> election_addr[IF (sender < receiver)
THEN sender
ELSE receiver]]] = "connected")
\/ /\ /\ (tcp_status[[clientAddr |-> election_addr[IF (sender < receiver)
THEN receiver
ELSE sender], kind |-> "election", serverAddr |-> election_addr[IF (sender < receiver)
THEN sender
ELSE receiver]]] = "half_closed")
/\ (sender = IUT_REPLICA)
/\ (receiver /= IUT_REPLICA)
/\ \/ lab_HistoricalRetransmit(sender, receiver) ::
\/ lab_ExactHistoricalRetransmit ::
/\ \E notification \in fle_historical_messages:
/\ (sender = notification.sender)
/\ (receiver = notification.receiver)
/\ fle_action' = UnionCtor_rough_jumping_emu_SendNotification(notification)
/\ UNCHANGED fle_historical_messages
\/ lab_SynthesizedStaleOOERetransmit ::
/\ \E stale_sender_state \in {"FOLLOWING", "LEADING"}:
/\ \E stale_leader_replica \in REPLICA:
/\ \E stale_election_epoch \in {0, 1, (fle_logical_clock[sender] - 1)}:
/\ \E stale_zxid \in {0, zab_last_zxid[sender], fle_current_vote[sender].zxid}:
/\ \E stale_peer_epoch \in {0, zab_current_epoch[sender], fle_current_vote[sender].peerEpoch}:
/\ (fle_role[sender] = "LOOKING")
/\ (stale_election_epoch < fle_logical_clock[sender])
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> stale_sender_state, vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]]})
/\ fle_action' = UnionCtor_rough_jumping_emu_SendNotification([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> stale_sender_state, vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]])
/\ UNCHANGED fle_sent_messages
\/ lab_LookingSender(sender, receiver) ::
\/ lab_FreshLookingNotification ::
/\ (fle_role[sender] = "LOOKING")
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> fle_logical_clock[sender], receiver |-> receiver, sender |-> sender, senderState |-> fle_role[sender], vote |-> [leader |-> fle_proposed_vote[sender].leader, peerEpoch |-> zab_persisted_current_epoch[sender], zxid |-> fle_proposed_vote[sender].zxid]]})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> fle_logical_clock[sender], receiver |-> receiver, sender |-> sender, senderState |-> fle_role[sender], vote |-> [leader |-> fle_proposed_vote[sender].leader, peerEpoch |-> zab_persisted_current_epoch[sender], zxid |-> fle_proposed_vote[sender].zxid]]})
/\ fle_action' = UnionCtor_rough_jumping_emu_SendNotification([electionEpoch |-> fle_logical_clock[sender], receiver |-> receiver, sender |-> sender, senderState |-> fle_role[sender], vote |-> [leader |-> fle_proposed_vote[sender].leader, peerEpoch |-> zab_persisted_current_epoch[sender], zxid |-> fle_proposed_vote[sender].zxid]])
\/ lab_SynthesizedStaleCurrentLookingNotification ::
/\ \E stale_leader_replica \in REPLICA:
/\ \E stale_election_epoch \in {0, 1, fle_logical_clock[sender]}:
/\ \E stale_zxid \in {0, zab_last_zxid[sender], [leader |-> fle_proposed_vote[sender].leader, peerEpoch |-> zab_persisted_current_epoch[sender], zxid |-> fle_proposed_vote[sender].zxid].zxid}:
/\ \E stale_peer_epoch \in {0, zab_persisted_current_epoch[sender]}:
/\ (fle_role[sender] = "LOOKING")
/\ /\ (sender = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender)
/\ (receiver = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver)
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState = "LOOKING")
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch <= fle_logical_clock[sender])
/\ \E member207 \in REPLICA: (replica_id[member207] = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader)
/\ \/ (fle_role[sender] /= "LOOKING")
\/ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch < fle_logical_clock[sender])
\/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote /= fle_proposed_vote[sender])
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]]})
/\ fle_action' = UnionCtor_rough_jumping_emu_SendNotification([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]])
/\ UNCHANGED fle_sent_messages
\/ lab_OOESender(sender, receiver) ::
/\ \/ (fle_role[sender] = "FOLLOWING")
\/ (fle_role[sender] = "LEADING")
/\ \/ lab_QueuedLookingNotification ::
\/ lab_HistoricalQueuedLookingNotification ::
/\ \E notification \in fle_historical_messages:
/\ /\ (sender = notification.sender)
/\ (receiver = notification.receiver)
/\ (notification.senderState = "LOOKING")
/\ (notification.electionEpoch <= fle_logical_clock[sender])
/\ \E member208 \in REPLICA: (replica_id[member208] = notification.vote.leader)
/\ \/ (fle_role[sender] /= "LOOKING")
\/ \/ (notification.electionEpoch < fle_logical_clock[sender])
\/ (notification.vote /= fle_proposed_vote[sender])
/\ fle_action' = UnionCtor_rough_jumping_emu_SendNotification(notification)
/\ UNCHANGED fle_historical_messages
\/ lab_SynthesizedStaleLookingNotification ::
/\ \E stale_leader_replica \in REPLICA:
/\ \E stale_election_epoch \in {0, 1, fle_logical_clock[sender]}:
/\ \E stale_zxid \in {0, zab_last_zxid[sender], [leader |-> fle_proposed_vote[sender].leader, peerEpoch |-> zab_persisted_current_epoch[sender], zxid |-> fle_proposed_vote[sender].zxid].zxid}:
/\ \E stale_peer_epoch \in {0, zab_persisted_current_epoch[sender]}:
/\ /\ (sender = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender)
/\ (receiver = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver)
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState = "LOOKING")
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch <= fle_logical_clock[sender])
/\ \E member209 \in REPLICA: (replica_id[member209] = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader)
/\ \/ (fle_role[sender] /= "LOOKING")
\/ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch < fle_logical_clock[sender])
\/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote /= fle_proposed_vote[sender])
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]]})
/\ fle_action' = UnionCtor_rough_jumping_emu_SendNotification([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]])
/\ UNCHANGED fle_sent_messages
\/ lab_FreshOOENotification ::
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> fle_logical_clock[sender], receiver |-> receiver, sender |-> sender, senderState |-> fle_role[sender], vote |-> [leader |-> fle_current_vote[sender].leader, peerEpoch |-> fle_current_vote[sender].peerEpoch, zxid |-> fle_current_vote[sender].zxid]]})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> fle_logical_clock[sender], receiver |-> receiver, sender |-> sender, senderState |-> fle_role[sender], vote |-> [leader |-> fle_current_vote[sender].leader, peerEpoch |-> fle_current_vote[sender].peerEpoch, zxid |-> fle_current_vote[sender].zxid]]})
/\ fle_action' = UnionCtor_rough_jumping_emu_SendNotification([electionEpoch |-> fle_logical_clock[sender], receiver |-> receiver, sender |-> sender, senderState |-> fle_role[sender], vote |-> [leader |-> fle_current_vote[sender].leader, peerEpoch |-> fle_current_vote[sender].peerEpoch, zxid |-> fle_current_vote[sender].zxid]])
/\ UNCHANGED <<fle_role, fle_logical_clock, fle_proposed_vote, fle_current_vote, fle_recv_votes, fle_out_of_election, fle_wait_finalize>>
\/ lab_fle_rcv_notification(next_turn) ::
/\ \E receiver \in REPLICA:
/\ ((next_turn = "iut") = (receiver = IUT_REPLICA))
/\ \/ (proc_status[receiver] = "UP")
\/ /\ (receiver = IUT_REPLICA)
/\ (proc_status[receiver] = "STARTING")
/\ \/ lab_RcvWhileLooking(receiver) ::
/\ (fle_role[receiver] = "LOOKING")
/\ \/ lab_SenderLooking ::
\/ lab_ExactLookingReceive ::
/\ \E notification \in (fle_sent_messages \union fle_historical_messages):
/\ (receiver = notification.receiver)
/\ (notification.senderState = "LOOKING")
/\ \/ lab_FreshExactLookingReceive(notification) ::
/\ \/ (notification.electionEpoch > fle_logical_clock[receiver])
\/ /\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ \/ (notification.vote.peerEpoch > fle_proposed_vote[receiver].peerEpoch)
\/ /\ (notification.vote.peerEpoch = fle_proposed_vote[receiver].peerEpoch)
/\ \/ (notification.vote.zxid > fle_proposed_vote[receiver].zxid)
\/ /\ (notification.vote.zxid = fle_proposed_vote[receiver].zxid)
/\ (notification.vote.leader > fle_proposed_vote[receiver].leader)
/\ fle_logical_clock' = [fle_logical_clock EXCEPT ![notification.receiver] = IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN notification.electionEpoch
ELSE fle_logical_clock[notification.receiver]]
/\ fle_proposed_vote' = [fle_proposed_vote EXCEPT ![notification.receiver] = IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN IF \/ (notification.vote.peerEpoch > [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].peerEpoch)
\/ /\ (notification.vote.peerEpoch = [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].peerEpoch)
/\ \/ (notification.vote.zxid > [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].zxid)
\/ /\ (notification.vote.zxid = [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].zxid)
/\ (notification.vote.leader > [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].leader)
THEN notification.vote
ELSE [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]]
ELSE IF /\ (notification.electionEpoch = fle_logical_clock[notification.receiver])
/\ \/ (notification.vote.peerEpoch > fle_proposed_vote[notification.receiver].peerEpoch)
\/ /\ (notification.vote.peerEpoch = fle_proposed_vote[notification.receiver].peerEpoch)
/\ \/ (notification.vote.zxid > fle_proposed_vote[notification.receiver].zxid)
\/ /\ (notification.vote.zxid = fle_proposed_vote[notification.receiver].zxid)
/\ (notification.vote.leader > fle_proposed_vote[notification.receiver].leader)
THEN notification.vote
ELSE fle_proposed_vote[notification.receiver]]
/\ fle_recv_votes' = [fle_recv_votes EXCEPT ![notification.receiver] = IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN [[v_210 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE [fle_recv_votes[notification.receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]]
/\ fle_wait_finalize' = [fle_wait_finalize EXCEPT ![notification.receiver] = IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN (Cardinality({quorum211 \in QUORUMS: /\ (Cardinality({member212 \in quorum211: (member212 = notification.receiver)}) = 1)
/\ (Cardinality({member213 \in quorum211: IF (member213 = notification.receiver)
THEN TRUE
ELSE /\ ((IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN [[v_210 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE [fle_recv_votes[notification.receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]])[member213].round = IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN notification.electionEpoch
ELSE fle_logical_clock[notification.receiver])
/\ ((IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN [[v_210 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE [fle_recv_votes[notification.receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]])[member213].vote = IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN IF \/ (notification.vote.peerEpoch > [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].peerEpoch)
\/ /\ (notification.vote.peerEpoch = [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].peerEpoch)
/\ \/ (notification.vote.zxid > [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].zxid)
\/ /\ (notification.vote.zxid = [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].zxid)
/\ (notification.vote.leader > [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].leader)
THEN notification.vote
ELSE [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]]
ELSE IF /\ (notification.electionEpoch = fle_logical_clock[notification.receiver])
/\ \/ (notification.vote.peerEpoch > fle_proposed_vote[notification.receiver].peerEpoch)
\/ /\ (notification.vote.peerEpoch = fle_proposed_vote[notification.receiver].peerEpoch)
/\ \/ (notification.vote.zxid > fle_proposed_vote[notification.receiver].zxid)
\/ /\ (notification.vote.zxid = fle_proposed_vote[notification.receiver].zxid)
/\ (notification.vote.leader > fle_proposed_vote[notification.receiver].leader)
THEN notification.vote
ELSE fle_proposed_vote[notification.receiver])}) = Cardinality(quorum211))}) > 0)
ELSE \/ fle_wait_finalize[notification.receiver]
\/ (Cardinality({quorum211 \in QUORUMS: /\ (Cardinality({member212 \in quorum211: (member212 = notification.receiver)}) = 1)
/\ (Cardinality({member213 \in quorum211: IF (member213 = notification.receiver)
THEN TRUE
ELSE /\ ((IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN [[v_210 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE [fle_recv_votes[notification.receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]])[member213].round = IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN notification.electionEpoch
ELSE fle_logical_clock[notification.receiver])
/\ ((IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN [[v_210 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE [fle_recv_votes[notification.receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]])[member213].vote = IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN IF \/ (notification.vote.peerEpoch > [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].peerEpoch)
\/ /\ (notification.vote.peerEpoch = [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].peerEpoch)
/\ \/ (notification.vote.zxid > [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].zxid)
\/ /\ (notification.vote.zxid = [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].zxid)
/\ (notification.vote.leader > [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]].leader)
THEN notification.vote
ELSE [leader |-> replica_id[notification.receiver], peerEpoch |-> zab_current_epoch[notification.receiver], zxid |-> zab_last_zxid[notification.receiver]]
ELSE IF /\ (notification.electionEpoch = fle_logical_clock[notification.receiver])
/\ \/ (notification.vote.peerEpoch > fle_proposed_vote[notification.receiver].peerEpoch)
\/ /\ (notification.vote.peerEpoch = fle_proposed_vote[notification.receiver].peerEpoch)
/\ \/ (notification.vote.zxid > fle_proposed_vote[notification.receiver].zxid)
\/ /\ (notification.vote.zxid = fle_proposed_vote[notification.receiver].zxid)
/\ (notification.vote.leader > fle_proposed_vote[notification.receiver].leader)
THEN notification.vote
ELSE fle_proposed_vote[notification.receiver])}) = Cardinality(quorum211))}) > 0)]
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver215, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver215 \in {receiver214 \in REPLICA: (receiver214 /= receiver)}})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver217, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver217 \in {receiver216 \in REPLICA: (receiver216 /= receiver)}})
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification(notification)
\/ lab_StaleExactLookingReceive(notification) ::
/\ ~(\/ (notification.electionEpoch > fle_logical_clock[receiver])
\/ /\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ \/ (notification.vote.peerEpoch > fle_proposed_vote[receiver].peerEpoch)
\/ /\ (notification.vote.peerEpoch = fle_proposed_vote[receiver].peerEpoch)
/\ \/ (notification.vote.zxid > fle_proposed_vote[receiver].zxid)
\/ /\ (notification.vote.zxid = fle_proposed_vote[receiver].zxid)
/\ (notification.vote.leader > fle_proposed_vote[receiver].leader))
/\ \/ lab_LowerRoundExactLookingReceive ::
/\ (notification.electionEpoch < fle_logical_clock[receiver])
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver219, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver219 \in {receiver218 \in REPLICA: (receiver218 /= receiver)}})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver221, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver221 \in {receiver220 \in REPLICA: (receiver220 /= receiver)}})
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification(notification)
/\ UNCHANGED <<fle_recv_votes, fle_wait_finalize>>
\/ lab_SameRoundStaleExactLookingReceive ::
/\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ fle_recv_votes' = [fle_recv_votes EXCEPT ![receiver] = IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN [[v_222 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE [fle_recv_votes[notification.receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]]
/\ fle_wait_finalize' = [fle_wait_finalize EXCEPT ![receiver] = IF FALSE
THEN (Cardinality({quorum223 \in QUORUMS: /\ (Cardinality({member224 \in quorum223: (member224 = notification.receiver)}) = 1)
/\ (Cardinality({member225 \in quorum223: IF (member225 = notification.receiver)
THEN TRUE
ELSE /\ ((IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN [[v_222 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE [fle_recv_votes[notification.receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]])[member225].round = fle_logical_clock[notification.receiver])
/\ ((IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN [[v_222 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE [fle_recv_votes[notification.receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]])[member225].vote = fle_proposed_vote[notification.receiver])}) = Cardinality(quorum223))}) > 0)
ELSE \/ fle_wait_finalize[notification.receiver]
\/ (Cardinality({quorum223 \in QUORUMS: /\ (Cardinality({member224 \in quorum223: (member224 = notification.receiver)}) = 1)
/\ (Cardinality({member225 \in quorum223: IF (member225 = notification.receiver)
THEN TRUE
ELSE /\ ((IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN [[v_222 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE [fle_recv_votes[notification.receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]])[member225].round = fle_logical_clock[notification.receiver])
/\ ((IF (notification.electionEpoch > fle_logical_clock[notification.receiver])
THEN [[v_222 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE [fle_recv_votes[notification.receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]])[member225].vote = fle_proposed_vote[notification.receiver])}) = Cardinality(quorum223))}) > 0)]
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver227, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver227 \in {receiver226 \in REPLICA: (receiver226 /= receiver)}})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver229, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver229 \in {receiver228 \in REPLICA: (receiver228 /= receiver)}})
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification(notification)
/\ UNCHANGED <<fle_logical_clock, fle_proposed_vote>>
\/ lab_SynthesizedPlausibleLookingReceive ::
/\ \E sender \in REPLICA:
/\ \E stale_leader_replica \in REPLICA:
/\ \E stale_election_epoch \in {0, 1, fle_logical_clock[sender]}:
/\ \E stale_zxid \in {0, zab_last_zxid[sender], [leader |-> fle_proposed_vote[sender].leader, peerEpoch |-> zab_persisted_current_epoch[sender], zxid |-> fle_proposed_vote[sender].zxid].zxid}:
/\ \E stale_peer_epoch \in {0, zab_persisted_current_epoch[sender]}:
/\ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState = "LOOKING")
/\ \E member230 \in REPLICA: (replica_id[member230] = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader)
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch <= fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender])
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid <= zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender])
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch <= zab_persisted_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender])
/\ (sender /= receiver)
/\ \/ lab_FreshSynthesizedLookingReceive(sender, stale_leader_replica, stale_election_epoch, stale_zxid, stale_peer_epoch) ::
/\ (/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState = "LOOKING")
/\ \E member231 \in REPLICA: (replica_id[member231] = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader)
/\ \/ (fle_role[receiver] /= "LOOKING")
\/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch < fle_logical_clock[receiver])
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch = fle_logical_clock[receiver])
/\ \/ (fle_proposed_vote[receiver].peerEpoch > [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch)
\/ /\ (fle_proposed_vote[receiver].peerEpoch = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch)
/\ \/ (fle_proposed_vote[receiver].zxid > [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid)
\/ /\ (fle_proposed_vote[receiver].zxid = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid)
/\ (fle_proposed_vote[receiver].leader > [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader) = FALSE)
/\ fle_logical_clock' = [fle_logical_clock EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] = IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch
ELSE fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]]
/\ fle_proposed_vote' = [fle_proposed_vote EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] = IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN IF \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch > [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].peerEpoch)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch = [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].peerEpoch)
/\ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid > [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].zxid)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid = [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].zxid)
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader > [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].leader)
THEN [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote
ELSE [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]]
ELSE IF /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch = fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
/\ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch > fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].peerEpoch)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch = fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].peerEpoch)
/\ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid > fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].zxid)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid = fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].zxid)
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader > fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].leader)
THEN [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote
ELSE fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]]
/\ fle_recv_votes' = [fle_recv_votes EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] = IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [[v_232 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]
ELSE [fle_recv_votes[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]]
/\ fle_wait_finalize' = [fle_wait_finalize EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] = IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN (Cardinality({quorum233 \in QUORUMS: /\ (Cardinality({member234 \in quorum233: (member234 = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver)}) = 1)
/\ (Cardinality({member235 \in quorum233: IF (member235 = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver)
THEN TRUE
ELSE /\ ((IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [[v_232 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]
ELSE [fle_recv_votes[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]])[member235].round = IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch
ELSE fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
/\ ((IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [[v_232 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]
ELSE [fle_recv_votes[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]])[member235].vote = IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN IF \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch > [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].peerEpoch)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch = [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].peerEpoch)
/\ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid > [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].zxid)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid = [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].zxid)
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader > [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].leader)
THEN [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote
ELSE [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]]
ELSE IF /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch = fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
/\ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch > fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].peerEpoch)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch = fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].peerEpoch)
/\ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid > fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].zxid)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid = fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].zxid)
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader > fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].leader)
THEN [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote
ELSE fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])}) = Cardinality(quorum233))}) > 0)
ELSE \/ fle_wait_finalize[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]
\/ (Cardinality({quorum233 \in QUORUMS: /\ (Cardinality({member234 \in quorum233: (member234 = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver)}) = 1)
/\ (Cardinality({member235 \in quorum233: IF (member235 = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver)
THEN TRUE
ELSE /\ ((IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [[v_232 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]
ELSE [fle_recv_votes[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]])[member235].round = IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch
ELSE fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
/\ ((IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [[v_232 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]
ELSE [fle_recv_votes[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]])[member235].vote = IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN IF \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch > [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].peerEpoch)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch = [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].peerEpoch)
/\ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid > [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].zxid)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid = [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].zxid)
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader > [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]].leader)
THEN [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote
ELSE [leader |-> replica_id[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], peerEpoch |-> zab_current_epoch[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver], zxid |-> zab_last_zxid[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]]
ELSE IF /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch = fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
/\ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch > fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].peerEpoch)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch = fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].peerEpoch)
/\ \/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid > fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].zxid)
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid = fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].zxid)
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader > fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver].leader)
THEN [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote
ELSE fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])}) = Cardinality(quorum233))}) > 0)]
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver237, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver237 \in {receiver236 \in REPLICA: (receiver236 /= receiver)}})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver239, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver239 \in {receiver238 \in REPLICA: (receiver238 /= receiver)}})
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]])
\/ lab_StaleSynthesizedLookingReceive(sender, stale_leader_replica, stale_election_epoch, stale_zxid, stale_peer_epoch) ::
/\ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState = "LOOKING")
/\ \E member240 \in REPLICA: (replica_id[member240] = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader)
/\ \/ (fle_role[receiver] /= "LOOKING")
\/ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch < fle_logical_clock[receiver])
\/ /\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch = fle_logical_clock[receiver])
/\ \/ (fle_proposed_vote[receiver].peerEpoch > [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch)
\/ /\ (fle_proposed_vote[receiver].peerEpoch = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.peerEpoch)
/\ \/ (fle_proposed_vote[receiver].zxid > [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid)
\/ /\ (fle_proposed_vote[receiver].zxid = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.zxid)
/\ (fle_proposed_vote[receiver].leader > [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote.leader)
/\ \/ lab_LowerRoundSynthesizedLookingReceive ::
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch < fle_logical_clock[receiver])
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver242, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver242 \in {receiver241 \in REPLICA: (receiver241 /= receiver)}})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver244, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver244 \in {receiver243 \in REPLICA: (receiver243 /= receiver)}})
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]])
/\ UNCHANGED <<fle_recv_votes, fle_wait_finalize>>
\/ lab_SameRoundStaleSynthesizedLookingReceive ::
/\ ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch = fle_logical_clock[receiver])
/\ fle_recv_votes' = [fle_recv_votes EXCEPT ![receiver] = IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [[v_245 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]
ELSE [fle_recv_votes[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]]
/\ fle_wait_finalize' = [fle_wait_finalize EXCEPT ![receiver] = IF FALSE
THEN (Cardinality({quorum246 \in QUORUMS: /\ (Cardinality({member247 \in quorum246: (member247 = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver)}) = 1)
/\ (Cardinality({member248 \in quorum246: IF (member248 = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver)
THEN TRUE
ELSE /\ ((IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [[v_245 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]
ELSE [fle_recv_votes[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]])[member248].round = fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
/\ ((IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [[v_245 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]
ELSE [fle_recv_votes[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]])[member248].vote = fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])}) = Cardinality(quorum246))}) > 0)
ELSE \/ fle_wait_finalize[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver]
\/ (Cardinality({quorum246 \in QUORUMS: /\ (Cardinality({member247 \in quorum246: (member247 = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver)}) = 1)
/\ (Cardinality({member248 \in quorum246: IF (member248 = [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver)
THEN TRUE
ELSE /\ ((IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [[v_245 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]
ELSE [fle_recv_votes[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]])[member248].round = fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
/\ ((IF ([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch > fle_logical_clock[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])
THEN [[v_245 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]]
ELSE [fle_recv_votes[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver] EXCEPT ![[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].sender] = [round |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].electionEpoch, state |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].senderState, vote |-> [electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].vote]])[member248].vote = fle_proposed_vote[[electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]].receiver])}) = Cardinality(quorum246))}) > 0)]
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver250, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver250 \in {receiver249 \in REPLICA: (receiver249 /= receiver)}})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> fle_logical_clock[receiver], receiver |-> receiver252, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF (fle_role[receiver] = "LOOKING")
THEN [leader |-> fle_proposed_vote[receiver].leader, peerEpoch |-> zab_persisted_current_epoch[receiver], zxid |-> fle_proposed_vote[receiver].zxid]
ELSE fle_current_vote[receiver]]: receiver252 \in {receiver251 \in REPLICA: (receiver251 /= receiver)}})
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification([electionEpoch |-> stale_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[stale_leader_replica], peerEpoch |-> stale_peer_epoch, zxid |-> stale_zxid]])
/\ UNCHANGED <<fle_logical_clock, fle_proposed_vote>>
/\ UNCHANGED fle_out_of_election
\/ lab_SenderOutOfElection ::
/\ \E notification \in (fle_sent_messages \union fle_historical_messages):
/\ (receiver = notification.receiver)
/\ \/ (notification.senderState = "FOLLOWING")
\/ (notification.senderState = "LEADING")
/\ fle_out_of_election' = [fle_out_of_election EXCEPT ![receiver] = [fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]]
/\ fle_recv_votes' = [fle_recv_votes EXCEPT ![receiver] = IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver]]
/\ fle_logical_clock' = [fle_logical_clock EXCEPT ![receiver] = IF \/ /\ /\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ (Cardinality({quorum253 \in QUORUMS: (Cardinality({member254 \in quorum253: /\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].round = notification.electionEpoch)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].vote = notification.vote)}) = Cardinality(quorum253))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_432(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_432, 0, REPLICA) /= 0)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[LET (* @type: (Int, Int) => Int; *)
set_reduce_433(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_433, 0, REPLICA)].state = "LEADING")
\/ /\ (Cardinality({quorum257 \in QUORUMS: (Cardinality({member258 \in quorum257: /\ \/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "FOLLOWING")
\/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "LEADING")
/\ /\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.leader = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.leader)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.peerEpoch = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.peerEpoch)}) = Cardinality(quorum257))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_434(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_434, 0, REPLICA) /= 0)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][LET (* @type: (Int, Int) => Int; *)
set_reduce_435(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_435, 0, REPLICA)].state = "LEADING")
THEN notification.electionEpoch
ELSE fle_logical_clock[receiver]]
/\ fle_proposed_vote' = [fle_proposed_vote EXCEPT ![receiver] = IF \/ /\ /\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ (Cardinality({quorum253 \in QUORUMS: (Cardinality({member254 \in quorum253: /\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].round = notification.electionEpoch)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].vote = notification.vote)}) = Cardinality(quorum253))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_436(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_436, 0, REPLICA) /= 0)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[LET (* @type: (Int, Int) => Int; *)
set_reduce_437(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_437, 0, REPLICA)].state = "LEADING")
\/ /\ (Cardinality({quorum257 \in QUORUMS: (Cardinality({member258 \in quorum257: /\ \/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "FOLLOWING")
\/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "LEADING")
/\ /\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.leader = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.leader)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.peerEpoch = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.peerEpoch)}) = Cardinality(quorum257))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_438(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_438, 0, REPLICA) /= 0)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][LET (* @type: (Int, Int) => Int; *)
set_reduce_439(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_439, 0, REPLICA)].state = "LEADING")
THEN notification.vote
ELSE fle_proposed_vote[receiver]]
/\ fle_wait_finalize' = [fle_wait_finalize EXCEPT ![receiver] = \/ /\ /\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ (Cardinality({quorum253 \in QUORUMS: (Cardinality({member254 \in quorum253: /\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].round = notification.electionEpoch)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].vote = notification.vote)}) = Cardinality(quorum253))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_440(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_440, 0, REPLICA) /= 0)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[LET (* @type: (Int, Int) => Int; *)
set_reduce_441(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_441, 0, REPLICA)].state = "LEADING")
\/ /\ (Cardinality({quorum257 \in QUORUMS: (Cardinality({member258 \in quorum257: /\ \/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "FOLLOWING")
\/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "LEADING")
/\ /\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.leader = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.leader)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.peerEpoch = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.peerEpoch)}) = Cardinality(quorum257))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_442(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_442, 0, REPLICA) /= 0)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][LET (* @type: (Int, Int) => Int; *)
set_reduce_443(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_443, 0, REPLICA)].state = "LEADING")]
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> IF \/ /\ /\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ (Cardinality({quorum253 \in QUORUMS: (Cardinality({member254 \in quorum253: /\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].round = notification.electionEpoch)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].vote = notification.vote)}) = Cardinality(quorum253))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_444(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_444, 0, REPLICA) /= 0)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[LET (* @type: (Int, Int) => Int; *)
set_reduce_445(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_445, 0, REPLICA)].state = "LEADING")
\/ /\ (Cardinality({quorum257 \in QUORUMS: (Cardinality({member258 \in quorum257: /\ \/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "FOLLOWING")
\/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "LEADING")
/\ /\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.leader = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.leader)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.peerEpoch = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.peerEpoch)}) = Cardinality(quorum257))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_446(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_446, 0, REPLICA) /= 0)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][LET (* @type: (Int, Int) => Int; *)
set_reduce_447(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_447, 0, REPLICA)].state = "LEADING")
THEN notification.electionEpoch
ELSE fle_logical_clock[receiver], receiver |-> receiver262, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF \/ /\ /\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ (Cardinality({quorum253 \in QUORUMS: (Cardinality({member254 \in quorum253: /\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].round = notification.electionEpoch)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].vote = notification.vote)}) = Cardinality(quorum253))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_448(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_448, 0, REPLICA) /= 0)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[LET (* @type: (Int, Int) => Int; *)
set_reduce_449(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_449, 0, REPLICA)].state = "LEADING")
\/ /\ (Cardinality({quorum257 \in QUORUMS: (Cardinality({member258 \in quorum257: /\ \/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "FOLLOWING")
\/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "LEADING")
/\ /\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.leader = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.leader)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.peerEpoch = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.peerEpoch)}) = Cardinality(quorum257))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_450(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_450, 0, REPLICA) /= 0)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][LET (* @type: (Int, Int) => Int; *)
set_reduce_451(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_451, 0, REPLICA)].state = "LEADING")
THEN notification.vote
ELSE fle_proposed_vote[receiver]]: receiver262 \in {receiver261 \in REPLICA: (receiver261 /= receiver)}})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> IF \/ /\ /\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ (Cardinality({quorum253 \in QUORUMS: (Cardinality({member254 \in quorum253: /\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].round = notification.electionEpoch)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].vote = notification.vote)}) = Cardinality(quorum253))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_452(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_452, 0, REPLICA) /= 0)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[LET (* @type: (Int, Int) => Int; *)
set_reduce_453(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_453, 0, REPLICA)].state = "LEADING")
\/ /\ (Cardinality({quorum257 \in QUORUMS: (Cardinality({member258 \in quorum257: /\ \/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "FOLLOWING")
\/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "LEADING")
/\ /\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.leader = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.leader)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.peerEpoch = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.peerEpoch)}) = Cardinality(quorum257))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_454(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_454, 0, REPLICA) /= 0)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][LET (* @type: (Int, Int) => Int; *)
set_reduce_455(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_455, 0, REPLICA)].state = "LEADING")
THEN notification.electionEpoch
ELSE fle_logical_clock[receiver], receiver |-> receiver264, sender |-> receiver, senderState |-> fle_role[receiver], vote |-> IF \/ /\ /\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ (Cardinality({quorum253 \in QUORUMS: (Cardinality({member254 \in quorum253: /\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].round = notification.electionEpoch)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[member254].vote = notification.vote)}) = Cardinality(quorum253))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_456(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_456, 0, REPLICA) /= 0)
/\ ((IF (notification.electionEpoch = fle_logical_clock[receiver])
THEN [fle_recv_votes[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]]
ELSE fle_recv_votes[receiver])[LET (* @type: (Int, Int) => Int; *)
set_reduce_457(acc255, member256) == IF (replica_id[member256] = notification.vote.leader)
THEN member256
ELSE acc255
IN ApaFoldSet(set_reduce_457, 0, REPLICA)].state = "LEADING")
\/ /\ (Cardinality({quorum257 \in QUORUMS: (Cardinality({member258 \in quorum257: /\ \/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "FOLLOWING")
\/ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].state = "LEADING")
/\ /\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.leader = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.leader)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][member258].vote.peerEpoch = [round |-> notification.electionEpoch, state |-> "FOLLOWING", vote |-> notification.vote].vote.peerEpoch)}) = Cardinality(quorum257))}) > 0)
/\ IF (notification.vote.leader = replica_id[receiver])
THEN (fle_logical_clock[receiver] = notification.electionEpoch)
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_458(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_458, 0, REPLICA) /= 0)
/\ ([fle_out_of_election[receiver] EXCEPT ![notification.sender] = [round |-> notification.electionEpoch, state |-> notification.senderState, vote |-> notification.vote]][LET (* @type: (Int, Int) => Int; *)
set_reduce_459(acc259, member260) == IF (replica_id[member260] = notification.vote.leader)
THEN member260
ELSE acc259
IN ApaFoldSet(set_reduce_459, 0, REPLICA)].state = "LEADING")
THEN notification.vote
ELSE fle_proposed_vote[receiver]]: receiver264 \in {receiver263 \in REPLICA: (receiver263 /= receiver)}})
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification(notification)
\/ lab_RcvWhileOutOfElection(receiver) ::
/\ \/ (fle_role[receiver] = "FOLLOWING")
\/ (fle_role[receiver] = "LEADING")
/\ \/ lab_QueuedOOEReceiverNotification ::
/\ \E notification \in fle_sent_messages:
/\ (receiver = notification.receiver)
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification(notification)
\/ lab_SynthesizedOOEReceiverNotification ::
\/ lab_ReceiverOOEPlausibleLookingNotification ::
/\ \E sender \in REPLICA:
/\ \E plausible_leader_replica \in REPLICA:
/\ \E plausible_election_epoch \in {0, 1, fle_logical_clock[sender]}:
/\ \E plausible_zxid \in {0, zab_last_zxid[sender], [leader |-> fle_proposed_vote[sender].leader, peerEpoch |-> zab_persisted_current_epoch[sender], zxid |-> fle_proposed_vote[sender].zxid].zxid}:
/\ \E plausible_peer_epoch \in {0, zab_persisted_current_epoch[sender]}:
/\ (sender /= receiver)
/\ /\ ([electionEpoch |-> plausible_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[plausible_leader_replica], peerEpoch |-> plausible_peer_epoch, zxid |-> plausible_zxid]].senderState = "LOOKING")
/\ \E member265 \in REPLICA: (replica_id[member265] = [electionEpoch |-> plausible_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[plausible_leader_replica], peerEpoch |-> plausible_peer_epoch, zxid |-> plausible_zxid]].vote.leader)
/\ ([electionEpoch |-> plausible_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[plausible_leader_replica], peerEpoch |-> plausible_peer_epoch, zxid |-> plausible_zxid]].electionEpoch <= fle_logical_clock[[electionEpoch |-> plausible_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[plausible_leader_replica], peerEpoch |-> plausible_peer_epoch, zxid |-> plausible_zxid]].sender])
/\ ([electionEpoch |-> plausible_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[plausible_leader_replica], peerEpoch |-> plausible_peer_epoch, zxid |-> plausible_zxid]].vote.zxid <= zab_last_zxid[[electionEpoch |-> plausible_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[plausible_leader_replica], peerEpoch |-> plausible_peer_epoch, zxid |-> plausible_zxid]].sender])
/\ ([electionEpoch |-> plausible_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[plausible_leader_replica], peerEpoch |-> plausible_peer_epoch, zxid |-> plausible_zxid]].vote.peerEpoch <= zab_persisted_current_epoch[[electionEpoch |-> plausible_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[plausible_leader_replica], peerEpoch |-> plausible_peer_epoch, zxid |-> plausible_zxid]].sender])
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification([electionEpoch |-> plausible_election_epoch, receiver |-> receiver, sender |-> sender, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[plausible_leader_replica], peerEpoch |-> plausible_peer_epoch, zxid |-> plausible_zxid]])
\/ lab_ReceiverOOEHistoricalLookingNotification ::
/\ \E notification \in fle_historical_messages:
/\ (receiver = notification.receiver)
/\ (notification.senderState = "LOOKING")
/\ /\ (notification.senderState = "LOOKING")
/\ \E member266 \in REPLICA: (replica_id[member266] = notification.vote.leader)
/\ \/ (fle_role[receiver] /= "LOOKING")
\/ (notification.electionEpoch < fle_logical_clock[receiver])
\/ /\ (notification.electionEpoch = fle_logical_clock[receiver])
/\ \/ (fle_proposed_vote[receiver].peerEpoch > notification.vote.peerEpoch)
\/ /\ (fle_proposed_vote[receiver].peerEpoch = notification.vote.peerEpoch)
/\ \/ (fle_proposed_vote[receiver].zxid > notification.vote.zxid)
\/ /\ (fle_proposed_vote[receiver].zxid = notification.vote.zxid)
/\ (fle_proposed_vote[receiver].leader > notification.vote.leader)
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification(notification)
\/ lab_ReceiverOOEStaleOOENotification ::
/\ \E notification \in fle_historical_messages:
/\ (receiver = notification.receiver)
/\ \/ (notification.senderState = "FOLLOWING")
\/ (notification.senderState = "LEADING")
/\ /\ \/ (notification.senderState = "FOLLOWING")
\/ (notification.senderState = "LEADING")
/\ \E member267 \in REPLICA: (replica_id[member267] = notification.vote.leader)
/\ \/ (fle_role[receiver] /= "LOOKING")
\/ (notification.electionEpoch < fle_logical_clock[receiver])
/\ fle_action' = UnionCtor_rough_jumping_emu_RcvNotification(notification)
/\ UNCHANGED <<fle_logical_clock, fle_proposed_vote, fle_recv_votes, fle_out_of_election, fle_wait_finalize, fle_sent_messages, fle_historical_messages>>
/\ UNCHANGED <<fle_role, fle_current_vote>>
\/ lab_fle_become_leader(next_turn) ::
/\ \E replica \in REPLICA:
/\ ((next_turn = "iut") = (replica = IUT_REPLICA))
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ (fle_role[replica] = "LOOKING")
/\ \/ \/ \/ fle_wait_finalize[replica]
\/ (Cardinality({quorum268 \in QUORUMS: /\ (Cardinality({member269 \in quorum268: (member269 = replica)}) = 1)
/\ (Cardinality({member270 \in quorum268: IF (member270 = replica)
THEN TRUE
ELSE /\ (fle_recv_votes[replica][member270].round = fle_logical_clock[replica])
/\ (fle_recv_votes[replica][member270].vote = [leader |-> replica_id[replica], peerEpoch |-> zab_current_epoch[replica], zxid |-> zab_last_zxid[replica]])}) = Cardinality(quorum268))}) > 0)
\/ /\ (fle_proposed_vote[replica].leader = replica_id[replica])
/\ (Cardinality({quorum271 \in QUORUMS: /\ (Cardinality({member272 \in quorum271: (member272 = replica)}) = 1)
/\ (Cardinality({member273 \in quorum271: IF (member273 = replica)
THEN TRUE
ELSE /\ (fle_recv_votes[replica][member273].round = fle_logical_clock[replica])
/\ (fle_recv_votes[replica][member273].vote = fle_proposed_vote[replica])}) = Cardinality(quorum271))}) > 0)
\/ /\ (fle_proposed_vote[replica].leader = replica_id[replica])
/\ /\ (Cardinality({quorum274 \in QUORUMS: (Cardinality({member275 \in quorum274: /\ \/ (fle_out_of_election[replica][member275].state = "FOLLOWING")
\/ (fle_out_of_election[replica][member275].state = "LEADING")
/\ /\ (fle_out_of_election[replica][member275].vote.leader = [round |-> fle_logical_clock[replica], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica]].vote.leader)
/\ (fle_out_of_election[replica][member275].vote.peerEpoch = [round |-> fle_logical_clock[replica], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica]].vote.peerEpoch)}) = Cardinality(quorum274))}) > 0)
/\ IF (fle_proposed_vote[replica].leader = replica_id[replica])
THEN (fle_logical_clock[replica] = fle_logical_clock[replica])
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_460(acc276, member277) == IF (replica_id[member277] = fle_proposed_vote[replica].leader)
THEN member277
ELSE acc276
IN ApaFoldSet(set_reduce_460, 0, REPLICA) /= 0)
/\ (fle_out_of_election[replica][LET (* @type: (Int, Int) => Int; *)
set_reduce_461(acc276, member277) == IF (replica_id[member277] = fle_proposed_vote[replica].leader)
THEN member277
ELSE acc276
IN ApaFoldSet(set_reduce_461, 0, REPLICA)].state = "LEADING")
/\ \/ \/ \/ (fle_proposed_vote[replica].leader = replica_id[replica])
\/ (Cardinality({quorum268 \in QUORUMS: /\ (Cardinality({member269 \in quorum268: (member269 = replica)}) = 1)
/\ (Cardinality({member270 \in quorum268: IF (member270 = replica)
THEN TRUE
ELSE /\ (fle_recv_votes[replica][member270].round = fle_logical_clock[replica])
/\ (fle_recv_votes[replica][member270].vote = [leader |-> replica_id[replica], peerEpoch |-> zab_current_epoch[replica], zxid |-> zab_last_zxid[replica]])}) = Cardinality(quorum268))}) > 0)
\/ /\ (fle_proposed_vote[replica].leader = replica_id[replica])
/\ (Cardinality({quorum271 \in QUORUMS: /\ (Cardinality({member272 \in quorum271: (member272 = replica)}) = 1)
/\ (Cardinality({member273 \in quorum271: IF (member273 = replica)
THEN TRUE
ELSE /\ (fle_recv_votes[replica][member273].round = fle_logical_clock[replica])
/\ (fle_recv_votes[replica][member273].vote = fle_proposed_vote[replica])}) = Cardinality(quorum271))}) > 0)
\/ /\ (fle_proposed_vote[replica].leader = replica_id[replica])
/\ /\ (Cardinality({quorum274 \in QUORUMS: (Cardinality({member275 \in quorum274: /\ \/ (fle_out_of_election[replica][member275].state = "FOLLOWING")
\/ (fle_out_of_election[replica][member275].state = "LEADING")
/\ /\ (fle_out_of_election[replica][member275].vote.leader = [round |-> fle_logical_clock[replica], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica]].vote.leader)
/\ (fle_out_of_election[replica][member275].vote.peerEpoch = [round |-> fle_logical_clock[replica], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica]].vote.peerEpoch)}) = Cardinality(quorum274))}) > 0)
/\ IF (fle_proposed_vote[replica].leader = replica_id[replica])
THEN (fle_logical_clock[replica] = fle_logical_clock[replica])
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_462(acc276, member277) == IF (replica_id[member277] = fle_proposed_vote[replica].leader)
THEN member277
ELSE acc276
IN ApaFoldSet(set_reduce_462, 0, REPLICA) /= 0)
/\ (fle_out_of_election[replica][LET (* @type: (Int, Int) => Int; *)
set_reduce_463(acc276, member277) == IF (replica_id[member277] = fle_proposed_vote[replica].leader)
THEN member277
ELSE acc276
IN ApaFoldSet(set_reduce_463, 0, REPLICA)].state = "LEADING")
/\ fle_role' = [fle_role EXCEPT ![replica] = "LEADING"]
/\ fle_current_vote' = [fle_current_vote EXCEPT ![replica] = [leader |-> replica_id[replica], peerEpoch |-> zab_current_epoch[replica], zxid |-> zab_last_zxid[replica]]]
/\ fle_wait_finalize' = [fle_wait_finalize EXCEPT ![replica] = FALSE]
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> fle_logical_clock[replica], receiver |-> receiver279, sender |-> replica, senderState |-> fle_role[replica], vote |-> IF (fle_role[replica] = "LOOKING")
THEN [leader |-> fle_proposed_vote[replica].leader, peerEpoch |-> zab_persisted_current_epoch[replica], zxid |-> fle_proposed_vote[replica].zxid]
ELSE fle_current_vote[replica]]: receiver279 \in {receiver278 \in REPLICA: (receiver278 /= replica)}})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> fle_logical_clock[replica], receiver |-> receiver281, sender |-> replica, senderState |-> fle_role[replica], vote |-> IF (fle_role[replica] = "LOOKING")
THEN [leader |-> fle_proposed_vote[replica].leader, peerEpoch |-> zab_persisted_current_epoch[replica], zxid |-> fle_proposed_vote[replica].zxid]
ELSE fle_current_vote[replica]]: receiver281 \in {receiver280 \in REPLICA: (receiver280 /= replica)}})
/\ fle_action' = UnionCtor_rough_jumping_emu_BecomeLeader([replica |-> replica])
/\ UNCHANGED <<fle_logical_clock, fle_proposed_vote, fle_recv_votes, fle_out_of_election>>
\/ lab_fle_become_follower(next_turn) ::
/\ \E replica \in REPLICA:
/\ ((next_turn = "iut") = (replica = IUT_REPLICA))
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ (fle_role[replica] = "LOOKING")
/\ (fle_proposed_vote[replica].leader /= replica_id[replica])
/\ \/ \/ fle_wait_finalize[replica]
\/ (Cardinality({quorum282 \in QUORUMS: /\ (Cardinality({member283 \in quorum282: (member283 = replica)}) = 1)
/\ (Cardinality({member284 \in quorum282: IF (member284 = replica)
THEN TRUE
ELSE /\ (fle_recv_votes[replica][member284].round = fle_logical_clock[replica])
/\ (fle_recv_votes[replica][member284].vote = fle_proposed_vote[replica])}) = Cardinality(quorum282))}) > 0)
\/ /\ (Cardinality({quorum285 \in QUORUMS: (Cardinality({member286 \in quorum285: /\ \/ (fle_out_of_election[replica][member286].state = "FOLLOWING")
\/ (fle_out_of_election[replica][member286].state = "LEADING")
/\ /\ (fle_out_of_election[replica][member286].vote.leader = [round |-> fle_logical_clock[replica], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica]].vote.leader)
/\ (fle_out_of_election[replica][member286].vote.peerEpoch = [round |-> fle_logical_clock[replica], state |-> "FOLLOWING", vote |-> fle_proposed_vote[replica]].vote.peerEpoch)}) = Cardinality(quorum285))}) > 0)
/\ IF (fle_proposed_vote[replica].leader = replica_id[replica])
THEN (fle_logical_clock[replica] = fle_logical_clock[replica])
ELSE /\ (LET (* @type: (Int, Int) => Int; *)
set_reduce_464(acc287, member288) == IF (replica_id[member288] = fle_proposed_vote[replica].leader)
THEN member288
ELSE acc287
IN ApaFoldSet(set_reduce_464, 0, REPLICA) /= 0)
/\ (fle_out_of_election[replica][LET (* @type: (Int, Int) => Int; *)
set_reduce_465(acc287, member288) == IF (replica_id[member288] = fle_proposed_vote[replica].leader)
THEN member288
ELSE acc287
IN ApaFoldSet(set_reduce_465, 0, REPLICA)].state = "LEADING")
/\ fle_role' = [fle_role EXCEPT ![replica] = "FOLLOWING"]
/\ fle_current_vote' = [fle_current_vote EXCEPT ![replica] = fle_proposed_vote[replica]]
/\ fle_wait_finalize' = [fle_wait_finalize EXCEPT ![replica] = FALSE]
/\ fle_sent_messages' = (fle_sent_messages \union {[electionEpoch |-> fle_logical_clock[replica], receiver |-> receiver290, sender |-> replica, senderState |-> fle_role[replica], vote |-> IF (fle_role[replica] = "LOOKING")
THEN [leader |-> fle_proposed_vote[replica].leader, peerEpoch |-> zab_persisted_current_epoch[replica], zxid |-> fle_proposed_vote[replica].zxid]
ELSE fle_current_vote[replica]]: receiver290 \in {receiver289 \in REPLICA: (receiver289 /= replica)}})
/\ fle_historical_messages' = (fle_historical_messages \union {[electionEpoch |-> fle_logical_clock[replica], receiver |-> receiver292, sender |-> replica, senderState |-> fle_role[replica], vote |-> IF (fle_role[replica] = "LOOKING")
THEN [leader |-> fle_proposed_vote[replica].leader, peerEpoch |-> zab_persisted_current_epoch[replica], zxid |-> fle_proposed_vote[replica].zxid]
ELSE fle_current_vote[replica]]: receiver292 \in {receiver291 \in REPLICA: (receiver291 /= replica)}})
/\ fle_action' = UnionCtor_rough_jumping_emu_BecomeFollower([replica |-> replica])
/\ UNCHANGED <<fle_logical_clock, fle_proposed_vote, fle_recv_votes, fle_out_of_election>>
\/ lab_fle_restart_election(next_turn) ::
/\ \E replica \in REPLICA:
/\ ((next_turn = "iut") = (replica = IUT_REPLICA))
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ \/ lab_FreshRestartElection(replica) ::
/\ \/ (fle_role[replica] = "FOLLOWING")
\/ (fle_role[replica] = "LEADING")
/\ fle_role' = [fle_role EXCEPT ![replica] = "LOOKING"]
/\ fle_logical_clock' = [fle_logical_clock EXCEPT ![replica] = (fle_logical_clock[replica] + 1)]
/\ fle_proposed_vote' = [fle_proposed_vote EXCEPT ![replica] = [leader |-> replica_id[replica], peerEpoch |-> zab_current_epoch[replica], zxid |-> zab_last_zxid[replica]]]
/\ fle_recv_votes' = [fle_recv_votes EXCEPT ![replica] = [v_293 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]]]
/\ fle_out_of_election' = [fle_out_of_election EXCEPT ![replica] = [v_294 \in REPLICA |-> [round |-> -1, state |-> "LOOKING", vote |-> [leader |-> 0, peerEpoch |-> 0, zxid |-> 0]]]]
/\ fle_wait_finalize' = [fle_wait_finalize EXCEPT ![replica] = FALSE]
/\ fle_sent_messages' = ((fle_sent_messages \union {[electionEpoch |-> (fle_logical_clock[replica] + 1), receiver |-> recv296, sender |-> IUT_REPLICA, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[replica], peerEpoch |-> zab_current_epoch[replica], zxid |-> zab_last_zxid[replica]]]: recv296 \in {recv295 \in REPLICA: (recv295 /= IUT_REPLICA)}}) \union {[electionEpoch |-> (fle_logical_clock[replica] + 1), receiver |-> recv298, sender |-> replica, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[replica], peerEpoch |-> zab_current_epoch[replica], zxid |-> zab_last_zxid[replica]]]: recv298 \in {recv297 \in REPLICA: (recv297 /= replica)}})
/\ fle_historical_messages' = ((fle_historical_messages \union {[electionEpoch |-> (fle_logical_clock[replica] + 1), receiver |-> recv300, sender |-> IUT_REPLICA, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[replica], peerEpoch |-> zab_current_epoch[replica], zxid |-> zab_last_zxid[replica]]]: recv300 \in {recv299 \in REPLICA: (recv299 /= IUT_REPLICA)}}) \union {[electionEpoch |-> (fle_logical_clock[replica] + 1), receiver |-> recv302, sender |-> replica, senderState |-> "LOOKING", vote |-> [leader |-> replica_id[replica], peerEpoch |-> zab_current_epoch[replica], zxid |-> zab_last_zxid[replica]]]: recv302 \in {recv301 \in REPLICA: (recv301 /= replica)}})
/\ fle_action' = UnionCtor_rough_jumping_emu_RestartElection([replica |-> replica])
\/ lab_StaleRestartElection(replica) ::
/\ (fle_role[replica] = "LOOKING")
/\ fle_action' = UnionCtor_rough_jumping_emu_RestartElection([replica |-> replica])
/\ UNCHANGED <<fle_role, fle_logical_clock, fle_proposed_vote, fle_recv_votes, fle_out_of_election, fle_wait_finalize, fle_sent_messages, fle_historical_messages>>
/\ UNCHANGED fle_current_vote
/\ zab_state' = [r306 \in REPLICA |-> IF (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r306]))
THEN "idle"
ELSE IF (r306 \in {follower304 \in REPLICA: /\ (zab_sync[follower304] /= "none")
/\ (Cardinality({leader305 \in {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))}: /\ (leader305 /= follower304)
/\ (fle_current_vote[follower304].leader = replica_id[leader305])}) > 0)})
THEN "idle"
ELSE IF (fle_action = UnionCtor_rough_jumping_emu_BecomeLeader([replica |-> r306]))
THEN "discovery"
ELSE zab_state[r306]]
/\ zab_accepted_epoch' = [r308 \in REPLICA |-> IF (fle_action = UnionCtor_rough_jumping_emu_BecomeLeader([replica |-> r308]))
THEN [r307 \in REPLICA |-> IF (MAX_EPOCH >= IF (zab_accepted_epoch[r307] >= zab_current_epoch[r307])
THEN (zab_accepted_epoch[r307] + 1)
ELSE (zab_current_epoch[r307] + 1))
THEN IF (zab_accepted_epoch[r307] >= zab_current_epoch[r307])
THEN (zab_accepted_epoch[r307] + 1)
ELSE (zab_current_epoch[r307] + 1)
ELSE MAX_EPOCH][r308]
ELSE IF (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r308]))
THEN zab_persisted_accepted_epoch[r308]
ELSE zab_accepted_epoch[r308]]
/\ zab_current_epoch' = [r309 \in REPLICA |-> IF (fle_action = UnionCtor_rough_jumping_emu_BecomeLeader([replica |-> r309]))
THEN [r307 \in REPLICA |-> IF (MAX_EPOCH >= IF (zab_accepted_epoch[r307] >= zab_current_epoch[r307])
THEN (zab_accepted_epoch[r307] + 1)
ELSE (zab_current_epoch[r307] + 1))
THEN IF (zab_accepted_epoch[r307] >= zab_current_epoch[r307])
THEN (zab_accepted_epoch[r307] + 1)
ELSE (zab_current_epoch[r307] + 1)
ELSE MAX_EPOCH][r309]
ELSE IF (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r309]))
THEN zab_persisted_current_epoch[r309]
ELSE zab_current_epoch[r309]]
/\ zab_sync' = [r310 \in REPLICA |-> IF \/ (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r310]))
\/ (r310 \in {follower304 \in REPLICA: /\ (zab_sync[follower304] /= "none")
/\ (Cardinality({leader305 \in {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))}: /\ (leader305 /= follower304)
/\ (fle_current_vote[follower304].leader = replica_id[leader305])}) > 0)})
THEN "none"
ELSE zab_sync[r310]]
/\ zab_epoch_established' = [r311 \in REPLICA |-> IF (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r311]))
THEN FALSE
ELSE zab_epoch_established[r311]]
/\ zab_established_epoch' = [r312 \in REPLICA |-> IF \/ (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r312]))
\/ (fle_action = UnionCtor_rough_jumping_emu_BecomeLeader([replica |-> r312]))
THEN 0
ELSE zab_established_epoch[r312]]
/\ zab_epoch_connecting_followers' = [r313 \in REPLICA |-> IF \/ (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r313]))
\/ (fle_action = UnionCtor_rough_jumping_emu_BecomeLeader([replica |-> r313]))
THEN {v_314 \in {0}: FALSE}
ELSE zab_epoch_connecting_followers[r313]]
/\ quorum_reconnect_hint' = IF (Cardinality({r315 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r315]))}) > 0)
THEN 0
ELSE quorum_reconnect_hint
/\ zab_post_uptodate_ack_pending' = [r316 \in REPLICA |-> IF \/ (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r316]))
\/ (r316 \in {follower304 \in REPLICA: /\ (zab_sync[follower304] /= "none")
/\ (Cardinality({leader305 \in {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))}: /\ (leader305 /= follower304)
/\ (fle_current_vote[follower304].leader = replica_id[leader305])}) > 0)})
THEN FALSE
ELSE zab_post_uptodate_ack_pending[r316]]
/\ zab_open_proposals' = IF (Cardinality({replica317 \in {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))}: (fle_role[replica317] = "LEADING")}) > 0)
THEN WSMkSeq0
ELSE LET (* @type: (Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}), Int) => Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}); *)
set_reduce_466(acc318, replica319) == LET (* @type: (Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}), {acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}) => Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}); *)
list_reduce_467(acc320, proposal321) == Append(acc320, [acked_by |-> {member323 \in proposal321.acked_by: (member323 /= replica319)}, commits_sent |-> {member324 \in proposal321.commits_sent: (member324 /= replica319)}, dataVersion |-> proposal321.dataVersion, op |-> proposal321.op, path |-> proposal321.path, sent_to |-> {member322 \in proposal321.sent_to: (member322 /= replica319)}, source |-> proposal321.source, zxid |-> proposal321.zxid])
IN ApaFoldSeqLeft(list_reduce_467, WSMkSeq0, acc318)
IN ApaFoldSet(set_reduce_466, zab_open_proposals, {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))})
/\ zab_forwarded_writes' = LET (* @type: ({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_468(forwarded325) == /\ ~((forwarded325.follower \in {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))}))
/\ ~((forwarded325.leader \in {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))}))
IN SelectSeq(zab_forwarded_writes, list_filter_468)
/\ zab_staged_forwarded_writes' = LET (* @type: ({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_469(forwarded326) == /\ ~((forwarded326.follower \in {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))}))
/\ ~((forwarded326.leader \in {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))}))
IN SelectSeq(zab_staged_forwarded_writes, list_filter_469)
/\ zab_staged_direct_writes' = LET (* @type: ({dataVersion: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_470(staged327) == ~((staged327.leader \in {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))}))
IN SelectSeq(zab_staged_direct_writes, list_filter_470)
/\ zab_pending_proposals' = LET (* @type: ({dataVersion: Int, leader: Int, op: Str, path: Str, source: Str, zxid: Int}) => Bool; *)
list_filter_471(proposal328) == ~((proposal328.leader \in {r303 \in REPLICA: (fle_action = UnionCtor_rough_jumping_emu_RestartElection([replica |-> r303]))}))
IN SelectSeq(zab_pending_proposals, list_filter_471)
/\ UNCHANGED <<proc_status, tcp_status, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_last_zxid, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab ::
/\ \E next_turn \in {"tester", "iut"}:
LET open_proposal_indices == IF (Len(zab_open_proposals) = 0)
THEN {0}
ELSE ({0} \union (DOMAIN zab_open_proposals)) \ {Len(zab_open_proposals)}
IN
LET staged_forwarded_indices == IF (Len(zab_staged_forwarded_writes) = 0)
THEN {0}
ELSE ({0} \union (DOMAIN zab_staged_forwarded_writes)) \ {Len(zab_staged_forwarded_writes)}
IN
LET staged_direct_indices == IF (Len(zab_staged_direct_writes) = 0)
THEN {0}
ELSE ({0} \union (DOMAIN zab_staged_direct_writes)) \ {Len(zab_staged_direct_writes)}
IN
/\ process_action' = UnionCtor_sonic_placing_stallion_NoAction
/\ tcp_action' = UnionCtor_minor_hiring_magpie_NoTcpAction
/\ fle_action' = UnionCtor_rough_jumping_emu_NoFleAction
/\ last_turn' = next_turn
/\ \/ lab_zab_follower_info(next_turn) ::
/\ \E follower \in REPLICA:
/\ \E leader \in REPLICA:
LET reconnect_retry == /\ (quorum_reconnect_hint = follower)
/\ \/ (zab_sync[follower] = "info_sent")
\/ (zab_sync[follower] = "newleader_sent")
IN
LET reconnect_target == /\ reconnect_retry
/\ \/ \/ (zab_state[leader] = "discovery")
\/ (zab_state[leader] = "synchronization")
\/ (zab_state[leader] = "broadcast")
IN
LET next_connecting_followers == IF (fle_role[leader] = "LEADING")
THEN (zab_epoch_connecting_followers[leader] \union {follower})
ELSE zab_epoch_connecting_followers[leader]
IN
LET next_connecting_members == IF (fle_role[leader] = "LEADING")
THEN (next_connecting_followers \union {leader})
ELSE next_connecting_followers
IN
LET epoch_establishment_quorum == (Cardinality({quorum329 \in QUORUMS: /\ (leader \in quorum329)
/\ (Cardinality({member330 \in quorum329: (member330 \in next_connecting_members)}) = Cardinality(quorum329))}) > 0)
IN
LET established_epoch == LET (* @type: (Int, Int) => Int; *)
set_reduce_472(acc331, member332) == IF (acc331 >= IF (zab_accepted_epoch[member332] >= zab_current_epoch[member332])
THEN (zab_accepted_epoch[member332] + 1)
ELSE (zab_current_epoch[member332] + 1))
THEN acc331
ELSE IF (zab_accepted_epoch[member332] >= zab_current_epoch[member332])
THEN (zab_accepted_epoch[member332] + 1)
ELSE (zab_current_epoch[member332] + 1)
IN ApaFoldSet(set_reduce_472, zab_current_epoch[leader], next_connecting_members)
IN
LET leader_establishes_epoch == /\ /\ (fle_role[leader] = "LEADING")
/\ ~(zab_epoch_established[leader])
/\ epoch_establishment_quorum
IN
LET spec_expected_ae == IF (zab_persisted_accepted_epoch[follower] >= IF (zab_accepted_epoch[follower] >= zab_current_epoch[follower])
THEN zab_accepted_epoch[follower]
ELSE zab_current_epoch[follower])
THEN zab_persisted_accepted_epoch[follower]
ELSE IF (zab_accepted_epoch[follower] >= zab_current_epoch[follower])
THEN zab_accepted_epoch[follower]
ELSE zab_current_epoch[follower]
IN
/\ (follower /= leader)
/\ \/ (proc_status[follower] = "UP")
\/ /\ (follower = IUT_REPLICA)
/\ (proc_status[follower] = "STARTING")
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (fle_role[follower] = "FOLLOWING")
/\ \/ (fle_current_vote[follower].leader = replica_id[leader])
\/ reconnect_target
/\ (tcp_status[[clientAddr |-> quorum_addr[follower], kind |-> "quorum", serverAddr |-> quorum_addr[leader]]] = "connected")
/\ \/ (zab_sync[follower] = "none")
\/ reconnect_retry
/\ ((next_turn = "iut") = (follower = IUT_REPLICA))
/\ zab_sync' = [zab_sync EXCEPT ![follower] = "info_sent"]
/\ quorum_reconnect_hint' = 0
/\ \/ ~(leader_establishes_epoch)
\/ (established_epoch <= MAX_EPOCH)
/\ zab_epoch_connecting_followers' = [zab_epoch_connecting_followers EXCEPT ![leader] = next_connecting_followers]
/\ zab_epoch_established' = [zab_epoch_established EXCEPT ![leader] = IF leader_establishes_epoch
THEN TRUE
ELSE zab_epoch_established[leader]]
/\ zab_established_epoch' = [zab_established_epoch EXCEPT ![leader] = IF leader_establishes_epoch
THEN established_epoch
ELSE zab_established_epoch[leader]]
/\ zab_state' = [r333 \in REPLICA |-> IF (r333 = follower)
THEN "discovery"
ELSE IF /\ (r333 = leader)
/\ (zab_state[leader] = "idle")
THEN "discovery"
ELSE zab_state[r333]]
/\ /\ \E wire_accepted_epoch \in (0)..(MAX_EPOCH):
/\ (wire_accepted_epoch >= spec_expected_ae)
/\ zab_persisted_accepted_epoch' = [zab_persisted_accepted_epoch EXCEPT ![follower] = IF (wire_accepted_epoch > zab_persisted_accepted_epoch[follower])
THEN wire_accepted_epoch
ELSE zab_persisted_accepted_epoch[follower]]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendFollowerInfo([acceptedEpoch |-> wire_accepted_epoch, follower |-> follower, leader |-> leader])
/\ UNCHANGED <<fle_current_vote, zab_accepted_epoch, zab_current_epoch, zab_persisted_current_epoch, zab_last_zxid, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_leader_info(next_turn) ::
/\ \E leader \in REPLICA:
/\ \E follower \in REPLICA:
LET epoch_establishment_quorum == (Cardinality({quorum334 \in QUORUMS: /\ (leader \in quorum334)
/\ (Cardinality({member335 \in quorum334: (member335 \in (zab_epoch_connecting_followers[leader] \union {leader}))}) = Cardinality(quorum334))}) > 0)
IN
LET candidate_epoch == LET (* @type: (Int, Int) => Int; *)
set_reduce_473(acc336, member337) == IF (acc336 >= IF (zab_accepted_epoch[member337] >= zab_current_epoch[member337])
THEN (zab_accepted_epoch[member337] + 1)
ELSE (zab_current_epoch[member337] + 1))
THEN acc336
ELSE IF (zab_accepted_epoch[member337] >= zab_current_epoch[member337])
THEN (zab_accepted_epoch[member337] + 1)
ELSE (zab_current_epoch[member337] + 1)
IN ApaFoldSet(set_reduce_473, zab_current_epoch[leader], zab_epoch_connecting_followers[leader])
IN
LET resolved_epoch == IF zab_epoch_established[leader]
THEN zab_established_epoch[leader]
ELSE candidate_epoch
IN
LET follower_persisted_accepted_epoch == IF (resolved_epoch <= zab_persisted_accepted_epoch[follower])
THEN zab_persisted_accepted_epoch[follower]
ELSE resolved_epoch
IN
/\ (follower /= leader)
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (fle_role[leader] = "LEADING")
/\ \/ (fle_current_vote[follower].leader = replica_id[leader])
\/ /\ (leader = IUT_REPLICA)
/\ (fle_role[IUT_REPLICA] = "LEADING")
/\ (zab_sync[follower] = "info_sent")
/\ (zab_state[follower] = "discovery")
/\ \/ \/ (zab_state[leader] = "discovery")
\/ (zab_state[leader] = "synchronization")
\/ (zab_state[leader] = "broadcast")
/\ ((next_turn = "iut") = (leader = IUT_REPLICA))
/\ \/ zab_epoch_established[leader]
\/ epoch_establishment_quorum
/\ (resolved_epoch <= MAX_EPOCH)
/\ zab_sync' = [zab_sync EXCEPT ![follower] = "info_rcvd"]
/\ zab_current_epoch' = [zab_current_epoch EXCEPT ![leader] = resolved_epoch]
/\ zab_persisted_accepted_epoch' = [[zab_persisted_accepted_epoch EXCEPT ![follower] = follower_persisted_accepted_epoch] EXCEPT ![leader] = resolved_epoch]
/\ zab_epoch_established' = [zab_epoch_established EXCEPT ![leader] = TRUE]
/\ zab_established_epoch' = [zab_established_epoch EXCEPT ![leader] = resolved_epoch]
/\ fle_current_vote' = [fle_current_vote EXCEPT ![follower] = IF (fle_current_vote[follower].leader = replica_id[leader])
THEN fle_current_vote[follower]
ELSE [leader |-> replica_id[leader], peerEpoch |-> fle_current_vote[follower].peerEpoch, zxid |-> fle_current_vote[follower].zxid]]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendLeaderInfo([follower |-> follower, leader |-> leader, newEpoch |-> resolved_epoch])
/\ UNCHANGED <<quorum_reconnect_hint, zab_state, zab_accepted_epoch, zab_persisted_current_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_ack_epoch(next_turn) ::
/\ \E follower \in REPLICA:
/\ \E leader \in REPLICA:
LET wire_epoch == IF (zab_current_epoch[leader] = zab_accepted_epoch[follower])
THEN -1
ELSE zab_current_epoch[follower]
IN
/\ (follower /= leader)
/\ \/ (proc_status[follower] = "UP")
\/ /\ (follower = IUT_REPLICA)
/\ (proc_status[follower] = "STARTING")
/\ (fle_current_vote[follower].leader = replica_id[leader])
/\ (zab_sync[follower] = "info_rcvd")
/\ (zab_current_epoch[leader] >= zab_accepted_epoch[follower])
/\ ((next_turn = "iut") = (follower = IUT_REPLICA))
/\ zab_sync' = [zab_sync EXCEPT ![follower] = "epoch_acked"]
/\ zab_accepted_epoch' = [zab_accepted_epoch EXCEPT ![follower] = IF (zab_current_epoch[leader] = zab_accepted_epoch[follower])
THEN zab_accepted_epoch[follower]
ELSE zab_current_epoch[leader]]
/\ zab_persisted_accepted_epoch' = [zab_persisted_accepted_epoch EXCEPT ![follower] = IF (zab_current_epoch[leader] = [zab_accepted_epoch EXCEPT ![follower] = IF (zab_current_epoch[leader] = zab_accepted_epoch[follower])
THEN zab_accepted_epoch[follower]
ELSE zab_current_epoch[leader]][follower])
THEN zab_persisted_accepted_epoch[follower]
ELSE zab_current_epoch[leader]]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendAckEpoch([epoch |-> wire_epoch, follower |-> follower, lastZxid |-> zab_last_zxid[follower], leader |-> leader])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_current_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_diff(next_turn) ::
/\ \E leader \in REPLICA:
/\ \E follower \in REPLICA:
/\ (follower /= leader)
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (fle_role[leader] = "LEADING")
/\ (fle_current_vote[follower].leader = replica_id[leader])
/\ (zab_sync[follower] = "epoch_acked")
/\ (Cardinality({quorum338 \in QUORUMS: /\ (Cardinality({member339 \in quorum338: (member339 = leader)}) = 1)
/\ (Cardinality({member340 \in quorum338: IF (member340 = leader)
THEN TRUE
ELSE \/ \/ \/ \/ \/ \/ \/ FALSE
\/ (zab_sync[member340] = "epoch_acked")
\/ (zab_sync[member340] = "diff_sent")
\/ (zab_sync[member340] = "trunc_sent")
\/ (zab_sync[member340] = "snap_sent")
\/ (zab_sync[member340] = "newleader_sent")
\/ (zab_sync[member340] = "newleader_acked")
\/ (zab_sync[member340] = "synced")}) = Cardinality(quorum338))}) > 0)
/\ \/ \/ (zab_last_zxid[follower] = 0)
\/ (zab_last_zxid[follower] = zab_last_committed[leader].zxid)
\/ /\ /\ /\ (zab_last_committed[leader].index > 0)
/\ ~((zab_last_zxid[follower] < IF (zab_last_committed[leader].index > zab_retained_start[leader])
THEN zab_history[leader][(zab_retained_start[leader]) + 1].zxid
ELSE 0))
/\ ~((zab_last_zxid[follower] > zab_last_committed[leader].zxid))
/\ (Len(LET (* @type: ({epoch: Int, op: Str, path: Str, value: Int, zxid: Int}) => Bool; *)
list_filter_474(txn341) == (txn341.zxid = zab_last_zxid[follower])
IN SelectSeq(zab_history[leader], list_filter_474)) > 0)
/\ ((next_turn = "iut") = (leader = IUT_REPLICA))
/\ zab_sync' = [zab_sync EXCEPT ![follower] = "diff_sent"]
/\ zab_state' = [zab_state EXCEPT ![leader] = "synchronization"]
/\ zab_accepted_epoch' = [zab_accepted_epoch EXCEPT ![leader] = zab_current_epoch[leader]]
/\ zab_persisted_accepted_epoch' = [zab_persisted_accepted_epoch EXCEPT ![leader] = zab_current_epoch[leader]]
/\ zab_persisted_current_epoch' = [zab_persisted_current_epoch EXCEPT ![leader] = zab_current_epoch[leader]]
/\ epoch_leader' = [epoch_leader EXCEPT ![zab_current_epoch[leader]] = (epoch_leader[zab_current_epoch[leader]] \union {leader})]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendDiff([follower |-> follower, leader |-> leader])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_trunc(next_turn) ::
/\ \E leader \in REPLICA:
/\ \E follower \in REPLICA:
LET trunc_zxid == IF (Len(LET (* @type: ({epoch: Int, op: Str, path: Str, value: Int, zxid: Int}) => Bool; *)
list_filter_475(txn346) == (txn346.zxid < zab_last_zxid[follower])
IN SelectSeq(zab_history[leader], list_filter_475)) > 0)
THEN (LET (* @type: ({epoch: Int, op: Str, path: Str, value: Int, zxid: Int}) => Bool; *)
list_filter_476(txn346) == (txn346.zxid < zab_last_zxid[follower])
IN SelectSeq(zab_history[leader], list_filter_476))[((Len(LET (* @type: ({epoch: Int, op: Str, path: Str, value: Int, zxid: Int}) => Bool; *)
list_filter_477(txn346) == (txn346.zxid < zab_last_zxid[follower])
IN SelectSeq(zab_history[leader], list_filter_477)) - 1)) + 1].zxid
ELSE 0
IN
LET trunc_hist == LET (* @type: ({epoch: Int, op: Str, path: Str, value: Int, zxid: Int}) => Bool; *)
list_filter_478(txn347) == (trunc_zxid >= txn347.zxid)
IN SelectSeq(zab_history[leader], list_filter_478)
IN
/\ (follower /= leader)
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (fle_role[leader] = "LEADING")
/\ (fle_current_vote[follower].leader = replica_id[leader])
/\ (zab_sync[follower] = "epoch_acked")
/\ (Cardinality({quorum342 \in QUORUMS: /\ (Cardinality({member343 \in quorum342: (member343 = leader)}) = 1)
/\ (Cardinality({member344 \in quorum342: IF (member344 = leader)
THEN TRUE
ELSE \/ \/ \/ \/ \/ \/ \/ FALSE
\/ (zab_sync[member344] = "epoch_acked")
\/ (zab_sync[member344] = "diff_sent")
\/ (zab_sync[member344] = "trunc_sent")
\/ (zab_sync[member344] = "snap_sent")
\/ (zab_sync[member344] = "newleader_sent")
\/ (zab_sync[member344] = "newleader_acked")
\/ (zab_sync[member344] = "synced")}) = Cardinality(quorum342))}) > 0)
/\ /\ (zab_last_zxid[follower] /= 0)
/\ \/ (zab_last_zxid[follower] > zab_last_committed[leader].zxid)
\/ /\ /\ /\ (zab_last_committed[leader].index > 0)
/\ ~((zab_last_zxid[follower] < IF (zab_last_committed[leader].index > zab_retained_start[leader])
THEN zab_history[leader][(zab_retained_start[leader]) + 1].zxid
ELSE 0))
/\ ~((zab_last_zxid[follower] > zab_last_committed[leader].zxid))
/\ ~((Len(LET (* @type: ({epoch: Int, op: Str, path: Str, value: Int, zxid: Int}) => Bool; *)
list_filter_479(txn345) == (txn345.zxid = zab_last_zxid[follower])
IN SelectSeq(zab_history[leader], list_filter_479)) > 0))
/\ ((next_turn = "iut") = (leader = IUT_REPLICA))
/\ zab_sync' = [zab_sync EXCEPT ![follower] = "trunc_sent"]
/\ zab_state' = [zab_state EXCEPT ![leader] = "synchronization"]
/\ zab_accepted_epoch' = [zab_accepted_epoch EXCEPT ![leader] = zab_current_epoch[leader]]
/\ zab_persisted_accepted_epoch' = [zab_persisted_accepted_epoch EXCEPT ![leader] = zab_current_epoch[leader]]
/\ zab_persisted_current_epoch' = [zab_persisted_current_epoch EXCEPT ![leader] = zab_current_epoch[leader]]
/\ epoch_leader' = [epoch_leader EXCEPT ![zab_current_epoch[leader]] = (epoch_leader[zab_current_epoch[leader]] \union {leader})]
/\ zab_last_zxid' = [zab_last_zxid EXCEPT ![follower] = trunc_zxid]
/\ zab_history' = [zab_history EXCEPT ![follower] = trunc_hist]
/\ zab_last_committed' = [zab_last_committed EXCEPT ![follower] = [index |-> Len(trunc_hist), zxid |-> trunc_zxid]]
/\ zab_retained_start' = [zab_retained_start EXCEPT ![follower] = IF (Len(trunc_hist) > 0)
THEN IF (zab_retained_start[leader] < Len(trunc_hist))
THEN zab_retained_start[leader]
ELSE (Len(trunc_hist) - 1)
ELSE 0]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendTrunc([follower |-> follower, leader |-> leader, zxid |-> trunc_zxid])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_snap(next_turn) ::
/\ \E leader \in REPLICA:
/\ \E follower \in REPLICA:
/\ (follower /= leader)
/\ (fle_role[leader] = "LEADING")
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (fle_current_vote[follower].leader = replica_id[leader])
/\ (zab_sync[follower] = "epoch_acked")
/\ (Cardinality({quorum348 \in QUORUMS: /\ (Cardinality({member349 \in quorum348: (member349 = leader)}) = 1)
/\ (Cardinality({member350 \in quorum348: IF (member350 = leader)
THEN TRUE
ELSE \/ \/ \/ \/ \/ \/ \/ FALSE
\/ (zab_sync[member350] = "epoch_acked")
\/ (zab_sync[member350] = "diff_sent")
\/ (zab_sync[member350] = "trunc_sent")
\/ (zab_sync[member350] = "snap_sent")
\/ (zab_sync[member350] = "newleader_sent")
\/ (zab_sync[member350] = "newleader_acked")
\/ (zab_sync[member350] = "synced")}) = Cardinality(quorum348))}) > 0)
/\ \/ /\ (zab_last_committed[leader].index > 0)
/\ (zab_last_zxid[follower] < IF (zab_last_committed[leader].index > zab_retained_start[leader])
THEN zab_history[leader][(zab_retained_start[leader]) + 1].zxid
ELSE 0)
\/ /\ (zab_last_committed[leader].index = 0)
/\ (zab_last_zxid[follower] = 0)
/\ ((next_turn = "iut") = (leader = IUT_REPLICA))
/\ zab_sync' = [zab_sync EXCEPT ![follower] = "snap_sent"]
/\ zab_state' = [zab_state EXCEPT ![leader] = "synchronization"]
/\ zab_accepted_epoch' = [zab_accepted_epoch EXCEPT ![leader] = zab_current_epoch[leader]]
/\ zab_persisted_accepted_epoch' = [zab_persisted_accepted_epoch EXCEPT ![leader] = zab_current_epoch[leader]]
/\ zab_persisted_current_epoch' = [zab_persisted_current_epoch EXCEPT ![leader] = zab_current_epoch[leader]]
/\ epoch_leader' = [epoch_leader EXCEPT ![zab_current_epoch[leader]] = (epoch_leader[zab_current_epoch[leader]] \union {leader})]
/\ zab_last_zxid' = [zab_last_zxid EXCEPT ![follower] = zab_last_committed[leader].zxid]
/\ zab_history' = [zab_history EXCEPT ![follower] = zab_history[leader]]
/\ zab_last_committed' = [zab_last_committed EXCEPT ![follower] = zab_last_committed[leader]]
/\ zab_retained_start' = [zab_retained_start EXCEPT ![follower] = zab_retained_start[leader]]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendSnap([follower |-> follower, leader |-> leader, zxid |-> [zab_last_committed EXCEPT ![follower] = zab_last_committed[leader]][leader].zxid])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_advance_retention(next_turn) ::
/\ \E leader \in REPLICA:
/\ (leader /= IUT_REPLICA)
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (fle_role[leader] = "LEADING")
/\ (zab_state[leader] = "broadcast")
/\ (zab_sync[leader] = "none")
/\ (zab_open_proposals = WSMkSeq0)
/\ (zab_last_committed[leader].index >= 2)
/\ (zab_retained_start[leader] < (zab_last_committed[leader].index - 1))
/\ (next_turn = "tester")
/\ zab_retained_start' = [zab_retained_start EXCEPT ![leader] = (zab_retained_start[leader] + 1)]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_AdvanceRetention([leader |-> leader, zxid |-> zab_history[leader][((zab_retained_start[leader] + 1)) + 1].zxid])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_newleader(next_turn) ::
/\ \E leader \in REPLICA:
/\ \E follower \in REPLICA:
/\ (follower /= leader)
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (fle_current_vote[follower].leader = replica_id[leader])
/\ \/ \/ (zab_sync[follower] = "diff_sent")
\/ (zab_sync[follower] = "trunc_sent")
\/ (zab_sync[follower] = "snap_sent")
/\ ((next_turn = "iut") = (leader = IUT_REPLICA))
/\ zab_sync' = [zab_sync EXCEPT ![follower] = "newleader_sent"]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendNewLeader([follower |-> follower, leader |-> leader, zxid |-> zab_current_epoch[leader]])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_ack_newleader(next_turn) ::
/\ \E follower \in REPLICA:
/\ \E leader \in REPLICA:
LET post_uptodate_ack == /\ (zab_sync[follower] = "synced")
/\ zab_post_uptodate_ack_pending[follower]
IN
/\ (follower /= leader)
/\ \/ (proc_status[follower] = "UP")
\/ /\ (follower = IUT_REPLICA)
/\ (proc_status[follower] = "STARTING")
/\ (fle_current_vote[follower].leader = replica_id[leader])
/\ \/ (zab_sync[follower] = "newleader_sent")
\/ post_uptodate_ack
/\ ((next_turn = "iut") = (follower = IUT_REPLICA))
/\ zab_sync' = [zab_sync EXCEPT ![follower] = IF (zab_sync[follower] = "synced")
THEN "synced"
ELSE "newleader_acked"]
/\ zab_post_uptodate_ack_pending' = [zab_post_uptodate_ack_pending EXCEPT ![follower] = FALSE]
/\ zab_accepted_epoch' = [zab_accepted_epoch EXCEPT ![follower] = zab_current_epoch[leader]]
/\ zab_current_epoch' = [zab_current_epoch EXCEPT ![follower] = zab_current_epoch[leader]]
/\ zab_persisted_accepted_epoch' = [zab_persisted_accepted_epoch EXCEPT ![follower] = [zab_current_epoch EXCEPT ![follower] = zab_current_epoch[leader]][leader]]
/\ zab_persisted_current_epoch' = [zab_persisted_current_epoch EXCEPT ![follower] = [zab_current_epoch EXCEPT ![follower] = zab_current_epoch[leader]][leader]]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_AckNewLeader([follower |-> follower, leader |-> leader, zxid |-> [zab_current_epoch EXCEPT ![follower] = zab_current_epoch[leader]][leader]])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_uptodate(next_turn) ::
/\ \E leader \in REPLICA:
/\ \E follower \in REPLICA:
/\ (follower /= leader)
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (fle_current_vote[follower].leader = replica_id[leader])
/\ (zab_sync[follower] = "newleader_acked")
/\ (Cardinality({quorum351 \in QUORUMS: /\ (Cardinality({member352 \in quorum351: (member352 = leader)}) = 1)
/\ (Cardinality({member353 \in quorum351: IF (member353 = leader)
THEN TRUE
ELSE \/ \/ FALSE
\/ (zab_sync[member353] = "newleader_acked")
\/ (zab_sync[member353] = "synced")}) = Cardinality(quorum351))}) > 0)
/\ ((next_turn = "iut") = (leader = IUT_REPLICA))
/\ zab_sync' = [zab_sync EXCEPT ![follower] = "synced"]
/\ zab_post_uptodate_ack_pending' = [zab_post_uptodate_ack_pending EXCEPT ![follower] = TRUE]
/\ zab_last_zxid' = [zab_last_zxid EXCEPT ![follower] = zab_committed_zxid]
/\ zab_history' = [zab_history EXCEPT ![follower] = zab_history[leader]]
/\ zab_last_committed' = [zab_last_committed EXCEPT ![follower] = zab_last_committed[leader]]
/\ zab_retained_start' = [zab_retained_start EXCEPT ![follower] = zab_retained_start[leader]]
/\ fle_current_vote' = [[fle_current_vote EXCEPT ![follower] = [leader |-> fle_current_vote[follower].leader, peerEpoch |-> zab_current_epoch[follower], zxid |-> fle_current_vote[follower].zxid]] EXCEPT ![leader] = [leader |-> fle_current_vote[leader].leader, peerEpoch |-> zab_current_epoch[leader], zxid |-> fle_current_vote[leader].zxid]]
/\ zab_state' = [r354 \in REPLICA |-> IF \/ (r354 = follower)
\/ (r354 = leader)
THEN "broadcast"
ELSE zab_state[r354]]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendUpToDate([follower |-> follower, leader |-> leader])
/\ UNCHANGED <<quorum_reconnect_hint, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_client_connect(next_turn) ::
/\ \E replica \in REPLICA:
/\ \E session \in (1)..(MAX_CLIENT_SESSIONS):
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ (zab_state[replica] = "broadcast")
/\ \/ (zab_sync[replica] = "none")
\/ (zab_sync[replica] = "synced")
/\ ~((session \in zab_client_sessions[replica]))
/\ (next_turn = "tester")
/\ zab_client_sessions' = [r355 \in REPLICA |-> IF (r355 = replica)
THEN (zab_client_sessions[r355] \union {session})
ELSE zab_client_sessions[r355]]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_ClientConnect([replica |-> replica, session |-> session])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded>>
\/ lab_zab_client_ping(next_turn) ::
/\ \E replica \in REPLICA:
/\ \E session \in (1)..(MAX_CLIENT_SESSIONS):
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ (zab_state[replica] = "broadcast")
/\ \/ (zab_sync[replica] = "none")
\/ (zab_sync[replica] = "synced")
/\ (session \in zab_client_sessions[replica])
/\ (next_turn = "tester")
/\ zab_action' = UnionCtor_new_seeing_kingfisher_ClientPing([replica |-> replica, session |-> session])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_client_create(next_turn) ::
/\ \E replica \in REPLICA:
/\ \E session \in (1)..(MAX_CLIENT_SESSIONS):
/\ \E leader \in REPLICA:
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ (zab_state[replica] = "broadcast")
/\ (session \in zab_client_sessions[replica])
/\ (next_turn = "tester")
/\ \/ /\ (replica = leader)
/\ (zab_sync[replica] = "none")
\/ /\ /\ /\ /\ /\ (replica /= leader)
/\ (zab_sync[replica] = "synced")
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (zab_state[leader] = "broadcast")
/\ (zab_sync[leader] = "none")
/\ (fle_current_vote[replica].leader = replica_id[leader])
/\ /\ \E path \in {"/p1", "/p1/c1", "/p1/c2", "/p2", "/p2/c3"}:
/\ /\ ~(zab_visible_exists[path])
/\ \/ \/ \/ \/ (path = "/p1")
\/ (path = "/p2")
\/ /\ (path = "/p1/c1")
/\ zab_visible_exists["/p1"]
\/ /\ (path = "/p1/c2")
/\ zab_visible_exists["/p1"]
\/ /\ (path = "/p2/c3")
/\ zab_visible_exists["/p2"]
/\ zab_staged_direct_writes' = IF (replica = leader)
THEN Append(zab_staged_direct_writes, [dataVersion |-> 0, leader |-> leader, op |-> "create", path |-> path, session |-> session])
ELSE zab_staged_direct_writes
/\ zab_forwarded_writes' = IF (replica = leader)
THEN zab_forwarded_writes
ELSE Append(zab_forwarded_writes, [dataVersion |-> 0, follower |-> replica, leader |-> leader, op |-> "create", path |-> path, session |-> session])
/\ zab_action' = UnionCtor_new_seeing_kingfisher_ClientCreate([path |-> path, replica |-> replica, session |-> session])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_staged_forwarded_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_client_set_data(next_turn) ::
/\ \E replica \in REPLICA:
/\ \E session \in (1)..(MAX_CLIENT_SESSIONS):
/\ \E leader \in REPLICA:
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ (zab_state[replica] = "broadcast")
/\ (session \in zab_client_sessions[replica])
/\ (next_turn = "tester")
/\ (zab_committed_zxid > 0)
/\ \/ /\ (replica = leader)
/\ (zab_sync[replica] = "none")
\/ /\ /\ /\ /\ /\ (replica /= leader)
/\ (zab_sync[replica] = "synced")
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (zab_state[leader] = "broadcast")
/\ (zab_sync[leader] = "none")
/\ (fle_current_vote[replica].leader = replica_id[leader])
/\ /\ \E path \in {"/p1", "/p1/c1", "/p1/c2", "/p2", "/p2/c3"}:
/\ zab_visible_exists[path]
/\ zab_staged_direct_writes' = IF (replica = leader)
THEN Append(zab_staged_direct_writes, [dataVersion |-> IF /\ (Len(zab_open_proposals) > 0)
/\ (Len(zab_pending_proposals) > 0)
THEN IF (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid >= zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_open_proposals) > 0)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_pending_proposals) > 0)
THEN (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_committed_zxid + 1), leader |-> leader, op |-> "set_data", path |-> path, session |-> session])
ELSE zab_staged_direct_writes
/\ zab_forwarded_writes' = IF (replica = leader)
THEN zab_forwarded_writes
ELSE Append(zab_forwarded_writes, [dataVersion |-> IF /\ (Len(zab_open_proposals) > 0)
/\ (Len(zab_pending_proposals) > 0)
THEN IF (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid >= zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_open_proposals) > 0)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_pending_proposals) > 0)
THEN (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_committed_zxid + 1), follower |-> replica, leader |-> leader, op |-> "set_data", path |-> path, session |-> session])
/\ zab_action' = UnionCtor_new_seeing_kingfisher_ClientSetData([dataVersion |-> IF /\ (Len(zab_open_proposals) > 0)
/\ (Len(zab_pending_proposals) > 0)
THEN IF (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid >= zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_open_proposals) > 0)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_pending_proposals) > 0)
THEN (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_committed_zxid + 1), path |-> path, replica |-> replica, session |-> session])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_staged_forwarded_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_client_delete(next_turn) ::
/\ \E replica \in REPLICA:
/\ \E session \in (1)..(MAX_CLIENT_SESSIONS):
/\ \E leader \in REPLICA:
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ (zab_state[replica] = "broadcast")
/\ (session \in zab_client_sessions[replica])
/\ (next_turn = "tester")
/\ (zab_committed_zxid > 0)
/\ \/ /\ (replica = leader)
/\ (zab_sync[replica] = "none")
\/ /\ /\ /\ /\ /\ (replica /= leader)
/\ (zab_sync[replica] = "synced")
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (zab_state[leader] = "broadcast")
/\ (zab_sync[leader] = "none")
/\ (fle_current_vote[replica].leader = replica_id[leader])
/\ /\ \E path \in {"/p1/c1", "/p1/c2", "/p2/c3"}:
/\ /\ (path \in {"/p1/c1", "/p1/c2", "/p2/c3"})
/\ zab_visible_exists[path]
/\ zab_staged_direct_writes' = IF (replica = leader)
THEN Append(zab_staged_direct_writes, [dataVersion |-> 0, leader |-> leader, op |-> "delete", path |-> path, session |-> session])
ELSE zab_staged_direct_writes
/\ zab_forwarded_writes' = IF (replica = leader)
THEN zab_forwarded_writes
ELSE Append(zab_forwarded_writes, [dataVersion |-> 0, follower |-> replica, leader |-> leader, op |-> "delete", path |-> path, session |-> session])
/\ zab_action' = UnionCtor_new_seeing_kingfisher_ClientDelete([path |-> path, replica |-> replica, session |-> session])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_staged_forwarded_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_client_exists(next_turn) ::
/\ \E replica \in REPLICA:
/\ \E session \in (1)..(MAX_CLIENT_SESSIONS):
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ (zab_state[replica] = "broadcast")
/\ \/ (zab_sync[replica] = "none")
\/ (zab_sync[replica] = "synced")
/\ (session \in zab_client_sessions[replica])
/\ (next_turn = "tester")
/\ /\ \E path \in {"/p1", "/p1/c1", "/p1/c2", "/p2", "/p2/c3"}:
zab_action' = UnionCtor_new_seeing_kingfisher_ClientExists([path |-> path, replica |-> replica, session |-> session])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_client_get_data(next_turn) ::
/\ \E replica \in REPLICA:
/\ \E session \in (1)..(MAX_CLIENT_SESSIONS):
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ (zab_state[replica] = "broadcast")
/\ \/ (zab_sync[replica] = "none")
\/ (zab_sync[replica] = "synced")
/\ (session \in zab_client_sessions[replica])
/\ (next_turn = "tester")
/\ /\ \E path \in {"/p1", "/p1/c1", "/p1/c2", "/p2", "/p2/c3"}:
zab_action' = UnionCtor_new_seeing_kingfisher_ClientGetData([path |-> path, replica |-> replica, session |-> session])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_client_get_children(next_turn) ::
/\ \E replica \in REPLICA:
/\ \E session \in (1)..(MAX_CLIENT_SESSIONS):
/\ \/ (proc_status[replica] = "UP")
\/ /\ (replica = IUT_REPLICA)
/\ (proc_status[replica] = "STARTING")
/\ (zab_state[replica] = "broadcast")
/\ \/ (zab_sync[replica] = "none")
\/ (zab_sync[replica] = "synced")
/\ (session \in zab_client_sessions[replica])
/\ (next_turn = "tester")
/\ /\ \E path \in {"/", "/p1", "/p2"}:
zab_action' = UnionCtor_new_seeing_kingfisher_ClientGetChildren([path |-> path, replica |-> replica, session |-> session])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_forwarded_request(next_turn) ::
LET forwarded == zab_forwarded_writes[(0) + 1] IN
/\ (Len(zab_forwarded_writes) > 0)
/\ \/ (proc_status[forwarded.follower] = "UP")
\/ /\ (IUT_REPLICA = forwarded.follower)
/\ (proc_status[forwarded.follower] = "STARTING")
/\ \/ (proc_status[forwarded.leader] = "UP")
\/ /\ (IUT_REPLICA = forwarded.leader)
/\ (proc_status[forwarded.leader] = "STARTING")
/\ (zab_state[forwarded.follower] = "broadcast")
/\ (zab_state[forwarded.leader] = "broadcast")
/\ (zab_sync[forwarded.follower] = "synced")
/\ (zab_sync[forwarded.leader] = "none")
/\ (fle_current_vote[forwarded.follower].leader = replica_id[forwarded.leader])
/\ ((next_turn = "iut") = (IUT_REPLICA = forwarded.follower))
/\ zab_forwarded_writes' = SubSeq(zab_forwarded_writes, (1) + 1, Len(zab_forwarded_writes))
/\ zab_staged_forwarded_writes' = Append(zab_staged_forwarded_writes, [dataVersion |-> forwarded.dataVersion, follower |-> forwarded.follower, leader |-> forwarded.leader, op |-> forwarded.op, path |-> forwarded.path, session |-> forwarded.session])
/\ zab_seen_forwarded_request' = TRUE
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendForwardedRequest([dataVersion |-> forwarded.dataVersion, follower |-> forwarded.follower, leader |-> forwarded.leader, op |-> forwarded.op, path |-> forwarded.path, session |-> forwarded.session])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_last_zxid, zab_sync, zab_post_uptodate_ack_pending, zab_open_proposals, zab_staged_direct_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_proposal(next_turn) ::
/\ \E leader \in REPLICA:
/\ \E follower \in REPLICA:
/\ \E open_idx \in open_proposal_indices:
/\ \E staged_forwarded_idx \in staged_forwarded_indices:
/\ \E staged_direct_idx \in staged_direct_indices:
LET staged_forwarded == IF /\ (staged_forwarded_idx >= 0)
/\ (staged_forwarded_idx < Len(zab_staged_forwarded_writes))
THEN zab_staged_forwarded_writes[(staged_forwarded_idx) + 1]
ELSE [dataVersion |-> 0, follower |-> 0, leader |-> 0, op |-> "none", path |-> "/p1", session |-> 0]
IN
LET staged_direct == IF /\ (staged_direct_idx >= 0)
/\ (staged_direct_idx < Len(zab_staged_direct_writes))
THEN zab_staged_direct_writes[(staged_direct_idx) + 1]
ELSE [dataVersion |-> 0, leader |-> 0, op |-> "none", path |-> "/p1", session |-> 0]
IN
/\ (follower /= leader)
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (zab_state[leader] = "broadcast")
/\ (zab_sync[follower] = "synced")
/\ ((next_turn = "iut") = (leader = IUT_REPLICA))
/\ \/ lab_OpenProposal(leader, follower, open_idx, staged_forwarded_idx, staged_direct_idx) ::
LET proposal == zab_open_proposals[(open_idx) + 1]
IN
/\ (open_idx < Len(zab_open_proposals))
/\ ~((follower \in proposal.sent_to))
/\ (LET (* @type: ({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}) => Bool; *)
list_filter_480(earlier356) == ~((follower \in earlier356.sent_to))
IN SelectSeq(SubSeq(zab_open_proposals, (0) + 1, open_idx), list_filter_480) = WSMkSeq0)
/\ zab_open_proposals' = [zab_open_proposals EXCEPT ![(open_idx) + 1] = [acked_by |-> proposal.acked_by, commits_sent |-> proposal.commits_sent, dataVersion |-> proposal.dataVersion, op |-> proposal.op, path |-> proposal.path, sent_to |-> (proposal.sent_to \union {follower}), source |-> proposal.source, zxid |-> proposal.zxid]]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendProposal([dataVersion |-> proposal.dataVersion, follower |-> follower, leader |-> leader, op |-> proposal.op, path |-> proposal.path, zxid |-> proposal.zxid])
/\ UNCHANGED <<zab_last_zxid, zab_staged_forwarded_writes, zab_staged_direct_writes>>
\/ lab_StagedForwardedProposal(leader, follower, open_idx, staged_forwarded_idx, staged_direct_idx) ::
/\ (staged_forwarded_idx >= 0)
/\ (staged_forwarded_idx < Len(zab_staged_forwarded_writes))
/\ (leader = staged_forwarded.leader)
/\ zab_staged_forwarded_writes' = (SubSeq(zab_staged_forwarded_writes, (0) + 1, staged_forwarded_idx) \o SubSeq(zab_staged_forwarded_writes, ((staged_forwarded_idx + 1)) + 1, Len(zab_staged_forwarded_writes)))
/\ zab_open_proposals' = Append(zab_open_proposals, [acked_by |-> {v_357 \in {0}: FALSE}, commits_sent |-> {v_358 \in {0}: FALSE}, dataVersion |-> staged_forwarded.dataVersion, op |-> staged_forwarded.op, path |-> staged_forwarded.path, sent_to |-> {follower}, source |-> "forwarded", zxid |-> IF /\ (Len(zab_open_proposals) > 0)
/\ (Len(zab_pending_proposals) > 0)
THEN IF (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid >= zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_open_proposals) > 0)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_pending_proposals) > 0)
THEN (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_committed_zxid + 1)])
/\ zab_last_zxid' = [zab_last_zxid EXCEPT ![leader] = IF /\ (Len(zab_open_proposals) > 0)
/\ (Len(zab_pending_proposals) > 0)
THEN IF (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid >= zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_open_proposals) > 0)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_pending_proposals) > 0)
THEN (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_committed_zxid + 1)]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendProposal([dataVersion |-> staged_forwarded.dataVersion, follower |-> follower, leader |-> leader, op |-> staged_forwarded.op, path |-> staged_forwarded.path, zxid |-> IF /\ (Len(zab_open_proposals) > 0)
/\ (Len(zab_pending_proposals) > 0)
THEN IF (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid >= zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_open_proposals) > 0)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_pending_proposals) > 0)
THEN (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_committed_zxid + 1)])
/\ UNCHANGED zab_staged_direct_writes
\/ lab_StagedDirectProposal(leader, follower, open_idx, staged_forwarded_idx, staged_direct_idx) ::
/\ (staged_direct_idx >= 0)
/\ (staged_direct_idx < Len(zab_staged_direct_writes))
/\ (leader = staged_direct.leader)
/\ zab_staged_direct_writes' = (SubSeq(zab_staged_direct_writes, (0) + 1, staged_direct_idx) \o SubSeq(zab_staged_direct_writes, ((staged_direct_idx + 1)) + 1, Len(zab_staged_direct_writes)))
/\ zab_open_proposals' = Append(zab_open_proposals, [acked_by |-> {v_359 \in {0}: FALSE}, commits_sent |-> {v_360 \in {0}: FALSE}, dataVersion |-> staged_direct.dataVersion, op |-> staged_direct.op, path |-> staged_direct.path, sent_to |-> {follower}, source |-> "direct", zxid |-> IF /\ (Len(zab_open_proposals) > 0)
/\ (Len(zab_pending_proposals) > 0)
THEN IF (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid >= zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_open_proposals) > 0)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_pending_proposals) > 0)
THEN (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_committed_zxid + 1)])
/\ zab_last_zxid' = [zab_last_zxid EXCEPT ![leader] = IF /\ (Len(zab_open_proposals) > 0)
/\ (Len(zab_pending_proposals) > 0)
THEN IF (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid >= zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_open_proposals) > 0)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_pending_proposals) > 0)
THEN (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_committed_zxid + 1)]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendProposal([dataVersion |-> staged_direct.dataVersion, follower |-> follower, leader |-> leader, op |-> staged_direct.op, path |-> staged_direct.path, zxid |-> IF /\ (Len(zab_open_proposals) > 0)
/\ (Len(zab_pending_proposals) > 0)
THEN IF (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid >= zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_open_proposals) > 0)
THEN (zab_open_proposals[((Len(zab_open_proposals) - 1)) + 1].zxid + 1)
ELSE IF (Len(zab_pending_proposals) > 0)
THEN (zab_pending_proposals[((Len(zab_pending_proposals) - 1)) + 1].zxid + 1)
ELSE (zab_committed_zxid + 1)])
/\ UNCHANGED zab_staged_forwarded_writes
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_sync, zab_post_uptodate_ack_pending, zab_forwarded_writes, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
\/ lab_zab_ack_proposal(next_turn) ::
/\ \E follower \in REPLICA:
/\ \E leader \in REPLICA:
/\ \E proposal_idx \in ({0} \union (DOMAIN zab_open_proposals)) \ {Len(zab_open_proposals)}:
LET proposal == zab_open_proposals[(proposal_idx) + 1]
IN
LET updated_proposal == [acked_by |-> (proposal.acked_by \union {follower}), commits_sent |-> proposal.commits_sent, dataVersion |-> proposal.dataVersion, op |-> proposal.op, path |-> proposal.path, sent_to |-> proposal.sent_to, source |-> proposal.source, zxid |-> proposal.zxid]
IN
LET leader_commits_now == /\ (Cardinality({quorum362 \in QUORUMS: /\ (Cardinality({member363 \in quorum362: (member363 = leader)}) = 1)
/\ (Cardinality({member364 \in quorum362: (member364 \in (updated_proposal.acked_by \union {leader}))}) = Cardinality(quorum362))}) > 0)
/\ (proposal.zxid = (zab_last_committed[leader].zxid + 1))
IN
LET committed_txn == [epoch |-> zab_current_epoch[leader], op |-> proposal.op, path |-> proposal.path, value |-> proposal.dataVersion, zxid |-> proposal.zxid]
IN
LET leader_history == IF leader_commits_now
THEN Append(zab_history[leader], committed_txn)
ELSE zab_history[leader]
IN
LET leader_last_committed == IF leader_commits_now
THEN [index |-> Len(leader_history), zxid |-> proposal.zxid]
ELSE zab_last_committed[leader]
IN
/\ (follower /= leader)
/\ \/ (proc_status[follower] = "UP")
\/ /\ (follower = IUT_REPLICA)
/\ (proc_status[follower] = "STARTING")
/\ (zab_state[leader] = "broadcast")
/\ (zab_sync[follower] = "synced")
/\ (proposal_idx < Len(zab_open_proposals))
/\ (follower \in proposal.sent_to)
/\ ~((follower \in proposal.acked_by))
/\ (LET (* @type: ({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}) => Bool; *)
list_filter_481(earlier361) == /\ (follower \in earlier361.sent_to)
/\ ~((follower \in earlier361.acked_by))
IN SelectSeq(SubSeq(zab_open_proposals, (0) + 1, proposal_idx), list_filter_481) = WSMkSeq0)
/\ ((next_turn = "iut") = (follower = IUT_REPLICA))
/\ zab_last_zxid' = [zab_last_zxid EXCEPT ![follower] = proposal.zxid]
/\ zab_open_proposals' = [zab_open_proposals EXCEPT ![(proposal_idx) + 1] = updated_proposal]
/\ zab_history' = [zab_history EXCEPT ![leader] = leader_history]
/\ zab_last_committed' = [zab_last_committed EXCEPT ![leader] = leader_last_committed]
/\ zab_committed_zxid' = IF leader_commits_now
THEN proposal.zxid
ELSE zab_committed_zxid
/\ zab_committed_forwarded' = \/ zab_committed_forwarded
\/ /\ leader_commits_now
/\ (proposal.source = "forwarded")
/\ zab_visible_exists' = [zab_visible_exists EXCEPT ![proposal.path] = IF leader_commits_now
THEN IF (proposal.op = "create")
THEN TRUE
ELSE IF (proposal.op = "delete")
THEN FALSE
ELSE zab_visible_exists[proposal.path]
ELSE zab_visible_exists[proposal.path]]
/\ zab_visible_data_version' = [zab_visible_data_version EXCEPT ![proposal.path] = IF leader_commits_now
THEN IF (proposal.op = "set_data")
THEN proposal.dataVersion
ELSE IF (proposal.op = "delete")
THEN 0
ELSE zab_visible_data_version[proposal.path]
ELSE zab_visible_data_version[proposal.path]]
/\ zab_visible_zxid' = [zab_visible_zxid EXCEPT ![proposal.path] = IF leader_commits_now
THEN proposal.zxid
ELSE zab_visible_zxid[proposal.path]]
/\ zab_node_exists' = IF leader_commits_now
THEN (Cardinality({path365 \in {"/p1", "/p1/c1", "/p1/c2", "/p2", "/p2/c3"}: [zab_visible_exists EXCEPT ![proposal.path] = IF leader_commits_now
THEN IF (proposal.op = "create")
THEN TRUE
ELSE IF (proposal.op = "delete")
THEN FALSE
ELSE zab_visible_exists[proposal.path]
ELSE zab_visible_exists[proposal.path]][path365]}) > 0)
ELSE zab_node_exists
/\ zab_action' = UnionCtor_new_seeing_kingfisher_AckProposal([follower |-> follower, leader |-> leader, zxid |-> proposal.zxid])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_sync, zab_post_uptodate_ack_pending, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_retained_start, epoch_leader, zab_seen_forwarded_request, zab_client_sessions>>
\/ lab_zab_commit(next_turn) ::
/\ \E leader \in REPLICA:
/\ \E follower \in REPLICA:
LET proposal == zab_open_proposals[(0) + 1]
IN
/\ (follower /= leader)
/\ \/ (proc_status[leader] = "UP")
\/ /\ (leader = IUT_REPLICA)
/\ (proc_status[leader] = "STARTING")
/\ (zab_state[leader] = "broadcast")
/\ (zab_sync[follower] = "synced")
/\ (Len(zab_open_proposals) > 0)
/\ ~((follower \in proposal.commits_sent))
/\ (follower \in proposal.acked_by)
/\ (Cardinality({quorum366 \in QUORUMS: /\ (Cardinality({member367 \in quorum366: (member367 = leader)}) = 1)
/\ (Cardinality({member368 \in quorum366: (member368 \in (proposal.acked_by \union {leader}))}) = Cardinality(quorum366))}) > 0)
/\ (proposal.zxid <= zab_last_committed[leader].zxid)
/\ ((next_turn = "iut") = (leader = IUT_REPLICA))
/\ zab_last_zxid' = [zab_last_zxid EXCEPT ![follower] = proposal.zxid]
/\ zab_history' = [zab_history EXCEPT ![follower] = IF (zab_last_committed[follower].zxid < proposal.zxid)
THEN Append(zab_history[follower], [epoch |-> zab_current_epoch[leader], op |-> proposal.op, path |-> proposal.path, value |-> proposal.dataVersion, zxid |-> proposal.zxid])
ELSE zab_history[follower]]
/\ zab_last_committed' = [zab_last_committed EXCEPT ![follower] = IF (zab_last_committed[follower].zxid < proposal.zxid)
THEN [index |-> Len(IF (zab_last_committed[follower].zxid < proposal.zxid)
THEN Append(zab_history[follower], [epoch |-> zab_current_epoch[leader], op |-> proposal.op, path |-> proposal.path, value |-> proposal.dataVersion, zxid |-> proposal.zxid])
ELSE zab_history[follower]), zxid |-> proposal.zxid]
ELSE zab_last_committed[follower]]
/\ zab_open_proposals' = IF (Cardinality({r370 \in {r369 \in REPLICA: /\ (zab_sync[r369] = "synced")
/\ (r369 /= leader)}: ~((r370 \in (proposal.commits_sent \union {follower})))}) = 0)
THEN SubSeq(zab_open_proposals, (1) + 1, Len(zab_open_proposals))
ELSE [zab_open_proposals EXCEPT ![(0) + 1] = [acked_by |-> proposal.acked_by, commits_sent |-> (proposal.commits_sent \union {follower}), dataVersion |-> proposal.dataVersion, op |-> proposal.op, path |-> proposal.path, sent_to |-> proposal.sent_to, source |-> proposal.source, zxid |-> proposal.zxid]]
/\ zab_action' = UnionCtor_new_seeing_kingfisher_SendCommit([follower |-> follower, leader |-> leader, zxid |-> proposal.zxid])
/\ UNCHANGED <<quorum_reconnect_hint, fle_current_vote, zab_state, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_epoch_established, zab_established_epoch, zab_epoch_connecting_followers, zab_sync, zab_post_uptodate_ack_pending, zab_forwarded_writes, zab_staged_forwarded_writes, zab_staged_direct_writes, zab_committed_zxid, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded, zab_client_sessions>>
/\ UNCHANGED <<proc_status, tcp_status, fle_role, fle_logical_clock, fle_proposed_vote, fle_recv_votes, fle_out_of_election, fle_wait_finalize, fle_sent_messages, fle_historical_messages, zab_pending_proposals>>
\/ lab_stop ::
/\ \E r \in REPLICA:
/\ fle_action' = UnionCtor_rough_jumping_emu_NoFleAction
/\ tcp_action' = UnionCtor_minor_hiring_magpie_NoTcpAction
/\ zab_action' = UnionCtor_new_seeing_kingfisher_NoZabAction
/\ last_turn' = "tester"
/\ (proc_status[r] = "UP")
/\ zab_open_proposals' = IF (fle_role[r] = "LEADING")
THEN WSMkSeq0
ELSE LET (* @type: (Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}), {acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}) => Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}); *)
list_reduce_482(acc371, proposal372) == Append(acc371, [acked_by |-> {member374 \in proposal372.acked_by: (member374 /= r)}, commits_sent |-> {member375 \in proposal372.commits_sent: (member375 /= r)}, dataVersion |-> proposal372.dataVersion, op |-> proposal372.op, path |-> proposal372.path, sent_to |-> {member373 \in proposal372.sent_to: (member373 /= r)}, source |-> proposal372.source, zxid |-> proposal372.zxid])
IN ApaFoldSeqLeft(list_reduce_482, WSMkSeq0, zab_open_proposals)
/\ zab_forwarded_writes' = LET (* @type: ({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_483(forwarded376) == /\ ~((forwarded376.follower \in {r}))
/\ ~((forwarded376.leader \in {r}))
IN SelectSeq(zab_forwarded_writes, list_filter_483)
/\ zab_staged_forwarded_writes' = LET (* @type: ({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_484(forwarded377) == /\ ~((forwarded377.follower \in {r}))
/\ ~((forwarded377.leader \in {r}))
IN SelectSeq(zab_staged_forwarded_writes, list_filter_484)
/\ zab_staged_direct_writes' = LET (* @type: ({dataVersion: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_485(staged378) == ~((staged378.leader \in {r}))
IN SelectSeq(zab_staged_direct_writes, list_filter_485)
/\ zab_pending_proposals' = LET (* @type: ({dataVersion: Int, leader: Int, op: Str, path: Str, source: Str, zxid: Int}) => Bool; *)
list_filter_486(proposal379) == ~((proposal379.leader \in {r}))
IN SelectSeq(zab_pending_proposals, list_filter_486)
/\ zab_client_sessions' = [replica380 \in REPLICA |-> IF (replica380 = r)
THEN {v_381 \in (1)..(MAX_CLIENT_SESSIONS): FALSE}
ELSE zab_client_sessions[replica380]]
/\ proc_status' = [proc_status EXCEPT ![r] = IF (r = IUT_REPLICA)
THEN "STOPPING"
ELSE "DOWN"]
/\ zab_state' = [zab_state EXCEPT ![r] = "idle"]
/\ zab_sync' = [zab_sync EXCEPT ![r] = "none"]
/\ zab_epoch_established' = [zab_epoch_established EXCEPT ![r] = FALSE]
/\ zab_established_epoch' = [zab_established_epoch EXCEPT ![r] = 0]
/\ zab_epoch_connecting_followers' = [zab_epoch_connecting_followers EXCEPT ![r] = {v_382 \in {0}: FALSE}]
/\ zab_post_uptodate_ack_pending' = [zab_post_uptodate_ack_pending EXCEPT ![r] = FALSE]
/\ tcp_status' = [ch383 \in tcp_channels |-> IF /\ \/ \/ \/ (ch383.serverAddr = election_addr[r])
\/ (ch383.clientAddr = election_addr[r])
\/ (ch383.serverAddr = quorum_addr[r])
\/ (ch383.clientAddr = quorum_addr[r])
/\ (tcp_status[ch383] /= "closed")
THEN "closed"
ELSE tcp_status[ch383]]
/\ quorum_reconnect_hint' = 0
/\ process_action' = UnionCtor_sonic_placing_stallion_Stop(r)
/\ UNCHANGED <<fle_role, fle_logical_clock, fle_proposed_vote, fle_current_vote, fle_recv_votes, fle_out_of_election, fle_wait_finalize, fle_sent_messages, fle_historical_messages, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_last_zxid, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded>>
\/ lab_crash ::
/\ \E r \in REPLICA:
/\ fle_action' = UnionCtor_rough_jumping_emu_NoFleAction
/\ tcp_action' = UnionCtor_minor_hiring_magpie_NoTcpAction
/\ zab_action' = UnionCtor_new_seeing_kingfisher_NoZabAction
/\ last_turn' = "tester"
/\ (proc_status[r] = "UP")
/\ zab_open_proposals' = IF (fle_role[r] = "LEADING")
THEN WSMkSeq0
ELSE LET (* @type: (Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}), {acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}) => Seq({acked_by: Set(Int), commits_sent: Set(Int), dataVersion: Int, op: Str, path: Str, sent_to: Set(Int), source: Str, zxid: Int}); *)
list_reduce_487(acc384, proposal385) == Append(acc384, [acked_by |-> {member387 \in proposal385.acked_by: (member387 /= r)}, commits_sent |-> {member388 \in proposal385.commits_sent: (member388 /= r)}, dataVersion |-> proposal385.dataVersion, op |-> proposal385.op, path |-> proposal385.path, sent_to |-> {member386 \in proposal385.sent_to: (member386 /= r)}, source |-> proposal385.source, zxid |-> proposal385.zxid])
IN ApaFoldSeqLeft(list_reduce_487, WSMkSeq0, zab_open_proposals)
/\ zab_forwarded_writes' = LET (* @type: ({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_488(forwarded389) == /\ ~((forwarded389.follower \in {r}))
/\ ~((forwarded389.leader \in {r}))
IN SelectSeq(zab_forwarded_writes, list_filter_488)
/\ zab_staged_forwarded_writes' = LET (* @type: ({dataVersion: Int, follower: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_489(forwarded390) == /\ ~((forwarded390.follower \in {r}))
/\ ~((forwarded390.leader \in {r}))
IN SelectSeq(zab_staged_forwarded_writes, list_filter_489)
/\ zab_staged_direct_writes' = LET (* @type: ({dataVersion: Int, leader: Int, op: Str, path: Str, session: Int}) => Bool; *)
list_filter_490(staged391) == ~((staged391.leader \in {r}))
IN SelectSeq(zab_staged_direct_writes, list_filter_490)
/\ zab_pending_proposals' = LET (* @type: ({dataVersion: Int, leader: Int, op: Str, path: Str, source: Str, zxid: Int}) => Bool; *)
list_filter_491(proposal392) == ~((proposal392.leader \in {r}))
IN SelectSeq(zab_pending_proposals, list_filter_491)
/\ zab_client_sessions' = [replica393 \in REPLICA |-> IF (replica393 = r)
THEN {v_394 \in (1)..(MAX_CLIENT_SESSIONS): FALSE}
ELSE zab_client_sessions[replica393]]
/\ proc_status' = [proc_status EXCEPT ![r] = IF (r = IUT_REPLICA)
THEN "STOPPING"
ELSE "DOWN"]
/\ zab_state' = [zab_state EXCEPT ![r] = "idle"]
/\ zab_sync' = [zab_sync EXCEPT ![r] = "none"]
/\ zab_epoch_established' = [zab_epoch_established EXCEPT ![r] = FALSE]
/\ zab_established_epoch' = [zab_established_epoch EXCEPT ![r] = 0]
/\ zab_epoch_connecting_followers' = [zab_epoch_connecting_followers EXCEPT ![r] = {v_395 \in {0}: FALSE}]
/\ zab_post_uptodate_ack_pending' = [zab_post_uptodate_ack_pending EXCEPT ![r] = FALSE]
/\ tcp_status' = [ch396 \in tcp_channels |-> IF /\ \/ \/ \/ (ch396.serverAddr = election_addr[r])
\/ (ch396.clientAddr = election_addr[r])
\/ (ch396.serverAddr = quorum_addr[r])
\/ (ch396.clientAddr = quorum_addr[r])
/\ (tcp_status[ch396] /= "closed")
THEN "closed"
ELSE tcp_status[ch396]]
/\ quorum_reconnect_hint' = 0
/\ process_action' = UnionCtor_sonic_placing_stallion_Crash(r)
/\ UNCHANGED <<fle_role, fle_logical_clock, fle_proposed_vote, fle_current_vote, fle_recv_votes, fle_out_of_election, fle_wait_finalize, fle_sent_messages, fle_historical_messages, zab_accepted_epoch, zab_current_epoch, zab_persisted_accepted_epoch, zab_persisted_current_epoch, zab_last_zxid, zab_committed_zxid, zab_history, zab_last_committed, zab_retained_start, epoch_leader, zab_node_exists, zab_visible_exists, zab_visible_data_version, zab_visible_zxid, zab_seen_forwarded_request, zab_committed_forwarded>>
/\ UNCHANGED replica_id
TailProposalAcked ==
~(/\ (Len(zab_open_proposals) >= 2)
/\ (Cardinality(zab_open_proposals[(1) + 1].acked_by) > 0))
TotalOrder ==
\A i397 \in REPLICA: \A j398 \in REPLICA: (/\ (zab_last_committed[i397].index >= 2)
/\ (zab_last_committed[j398].index >= 2)) => (\A idx_i1399 \in (0)..((MAX_HISTORY - 1)): \A idx_i2400 \in (0)..((MAX_HISTORY - 1)): \/ \/ \/ \/ (idx_i1399 >= (zab_last_committed[i397].index - 1))
\/ (idx_i2400 <= idx_i1399)
\/ (idx_i2400 >= zab_last_committed[i397].index)
\/ ~(\E idx401 \in (0)..((MAX_HISTORY - 1)): /\ (idx401 < zab_last_committed[j398].index)
/\ /\ (zab_history[i397][(idx_i2400) + 1].zxid = zab_history[j398][(idx401) + 1].zxid)
/\ (zab_history[i397][(idx_i2400) + 1].value = zab_history[j398][(idx401) + 1].value))
\/ \E idx_j2402 \in (0)..((MAX_HISTORY - 1)): /\ /\ /\ (idx_j2402 < zab_last_committed[j398].index)
/\ /\ (zab_history[i397][(idx_i2400) + 1].zxid = zab_history[j398][(idx_j2402) + 1].zxid)
/\ (zab_history[i397][(idx_i2400) + 1].value = zab_history[j398][(idx_j2402) + 1].value)
/\ (idx_j2402 > 0)
/\ \E idx_j1403 \in (0)..((MAX_HISTORY - 1)): /\ (idx_j1403 < idx_j2402)
/\ /\ (zab_history[i397][(idx_i1399) + 1].zxid = zab_history[j398][(idx_j1403) + 1].zxid)
/\ (zab_history[i397][(idx_i1399) + 1].value = zab_history[j398][(idx_j1403) + 1].value))
TruncPathTaken ==
~((VariantTag(zab_action) = "SendTrunc"))
TwoDistinctZnodesCommitted ==
~(/\ /\ /\ zab_visible_exists["/p1"]
/\ zab_visible_exists["/p2"]
/\ (zab_visible_zxid["/p1"] > 0)
/\ (zab_visible_zxid["/p2"] > 0))
TwoProposalsInFlight ==
~((Len(zab_open_proposals) >= 2))
View ==
WSMkTuple4(proc_status, fle_role, zab_state, zab_sync)
===============================================================================
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment