I've admitted the top level phase two theorem and commented the rest of the file out. This leaves 28 admits.
Out of those 28, we won't try to prove (1 admit) The phase two admit
phase_two_without_phase_one
(4 admits) facts about pointers never getting worse.
phase_one_error_continuously_nonincreasingsuccs_error_nonincreasingsuccs_error_helper_invarhas_first_succ_stable
(7 admits) facts about pointers pointing to live and/or joined nodes
valid_ptrs_global_inductivewf_ptr_succ_list_invariant'successors_are_live_nodesstabilize2_target_joinedjoin2_target_joinedstabilize_target_joinedsuccessor_nodes_always_valid
(1 'admit') An axiom saying SUCC_LIST_LEN >= 2
succ_list_len_lower_bound
This leaves the following 15 admits, which I think are provable in two months' worth of work.
2 tricky facts
open_stabilize_request_until_responsenot_skipped_means_incoming_succs_not_skipped
5 things of a list lemma flavor
in_concatinitial_esl_is_sorted_nodes_choppedsorted_list_elements_not_betweenlive_node_in_succs_best_succhas_succ_has_pred_inv
2 grab bag
adopting_succs_decreases_succs_errorconstrained_Request_not_cleared_by_recv_handler
2 grindy invariants
query_message_ok_invariantat_most_one_request_timeout_invariant
4 eventually... arguments
joins_stopqueries_eventually_stopdead_node_channel_empties_outdead_nodes_go_quiet