updated proof sessions

examples/TODO

@@ -31,7 +31,6 @@ schorr_waite_via_recursion.mlw
 sieve.mlw
 sudoku.mlw
 sum_of_digits.mlw
-there_and_back_again.mlw
 topological_sorting.mlw
 tortoise_and_hare.mlw
 tree_height.mlw
@@ -47,5 +46,3 @@ vstte10_inverting.mlw
 vstte10_search_list.mlw
 vstte12_bfs.mlw
 vstte12_combinators.mlw
-vstte12_ring_buffer.mlw
-vstte12_tree_reconstruction.mlw

examples/there_and_back_again/there_and_back_again_Palindrome_VC_palindrome_rec_1.v

+(* This file is generated by Why3's Coq driver *)
+(* Beware! Only edit allowed sections below    *)
+Require Import BuiltIn.
+Require BuiltIn.
+Require int.Int.
+Require list.List.
+Require list.Length.
+Require list.Mem.
+Require list.Nth.
+Require option.Option.
+Require list.NthLength.
+Require list.Append.
+Require list.NthLengthAppend.
+
+(* Why3 assumption *)
+Definition unit := unit.
+
+(* Why3 assumption *)
+Definition pal {a:Type} {a_WT:WhyType a} (x:(list a)) (n:Z): Prop :=
+  forall (i:Z), ((0%Z <= i)%Z /\ (i < n)%Z) -> ((list.Nth.nth i
+  x) = (list.Nth.nth ((n - 1%Z)%Z - i)%Z x)).
+
+Axiom elt : Type.
+Parameter elt_WhyType : WhyType elt.
+Existing Instance elt_WhyType.
+
+Parameter eq: elt -> elt -> Prop.
+
+Axiom eq_spec : forall (x:elt) (y:elt), (eq x y) <-> (x = y).
+
+(* Why3 goal *)
+Theorem VC_palindrome_rec : forall (x:(list elt)) (y:(list elt)),
+  ((list.Length.length y) <= (list.Length.length x))%Z -> forall (x1:elt)
+  (x2:(list elt)), (y = (Init.Datatypes.cons x1 x2)) -> forall (x3:elt)
+  (x4:(list elt)), (x2 = (Init.Datatypes.cons x3 x4)) -> forall (x5:elt)
+  (x6:(list elt)), (x = (Init.Datatypes.cons x5 x6)) -> ((exists i:Z,
+  ((0%Z <= i)%Z /\ (i < (list.Length.length x4))%Z) /\ ~ ((list.Nth.nth i
+  x6) = (list.Nth.nth (((list.Length.length x4) - 1%Z)%Z - i)%Z x6))) ->
+  exists i:Z, ((0%Z <= i)%Z /\ (i < (list.Length.length y))%Z) /\
+  ~ ((list.Nth.nth i
+  x) = (list.Nth.nth (((list.Length.length y) - 1%Z)%Z - i)%Z x))).
+intros x y h1 x1 x2 h2 x3 x4 h3 x5 x6 h4 (i,(hi1,hi2)).
+subst.
+exists (i+1)%Z; intuition.
+unfold Length.length. fold Length.length.
+omega.
+unfold Length.length in *. fold Length.length in *.
+assert (Nth.nth (i+1) (x5 :: x6) = Nth.nth i x6).
+  unfold Nth.nth; fold Nth.nth.
+  generalize (Zeq_bool_eq (i+1) 0).
+  destruct (Zeq_bool (i+1) 0).
+  intuition.
+  elimtype False.
+  omega.
+  intuition.
+  replace (i+1-1)%Z with i by omega. auto.
+replace (1 + (1 + Length.length x4) - 1 - (i + 1))%Z
+         with (1 + Length.length x4 - 1 - i)%Z
+  in H1 by omega.
+assert (Nth.nth (1 + Length.length x4 - 1 - i) (x5 :: x6) =
+        Nth.nth (Length.length x4 - 1 - i) x6).
+    unfold Nth.nth; fold Nth.nth.
+  generalize (Zeq_bool_eq (1 + Length.length x4 - 1 - i) 0).
+    destruct (Zeq_bool (1 + Length.length x4 - 1 - i) 0).
+  intuition; elimtype False; omega.
+  intuition.
+  replace (1 + Length.length x4 - 1 - i - 1)%Z with (Length.length x4 - 1 - i)%Z
+  by omega; auto.
+congruence.
+Qed.
+

examples/there_and_back_again/why3session.xml

@@ -2,175 +2,84 @@
 <!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
 "http://why3.lri.fr/why3session.dtd">
 <why3session shape_version="4">
-<prover id="0" name="Alt-Ergo" version="0.99.1" timelimit="5" steplimit="0" memlimit="1000"/>
-<prover id="1" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
-<prover id="2" name="CVC4" version="1.4" timelimit="6" steplimit="0" memlimit="1000"/>
-<prover id="3" name="Alt-Ergo" version="1.30" timelimit="6" steplimit="0" memlimit="1000"/>
-<prover id="4" name="Coq" version="8.6" timelimit="20" steplimit="0" memlimit="1000"/>
-<prover id="5" name="Z3" version="4.4.0" timelimit="6" steplimit="0" memlimit="1000"/>
+<prover id="2" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="3" name="Alt-Ergo" version="1.30" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="4" name="Coq" version="8.6" timelimit="5" steplimit="0" memlimit="1000"/>
 <file name="../there_and_back_again.mlw" expanded="true">
-<theory name="Convolution" sum="c04f401f3346b5c81c2c50964a553449" expanded="true">
- <goal name="WP_parameter convolution_rec" expl="VC for convolution_rec">
+<theory name="Convolution" sum="ec40727b08fc6f1a7c42bee1cc3bd30f">
+ <goal name="VC convolution_rec" expl="VC for convolution_rec">
  <transf name="split_goal_wp">
-  <goal name="WP_parameter convolution_rec.1" expl="1. postcondition">
-  <proof prover="2" timelimit="5"><result status="valid" time="0.03"/></proof>
+  <goal name="VC convolution_rec.1" expl="1. variant decrease">
+  <proof prover="3"><result status="valid" time="0.01" steps="22"/></proof>
   </goal>
-  <goal name="WP_parameter convolution_rec.2" expl="2. variant decrease">
-  <proof prover="0"><result status="valid" time="0.02" steps="30"/></proof>
+  <goal name="VC convolution_rec.2" expl="2. precondition">
+  <proof prover="3"><result status="valid" time="0.00" steps="7"/></proof>
   </goal>
-  <goal name="WP_parameter convolution_rec.3" expl="3. precondition">
-  <proof prover="0"><result status="valid" time="0.01" steps="11"/></proof>
+  <goal name="VC convolution_rec.3" expl="3. unreachable point">
+  <proof prover="3"><result status="valid" time="0.01" steps="10"/></proof>
   </goal>
-  <goal name="WP_parameter convolution_rec.4" expl="4. postcondition">
-  <proof prover="2" timelimit="5"><result status="valid" time="0.10"/></proof>
+  <goal name="VC convolution_rec.4" expl="4. postcondition">
+  <proof prover="2"><result status="valid" time="0.04"/></proof>
   </goal>
-  <goal name="WP_parameter convolution_rec.5" expl="5. unreachable point">
-  <proof prover="0"><result status="valid" time="0.01" steps="22"/></proof>
+  <goal name="VC convolution_rec.5" expl="5. postcondition">
+  <proof prover="3"><result status="valid" time="0.01" steps="92"/></proof>
   </goal>
  </transf>
  </goal>
- <goal name="WP_parameter convolution" expl="VC for convolution">
- <transf name="split_goal_wp">
-  <goal name="WP_parameter convolution.1" expl="1. precondition">
-  <proof prover="0"><result status="valid" time="0.01" steps="1"/></proof>
-  </goal>
-  <goal name="WP_parameter convolution.2" expl="2. postcondition">
-  <proof prover="0"><result status="valid" time="0.02" steps="44"/></proof>
-  </goal>
- </transf>
- </goal>
-</theory>
-<theory name="Palindrome" sum="9df381045d072ead2dc0abe2dbdadbdf" expanded="true">
- <goal name="WP_parameter palindrome_rec" expl="VC for palindrome_rec">
- <transf name="split_goal_wp">
-  <goal name="WP_parameter palindrome_rec.1" expl="1. postcondition">
-  <proof prover="0"><result status="valid" time="0.01" steps="10"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.2" expl="2. postcondition">
-  <proof prover="0"><result status="valid" time="0.01" steps="11"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.3" expl="3. postcondition">
-  <proof prover="0"><result status="valid" time="0.25" steps="189"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.4" expl="4. postcondition">
-  <proof prover="2" timelimit="5"><result status="valid" time="0.02"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.5" expl="5. unreachable point">
-  <proof prover="0"><result status="valid" time="0.01" steps="6"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.6" expl="6. variant decrease">
-  <proof prover="0"><result status="valid" time="0.06" steps="34"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.7" expl="7. precondition">
-  <proof prover="0"><result status="valid" time="0.01" steps="17"/></proof>
-  <proof prover="1"><result status="valid" time="0.03"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.8" expl="8. assertion">
-  <proof prover="2" timelimit="5"><result status="valid" time="0.04"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.9" expl="9. postcondition">
-  <proof prover="2" timelimit="5"><result status="valid" time="0.16"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.10" expl="10. postcondition">
-  <proof prover="0"><result status="valid" time="0.04" steps="58"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.11" expl="11. exceptional postcondition">
-  <proof prover="0"><result status="valid" time="0.01" steps="113"/></proof>
-  <proof prover="1"><result status="valid" time="0.31"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.12" expl="12. unreachable point">
-  <proof prover="0"><result status="valid" time="0.02" steps="23"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.13" expl="13. exceptional postcondition">
-  <proof prover="4" edited="there_and_back_again_Palindrome_WP_parameter_palindrome_rec_2.v"><result status="valid" time="0.51"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.14" expl="14. unreachable point">
-  <proof prover="0"><result status="valid" time="0.01" steps="18"/></proof>
-  <proof prover="1"><result status="valid" time="0.00"/></proof>
-  </goal>
- </transf>
- </goal>
- <goal name="WP_parameter palindrome" expl="VC for palindrome">
- <transf name="split_goal_wp">
-  <goal name="WP_parameter palindrome.1" expl="1. precondition">
-  <proof prover="0"><result status="valid" time="0.00" steps="0"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome.2" expl="2. postcondition">
-  <proof prover="0"><result status="valid" time="0.00" steps="4"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome.3" expl="3. postcondition">
-  <proof prover="0"><result status="valid" time="0.01" steps="6"/></proof>
-  </goal>
- </transf>
+ <goal name="VC convolution" expl="VC for convolution">
+ <proof prover="3"><result status="valid" time="0.01" steps="33"/></proof>
  </goal>
 </theory>
-<theory name="Palindrome2" sum="c43a0140871b1226a02698aa120c1bbe" expanded="true">
- <goal name="WP_parameter palindrome_rec" expl="VC for palindrome_rec" expanded="true">
- <proof prover="3" obsolete="true"><result status="timeout" time="5.99"/></proof>
+<theory name="Palindrome" sum="e5d5eceb88764aaf4bad594a8ce3b5cc" expanded="true">
+ <goal name="VC palindrome_rec" expl="VC for palindrome_rec" expanded="true">
  <transf name="split_goal_wp" expanded="true">
-  <goal name="WP_parameter palindrome_rec.1" expl="1. postcondition">
-  <proof prover="3"><result status="valid" time="0.01" steps="21"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.2" expl="2. postcondition">
-  <proof prover="3"><result status="valid" time="0.00" steps="25"/></proof>
-  </goal>
-  <goal name="WP_parameter palindrome_rec.3" expl="3. postcondition">
-  <proof prover="3"><result status="valid" time="0.02" steps="94"/></proof>
+  <goal name="VC palindrome_rec.1" expl="1. postcondition">
+  <proof prover="3"><result status="valid" time="0.00" steps="10"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome_rec.4" expl="4. postcondition">
-  <proof prover="3"><result status="valid" time="0.01" steps="97"/></proof>
+  <goal name="VC palindrome_rec.2" expl="2. postcondition">
+  <proof prover="3"><result status="valid" time="0.00" steps="10"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome_rec.5" expl="5. unreachable point">
-  <proof prover="3"><result status="valid" time="0.01" steps="5"/></proof>
+  <goal name="VC palindrome_rec.3" expl="3. postcondition">
+  <proof prover="3"><result status="valid" time="0.02" steps="100"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome_rec.6" expl="6. variant decrease">
-  <proof prover="3"><result status="valid" time="0.01" steps="35"/></proof>
+  <goal name="VC palindrome_rec.4" expl="4. postcondition">
+  <proof prover="3"><result status="valid" time="0.01" steps="16"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome_rec.7" expl="7. precondition">
-  <proof prover="3"><result status="valid" time="0.01" steps="14"/></proof>
+  <goal name="VC palindrome_rec.5" expl="5. unreachable point">
+  <proof prover="3"><result status="valid" time="0.00" steps="5"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome_rec.8" expl="8. postcondition" expanded="true">
-  <proof prover="2" obsolete="true"><result status="unknown" time="5.94"/></proof>
-  <proof prover="3"><result status="timeout" time="5.97"/></proof>
-  <proof prover="5" obsolete="true"><result status="timeout" time="6.00"/></proof>
+  <goal name="VC palindrome_rec.6" expl="6. variant decrease">
+  <proof prover="3"><result status="valid" time="0.00" steps="26"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome_rec.9" expl="9. postcondition">
-  <proof prover="2" obsolete="true"><result status="unknown" time="5.93"/></proof>
-  <proof prover="3"><result status="timeout" time="5.97"/></proof>
-  <proof prover="5" obsolete="true"><result status="timeout" time="6.00"/></proof>
+  <goal name="VC palindrome_rec.7" expl="7. precondition">
+  <proof prover="3"><result status="valid" time="0.00" steps="12"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome_rec.10" expl="10. exceptional postcondition">
-  <proof prover="2" obsolete="true"><result status="timeout" time="6.00"/></proof>
-  <proof prover="3"><result status="timeout" time="5.99"/></proof>
-  <proof prover="5" obsolete="true"><result status="timeout" time="6.00"/></proof>
+  <goal name="VC palindrome_rec.8" expl="8. assertion">
+  <proof prover="3"><result status="valid" time="0.02" steps="74"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome_rec.11" expl="11. unreachable point">
-  <proof prover="2"><result status="valid" time="0.03"/></proof>
-  <proof prover="3"><result status="valid" time="0.03" steps="188"/></proof>
+  <goal name="VC palindrome_rec.9" expl="9. postcondition">
+  <proof prover="3"><result status="valid" time="1.50" steps="2255"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome_rec.12" expl="12. exceptional postcondition">
-  <proof prover="2" obsolete="true"><result status="timeout" time="6.00"/></proof>
-  <proof prover="3"><result status="timeout" time="5.98"/></proof>
-  <proof prover="5" obsolete="true"><result status="timeout" time="6.00"/></proof>
+  <goal name="VC palindrome_rec.10" expl="10. postcondition">
+  <proof prover="3"><result status="valid" time="0.02" steps="78"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome_rec.13" expl="13. unreachable point">
-  <proof prover="3"><result status="valid" time="0.01" steps="26"/></proof>
+  <goal name="VC palindrome_rec.11" expl="11. exceptional postcondition">
+  <proof prover="3"><result status="valid" time="0.02" steps="109"/></proof>
   </goal>
- </transf>
- </goal>
- <goal name="WP_parameter palindrome" expl="VC for palindrome" expanded="true">
- <transf name="split_goal_wp" expanded="true">
-  <goal name="WP_parameter palindrome.1" expl="1. precondition">
-  <proof prover="3"><result status="valid" time="0.00" steps="1"/></proof>
+  <goal name="VC palindrome_rec.12" expl="12. unreachable point">
+  <proof prover="3"><result status="valid" time="0.00" steps="11"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome.2" expl="2. postcondition" expanded="true">
-  <proof prover="3"><result status="valid" time="0.01" steps="9"/></proof>
+  <goal name="VC palindrome_rec.13" expl="13. exceptional postcondition" expanded="true">
+  <proof prover="4" edited="there_and_back_again_Palindrome_VC_palindrome_rec_1.v"><result status="valid" time="0.51"/></proof>
   </goal>
-  <goal name="WP_parameter palindrome.3" expl="3. postcondition" expanded="true">
-  <proof prover="3"><result status="valid" time="0.01" steps="8"/></proof>
+  <goal name="VC palindrome_rec.14" expl="14. unreachable point">
+  <proof prover="3"><result status="valid" time="0.00" steps="18"/></proof>
   </goal>
  </transf>
  </goal>
+ <goal name="VC palindrome" expl="VC for palindrome">
+ <proof prover="3"><result status="valid" time="0.00" steps="14"/></proof>
+ </goal>
 </theory>
 </file>
 </why3session>

examples/vstte12_tree_reconstruction/vstte12_tree_reconstruction_WP_Harness_WP_parameter_harness2_2.v → examples/vstte12_tree_reconstruction/vstte12_tree_reconstruction_Harness_VC_harness2_1.v

@@ -21,29 +21,31 @@ Existing Instance tree_WhyType.
 (* Why3 assumption *)
 Fixpoint depths (d:Z) (t:tree) {struct t}: (list Z) :=
   match t with
-  | Leaf => (cons d nil)
-  | (Node l r) => (List.app (depths (d + 1%Z)%Z l) (depths (d + 1%Z)%Z r))
+  | Leaf => (Init.Datatypes.cons d Init.Datatypes.nil)
+  | (Node l r) => (Init.Datatypes.app (depths (d + 1%Z)%Z
+      l) (depths (d + 1%Z)%Z r))
   end.
 
 Axiom depths_head : forall (t:tree) (d:Z), match (depths d
   t) with
-  | (cons x _) => (d <= x)%Z
-  | nil => False
+  | (Init.Datatypes.cons x _) => (d <= x)%Z
+  | Init.Datatypes.nil => False
   end.
 
 Axiom depths_unique : forall (t1:tree) (t2:tree) (d:Z) (s1:(list Z))
-  (s2:(list Z)), ((List.app (depths d t1) s1) = (List.app (depths d
-  t2) s2)) -> ((t1 = t2) /\ (s1 = s2)).
+  (s2:(list Z)), ((Init.Datatypes.app (depths d
+  t1) s1) = (Init.Datatypes.app (depths d t2) s2)) -> ((t1 = t2) /\
+  (s1 = s2)).
 
 Axiom depths_prefix : forall (t:tree) (d1:Z) (d2:Z) (s1:(list Z))
-  (s2:(list Z)), ((List.app (depths d1 t) s1) = (List.app (depths d2
-  t) s2)) -> (d1 = d2).
+  (s2:(list Z)), ((Init.Datatypes.app (depths d1
+  t) s1) = (Init.Datatypes.app (depths d2 t) s2)) -> (d1 = d2).
 
 Axiom depths_prefix_simple : forall (t:tree) (d1:Z) (d2:Z), ((depths d1
   t) = (depths d2 t)) -> (d1 = d2).
 
 Axiom depths_subtree : forall (t1:tree) (t2:tree) (d1:Z) (d2:Z)
-  (s1:(list Z)), ((List.app (depths d1 t1) s1) = (depths d2 t2)) ->
+  (s1:(list Z)), ((Init.Datatypes.app (depths d1 t1) s1) = (depths d2 t2)) ->
   (d2 <= d1)%Z.
 
 Axiom depths_unique2 : forall (t1:tree) (t2:tree) (d1:Z) (d2:Z), ((depths d1
@@ -57,8 +59,8 @@ Definition lex (x1:((list Z)* Z)%type) (x2:((list Z)* Z)%type): Prop :=
       | (s2, d2) => ((list.Length.length s1) < (list.Length.length s2))%Z \/
           (((list.Length.length s1) = (list.Length.length s2)) /\ match (s1,
           s2) with
-          | ((cons h1 _), (cons h2 _)) => ((d2 < d1)%Z /\ (d1 <= h1)%Z) /\
-              (h1 = h2)
+          | ((Init.Datatypes.cons h1 _), (Init.Datatypes.cons h2 _)) =>
+              (d2 < d1)%Z /\ ((d1 <= h1)%Z /\ (h1 = h2))
           | _ => False
           end)
       end
@@ -76,9 +78,9 @@ Qed.
 
 
 (* Why3 goal *)
-Theorem WP_parameter_harness2 : forall (result:tree), ~ ((depths 0%Z
-  result) = (cons 1%Z (cons 3%Z (cons 2%Z (cons 2%Z nil))))).
-(* Why3 intros result. *)
+Theorem VC_harness2 : forall (result:tree), ~ ((depths 0%Z
+  result) = (Init.Datatypes.cons 1%Z (Init.Datatypes.cons 3%Z (Init.Datatypes.cons 2%Z (Init.Datatypes.cons 2%Z Init.Datatypes.nil))))).
+
 intuition.
 destruct result; simpl in H.
 discriminate H.
@@ -128,4 +130,3 @@ omega.
 
 Qed.
 
-

examples/vstte12_tree_reconstruction/vstte12_tree_reconstruction_WP_Harness_WP_parameter_harness_3.v → examples/vstte12_tree_reconstruction/vstte12_tree_reconstruction_Harness_VC_harness_1.v

@@ -21,29 +21,31 @@ Existing Instance tree_WhyType.
 (* Why3 assumption *)
 Fixpoint depths (d:Z) (t:tree) {struct t}: (list Z) :=
   match t with
-  | Leaf => (cons d nil)
-  | (Node l r) => (List.app (depths (d + 1%Z)%Z l) (depths (d + 1%Z)%Z r))
+  | Leaf => (Init.Datatypes.cons d Init.Datatypes.nil)
+  | (Node l r) => (Init.Datatypes.app (depths (d + 1%Z)%Z
+      l) (depths (d + 1%Z)%Z r))
   end.
 
 Axiom depths_head : forall (t:tree) (d:Z), match (depths d
   t) with
-  | (cons x _) => (d <= x)%Z
-  | nil => False
+  | (Init.Datatypes.cons x _) => (d <= x)%Z
+  | Init.Datatypes.nil => False
   end.
 
 Axiom depths_unique : forall (t1:tree) (t2:tree) (d:Z) (s1:(list Z))
-  (s2:(list Z)), ((List.app (depths d t1) s1) = (List.app (depths d
-  t2) s2)) -> ((t1 = t2) /\ (s1 = s2)).
+  (s2:(list Z)), ((Init.Datatypes.app (depths d
+  t1) s1) = (Init.Datatypes.app (depths d t2) s2)) -> ((t1 = t2) /\
+  (s1 = s2)).
 
 Axiom depths_prefix : forall (t:tree) (d1:Z) (d2:Z) (s1:(list Z))
-  (s2:(list Z)), ((List.app (depths d1 t) s1) = (List.app (depths d2
-  t) s2)) -> (d1 = d2).
+  (s2:(list Z)), ((Init.Datatypes.app (depths d1
+  t) s1) = (Init.Datatypes.app (depths d2 t) s2)) -> (d1 = d2).
 
 Axiom depths_prefix_simple : forall (t:tree) (d1:Z) (d2:Z), ((depths d1
   t) = (depths d2 t)) -> (d1 = d2).
 
 Axiom depths_subtree : forall (t1:tree) (t2:tree) (d1:Z) (d2:Z)
-  (s1:(list Z)), ((List.app (depths d1 t1) s1) = (depths d2 t2)) ->
+  (s1:(list Z)), ((Init.Datatypes.app (depths d1 t1) s1) = (depths d2 t2)) ->
   (d2 <= d1)%Z.
 
 Axiom depths_unique2 : forall (t1:tree) (t2:tree) (d1:Z) (d2:Z), ((depths d1
@@ -57,18 +59,18 @@ Definition lex (x1:((list Z)* Z)%type) (x2:((list Z)* Z)%type): Prop :=
       | (s2, d2) => ((list.Length.length s1) < (list.Length.length s2))%Z \/
           (((list.Length.length s1) = (list.Length.length s2)) /\ match (s1,
           s2) with
-          | ((cons h1 _), (cons h2 _)) => ((d2 < d1)%Z /\ (d1 <= h1)%Z) /\
-              (h1 = h2)
+          | ((Init.Datatypes.cons h1 _), (Init.Datatypes.cons h2 _)) =>
+              (d2 < d1)%Z /\ ((d1 <= h1)%Z /\ (h1 = h2))
           | _ => False
           end)
       end
   end.
 
 (* Why3 goal *)
-Theorem WP_parameter_harness : forall (result:tree), ((depths 0%Z
-  result) = (cons 1%Z (cons 3%Z (cons 3%Z (cons 2%Z nil))))) ->
+Theorem VC_harness : forall (result:tree), ((depths 0%Z
+  result) = (Init.Datatypes.cons 1%Z (Init.Datatypes.cons 3%Z (Init.Datatypes.cons 3%Z (Init.Datatypes.cons 2%Z Init.Datatypes.nil))))) ->
   (result = (Node Leaf (Node (Node Leaf Leaf) Leaf))).
-(* Why3 intros result h1. *)
+
 intuition.
 
 rewrite <- (Append.Append_l_nil (depths 0 result)) in H.
@@ -79,4 +81,3 @@ generalize (depths_unique _ _ _ _ _ H); intuition.
 
 Qed.
 
-

examples/vstte12_tree_reconstruction/vstte12_tree_reconstruction_Harness_VC_harness_2.v

+(* This file is generated by Why3's Coq driver *)
+(* Beware! Only edit allowed sections below    *)
+Require Import BuiltIn.
+Require BuiltIn.
+Require int.Int.
+Require list.List.
+Require list.Length.
+Require list.Mem.
+Require list.Append.
+
+(* Why3 assumption *)
+Definition unit := unit.
+
+(* Why3 assumption *)