Commit 42561765 authored by Jean-Christophe Filliâtre's avatar Jean-Christophe Filliâtre
Browse files

new example: Problem 1 from VSTTE 12 competition

parent c0e0858f
(* The 2nd Verified Software Competition (VSTTE 2012)
https://sites.google.com/site/vstte2012/compet
Problem 1:
Sorting an array which contains only zeros and ones, using swaps only *)
module TwoWaySort
use import int.Int
use import bool.Bool
use import module ref.Refint
use import module array.Array
use import module array.ArrayPermut
predicate le (x y: bool) = x = False \/ y = True
predicate sorted (a: array bool) =
forall i1 i2: int. 0 <= i1 <= i2 < a.length -> le a[i1] a[i2]
let swap (a: array bool) (i: int) (j: int) =
{ 0 <= i < length a /\ 0 <= j < length a }
let v = a[i] in
a[i] <- a[j];
a[j] <- v
{ exchange (old a) a i j }
let two_way_sort (a: array bool) =
{ }
'Init:
let i = ref 0 in
let j = ref (length a - 1) in
while !i < !j do
invariant { 0 <= !i /\ !j < length a /\
(permut (at a 'Init) a) /\
(forall k: int. 0 <= k < !i -> a[k] = False) /\
(forall k: int. !j < k < length a -> a[k] = True) }
variant { !j - !i }
if not a[!i] then incr i
else if a[!j] then decr j
else begin swap a !i !j; incr i; decr j end
done
{ sorted a /\ permut (old a) a }
end
(*
Local Variables:
compile-command: "why3ide vstte12_two_way_sort.mlw"
End:
*)
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Definition unit := unit.
Parameter qtmark : Type.
Parameter at1: forall (a:Type), a -> qtmark -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Definition implb(x:bool) (y:bool): bool := match (x,
y) with
| (true, false) => false
| (_, _) => true
end.
Inductive ref (a:Type) :=
| mk_ref : a -> ref a.
Implicit Arguments mk_ref.
Definition contents (a:Type)(u:(ref a)): a :=
match u with
| (mk_ref contents1) => contents1
end.
Implicit Arguments contents.
Parameter map : forall (a:Type) (b:Type), Type.
Parameter get: forall (a:Type) (b:Type), (map a b) -> a -> b.
Implicit Arguments get.
Parameter set: forall (a:Type) (b:Type), (map a b) -> a -> b -> (map a b).
Implicit Arguments set.
Axiom Select_eq : forall (a:Type) (b:Type), forall (m:(map a b)),
forall (a1:a) (a2:a), forall (b1:b), (a1 = a2) -> ((get (set m a1 b1)
a2) = b1).
Axiom Select_neq : forall (a:Type) (b:Type), forall (m:(map a b)),
forall (a1:a) (a2:a), forall (b1:b), (~ (a1 = a2)) -> ((get (set m a1 b1)
a2) = (get m a2)).
Parameter const: forall (b:Type) (a:Type), b -> (map a b).
Set Contextual Implicit.
Implicit Arguments const.
Unset Contextual Implicit.
Axiom Const : forall (b:Type) (a:Type), forall (b1:b) (a1:a), ((get (const(
b1):(map a b)) a1) = b1).
Inductive array (a:Type) :=
| mk_array : Z -> (map Z a) -> array a.
Implicit Arguments mk_array.
Definition elts (a:Type)(u:(array a)): (map Z a) :=
match u with
| (mk_array _ elts1) => elts1
end.
Implicit Arguments elts.
Definition length (a:Type)(u:(array a)): Z :=
match u with
| (mk_array length1 _) => length1
end.
Implicit Arguments length.
Definition get1 (a:Type)(a1:(array a)) (i:Z): a := (get (elts a1) i).
Implicit Arguments get1.
Definition set1 (a:Type)(a1:(array a)) (i:Z) (v:a): (array a) :=
match a1 with
| (mk_array xcl0 _) => (mk_array xcl0 (set (elts a1) i v))
end.
Implicit Arguments set1.
Definition map_eq_sub (a:Type)(a1:(map Z a)) (a2:(map Z a)) (l:Z)
(u:Z): Prop := forall (i:Z), ((l <= i)%Z /\ (i < u)%Z) -> ((get a1
i) = (get a2 i)).
Implicit Arguments map_eq_sub.
Definition exchange (a:Type)(a1:(map Z a)) (a2:(map Z a)) (i:Z)
(j:Z): Prop := ((get a1 i) = (get a2 j)) /\ (((get a2 i) = (get a1 j)) /\
forall (k:Z), ((~ (k = i)) /\ ~ (k = j)) -> ((get a1 k) = (get a2 k))).
Implicit Arguments exchange.
Axiom exchange_set : forall (a:Type), forall (a1:(map Z a)), forall (i:Z)
(j:Z), (exchange a1 (set (set a1 i (get a1 j)) j (get a1 i)) i j).
Inductive permut_sub{a:Type} : (map Z a) -> (map Z a) -> Z -> Z -> Prop :=
| permut_refl : forall (a1:(map Z a)) (a2:(map Z a)), forall (l:Z) (u:Z),
(map_eq_sub a1 a2 l u) -> (permut_sub a1 a2 l u)
| permut_sym : forall (a1:(map Z a)) (a2:(map Z a)), forall (l:Z) (u:Z),
(permut_sub a1 a2 l u) -> (permut_sub a2 a1 l u)
| permut_trans : forall (a1:(map Z a)) (a2:(map Z a)) (a3:(map Z a)),
forall (l:Z) (u:Z), (permut_sub a1 a2 l u) -> ((permut_sub a2 a3 l
u) -> (permut_sub a1 a3 l u))
| permut_exchange : forall (a1:(map Z a)) (a2:(map Z a)), forall (l:Z)
(u:Z) (i:Z) (j:Z), ((l <= i)%Z /\ (i < u)%Z) -> (((l <= j)%Z /\
(j < u)%Z) -> ((exchange a1 a2 i j) -> (permut_sub a1 a2 l u))).
Implicit Arguments permut_sub.
Axiom permut_weakening : forall (a:Type), forall (a1:(map Z a)) (a2:(map Z
a)), forall (l1:Z) (r1:Z) (l2:Z) (r2:Z), (((l1 <= l2)%Z /\ (l2 <= r2)%Z) /\
(r2 <= r1)%Z) -> ((permut_sub a1 a2 l2 r2) -> (permut_sub a1 a2 l1 r1)).
Axiom permut_eq : forall (a:Type), forall (a1:(map Z a)) (a2:(map Z a)),
forall (l:Z) (u:Z), (permut_sub a1 a2 l u) -> forall (i:Z), ((i < l)%Z \/
(u <= i)%Z) -> ((get a2 i) = (get a1 i)).
Axiom permut_exists : forall (a:Type), forall (a1:(map Z a)) (a2:(map Z a)),
forall (l:Z) (u:Z), (permut_sub a1 a2 l u) -> forall (i:Z), ((l <= i)%Z /\
(i < u)%Z) -> exists j:Z, ((l <= j)%Z /\ (j < u)%Z) /\ ((get a2
i) = (get a1 j)).
Definition exchange1 (a:Type)(a1:(array a)) (a2:(array a)) (i:Z)
(j:Z): Prop := (exchange (elts a1) (elts a2) i j).
Implicit Arguments exchange1.
Definition permut_sub1 (a:Type)(a1:(array a)) (a2:(array a)) (l:Z)
(u:Z): Prop := (permut_sub (elts a1) (elts a2) l u).
Implicit Arguments permut_sub1.
Definition permut (a:Type)(a1:(array a)) (a2:(array a)): Prop :=
((length a1) = (length a2)) /\ (permut_sub (elts a1) (elts a2) 0%Z
(length a1)).
Implicit Arguments permut.
Axiom exchange_permut : forall (a:Type), forall (a1:(array a)) (a2:(array a))
(i:Z) (j:Z), (exchange1 a1 a2 i j) -> (((length a1) = (length a2)) ->
(((0%Z <= i)%Z /\ (i < (length a1))%Z) -> (((0%Z <= j)%Z /\
(j < (length a1))%Z) -> (permut a1 a2)))).
Axiom permut_sym1 : forall (a:Type), forall (a1:(array a)) (a2:(array a)),
(permut a1 a2) -> (permut a2 a1).
Axiom permut_trans1 : forall (a:Type), forall (a1:(array a)) (a2:(array a))
(a3:(array a)), (permut a1 a2) -> ((permut a2 a3) -> (permut a1 a3)).
Definition array_eq_sub (a:Type)(a1:(array a)) (a2:(array a)) (l:Z)
(u:Z): Prop := (map_eq_sub (elts a1) (elts a2) l u).
Implicit Arguments array_eq_sub.
Definition array_eq (a:Type)(a1:(array a)) (a2:(array a)): Prop :=
((length a1) = (length a2)) /\ (array_eq_sub a1 a2 0%Z (length a1)).
Implicit Arguments array_eq.
Axiom array_eq_sub_permut : forall (a:Type), forall (a1:(array a)) (a2:(array
a)) (l:Z) (u:Z), (array_eq_sub a1 a2 l u) -> (permut_sub1 a1 a2 l u).
Axiom array_eq_permut : forall (a:Type), forall (a1:(array a)) (a2:(array
a)), (array_eq a1 a2) -> (permut a1 a2).
Definition le(x:bool) (y:bool): Prop := (x = false) \/ (y = true).
Definition sorted(a:(array bool)): Prop := forall (i1:Z) (i2:Z),
(((0%Z <= i1)%Z /\ (i1 <= i2)%Z) /\ (i2 < (length a))%Z) -> (le (get1 a
i1) (get1 a i2)).
(* YOU MAY EDIT THE CONTEXT BELOW *)
(* DO NOT EDIT BELOW *)
Theorem WP_parameter_two_way_sort : forall (a:Z), forall (a1:(map Z bool)),
let a2 := (mk_array a a1) in forall (j:Z), forall (i:Z), forall (a3:(map Z
bool)), ((0%Z <= i)%Z /\ ((j < a)%Z /\ ((permut a2 (mk_array a a3)) /\
((forall (k:Z), ((0%Z <= k)%Z /\ (k < i)%Z) -> ~ ((get a3 k) = true)) /\
forall (k:Z), ((j < k)%Z /\ (k < a)%Z) -> ((get a3 k) = true))))) ->
((i < j)%Z -> (((0%Z <= i)%Z /\ (i < a)%Z) -> (((get a3 i) = true) ->
(((0%Z <= j)%Z /\ (j < a)%Z) -> ((~ ((get a3 j) = true)) ->
((((0%Z <= i)%Z /\ (i < a)%Z) /\ ((0%Z <= j)%Z /\ (j < a)%Z)) ->
forall (a4:(map Z bool)), (exchange a3 a4 i j) -> forall (i1:Z),
(i1 = (i + 1%Z)%Z) -> forall (j1:Z), (j1 = (j - 1%Z)%Z) -> (permut a2
(mk_array a a4)))))))).
(* YOU MAY EDIT THE PROOF BELOW *)
intuition.
intuition.
apply permut_trans1 with (mk_array a a3); auto.
apply exchange_permut with i j; auto.
Qed.
(* DO NOT EDIT BELOW *)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session SYSTEM "why3session.dtd">
<why3session
name="vstte12_two_way_sort/why3session.xml">
<prover
id="0"
name="Alt-Ergo"
version="0.93.1"/>
<prover
id="1"
name="CVC3"
version="2.2"/>
<prover
id="2"
name="Coq"
version="8.2pl1"/>
<file
name="../vstte12_two_way_sort.mlw"
verified="true"
expanded="true">
<theory
name="WP TwoWaySort"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="8" loccnumb="7" loccnume="17"
verified="true"
expanded="true">
<goal
name="WP_parameter swap"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="21" loccnumb="6" loccnume="10"
expl="parameter swap"
sum="d39b098cb3e82dba13b01875faa6561a"
proved="true"
expanded="true"
shape="aexchangeV3V5V1V2Iainfix =V5asetV4V2agetV3V1FAainfix <V2V0Aainfix <=c0V2Iainfix =V4asetV3V1agetV3V2FAainfix <V1V0Aainfix <=c0V1Aainfix <V2V0Aainfix <=c0V2Aainfix <V1V0Aainfix <=c0V1Iainfix <V2V0Aainfix <=c0V2Aainfix <V1V0Aainfix <=c0V1FFFF">
<label
name="expl:parameter swap">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.04"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="parameter two_way_sort"
sum="807e8f0de355a7d5be530a0e29b6a1e6"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5iainfix <V4V3iainfix =agetV5V4aTrueNainfix <ainfix -V3V7ainfix -V3V4Aainfix <=c0ainfix -V3V4Aainfix =agetV5V8aTrueIainfix <V8V0Aainfix <V3V8FAainfix =agetV5V9aTrueNIainfix <V9V7Aainfix <=c0V9FAapermutV2V6Aainfix <V3V0Aainfix <=c0V7Iainfix =V7ainfix +V4c1Fiainfix =agetV5V3aTrueainfix <ainfix -V10V4ainfix -V3V4Aainfix <=c0ainfix -V3V4Aainfix =agetV5V11aTrueIainfix <V11V0Aainfix <V10V11FAainfix =agetV5V12aTrueNIainfix <V12V4Aainfix <=c0V12FAapermutV2V6Aainfix <V10V0Aainfix <=c0V4Iainfix =V10ainfix -V3c1Fainfix <ainfix -V15V14ainfix -V3V4Aainfix <=c0ainfix -V3V4Aainfix =agetV13V16aTrueIainfix <V16V0Aainfix <V15V16FAainfix =agetV13V17aTrueNIainfix <V17V14Aainfix <=c0V17FAapermutV2amk arrayV0V13Aainfix <V15V0Aainfix <=c0V14Iainfix =V15ainfix -V3c1FIainfix =V14ainfix +V4c1FIaexchangeV5V13V4V3FAainfix <V3V0Aainfix <=c0V3Aainfix <V4V0Aainfix <=c0V4Aainfix <V3V0Aainfix <=c0V3Aainfix <V4V0Aainfix <=c0V4apermutV2V6AasortedV6Iainfix =agetV5V18aTrueIainfix <V18V0Aainfix <V3V18FAainfix =agetV5V19aTrueNIainfix <V19V4Aainfix <=c0V19FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFAainfix =agetV1V20aTrueIainfix <V20V0Aainfix <ainfix -V0c1V20FAainfix =agetV1V21aTrueNIainfix <V21c0Aainfix <=c0V21FAapermutV2V2Aainfix <ainfix -V0c1V0Aainfix <=c0c0FF">
<label
name="expl:parameter two_way_sort">
</label>
<transf
name="split_goal"
proved="true"
expanded="true">
<goal
name="WP_parameter two_way_sort.1"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="loop invariant init"
sum="8c79b0df358f8efc93d637f579ccacd9"
proved="true"
expanded="true"
shape="Lamk arrayV0V1ainfix =agetV1V3aTrueIainfix <V3V0Aainfix <ainfix -V0c1V3FAainfix =agetV1V4aTrueNIainfix <V4c0Aainfix <=c0V4FAapermutV2V2Aainfix <ainfix -V0c1V0Aainfix <=c0c0FF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.04"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.2"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="precondition"
sum="36f88a5e415123a96c4285a948cd8444"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V7aTrueIainfix <V7V0Aainfix <V3V7FAainfix =agetV5V8aTrueNIainfix <V8V4Aainfix <=c0V8FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.03"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.3"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="loop invariant preservation"
sum="e74d7c9b2011a04ff79e9c3ce3b5044d"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix =agetV5V8aTrueIainfix <V8V0Aainfix <V3V8FAainfix =agetV5V9aTrueNIainfix <V9V7Aainfix <=c0V9FAapermutV2V6Aainfix <V3V0Aainfix <=c0V7Iainfix =V7ainfix +V4c1FIainfix =agetV5V4aTrueNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V10aTrueIainfix <V10V0Aainfix <V3V10FAainfix =agetV5V11aTrueNIainfix <V11V4Aainfix <=c0V11FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.04"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.4"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="loop variant decreases"
sum="b061770e9f45512c8da728f3ea052924"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix <ainfix -V3V7ainfix -V3V4Aainfix <=c0ainfix -V3V4Iainfix =agetV5V8aTrueIainfix <V8V0Aainfix <V3V8FAainfix =agetV5V9aTrueNIainfix <V9V7Aainfix <=c0V9FAapermutV2V6Aainfix <V3V0Aainfix <=c0V7Iainfix =V7ainfix +V4c1FIainfix =agetV5V4aTrueNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V10aTrueIainfix <V10V0Aainfix <V3V10FAainfix =agetV5V11aTrueNIainfix <V11V4Aainfix <=c0V11FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.03"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.5"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="precondition"
sum="8bcd18358aef3d62afa4fae9450f3f5d"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix <V3V0Aainfix <=c0V3Iainfix =agetV5V4aTrueNNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V7aTrueIainfix <V7V0Aainfix <V3V7FAainfix =agetV5V8aTrueNIainfix <V8V4Aainfix <=c0V8FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.03"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.6"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="loop invariant preservation"
sum="7cd34bf25bd1be9ee14324560068bc7a"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix =agetV5V8aTrueIainfix <V8V0Aainfix <V7V8FAainfix =agetV5V9aTrueNIainfix <V9V4Aainfix <=c0V9FAapermutV2V6Aainfix <V7V0Aainfix <=c0V4Iainfix =V7ainfix -V3c1FIainfix =agetV5V3aTrueIainfix <V3V0Aainfix <=c0V3Iainfix =agetV5V4aTrueNNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V10aTrueIainfix <V10V0Aainfix <V3V10FAainfix =agetV5V11aTrueNIainfix <V11V4Aainfix <=c0V11FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.05"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.7"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="loop variant decreases"
sum="85e71d615c59fed4719696c008a3470c"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix <ainfix -V7V4ainfix -V3V4Aainfix <=c0ainfix -V3V4Iainfix =agetV5V8aTrueIainfix <V8V0Aainfix <V7V8FAainfix =agetV5V9aTrueNIainfix <V9V4Aainfix <=c0V9FAapermutV2V6Aainfix <V7V0Aainfix <=c0V4Iainfix =V7ainfix -V3c1FIainfix =agetV5V3aTrueIainfix <V3V0Aainfix <=c0V3Iainfix =agetV5V4aTrueNNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V10aTrueIainfix <V10V0Aainfix <V3V10FAainfix =agetV5V11aTrueNIainfix <V11V4Aainfix <=c0V11FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.04"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.8"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="precondition"
sum="933b558d733e332e827e28e6f95dff9f"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix <V3V0Aainfix <=c0V3Aainfix <V4V0Aainfix <=c0V4Iainfix =agetV5V3aTrueNIainfix <V3V0Aainfix <=c0V3Iainfix =agetV5V4aTrueNNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V7aTrueIainfix <V7V0Aainfix <V3V7FAainfix =agetV5V8aTrueNIainfix <V8V4Aainfix <=c0V8FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.04"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.9"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="loop invariant preservation"
sum="85a9ff67e59cdfbe6fc1e3c26e36de69"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix =agetV7V10aTrueIainfix <V10V0Aainfix <V9V10FAainfix =agetV7V11aTrueNIainfix <V11V8Aainfix <=c0V11FAapermutV2amk arrayV0V7Aainfix <V9V0Aainfix <=c0V8Iainfix =V9ainfix -V3c1FIainfix =V8ainfix +V4c1FIaexchangeV5V7V4V3FIainfix <V3V0Aainfix <=c0V3Aainfix <V4V0Aainfix <=c0V4Iainfix =agetV5V3aTrueNIainfix <V3V0Aainfix <=c0V3Iainfix =agetV5V4aTrueNNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V12aTrueIainfix <V12V0Aainfix <V3V12FAainfix =agetV5V13aTrueNIainfix <V13V4Aainfix <=c0V13FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<transf
name="split_goal"
proved="true"
expanded="true">
<goal
name="WP_parameter two_way_sort.9.1"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="parameter two_way_sort"
sum="fd51beec9648e90f6be94956d27d418f"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix <=c0V8Iainfix =V9ainfix -V3c1FIainfix =V8ainfix +V4c1FIaexchangeV5V7V4V3FIainfix <V3V0Aainfix <=c0V3Aainfix <V4V0Aainfix <=c0V4Iainfix =agetV5V3aTrueNIainfix <V3V0Aainfix <=c0V3Iainfix =agetV5V4aTrueNNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V10aTrueIainfix <V10V0Aainfix <V3V10FAainfix =agetV5V11aTrueNIainfix <V11V4Aainfix <=c0V11FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.03"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.9.2"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="parameter two_way_sort"
sum="0768ab8f6c9fc322d2012ce6fb6b8cc8"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix <V9V0Iainfix =V9ainfix -V3c1FIainfix =V8ainfix +V4c1FIaexchangeV5V7V4V3FIainfix <V3V0Aainfix <=c0V3Aainfix <V4V0Aainfix <=c0V4Iainfix =agetV5V3aTrueNIainfix <V3V0Aainfix <=c0V3Iainfix =agetV5V4aTrueNNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V10aTrueIainfix <V10V0Aainfix <V3V10FAainfix =agetV5V11aTrueNIainfix <V11V4Aainfix <=c0V11FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.9.3"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="parameter two_way_sort"
sum="716b91058fc08c8ed8e7eb668f67d3cb"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5apermutV2amk arrayV0V7Iainfix =V9ainfix -V3c1FIainfix =V8ainfix +V4c1FIaexchangeV5V7V4V3FIainfix <V3V0Aainfix <=c0V3Aainfix <V4V0Aainfix <=c0V4Iainfix =agetV5V3aTrueNIainfix <V3V0Aainfix <=c0V3Iainfix =agetV5V4aTrueNNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V10aTrueIainfix <V10V0Aainfix <V3V10FAainfix =agetV5V11aTrueNIainfix <V11V4Aainfix <=c0V11FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="2"
timelimit="10"
edited="vstte12_two_way_sort_WP_TwoWaySort_WP_parameter_two_way_sort_1.v"
obsolete="false">
<result status="valid" time="1.13"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.9.4"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="parameter two_way_sort"
sum="1537e5268c3b87bd3c91ea3f12257d76"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix =agetV7V10aTrueNIainfix <V10V8Aainfix <=c0V10FIainfix =V9ainfix -V3c1FIainfix =V8ainfix +V4c1FIaexchangeV5V7V4V3FIainfix <V3V0Aainfix <=c0V3Aainfix <V4V0Aainfix <=c0V4Iainfix =agetV5V3aTrueNIainfix <V3V0Aainfix <=c0V3Iainfix =agetV5V4aTrueNNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V11aTrueIainfix <V11V0Aainfix <V3V11FAainfix =agetV5V12aTrueNIainfix <V12V4Aainfix <=c0V12FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="1"
timelimit="10"
obsolete="false">
<result status="valid" time="0.28"/>
</proof>
<proof
prover="0"
timelimit="10"
obsolete="false">
<result status="valid" time="0.04"/>
</proof>
</goal>
<goal
name="WP_parameter two_way_sort.9.5"
locfile="vstte12_two_way_sort/../vstte12_two_way_sort.mlw"
loclnum="28" loccnumb="6" loccnume="18"
expl="parameter two_way_sort"
sum="c69fa1f9c49e68923ebd52ef20e3ce11"
proved="true"
expanded="true"
shape="Lamk arrayV0V1Lamk arrayV0V5ainfix =agetV7V10aTrueIainfix <V10V0Aainfix <V9V10FIainfix =V9ainfix -V3c1FIainfix =V8ainfix +V4c1FIaexchangeV5V7V4V3FIainfix <V3V0Aainfix <=c0V3Aainfix <V4V0Aainfix <=c0V4Iainfix =agetV5V3aTrueNIainfix <V3V0Aainfix <=c0V3Iainfix =agetV5V4aTrueNNIainfix <V4V0Aainfix <=c0V4Iainfix <V4V3Iainfix =agetV5V11aTrueIainfix <V11V0Aainfix <V3V11FAainfix =agetV5V12aTrueNIainfix <V12V4Aainfix <=c0V12FAapermutV2V6Aainfix <V3V0Aainfix <=c0V4FFFFF">
<label
name="expl:parameter two_way_sort">
</label>
<proof
prover="1"