Commit 091f023c authored by Raphael Rieu-Helft's avatar Raphael Rieu-Helft
Browse files

Reification and side condition generation improvements

parent b5d67fb3
......@@ -53,7 +53,6 @@ end
module LinearEquationsDecision
use import int.Int
type coeff
clone LinearEquationsCoeffs as C with type t = coeff
......@@ -296,6 +295,8 @@ let rec norm_eq_aux (ex acc_e:expr) (acc_c:coeff) : (expr, coeff)
norm_eq_aux e2 ae ac
end
use import debug.Debug
let norm_eq (e:equality) : (expr, coeff)
returns { (ex, c) -> forall y z.
interp_eq e y z <-> interp_eq (ex, Cst c) y z }
......@@ -474,8 +475,6 @@ let sub_expr (e1 e2:expr)
= C.(+) (C.(+) v1 (C.(-_) v2)) v2 = v1 };
r
use import debug.Debug
let rec same_eq (eq1 eq2: equality) : bool
ensures { result -> forall y z. interp_eq eq1 y z -> interp_eq eq2 y z }
raises { C.Unknown -> true }
......@@ -660,15 +659,17 @@ let linear_decision (l: context) (g: equality) : bool
variant { length l - i }
requires { length l - i = length ctx }
requires { 0 <= i <= length l }
raises { C.Unknown -> true }
raises { Absurd -> true }
= match ctx with
| Nil -> ()
| Cons e t ->
assert { i < length l };
let ex, c = norm_eq e in
if (not (C.eq c C.czero)) then b[i] <- C.add b[i] c;
fill_expr ex i;
try
let ex, c = norm_eq e in
if (not (C.eq c C.czero)) then b[i] <- C.add b[i] c;
fill_expr ex i;
with C.Unknown -> () (* some equalities are in the context but cannot be normalized, typically they are useless, ignore them *)
end;
fill_ctx t (i+1)
end in
let rec fill_goal (ex:expr) : unit
......@@ -808,7 +809,7 @@ use import int.Abs
type t = (int, int)
type rvars = int -> real
exception Unknown
exception QError
let constant rzero = (0,1)
let constant rone = (1,1)
......@@ -889,10 +890,10 @@ let simp (t:t) : t
let radd (a b:t)
ensures { forall y. rinterp result y = rinterp a y +. rinterp b y }
raises { Unknown -> true }
raises { QError -> true }
= match (a,b) with
| (n1,d1), (n2,d2) ->
if d1 = 0 || d2 = 0 then raise Unknown
if d1 = 0 || d2 = 0 then raise QError
else begin
let r = (n1*d2 + n2*d1, d1*d2) in
let ghost d = from_int d1 *. from_int d2 in
......@@ -908,10 +909,10 @@ let radd (a b:t)
let rmul (a b:t)
ensures { forall y. rinterp result y = rinterp a y *. rinterp b y }
raises { Unknown -> true }
raises { QError -> true }
= match (a,b) with
| (n1,d1), (n2, d2) ->
if d1 = 0 || d2 = 0 then raise Unknown
if d1 = 0 || d2 = 0 then raise QError
else begin
let r = (n1*n2, d1*d2) in
assert { forall y. rinterp r y = rinterp a y *. rinterp b y
......@@ -939,9 +940,9 @@ let rinv (a:t)
requires { not req a rzero }
ensures { not req result rzero }
ensures { forall y. rinterp result y *. rinterp a y = 1.0 }
raises { Unknown -> true }
raises { QError -> true }
= match a with
| (n,d) -> if n = 0 || d = 0 then raise Unknown else (d,n)
| (n,d) -> if n = 0 || d = 0 then raise QError else (d,n)
end
end
......@@ -952,7 +953,7 @@ use import RationalCoeffs
use import real.RealInfix
use import real.FromInt
clone export LinearEquationsDecision with type C.a = real, function C.(+) = (+.), function C.( * ) = ( *. ), function C.(-_) = (-._), function C.(-) = (-.), type coeff = t, type C.cvars=int -> real, function C.interp=rinterp, exception C.Unknown = Unknown, constant C.azero = Real.zero, constant C.aone = Real.one, predicate C.ale = (<=.), val C.czero=rzero, val C.cone=rone, lemma C.sub_def, lemma C.zero_def, lemma C.one_def, val C.add=radd, val C.mul=rmul, val C.opp=ropp, val C.eq=req, val C.inv=rinv, goal C.A.ZeroLessOne, goal C.A.CompatOrderAdd, goal C.A.CompatOrderMult, goal C.A.Unitary, goal C.A.NonTrivialRing, goal C.A.Mul_distr_l, goal C.A.Mul_distr_r, goal C.A.Inv_def_l, goal C.A.Inv_def_r, goal C.A.MulAssoc.Assoc, goal C.A.Assoc, goal C.A.MulComm.Comm, goal C.A.Comm, goal C.A.Unit_def_l, goal C.A.Unit_def_r
clone export LinearEquationsDecision with type C.a = real, function C.(+) = (+.), function C.( * ) = ( *. ), function C.(-_) = (-._), function C.(-) = (-.), type coeff = t, type C.cvars=int -> real, function C.interp=rinterp, exception C.Unknown = QError, constant C.azero = Real.zero, constant C.aone = Real.one, predicate C.ale = (<=.), val C.czero=rzero, val C.cone=rone, lemma C.sub_def, lemma C.zero_def, lemma C.one_def, val C.add=radd, val C.mul=rmul, val C.opp=ropp, val C.eq=req, val C.inv=rinv, goal C.A.ZeroLessOne, goal C.A.CompatOrderAdd, goal C.A.CompatOrderMult, goal C.A.Unitary, goal C.A.NonTrivialRing, goal C.A.Mul_distr_l, goal C.A.Mul_distr_r, goal C.A.Inv_def_l, goal C.A.Inv_def_r, goal C.A.MulAssoc.Assoc, goal C.A.Assoc, goal C.A.MulComm.Comm, goal C.A.Comm, goal C.A.Unit_def_l, goal C.A.Unit_def_r
end
......@@ -963,21 +964,21 @@ use import int.Int
function id (t:int) (v:int -> int) : int = t
let predicate eq (a b:int) = a=b
exception Unknown
exception NError
let inv (t:int) : int
(*ensures { forall v: int -> int. id result v * id t v = one }*)
ensures { not (eq result zero) }
raises { Unknown -> true }
= raise Unknown
raises { NError -> true }
= raise NError
clone export LinearEquationsDecision with type C.a = int, function C.(+)=(+), function C.(*) = (*), function C.(-_) = (-_), function C.(-) = (-), type coeff = int, type C.cvars = int->int,function C.interp = id, constant C.azero = zero, constant C.aone = one, predicate C.ale= (<=), val C.czero = zero, val C.cone = one, lemma C.sub_def, lemma C.zero_def, lemma C.one_def, val C.add = (+), val C.mul = (*), val C.opp = (-_), val C.eq = eq, val C.inv = inv, goal C.A.ZeroLessOne, goal C.A.CompatOrderAdd, goal C.A.CompatOrderMult, goal C.A.Unitary, goal C.A.NonTrivialRing, goal C.A.Mul_distr_l, goal C.A.Mul_distr_r, goal C.A.Inv_def_l, goal C.A.Inv_def_r, goal C.A.MulAssoc.Assoc, goal C.A.Assoc, goal C.A.MulComm.Comm, goal C.A.Comm, goal C.A.Unit_def_l, goal C.A.Unit_def_r
use import real.FromInt
use import RationalCoeffs
use LinearDecisionRational as R
use import list.List
let function m (x:int) : (int, int)
ensures { forall z. rinterp result z = from_int x }
= (x,1)
......@@ -1029,7 +1030,7 @@ let int_decision (l: context') (g: equality') : bool
requires { valid_ctx' l }
requires { valid_eq' g }
ensures { forall y z. result -> interp_ctx' l g y z }
raises { R.Absurd -> true | (* R.NonLinear -> true | *) Unknown -> true }
raises { R.Absurd -> true | QError -> true }
= R.decision (m_ctx l) (m_eq g)
end
......@@ -1043,6 +1044,7 @@ use import int.Int
use import real.RealInfix
use import real.FromInt
meta "compute_max_steps" 0x10000
meta coercion function from_int
goal g: forall x y: real.
......@@ -1056,6 +1058,8 @@ module TestInt
use import LinearDecisionInt
use import int.Int
meta "compute_max_steps" 0x10000
goal g: forall x y:int.
3 * x + 2 * y = 21 ->
7 * x + 4 * y = 47 ->
......@@ -1111,7 +1115,7 @@ function minterp (t:t) (y:evars) : real
qinterp q *. pow rradix (from_int (interp_exp e y))
end
exception Unknown
exception MPError
let rec opp_exp (e:exp)
ensures { forall y. interp_exp result y = - interp_exp e y }
......@@ -1129,19 +1133,19 @@ let rec add_sub_exp (e1 e2:exp) (s:bool) : exp
if s
then interp_exp result y = interp_exp e1 y + interp_exp e2 y
else interp_exp result y = interp_exp e1 y - interp_exp e2 y }
raises { Unknown -> true }
raises { MPError -> true }
variant { e2, e1 }
=
let rec add_atom (e a:exp) (s:bool) : (exp, bool)
returns { r, _ -> forall y.
if s then interp_exp r y = interp_exp e y + interp_exp a y
else interp_exp r y = interp_exp e y - interp_exp a y }
raises { Unknown -> true }
raises { MPError -> true }
variant { e }
= match (e,a) with
| Lit n1, Lit n2 -> (if s then Lit (n1+n2) else Lit (n1-n2)), true
| Lit n1, Lit n2 -> (if s then Lit (n1+n2) else Lit (n1-n2)), True
| Lit n, Var i
-> if n = 0 then (if s then Var i else Minus (Var i)), true
-> if n = 0 then (if s then Var i else Minus (Var i)), True
else (if s then Plus e a else Sub e a), False
| Var i, Lit n
-> if n = 0 then Var i, true
......@@ -1159,6 +1163,9 @@ let rec add_sub_exp (e1 e2:exp) (s:bool) : exp
else
if i = j then Lit 0, True
else Sub e a, False
| Minus (Var i), Minus (Var j) ->
if (not s) && (i=j) then Lit 0, true
else (if s then Plus e a else Sub e a), False
| Minus _, Minus _ -> (if s then Plus e a else Sub e a), False
| Plus e1 e2, _ ->
let r, b = add_atom e1 a s in
......@@ -1179,7 +1186,7 @@ let rec add_sub_exp (e1 e2:exp) (s:bool) : exp
if b then Sub e1 r, True
else if s then Sub (Plus e1 a) e2, False
else Sub e1 (Plus e2 a), False
| _ -> raise Unknown
| _ -> raise MPError
end
in
match e2 with
......@@ -1204,14 +1211,14 @@ let rec add_sub_exp (e1 e2:exp) (s:bool) : exp
let add_exp (e1 e2:exp) : exp
ensures { forall y. interp_exp result y = interp_exp e1 y + interp_exp e2 y }
raises { Unknown -> True }
raises { MPError -> True }
= add_sub_exp e1 e2 True
let rec zero_exp (e:exp) : bool
ensures { result -> forall y. interp_exp e y = 0 }
variant { e }
raises { Unknown -> true }
raises { MPError -> true }
=
let rec all_zero (e:exp) : bool
ensures { result -> forall y. interp_exp e y = 0 }
......@@ -1230,7 +1237,7 @@ let rec zero_exp (e:exp) : bool
let rec same_exp (e1 e2: exp)
ensures { result -> forall y. interp_exp e1 y = interp_exp e2 y }
variant { e1, e2 }
raises { Unknown -> true }
raises { MPError -> true }
= match e1, e2 with
| Lit n1, Lit n2 -> n1 = n2
| Var v1, Var v2 -> v1 = v2
......@@ -1240,8 +1247,8 @@ let rec same_exp (e1 e2: exp)
let madd (a b:t)
ensures { forall y. minterp result y = minterp a y +. minterp b y }
raises { Unknown -> true }
raises { Q.Unknown -> true }
raises { MPError -> true }
raises { Q.QError -> true }
= match a, b with
| (q1, e1), (q2, e2) ->
if Q.req q1 Q.rzero then b
......@@ -1256,13 +1263,13 @@ let madd (a b:t)
= qinterp q1 *. p +. qinterp q2 *. p
= minterp a y +. minterp b y };
(q,e1) end
else (print a; print b; raise Unknown)
else raise MPError
end
let mmul (a b:t)
ensures { forall y. minterp result y = minterp a y *. minterp b y }
raises { Q.Unknown -> true }
raises { Unknown -> true }
raises { Q.QError -> true }
raises { MPError -> true }
= match a, b with
| (q1,e1), (q2,e2) ->
let q = Q.rmul q1 q2 in
......@@ -1310,7 +1317,7 @@ let minv (a:t)
requires { not meq a mzero }
ensures { not meq result mzero }
(* ensures { forall y. minterp result y *. minterp a y = 1.0 } no need to prove this*)
raises { Q.Unknown -> true }
raises { Q.QError -> true }
= match a with
| (q,e) -> (Q.rinv q, opp_exp e)
end
......@@ -1324,7 +1331,7 @@ use import real.RealInfix
type coeff = t
clone export LinearEquationsDecision with type C.a = real, function C.(+) = (+.), function C.( *) = ( *.), function C.(-_) = (-._), function C.(-) = (-.), type coeff = t, type C.cvars=evars, function C.interp=minterp, exception C.Unknown = Q.Unknown, constant C.azero = Real.zero, constant C.aone = Real.one, predicate C.ale = (<=.), val C.czero=mzero, val C.cone=mone, lemma C.sub_def, lemma C.zero_def, lemma C.one_def, val C.add=madd, val C.mul=mmul, val C.opp=mopp, val C.eq=meq, val C.inv=minv, goal C.A.ZeroLessOne, goal C.A.CompatOrderAdd, goal C.A.CompatOrderMult, goal C.A.Unitary, goal C.A.NonTrivialRing, goal C.A.Mul_distr_l, goal C.A.Mul_distr_r, goal C.A.Inv_def_l, goal C.A.Inv_def_r, goal C.A.MulAssoc.Assoc, goal C.A.Assoc, goal C.A.MulComm.Comm, goal C.A.Comm, goal C.A.Unit_def_l, goal C.A.Unit_def_r
clone export LinearEquationsDecision with type C.a = real, function C.(+) = (+.), function C.( *) = ( *.), function C.(-_) = (-._), function C.(-) = (-.), type coeff = t, type C.cvars=evars, function C.interp=minterp, exception C.Unknown = MPError, constant C.azero = Real.zero, constant C.aone = Real.one, predicate C.ale = (<=.), val C.czero=mzero, val C.cone=mone, lemma C.sub_def, lemma C.zero_def, lemma C.one_def, val C.add=madd, val C.mul=mmul, val C.opp=mopp, val C.eq=meq, val C.inv=minv, goal C.A.ZeroLessOne, goal C.A.CompatOrderAdd, goal C.A.CompatOrderMult, goal C.A.Unitary, goal C.A.NonTrivialRing, goal C.A.Mul_distr_l, goal C.A.Mul_distr_r, goal C.A.Inv_def_l, goal C.A.Inv_def_r, goal C.A.MulAssoc.Assoc, goal C.A.Assoc, goal C.A.MulComm.Comm, goal C.A.Comm, goal C.A.Unit_def_l, goal C.A.Unit_def_r
end
module LinearDecisionIntMP
......@@ -1349,18 +1356,18 @@ function mpinterp (t:t) (y:evars) : int
let mpadd (a b:t) : t
ensures { forall y. mpinterp result y = mpinterp a y + mpinterp b y }
raises { Unknown -> true }
= raise Unknown
raises { MPError -> true }
= raise MPError
let mpmul (a b:t) : t
ensures { forall y. mpinterp result y = mpinterp a y * mpinterp b y }
raises { Unknown -> true }
= raise Unknown
raises { MPError -> true }
= raise MPError
let mpopp (a:t) : t
ensures { forall y. mpinterp result y = - mpinterp a y }
raises { Unknown -> true }
= raise Unknown
raises { MPError -> true }
= raise MPError
let predicate mpeq (a b:t)
ensures { result -> forall y. mpinterp a y = mpinterp b y }
......@@ -1370,8 +1377,8 @@ let predicate mpeq (a b:t)
let mpinv (a:t) : t
ensures { not mpeq result mpzero }
raises { Unknown -> true }
= raise Unknown
raises { MPError -> true }
= raise MPError
clone export LinearEquationsDecision with type C.a = int, function C.(+) = (+), function C.(*) = (*), function C.(-_) = (-_), function C.(-) = (-), type coeff = t, type C.cvars = int->int, function C.interp = mpinterp, constant C.azero = zero, constant C.aone = one, val C.czero = mpzero, val C.cone = mpone, predicate C.ale = (<=), lemma C.sub_def, lemma C.zero_def, lemma C.one_def, val C.add = mpadd, val C.mul = mpmul, val C.opp = mpopp, val C.eq = mpeq, val C.inv = mpinv, goal C.A.ZeroLessOne, goal C.A.CompatOrderAdd, goal C.A.CompatOrderMult, goal C.A.Unitary, goal C.A.NonTrivialRing, goal C.A.Mul_distr_l, goal C.A.Mul_distr_r, goal C.A.Inv_def_l, goal C.A.Inv_def_r, goal C.A.MulAssoc.Assoc, goal C.A.Assoc, goal C.A.MulComm.Comm, goal C.A.Comm, goal C.A.Unit_def_l, goal C.A.Unit_def_r
......@@ -1469,7 +1476,7 @@ let mp_decision (l: context') (g: equality') : bool
requires { valid_eq' g }
ensures { forall y z. result -> pos_ctx' l z -> pos_eq' g z
-> interp_ctx' l g y z }
raises { R.Absurd -> true | Unknown -> true | Q.Unknown -> true }
raises { R.Absurd -> true | MPError -> true | Q.QError -> true }
=
R.decision (m_ctx l) (m_eq g)
......@@ -1868,8 +1875,6 @@ let prop_ctx (l:context') (g:equality') : (context', equality')
Cons h' t'
end
in
(*propagate (propagate (propagate l)),
propagate_eq (propagate_eq (propagate_eq g))*)
propagate l, propagate_eq g
use LinearDecisionRationalMP as R
......@@ -1879,8 +1884,8 @@ let prop_ctx (l:context') (g:equality') : (context', equality')
requires { valid_eq' g }
ensures { forall y z. result -> pos_ctx' l z -> pos_eq' g z
-> y = z -> interp_ctx' l g y z }
raises { | OutOfBounds -> true | E.Unknown -> true
| E.Q.Unknown -> true | R.Absurd -> true}
raises { | OutOfBounds -> true | E.MPError -> true
| E.Q.QError -> true | R.Absurd -> true}
= let l', g' = prop_ctx l g in
mp_decision l' g'
......@@ -1893,6 +1898,8 @@ use import mach.int.UInt64
use import int.Int
use import int.Power
meta "compute_max_steps" 0x10000
goal g: forall i x c r: int.
0 <= i ->
x + (2 * (power radix i) * c) = r ->
......@@ -1922,6 +1929,8 @@ module Test2
use import int.Int
use import LinearDecisionInt
meta "compute_max_steps" 0x10000
goal g: forall x y z: int.
x + y = 0 ->
y - z = 0 ->
......@@ -1966,6 +1975,8 @@ module TestFmla
use import Fmla
meta "compute_max_steps" 0x10000
goal g:
forall a: value.
((forall x. forall y. foo (add x (add (add a dummy) y))) = True)
......
......@@ -150,10 +150,10 @@
<proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="8"/></proof>
</goal>
<goal name="VC sprod.2" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
<proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="4"/></proof>
</goal>
<goal name="VC sprod.3" expl="exceptional postcondition" proved="true">
<proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="4"/></proof>
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
</transf>
</goal>
......@@ -309,7 +309,7 @@
<proof prover="0"><result status="valid" time="0.01" steps="7"/></proof>
</goal>
<goal name="VC opp_expr.0.2" expl="assertion" proved="true">
<proof prover="3"><result status="valid" time="2.46"/></proof>
<proof prover="3"><result status="valid" time="2.01"/></proof>
</goal>
<goal name="VC opp_expr.0.3" expl="assertion" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="7"/></proof>
......@@ -442,7 +442,7 @@
<proof prover="0"><result status="valid" time="0.02" steps="18"/></proof>
</goal>
<goal name="VC norm_eq.3.1" expl="postcondition" proved="true">
<proof prover="3"><result status="valid" time="0.34"/></proof>
<proof prover="3"><result status="valid" time="0.50"/></proof>
</goal>
</transf>
</goal>
......@@ -463,7 +463,7 @@
<proof prover="2"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="VC interp_ctx_impl.2" expl="postcondition" proved="true">
<proof prover="3"><result status="valid" time="0.55"/></proof>
<proof prover="3"><result status="valid" time="0.15"/></proof>
</goal>
</transf>
</goal>
......@@ -543,7 +543,7 @@
<goal name="VC add_expr.3" expl="postcondition" proved="true">
<transf name="split_goal_wp" proved="true" >
<goal name="VC add_expr.3.0" expl="postcondition" proved="true">
<proof prover="3"><result status="valid" time="0.32"/></proof>
<proof prover="3"><result status="valid" time="1.64"/></proof>
</goal>
<goal name="VC add_expr.3.1" expl="postcondition" proved="true">
<proof prover="3"><result status="valid" time="0.22"/></proof>
......@@ -560,7 +560,7 @@
<proof prover="2"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC add_expr.7" expl="assertion" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="53"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="53"/></proof>
</goal>
<goal name="VC add_expr.8" expl="postcondition" proved="true">
<proof prover="0"><result status="valid" time="0.31" steps="221"/></proof>
......@@ -572,10 +572,10 @@
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC add_expr.11" expl="assertion" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="53"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="53"/></proof>
</goal>
<goal name="VC add_expr.12" expl="postcondition" proved="true">
<proof prover="0"><result status="valid" time="0.64" steps="414"/></proof>
<proof prover="0"><result status="valid" time="0.38" steps="414"/></proof>
</goal>
<goal name="VC add_expr.13" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
......@@ -629,7 +629,7 @@
<proof prover="2"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC add_expr.30" expl="assertion" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="16"/></proof>
<proof prover="0"><result status="valid" time="0.01" steps="16"/></proof>
</goal>
<goal name="VC add_expr.31" expl="postcondition" proved="true">
<transf name="split_goal_wp" proved="true" >
......@@ -655,7 +655,7 @@
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC add_expr.34" expl="assertion" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="16"/></proof>
<proof prover="0"><result status="valid" time="0.01" steps="16"/></proof>
</goal>
<goal name="VC add_expr.35" expl="postcondition" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="18"/></proof>
......@@ -1175,16 +1175,15 @@
</goal>
<goal name="VC linear_decision.23" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="51"/></proof>
<proof prover="2"><result status="timeout" time="1.00"/></proof>
</goal>
<goal name="VC linear_decision.24" expl="variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="26"/></proof>
</goal>
<goal name="VC linear_decision.25" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="49"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="49"/></proof>
</goal>
<goal name="VC linear_decision.26" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="31"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="31"/></proof>
</goal>
<goal name="VC linear_decision.27" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="28"/></proof>
......@@ -1192,23 +1191,23 @@
<goal name="VC linear_decision.28" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC linear_decision.29" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
<goal name="VC linear_decision.29" expl="variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="26"/></proof>
</goal>
<goal name="VC linear_decision.30" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.02"/></proof>
<goal name="VC linear_decision.30" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="49"/></proof>
</goal>
<goal name="VC linear_decision.31" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
<goal name="VC linear_decision.31" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="31"/></proof>
</goal>
<goal name="VC linear_decision.32" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
<goal name="VC linear_decision.32" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="28"/></proof>
</goal>
<goal name="VC linear_decision.33" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="23"/></proof>
<goal name="VC linear_decision.33" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC linear_decision.34" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="44"/></proof>
<goal name="VC linear_decision.34" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC linear_decision.35" expl="variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="23"/></proof>
......@@ -1217,127 +1216,167 @@
<proof prover="0"><result status="valid" time="0.02" steps="42"/></proof>
</goal>
<goal name="VC linear_decision.37" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="28"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="28"/></proof>
</goal>
<goal name="VC linear_decision.38" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="25"/></proof>
</goal>
<goal name="VC linear_decision.39" expl="exceptional postcondition" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="5"/></proof>
<proof prover="2"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC linear_decision.40" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="23"/></proof>
</goal>
<goal name="VC linear_decision.41" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="44"/></proof>
</goal>
<goal name="VC linear_decision.42" expl="variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="23"/></proof>
</goal>
<goal name="VC linear_decision.43" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="42"/></proof>
</goal>
<goal name="VC linear_decision.44" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="28"/></proof>
</goal>
<goal name="VC linear_decision.45" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="25"/></proof>
</goal>
<goal name="VC linear_decision.46" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC linear_decision.40" expl="exceptional postcondition" proved="true">
<goal name="VC linear_decision.47" expl="variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="23"/></proof>
</goal>
<goal name="VC linear_decision.48" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="42"/></proof>
</goal>
<goal name="VC linear_decision.49" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="28"/></proof>
</goal>
<goal name="VC linear_decision.50" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="25"/></proof>
</goal>
<goal name="VC linear_decision.51" expl="exceptional postcondition" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="5"/></proof>
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC linear_decision.41" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.00"/></proof>
</goal>
<goal name="VC linear_decision.42" expl="exceptional postcondition" proved="true">
<goal name="VC linear_decision.52" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC linear_decision.43" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.00"/></proof>
<goal name="VC linear_decision.53" expl="variant decrease" proved="true">
<proof prover="2"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC linear_decision.44" expl="exceptional postcondition" proved="true">
<goal name="VC linear_decision.54" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="41"/></proof>
</goal>
<goal name="VC linear_decision.55" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="27"/></proof>
</goal>
<goal name="VC linear_decision.56" expl="precondition" proved="true">
<proof prover="2"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC linear_decision.57" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC linear_decision.58" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC linear_decision.45" expl="index in array bounds" proved="true">
<goal name="VC linear_decision.59" expl="index in array bounds" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="74"/></proof>
</goal>
<goal name="VC linear_decision.46" expl="index in array bounds" proved="true">
<goal name="VC linear_decision.60" expl="index in array bounds" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="74"/></proof>
</goal>
<goal name="VC linear_decision.47" expl="exceptional postcondition" proved="true">
<goal name="VC linear_decision.61" expl="exceptional postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC linear_decision.48" expl="variant decrease" proved="true">
<proof prover="2"><result status="valid" time="0.06"/></proof>
<goal name="VC linear_decision.62" expl="variant decrease" proved="true">
<proof prover="2"><result status="valid" time="0.08"/></proof>
</goal>
<goal name="VC linear_decision.49" expl="precondition" proved="true">
<goal name="VC linear_decision.63" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="35"/></proof>
</goal>
<goal name="VC linear_decision.50" expl="variant decrease" proved="true">
<goal name="VC linear_decision.64" expl="variant decrease" proved="true">
<proof prover="2"><result status="valid" time="0.07"/></proof>
</goal>
<goal name="VC linear_decision.51" expl="precondition" proved="true">