Commit 00f2af66 authored by MARCHE Claude's avatar MARCHE Claude
Browse files

update Coq proofs with explicit occurrences of idqt instead of id'

parent d16974d8
......@@ -9,7 +9,7 @@
<file
name="../12934.why"
verified="true"
expanded="false">
expanded="true">
<theory
name="BTS12934"
locfile="bts/12934/../12934.why"
......@@ -28,9 +28,10 @@
prover="0"
timelimit="10"
memlimit="0"
edited="12934_BTS12934_t_1.v"
obsolete="false"
archived="false">
<result status="valid" time="0.50"/>
<result status="valid" time="0.42"/>
</proof>
</goal>
</theory>
......
......@@ -213,9 +213,9 @@ Unset Implicit Arguments.
Axiom subst_fresh : forall (f:fmla) (x:ident) (v:ident), (fresh_in_fmla x
f) -> ((subst f x v) = f).
Axiom let_subst : forall (t:term) (f:fmla) (x:ident) (id:ident) (idqt:ident),
((subst (Flet x t f) id idqt) = (Flet x (subst_term t id idqt) (subst f id
idqt))).
Axiom let_subst : forall (t:term) (f:fmla) (x:ident) (id:ident) (id':ident),
((subst (Flet x t f) id id') = (Flet x (subst_term t id id') (subst f id
id'))).
Axiom eval_subst : forall (f:fmla) (sigma:(map ident value)) (pi:(list
(ident* value)%type)) (x:ident) (v:ident), (fresh_in_fmla v f) ->
......@@ -235,9 +235,9 @@ Axiom eval_change_free : forall (f:fmla) (sigma:(map ident value)) (pi:(list
Definition valid_fmla(p:fmla): Prop := forall (sigma:(map ident value))
(pi:(list (ident* value)%type)), (eval_fmla sigma pi p).
Axiom let_equiv : forall (id:ident) (idqt:ident) (t:term) (f:fmla),
Axiom let_equiv : forall (id:ident) (id':ident) (t:term) (f:fmla),
forall (sigma:(map ident value)) (pi:(list (ident* value)%type)),
(eval_fmla sigma pi (Flet idqt t (subst f id idqt))) -> (eval_fmla sigma pi
(eval_fmla sigma pi (Flet id' t (subst f id id'))) -> (eval_fmla sigma pi
(Flet id t f)).
(* Why3 assumption *)
......@@ -282,50 +282,49 @@ Inductive one_step : (map ident value) -> (list (ident* value)%type) -> expr
| one_step_deref : forall (sigma:(map ident value)) (pi:(list (ident*
value)%type)) (v:ident), (one_step sigma pi (Ederef v) sigma pi
(Evalue (get sigma v)))
| one_step_bin_ctxt1 : forall (sigma:(map ident value)) (sigmaqt:(map ident
value)) (pi:(list (ident* value)%type)) (piqt:(list (ident*
value)%type)) (op:operator) (e1:expr) (e1qt:expr) (e2:expr),
(one_step sigma pi e1 sigmaqt piqt e1qt) -> (one_step sigma pi (Ebin e1
op e2) sigmaqt piqt (Ebin e1qt op e2))
| one_step_bin_ctxt2 : forall (sigma:(map ident value)) (sigmaqt:(map ident
value)) (pi:(list (ident* value)%type)) (piqt:(list (ident*
value)%type)) (op:operator) (v1:value) (e2:expr) (e2qt:expr),
(one_step sigma pi e2 sigmaqt piqt e2qt) -> (one_step sigma pi
(Ebin (Evalue v1) op e2) sigmaqt piqt (Ebin (Evalue v1) op e2qt))
| one_step_bin_value : forall (sigma:(map ident value)) (sigmaqt:(map ident
value)) (pi:(list (ident* value)%type)) (piqt:(list (ident*
| one_step_bin_ctxt1 : forall (sigma:(map ident value)) (sigma':(map ident
value)) (pi:(list (ident* value)%type)) (pi':(list (ident*
value)%type)) (op:operator) (e1:expr) (e1':expr) (e2:expr),
(one_step sigma pi e1 sigma' pi' e1') -> (one_step sigma pi (Ebin e1 op
e2) sigma' pi' (Ebin e1' op e2))
| one_step_bin_ctxt2 : forall (sigma:(map ident value)) (sigma':(map ident
value)) (pi:(list (ident* value)%type)) (pi':(list (ident*
value)%type)) (op:operator) (v1:value) (e2:expr) (e2':expr),
(one_step sigma pi e2 sigma' pi' e2') -> (one_step sigma pi
(Ebin (Evalue v1) op e2) sigma' pi' (Ebin (Evalue v1) op e2'))
| one_step_bin_value : forall (sigma:(map ident value)) (sigma':(map ident
value)) (pi:(list (ident* value)%type)) (pi':(list (ident*
value)%type)) (op:operator) (v1:value) (v2:value), (one_step sigma pi
(Ebin (Evalue v1) op (Evalue v2)) sigmaqt piqt (Evalue (eval_bin v1 op
(Ebin (Evalue v1) op (Evalue v2)) sigma' pi' (Evalue (eval_bin v1 op
v2)))
| one_step_assign_ctxt : forall (sigma:(map ident value)) (sigmaqt:(map
ident value)) (pi:(list (ident* value)%type)) (piqt:(list (ident*
value)%type)) (x:ident) (e:expr) (eqt:expr), (one_step sigma pi e
sigmaqt piqt eqt) -> (one_step sigma pi (Eassign x e) sigmaqt piqt
(Eassign x eqt))
| one_step_assign_ctxt : forall (sigma:(map ident value)) (sigma':(map
ident value)) (pi:(list (ident* value)%type)) (pi':(list (ident*
value)%type)) (x:ident) (e:expr) (e':expr), (one_step sigma pi e sigma'
pi' e') -> (one_step sigma pi (Eassign x e) sigma' pi' (Eassign x e'))
| one_step_assign_value : forall (sigma:(map ident value)) (pi:(list
(ident* value)%type)) (x:ident) (v:value), (one_step sigma pi
(Eassign x (Evalue v)) (set sigma x v) pi (Evalue Vvoid))
| one_step_seq_ctxt : forall (sigma:(map ident value)) (sigmaqt:(map ident
value)) (pi:(list (ident* value)%type)) (piqt:(list (ident*
value)%type)) (e1:expr) (e1qt:expr) (e2:expr), (one_step sigma pi e1
sigmaqt piqt e1qt) -> (one_step sigma pi (Eseq e1 e2) sigmaqt piqt
(Eseq e1qt e2))
| one_step_seq_ctxt : forall (sigma:(map ident value)) (sigma':(map ident
value)) (pi:(list (ident* value)%type)) (pi':(list (ident*
value)%type)) (e1:expr) (e1':expr) (e2:expr), (one_step sigma pi e1
sigma' pi' e1') -> (one_step sigma pi (Eseq e1 e2) sigma' pi' (Eseq e1'
e2))
| one_step_seq_value : forall (sigma:(map ident value)) (pi:(list (ident*
value)%type)) (e:expr), (one_step sigma pi (Eseq (Evalue Vvoid) e)
sigma pi e)
| one_step_let_ctxt : forall (sigma:(map ident value)) (sigmaqt:(map ident
value)) (pi:(list (ident* value)%type)) (piqt:(list (ident*
value)%type)) (id:ident) (e1:expr) (e1qt:expr) (e2:expr),
(one_step sigma pi e1 sigmaqt piqt e1qt) -> (one_step sigma pi (Elet id
e1 e2) sigmaqt piqt (Elet id e1qt e2))
| one_step_let_ctxt : forall (sigma:(map ident value)) (sigma':(map ident
value)) (pi:(list (ident* value)%type)) (pi':(list (ident*
value)%type)) (id:ident) (e1:expr) (e1':expr) (e2:expr),
(one_step sigma pi e1 sigma' pi' e1') -> (one_step sigma pi (Elet id e1
e2) sigma' pi' (Elet id e1' e2))
| one_step_let_value : forall (sigma:(map ident value)) (pi:(list (ident*
value)%type)) (id:ident) (v:value) (e:expr), (one_step sigma pi
(Elet id (Evalue v) e) sigma (Cons (id, v) pi) e)
| one_step_if_ctxt : forall (sigma:(map ident value)) (sigmaqt:(map ident
value)) (pi:(list (ident* value)%type)) (piqt:(list (ident*
value)%type)) (e1:expr) (e1qt:expr) (e2:expr) (e3:expr),
(one_step sigma pi e1 sigmaqt piqt e1qt) -> (one_step sigma pi (Eif e1
e2 e3) sigmaqt piqt (Eif e1qt e2 e3))
| one_step_if_ctxt : forall (sigma:(map ident value)) (sigma':(map ident
value)) (pi:(list (ident* value)%type)) (pi':(list (ident*
value)%type)) (e1:expr) (e1':expr) (e2:expr) (e3:expr), (one_step sigma
pi e1 sigma' pi' e1') -> (one_step sigma pi (Eif e1 e2 e3) sigma' pi'
(Eif e1' e2 e3))
| one_step_if_true : forall (sigma:(map ident value)) (pi:(list (ident*
value)%type)) (e1:expr) (e2:expr), (one_step sigma pi
(Eif (Evalue (Vbool true)) e1 e2) sigma pi e1)
......@@ -375,26 +374,25 @@ Axiom many_steps_let : forall (sigma1:(map ident value)) (sigma3:(map ident
n1) /\ ((many_steps sigma2 (Cons (id, v1) pi2) e2 sigma3 pi3 (Evalue v2)
n2) /\ (n = ((1%Z + n1)%Z + n2)%Z)).
Axiom one_step_change_free : forall (e:expr) (eqt:expr) (sigma:(map ident
value)) (sigmaqt:(map ident value)) (pi:(list (ident* value)%type))
(piqt:(list (ident* value)%type)) (id:ident) (v:value), (fresh_in_expr id
e) -> ((one_step sigma (Cons (id, v) pi) e sigmaqt piqt eqt) ->
(one_step sigma pi e sigmaqt piqt eqt)).
Axiom one_step_change_free : forall (e:expr) (e':expr) (sigma:(map ident
value)) (sigma':(map ident value)) (pi:(list (ident* value)%type))
(pi':(list (ident* value)%type)) (id:ident) (v:value), (fresh_in_expr id
e) -> ((one_step sigma (Cons (id, v) pi) e sigma' pi' e') ->
(one_step sigma pi e sigma' pi' e')).
(* Why3 assumption *)
Definition valid_triple(p:fmla) (e:expr) (q:fmla): Prop := forall (sigma:(map
ident value)) (pi:(list (ident* value)%type)), (eval_fmla sigma pi p) ->
forall (sigmaqt:(map ident value)) (piqt:(list (ident* value)%type))
(v:value) (n:Z), (many_steps sigma pi e sigmaqt piqt (Evalue v) n) ->
(eval_fmla sigmaqt (Cons (result, v) piqt) q).
forall (sigma':(map ident value)) (pi':(list (ident* value)%type))
(v:value) (n:Z), (many_steps sigma pi e sigma' pi' (Evalue v) n) ->
(eval_fmla sigma' (Cons (result, v) pi') q).
(* Why3 assumption *)
Definition total_valid_triple(p:fmla) (e:expr) (q:fmla): Prop :=
forall (sigma:(map ident value)) (pi:(list (ident* value)%type)),
(eval_fmla sigma pi p) -> exists sigmaqt:(map ident value),
exists piqt:(list (ident* value)%type), exists v:value, exists n:Z,
(many_steps sigma pi e sigmaqt piqt (Evalue v) n) /\ (eval_fmla sigmaqt
(Cons (result, v) piqt) q).
(eval_fmla sigma pi p) -> exists sigma':(map ident value), exists pi':(list
(ident* value)%type), exists v:value, exists n:Z, (many_steps sigma pi e
sigma' pi' (Evalue v) n) /\ (eval_fmla sigma' (Cons (result, v) pi') q).
Parameter set1 : forall (a:Type), Type.
......@@ -478,9 +476,9 @@ Unset Contextual Implicit.
Axiom all_def : forall (a:Type), forall (x:a), (mem x (all :(set1 a))).
(* Why3 assumption *)
Definition assigns(sigma:(map ident value)) (a:(set1 ident)) (sigmaqt:(map
Definition assigns(sigma:(map ident value)) (a:(set1 ident)) (sigma':(map
ident value)): Prop := forall (i:ident), (~ (mem i a)) -> ((get sigma
i) = (get sigmaqt i)).
i) = (get sigma' i)).
Axiom assigns_refl : forall (sigma:(map ident value)) (a:(set1 ident)),
(assigns sigma a sigma).
......@@ -489,13 +487,13 @@ Axiom assigns_trans : forall (sigma1:(map ident value)) (sigma2:(map ident
value)) (sigma3:(map ident value)) (a:(set1 ident)), ((assigns sigma1 a
sigma2) /\ (assigns sigma2 a sigma3)) -> (assigns sigma1 a sigma3).
Axiom assigns_union_left : forall (sigma:(map ident value)) (sigmaqt:(map
Axiom assigns_union_left : forall (sigma:(map ident value)) (sigma':(map
ident value)) (s1:(set1 ident)) (s2:(set1 ident)), (assigns sigma s1
sigmaqt) -> (assigns sigma (union s1 s2) sigmaqt).
sigma') -> (assigns sigma (union s1 s2) sigma').
Axiom assigns_union_right : forall (sigma:(map ident value)) (sigmaqt:(map
Axiom assigns_union_right : forall (sigma:(map ident value)) (sigma':(map
ident value)) (s1:(set1 ident)) (s2:(set1 ident)), (assigns sigma s2
sigmaqt) -> (assigns sigma (union s1 s2) sigmaqt).
sigma') -> (assigns sigma (union s1 s2) sigma').
(* Why3 assumption *)
Set Implicit Arguments.
......@@ -533,11 +531,11 @@ Fixpoint wp(e:expr) (q:fmla) {struct e}: fmla :=
| (Eseq e1 e2) => (wp e1 (wp e2 q))
| (Elet id e1 e2) => (wp e1 (Flet id (Tvar result) (wp e2 q)))
| (Ebin e1 op e2) => let t1 := (fresh_from q e) in let t2 :=
(fresh_from (Fand (Fterm (Tvar t1)) q) e) in let qqt := (Flet result
(fresh_from (Fand (Fterm (Tvar t1)) q) e) in let q' := (Flet result
(Tbin (Tvar t1) op (Tvar t2)) q) in let f := (wp e2 (Flet t2
(Tvar result) qqt)) in (wp e1 (Flet t1 (Tvar result) f))
| (Eassign x e1) => let id := (fresh_from q e1) in let qqt := (Flet result
(Tvalue Vvoid) q) in (wp e1 (Flet id (Tvar result) (subst qqt x id)))
(Tvar result) q')) in (wp e1 (Flet t1 (Tvar result) f))
| (Eassign x e1) => let id := (fresh_from q e1) in let q' := (Flet result
(Tvalue Vvoid) q) in (wp e1 (Flet id (Tvar result) (subst q' x id)))
| (Eif e1 e2 e3) => let f := (Fand (Fimplies (Fterm (Tvar result)) (wp e2
q)) (Fimplies (Fnot (Fterm (Tvar result))) (wp e3 q))) in (wp e1 f)
| (Ewhile cond inv body) => (Fand inv (abstract_effects body (wp cond
......@@ -546,9 +544,9 @@ Fixpoint wp(e:expr) (q:fmla) {struct e}: fmla :=
end.
Unset Implicit Arguments.
Axiom wp_subst : forall (e:expr) (q:fmla) (id:ident) (idqt:ident),
(fresh_in_expr id e) -> ((subst (wp e q) id idqt) = (wp e (subst q id
idqt))).
Axiom wp_subst : forall (e:expr) (q:fmla) (id:ident) (id':ident),
(fresh_in_expr id e) -> ((subst (wp e q) id id') = (wp e (subst q id
id'))).
Axiom wp_implies : forall (p:fmla) (q:fmla), (forall (sigma:(map ident
value)) (pi:(list (ident* value)%type)), (eval_fmla sigma pi p) ->
......@@ -566,11 +564,10 @@ Ltac ae10 := why3 "alt-ergo" timelimit 10.
Ltac cvc10 := why3 "cvc3-2.4" timelimit 10.
(* Why3 goal *)
Theorem wp_reduction : forall (sigma:(map ident value)) (sigmaqt:(map ident
value)) (pi:(list (ident* value)%type)) (piqt:(list (ident* value)%type))
(e:expr) (eqt:expr), (one_step sigma pi e sigmaqt piqt eqt) ->
forall (q:fmla), (eval_fmla sigma pi (wp e q)) -> (eval_fmla sigmaqt piqt
(wp eqt q)).
Theorem wp_reduction : forall (sigma:(map ident value)) (sigma':(map ident
value)) (pi:(list (ident* value)%type)) (pi':(list (ident* value)%type))
(e:expr) (e':expr), (one_step sigma pi e sigma' pi' e') -> forall (q:fmla),
(eval_fmla sigma pi (wp e q)) -> (eval_fmla sigma' pi' (wp e' q)).
induction 1.
(* case 1: var *)
......@@ -582,18 +579,18 @@ intros q.
simpl in *.
pose (t1 := fresh_from q (Ebin e1 op e2)).
fold t1.
pose (t1' := fresh_from q (Ebin e1qt op e2)).
pose (t1' := fresh_from q (Ebin e1' op e2)).
fold t1'.
pose (t2 := fresh_from (Fand (Fterm (Tvar t1)) q) (Ebin e1 op e2)).
fold t2.
pose (t2' := fresh_from (Fand (Fterm (Tvar t1')) q) (Ebin e1qt op e2)).
pose (t2' := fresh_from (Fand (Fterm (Tvar t1')) q) (Ebin e1' op e2)).
fold t2'.
intros h.
apply IHone_step.
apply wp_implies with (2:=h).
intros sigma' pi'.
intros sigma'' pi''.
intro.
apply let_equiv with (idqt:=t1).
apply let_equiv with (id':=t1).
rewrite wp_subst.
rewrite let_subst.
rewrite let_subst.
......@@ -650,3 +647,4 @@ admit.
Qed.
......@@ -2,21 +2,30 @@
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Require int.Int.
Parameter ident : Type.
Axiom ident_eq_dec : forall (i1:ident) (i2:ident), (i1 = i2) \/ ~ (i1 = i2).
Parameter mk_ident: Z -> ident.
Axiom mk_ident_inj : forall (i:Z) (j:Z), ((mk_ident i) = (mk_ident j)) ->
(i = j).
(* Why3 assumption *)
Inductive operator :=
| Oplus : operator
| Ominus : operator
| Omult : operator .
(* Why3 assumption *)
Inductive expr :=
| Econst : Z -> expr
| Evar : ident -> expr
| Ebin : expr -> operator -> expr -> expr .
(* Why3 assumption *)
Inductive stmt :=
| Sskip : stmt
| Sassign : ident -> expr -> stmt
......@@ -29,11 +38,9 @@ Axiom check_skip : forall (s:stmt), (s = Sskip) \/ ~ (s = Sskip).
Parameter map : forall (a:Type) (b:Type), Type.
Parameter get: forall (a:Type) (b:Type), (map a b) -> a -> b.
Implicit Arguments get.
Parameter set: forall (a:Type) (b:Type), (map a b) -> a -> b -> (map a b).
Implicit Arguments set.
Axiom Select_eq : forall (a:Type) (b:Type), forall (m:(map a b)),
......@@ -44,17 +51,18 @@ Axiom Select_neq : forall (a:Type) (b:Type), forall (m:(map a b)),
forall (a1:a) (a2:a), forall (b1:b), (~ (a1 = a2)) -> ((get (set m a1 b1)
a2) = (get m a2)).
Parameter const: forall (b:Type) (a:Type), b -> (map a b).
Parameter const: forall (a:Type) (b:Type), b -> (map a b).
Set Contextual Implicit.
Implicit Arguments const.
Unset Contextual Implicit.
Axiom Const : forall (b:Type) (a:Type), forall (b1:b) (a1:a), ((get (const(
b1):(map a b)) a1) = b1).
Axiom Const : forall (a:Type) (b:Type), forall (b1:b) (a1:a),
((get (const b1:(map a b)) a1) = b1).
(* Why3 assumption *)
Definition state := (map ident Z).
(* Why3 assumption *)
Definition eval_bin(x:Z) (op:operator) (y:Z): Z :=
match op with
| Oplus => (x + y)%Z
......@@ -62,6 +70,7 @@ Definition eval_bin(x:Z) (op:operator) (y:Z): Z :=
| Omult => (x * y)%Z
end.
(* Why3 assumption *)
Set Implicit Arguments.
Fixpoint eval_expr(s:(map ident Z)) (e:expr) {struct e}: Z :=
match e with
......@@ -71,13 +80,14 @@ Fixpoint eval_expr(s:(map ident Z)) (e:expr) {struct e}: Z :=
end.
Unset Implicit Arguments.
(* Why3 assumption *)
Inductive one_step : (map ident Z) -> stmt -> (map ident Z)
-> stmt -> Prop :=
| one_step_assign : forall (s:(map ident Z)) (x:ident) (e:expr),
(one_step s (Sassign x e) (set s x (eval_expr s e)) Sskip)
| one_step_seq : forall (s:(map ident Z)) (sqt:(map ident Z)) (i1:stmt)
(i1qt:stmt) (i2:stmt), (one_step s i1 sqt i1qt) -> (one_step s (Sseq i1
i2) sqt (Sseq i1qt i2))
| one_step_seq : forall (s:(map ident Z)) (s':(map ident Z)) (i1:stmt)
(i1':stmt) (i2:stmt), (one_step s i1 s' i1') -> (one_step s (Sseq i1
i2) s' (Sseq i1' i2))
| one_step_seq_skip : forall (s:(map ident Z)) (i:stmt), (one_step s
(Sseq Sskip i) s i)
| one_step_if_true : forall (s:(map ident Z)) (e:expr) (i1:stmt) (i2:stmt),
......@@ -91,8 +101,9 @@ Inductive one_step : (map ident Z) -> stmt -> (map ident Z)
((eval_expr s e) = 0%Z) -> (one_step s (Swhile e i) s Sskip).
Axiom progress : forall (s:(map ident Z)) (i:stmt), (~ (i = Sskip)) ->
exists sqt:(map ident Z), exists iqt:stmt, (one_step s i sqt iqt).
exists s':(map ident Z), exists i':stmt, (one_step s i s' i').
(* Why3 assumption *)
Inductive many_steps : (map ident Z) -> stmt -> (map ident Z)
-> stmt -> Prop :=
| many_steps_refl : forall (s:(map ident Z)) (i:stmt), (many_steps s i s i)
......@@ -100,10 +111,9 @@ Inductive many_steps : (map ident Z) -> stmt -> (map ident Z)
ident Z)) (i1:stmt) (i2:stmt) (i3:stmt), (one_step s1 i1 s2 i2) ->
((many_steps s2 i2 s3 i3) -> (many_steps s1 i1 s3 i3)).
(* YOU MAY EDIT THE CONTEXT BELOW *)
(* DO NOT EDIT BELOW *)
(* Why3 goal *)
Theorem many_steps_seq_rec : forall (s1:(map ident Z)) (s3:(map ident Z))
(i:stmt) (i3:stmt), (many_steps s1 i s3 i3) -> ((i3 = Sskip) ->
forall (i1:stmt) (i2:stmt), (i = (Sseq i1 i2)) -> exists s2:(map ident Z),
......@@ -121,7 +131,7 @@ intros H4 i5 i6 H56.
subst.
inversion Hstep; subst.
(* case 1: one_step_seq (no skip) *)
elim Hind with (i1:=i1qt) (i2:=i6); auto; clear Hind.
elim Hind with (i1:=i1') (i2:=i6); auto; clear Hind.
intros s6 (H1,H2).
exists s6.
split; auto.
......@@ -130,6 +140,5 @@ eapply many_steps_trans; eauto.
exists s4.
split; [constructor | auto].
Qed.
(* DO NOT EDIT BELOW *)
......@@ -33,7 +33,7 @@
<file
name="../imp.why"
verified="false"
expanded="false">
expanded="true">
<theory
name="Imp"
locfile="hoare_logic/imp/../imp.why"
......@@ -46,7 +46,7 @@
loclnum="8" loccnumb="6" loccnume="18"
sum="1d2fa1307a90cfa4436e58ca8c4baa8b"
proved="true"
expanded="true"
expanded="false"
shape="ainfix =V0V1NOainfix =V0V1F">
<proof
prover="6"
......@@ -79,7 +79,7 @@
loclnum="32" loccnumb="6" loccnume="16"
sum="f37d9a038124492ded7dcc13c243bca4"
proved="true"
expanded="true"
expanded="false"
shape="ainfix =V0aSskipNOainfix =V0aSskipF">
<proof
prover="1"
......@@ -104,7 +104,7 @@
loclnum="59" loccnumb="7" loccnume="13"
sum="79514e82972fcb9fb181a42bdd168a5d"
proved="true"
expanded="true"
expanded="false"
shape="Laconstc0ainfix =aeval_exprV0aEconstc13c13">
<proof
prover="4"
......@@ -153,7 +153,7 @@
loclnum="63" loccnumb="7" loccnume="13"
sum="2233d910dd871f7629fbd14fe21880a0"
proved="true"
expanded="true"
expanded="false"
shape="Lamk_identc0Lasetaconstc0V0c42ainfix =aeval_exprV1aEvarV0c42">
<proof
prover="4"
......@@ -202,7 +202,7 @@
loclnum="68" loccnumb="7" loccnume="13"
sum="81f3d89dbb17dd5616d61c746363e319"
proved="true"
expanded="true"
expanded="false"
shape="Lamk_identc0Lasetaconstc0V0c42ainfix =aeval_exprV1aEbinaEvarV0aOplusaEconstc13c55">
<proof
prover="1"
......@@ -227,7 +227,7 @@
loclnum="112" loccnumb="7" loccnume="12"
sum="d79dafb4b123bd6d405249e2aeae999f"
proved="true"
expanded="true"
expanded="false"
shape="Lamk_identc0Laconstc0ainfix =agetV2V0c42Iaone_stepV1aSassignV0aEconstc42V2aSskipF">
<proof
prover="1"
......@@ -252,7 +252,7 @@
loclnum="119" loccnumb="7" loccnume="11"
sum="2cf4b33a87e77dc3113cb2270027977a"
proved="true"
expanded="true"
expanded="false"
shape="Lamk_identc0Laconstc0ainfix =agetV3V0c42Iaone_stepV2V4V3aSskipIaone_stepV1aSifaEvarV0aSassignV0aEconstc13aSassignV0aEconstc42V2V4F">
<proof
prover="1"
......@@ -269,7 +269,7 @@
loclnum="131" loccnumb="8" loccnume="16"
sum="e135ae75103f2c596782b1e202f4ddb9"
proved="true"
expanded="true"
expanded="false"
shape="aone_stepV0V1V2V3EIainfix =V1aSskipNF">
<proof
prover="2"
......@@ -286,7 +286,7 @@
locfile="hoare_logic/imp/../imp.why"
loclnum="148" loccnumb="6" loccnume="24"
sum="aeea567425648bcdc8f7b73f26164f74"
proved="true"
proved="false"
expanded="true"
shape="amany_stepsV6V5V1aSskipAamany_stepsV0V4V6aSskipEIainfix =V2aSseqV4V5FIainfix =V3aSskipIamany_stepsV0V2V1V3F">
<proof
......@@ -294,9 +294,9 @@
timelimit="3"
memlimit="0"
edited="imp_Imp_many_steps_seq_rec_1.v"
obsolete="false"
archived="false">
<result status="valid" time="0.49"/>
obsolete="true"
archived="false"><undone/>
</proof>
</goal>
<goal
......@@ -305,7 +305,7 @@
loclnum="155" loccnumb="6" loccnume="20"
sum="2c0574f92883e7d75abeab91219a5f5b"
proved="true"
expanded="true"
expanded="false"
shape="amany_stepsV4V3V1aSskipAamany_stepsV0V2V4aSskipEIamany_stepsV0aSseqV2V3V1aSskipF">
<proof
prover="6"
......@@ -338,7 +338,7 @@
loclnum="185" loccnumb="6" loccnume="21"
sum="10a08076cbde9ff3d47f3756599d4269"
proved="true"
expanded="true"
expanded="false"
shape="ainfix =aeval_exprV0asubst_exprV1V2V3aeval_exprasetV0V2aeval_exprV0V3V1F">
<proof
prover="2"
......@@ -356,7 +356,7 @@
loclnum="197" loccnumb="6" loccnume="16"
sum="9ed41003e65c3b0d6e018246af7e1910"
proved="true"
expanded="true"
expanded="false"
shape="aeval_fmlaasetV0V2aeval_exprV0V3V1qaeval_fmlaV0asubstV1V2V3F">
<proof
prover="2"
......@@ -374,7 +374,7 @@
loclnum="210" loccnumb="6" loccnume="15"
sum="86491dec98ad2def2cf841b1953670b7"
proved="true"
expanded="true"
expanded="false"
shape="avalid_tripleV0aSskipV0F">
<proof
prover="2"
......@@ -392,7 +392,7 @@
loclnum="213" loccnumb="6" loccnume="17"
sum="6aa1e2def89b26b124b052e7f456e1e6"
proved="true"
expanded="true"
expanded="false"
shape="avalid_tripleasubstV0V1V2aSassignV1V2V0F">
<proof
prover="2"
......@@ -410,7 +410,7 @@
loclnum="217" loccnumb="6" loccnume="14"
sum="edb979d62451e4d773f12b17ae4d29e1"
proved="true"
expanded="true"
expanded="false"
shape="avalid_tripleV0aSseqV3V4V1Iavalid_tripleV2V4V1Aavalid_tripleV0V3V2F">
<proof