New example: generic AVL trees

examples/avl/association_list.mlw

+
+(** {1 Facts about association lists}
+    Author: Martin Clochard *)
+
+(** {2 Association with respect to an equivalence relation} *)
+module Assoc
+  
+  (** Abstract type for objects identified by keys. *)
+  clone import key_type.KeyType as K
+  (** Abstract equivalence relation. *)
+  clone import relations.Equivalence as Eq with type t = key
+  
+  use import list.List
+  use import list.Mem
+  use import list.Append
+  use import option.Option
+  use import HighOrd
+  
+  (** Existence of an element identified by key [k] in list [l]. *)
+  predicate appear (k:key) (l:list (t 'a)) =
+    exists x. mem x l /\ Eq.rel k x.key
+  
+  lemma appear_append : forall k:key,l r:list (t 'a).
+    appear k (l++r) <-> appear k l \/ appear k r
+  
+  (** Unique occurence of every key *)
+  predicate unique (l:list (t 'a)) = match l with
+    | Nil -> true
+    | Cons x q -> not appear x.key q /\ unique q
+    end
+  
+  (** Functional update with equivalence classes. *)
+  function equiv_update (f:key -> 'b) (k:key) (b:'b) : key -> 'b =
+    \k2. if Eq.rel k k2 then b else f k2
+  
+  function const_none : 'a -> option 'b = \x.None
+  
+  (** Association list viewed as a partial mapping *)
+  function model (l:list (t 'a)) : key -> option (t 'a) =
+    match l with
+    | Nil -> const_none
+    | Cons d q -> equiv_update (model q) d.key (Some d)
+    end
+  
+  (** A key is bound iff it occurs in the association lists.
+      Equivalently, [appear] describe the domain of the partial mapping. *)
+  let rec lemma model_domain (k:key) (l:list (t 'a)) : unit
+    ensures { appear k l <-> match model l k with None -> false
+      | Some _ -> true end }
+    ensures { not appear k l <-> model l k = None }
+    variant { l }
+  = match l with Cons _ q -> model_domain k q | _ -> () end
+  
+  (** A key is bound to a value with an equivalent key. *)
+  let rec lemma model_key (k:key) (l:list (t 'a)) : unit
+    ensures { match model l k with None -> true
+      | Some d -> Eq.rel k d.key end }
+    variant { l }
+  = match l with Cons _ q -> model_key k q | _ -> () end
+  
+  (** Congruence lemma. *)
+  let rec lemma model_congruence (k1 k2:key) (l:list (t 'a)) : unit
+    requires { Eq.rel k1 k2 }
+    ensures { model l k1 = model l k2 }
+    variant { l }
+  = match l with
+    | Cons _ q -> model_congruence k1 k2 q
+    | _ -> ()
+    end
+  
+  (** If the list satisfies the uniqueness property,
+      then every value occuring in the list is the image of its key. *)
+  let rec lemma model_unique (k:key) (l:list (t 'a)) : unit
+    requires { unique l }
+    ensures { forall d. mem d l -> model l d.key = Some d }
+    variant { l }
+  = match l with Cons _ q -> model_unique k q | _ -> () end
+  
+  (** Singleton association list. *)
+  let lemma model_singleton (k:key) (d:t 'a) : unit
+    ensures { model (Cons d Nil) k = if rel k d.key then Some d else None }
+  = ()
+  
+  (** Link between disjoint concatenation and disjoint union of
+      partial mappings. *)
+  let rec lemma model_concat (k:key) (l r:list (t 'a)) : unit
+    requires { unique (l++r) /\ unique l /\ unique r }
+    ensures { match model l k with None -> model (l++r) k = model r k
+      | s -> model (l++r) k = s end }
+    ensures { match model r k with None -> model (l++r) k = model l k
+      | s -> model (l++r) k = s end }
+    ensures { model (l++r) k = None <->
+      model l k = None /\ model r k = None }
+    ensures { model l k = None \/ model r k = None }
+    variant { l }
+  = match l with
+    | Nil -> ()
+    | Cons _ q -> model_concat k q r
+    end
+  
+end
+
+
+(** {2 Sorted association lists} *)
+
+module AssocSorted
+  
+  use import list.List
+  use import list.Append
+  use import list.Mem
+  use import option.Option
+  
+  (** It is an instance of association lists. *)
+  clone import key_type.KeyType as K
+  clone import preorder.Full as O with type t = key
+  clone export Assoc with type K.key = K.key,
+    type K.t = K.t,
+    function K.key = K.key,
+    predicate Eq.rel = O.eq,
+    goal Eq.Trans,
+    goal Eq.Refl,
+    goal Eq.Symm
+  (** Consider sorted (increasing) lists. *)
+  clone sorted.Increasing as S with type K.key = K.key,
+    type K.t = K.t,
+    function K.key = K.key,
+    predicate O.rel = O.lt,
+    goal O.Trans
+  
+  (** Sorted lists have unicity property. *)
+  let rec lemma increasing_unique (l:list (t 'a)) : unit
+    requires { S.increasing l }
+    ensures { unique l }
+    variant { l }
+  = match l with Cons _ q -> increasing_unique q | _ -> () end
+  
+  (** Description of the partial mapping corresponding to the concatenation
+      of increasing lists separated by a known key in the middle. *)
+  let lemma model_cut (k:key) (l r:list (t 'a)) : unit
+    requires { S.increasing r }
+    requires { S.increasing l }
+    requires { S.upper_bound k l }
+    requires { S.lower_bound k r }
+    ensures { forall k2. eq k k2 -> model (l++r) k2 = None }
+    ensures { forall k2. lt k k2 -> model (l++r) k2 = model r k2 }
+    ensures { forall k2. le k2 k -> model r k2 = None }
+    ensures { forall k2. lt k2 k -> model (l++r) k2 = model l k2 }
+    ensures { forall k2. le k k2 -> model l k2 = None }
+  = assert { S.increasing (l++r) };
+    assert { forall k2. lt k k2 -> model (l++r) k2 <> model r k2 ->
+      match model r k2 with
+      | None -> match model l k2 with
+        | None -> false
+        | Some d -> lt d.key k && false
+        end && false
+      | _ -> false
+      end && false };
+    assert { forall k2. lt k2 k -> model (l++r) k2 <> model l k2 ->
+      match model l k2 with
+      | None -> match model r k2 with
+        | None -> false
+        | Some d -> lt k d.key && false
+        end && false
+      | _ -> false
+      end && false };
+    assert { forall k2. eq k k2 -> model (l++r) k2 <> None ->
+      (not appear k2 l /\ not appear k2 r) && false }
+  
+  (** Description of the partial mapping corresponding to a list
+      split around a midpoint. *)
+  let lemma model_split (d:t 'a) (l r:list (t 'a)) : unit
+    requires { S.increasing l }
+    requires { S.increasing r }
+    requires { S.upper_bound d.key l }
+    requires { S.lower_bound d.key r }
+    ensures { forall k2. eq d.key k2 -> model (l++Cons d r) k2 = Some d }
+    ensures { forall k2. lt d.key k2 -> model (l++Cons d r) k2 = model r k2 }
+    ensures { forall k2. le k2 d.key -> model r k2 = None }
+    ensures { forall k2. lt k2 d.key -> model (l++Cons d r) k2 = model l k2 }
+    ensures { forall k2. le d.key k2 -> model l k2 = None }
+  = ()
+  
+end
+

examples/avl/association_list/why3session.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="CVC3" version="2.4.1" timelimit="5" memlimit="1000"/>
+<prover id="1" name="CVC4" version="1.4" timelimit="5" memlimit="1000"/>
+<prover id="2" name="Alt-Ergo" version="0.95.2" timelimit="5" memlimit="1000"/>
+<prover id="3" name="CVC4" version="1.3" timelimit="5" memlimit="1000"/>
+<file name="../association_list.mlw" expanded="true">
+<theory name="Assoc" sum="51b4c11f081064e3b4d325b694706c49">
+ <goal name="appear_append" sum="5cbdce3c762c74acf1cb66ef7929cac3">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="WP_parameter model_domain" expl="VC for model_domain" sum="92e56ac5ba7120552dbd9b31ea1c03e4">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="WP_parameter model_key" expl="VC for model_key" sum="a62f513551d51f68f7bf7274ec7fa2bc">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="WP_parameter model_congruence" expl="VC for model_congruence" sum="74b6a1d42ac17ba99534e9abb688b15c">
+ <transf name="split_goal_wp">
+  <goal name="WP_parameter model_congruence.1" expl="1. variant decrease" sum="fe73a75f3af6950f0640430458feac49">
+  <proof prover="2"><result status="valid" time="0.01"/></proof>
+  </goal>
+  <goal name="WP_parameter model_congruence.2" expl="2. precondition" sum="e4d12e2c5f96dc21fd0b548161939bb3">
+  <proof prover="2"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter model_congruence.3" expl="3. postcondition" sum="3fc6b634c6464489b12cd88d09c1b714">
+  <proof prover="2"><result status="valid" time="0.44"/></proof>
+  </goal>
+  <goal name="WP_parameter model_congruence.4" expl="4. postcondition" sum="e8400f9d404e6f7196747af3ce50d41f">
+  <proof prover="2"><result status="valid" time="0.02"/></proof>
+  </goal>
+ </transf>
+ </goal>
+ <goal name="WP_parameter model_unique" expl="VC for model_unique" sum="70a48f930e99d24c2f920a09ce89787e">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="WP_parameter model_singleton" expl="VC for model_singleton" sum="9e1f65943793e1492142da0974983d77">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="WP_parameter model_concat" expl="VC for model_concat" sum="7a62a2d7738cc4e29d11d9e297619ece">
+ <transf name="split_goal_wp">
+  <goal name="WP_parameter model_concat.1" expl="1. postcondition" sum="2908373cf6c35c58321b09d6396e3147">
+  <proof prover="2"><result status="valid" time="0.03"/></proof>
+  </goal>
+  <goal name="WP_parameter model_concat.2" expl="2. postcondition" sum="2cca90b0062e27cdf98fe6d11eeed988">
+  <proof prover="2"><result status="valid" time="0.03"/></proof>
+  </goal>
+  <goal name="WP_parameter model_concat.3" expl="3. postcondition" sum="b8b1b60dd188d43b287899f552ce108e">
+  <proof prover="2"><result status="valid" time="0.03"/></proof>
+  </goal>
+  <goal name="WP_parameter model_concat.4" expl="4. postcondition" sum="d75c2fdc38950fef136435d48fdc9a50">
+  <proof prover="2"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter model_concat.5" expl="5. variant decrease" sum="cb498b90b9bb7b9bec34710fc3499b58">
+  <proof prover="2"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter model_concat.6" expl="6. precondition" sum="3e89707fc31026dd69618d532147a4dc">
+  <proof prover="2"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter model_concat.7" expl="7. postcondition" sum="3b611d0c99fafd2dfab57aeb5cde40bb">
+  <proof prover="1"><result status="valid" time="0.23"/></proof>
+  </goal>
+  <goal name="WP_parameter model_concat.8" expl="8. postcondition" sum="21271033edce0b04319deb13b120cde5">
+  <proof prover="1"><result status="valid" time="0.09"/></proof>
+  </goal>
+  <goal name="WP_parameter model_concat.9" expl="9. postcondition" sum="ce1444e14e83ef00706876e04a92fcec">
+  <proof prover="2"><result status="valid" time="0.09"/></proof>
+  </goal>
+  <goal name="WP_parameter model_concat.10" expl="10. postcondition" sum="30a51ad2a0099a9fc46b3097d7f9476b">
+  <proof prover="3"><result status="valid" time="0.05"/></proof>
+  </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="AssocSorted" sum="d893e987157b1d0812b75c65f363bef5" expanded="true">
+ <goal name="Refl" sum="bd68cf5556485d4e4b24f8140e5fcd67">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="Trans" sum="5fb40a6d287b0d7ac73e32d51e14a3fb">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="Symm" sum="5a0d026001e97426f05bd10f506d1b42">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="Trans" sum="5e3c67976655b616e0bef03d1dd1fbf7">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="WP_parameter increasing_unique" expl="VC for increasing_unique" sum="03f6af66f3e7749a998b86279e2862f4">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="WP_parameter model_cut" expl="VC for model_cut" sum="e13f7b41191b0d8d7ed1ec53417153ba">
+ <transf name="split_goal_wp">
+  <goal name="WP_parameter model_cut.1" expl="1. assertion" sum="a134c81e5f906e77af9765a19796380f">
+  <proof prover="2"><result status="valid" time="0.04"/></proof>
+  </goal>
+  <goal name="WP_parameter model_cut.2" expl="2. assertion" sum="12665e93cd647a7168984df4e15500c1">
+  <transf name="split_goal_wp">
+   <goal name="WP_parameter model_cut.2.1" expl="1. assertion" sum="a2c1adf0d07a49d10e022f5576eded9d">
+   <proof prover="2"><result status="valid" time="0.02"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.2.2" expl="2. assertion" sum="12aa3d4260003aab6568c1adfa685e50">
+   <proof prover="2"><result status="valid" time="0.08"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.2.3" expl="3. assertion" sum="168e8b779ef53acb9814b2890ff9ae00">
+   <proof prover="2"><result status="valid" time="0.08"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.2.4" expl="4. assertion" sum="f3ee89b033ce2d824097e4f0d7919ec1">
+   <proof prover="2"><result status="valid" time="0.02"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.2.5" expl="5. assertion" sum="7e6e4a0da1783bc61833c81b51e7aa7a">
+   <proof prover="2"><result status="valid" time="0.03"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.2.6" expl="6. assertion" sum="a890eda2f61ef10ccb9f2ba41f70c2b0">
+   <proof prover="2"><result status="valid" time="0.02"/></proof>
+   </goal>
+  </transf>
+  </goal>
+  <goal name="WP_parameter model_cut.3" expl="3. assertion" sum="b64a6c3fc5c944150cd047628229280b">
+  <transf name="split_goal_wp">
+   <goal name="WP_parameter model_cut.3.1" expl="1. assertion" sum="11fc863a88316fcaba3eea6986541a49">
+   <proof prover="2"><result status="valid" time="0.02"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.3.2" expl="2. assertion" sum="9948f220cf719b895bdd9e96b6e3dc7f">
+   <proof prover="2"><result status="valid" time="0.08"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.3.3" expl="3. assertion" sum="151eba2a7b0ac2df9caa4b45c5ac8b1a">
+   <proof prover="2"><result status="valid" time="0.08"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.3.4" expl="4. assertion" sum="bc7a0013949a533792c90ed5ccbc0c5c">
+   <proof prover="2"><result status="valid" time="0.02"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.3.5" expl="5. assertion" sum="432a9d478793190fba92c2ccf17128ef">
+   <proof prover="2"><result status="valid" time="0.03"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.3.6" expl="6. assertion" sum="e5b7d04572afd57071bd95a8862780ee">
+   <proof prover="2"><result status="valid" time="0.02"/></proof>
+   </goal>
+  </transf>
+  </goal>
+  <goal name="WP_parameter model_cut.4" expl="4. assertion" sum="cfbc907899cd34eeb8cca5dbceec41a1">
+  <transf name="split_goal_wp">
+   <goal name="WP_parameter model_cut.4.1" expl="1. assertion" sum="b16ccf8a311e0add137605a7c3c51d53">
+   <proof prover="3"><result status="valid" time="0.05"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.4.2" expl="2. assertion" sum="7cda319a7b0a8a8c57aa082c8c94bfcb">
+   <proof prover="3"><result status="valid" time="0.05"/></proof>
+   </goal>
+   <goal name="WP_parameter model_cut.4.3" expl="3. assertion" sum="9d7f3d139c611615ea4cd94dc79d9def">
+   <proof prover="2"><result status="valid" time="0.03"/></proof>
+   </goal>
+  </transf>
+  </goal>
+  <goal name="WP_parameter model_cut.5" expl="5. postcondition" sum="2364af598953d0888a832ec42adb2af9">
+  <proof prover="2"><result status="valid" time="0.04"/></proof>
+  </goal>
+  <goal name="WP_parameter model_cut.6" expl="6. postcondition" sum="0a778083fbb6a59736dfdf111b1b651b">
+  <proof prover="2"><result status="valid" time="0.03"/></proof>
+  </goal>
+  <goal name="WP_parameter model_cut.7" expl="7. postcondition" sum="93d8b0e1b3b8fa0e5a32c3cb7edfedec">
+  <proof prover="2"><result status="valid" time="0.13"/></proof>
+  </goal>
+  <goal name="WP_parameter model_cut.8" expl="8. postcondition" sum="c8c69c493dc15d6098e7fdd24b594b56">
+  <proof prover="2"><result status="valid" time="0.03"/></proof>
+  </goal>
+  <goal name="WP_parameter model_cut.9" expl="9. postcondition" sum="483c174a72fae713d6876546a1538f68">
+  <proof prover="0"><result status="valid" time="0.03"/></proof>
+  </goal>
+ </transf>
+ </goal>
+ <goal name="WP_parameter model_split" expl="VC for model_split" sum="249363bf1fbb8089fa11c8b0984f7cc5">
+ <proof prover="0"><result status="valid" time="0.92"/></proof>
+ </goal>
+</theory>
+</file>
+</why3session>

examples/avl/avl/why3session.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="CVC3" version="2.4.1" timelimit="5" memlimit="0"/>
+<prover id="1" name="Alt-Ergo" version="0.95.2" timelimit="2" memlimit="1000"/>
+<prover id="2" name="CVC4" version="1.3" timelimit="2" memlimit="0"/>
+<file name="../avl.mlw">
+<theory name="SelectionTypes" sum="889610463ddab805c0b8619b38c84a3f">
+ <goal name="rebuild_aternative_def" sum="6b708928ea833d9c62d7825dbbe599a1">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.07"/></proof>
+ </goal>
+</theory>
+<theory name="AVL" sum="d9afb554df4681295c3ff2120867d09a">
+ <goal name="assoc" sum="1c7ff0c481a04b8380523545ff1bdbb7">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="neutral" sum="b9a39740c30988ad5f6eda8cec14349f">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="WP_parameter real_height_nonnegative" expl="VC for real_height_nonnegative" sum="86c3dbe24513b8d5071b48dd561c1d5a">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="rotation_preserve_model" sum="04ede348ff0f882a63ec098775709a45">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="WP_parameter height" expl="VC for height" sum="0bbbecc0d67a79f985782c9408117960">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="WP_parameter total" expl="VC for total" sum="108943a73e89c55cbf45f5df06e9bd75">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="WP_parameter empty" expl="VC for empty" sum="4a91baa1ec0e3ac2dc050ea832f963bb">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="WP_parameter node" expl="VC for node" sum="60341aea4e12bb7604f5468fb6220fef">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="WP_parameter singleton" expl="VC for singleton" sum="e4dd5d1ba711b0c856135c29008607e7">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="WP_parameter is_empty" expl="VC for is_empty" sum="4c8770716c837071d8af06dc655080d5">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="WP_parameter view" expl="VC for view" sum="e338a899133711f40ba94ab1688d16e4">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="WP_parameter balance" expl="VC for balance" sum="0fad5732d96fd5b4d8d3a37974d0b476">
+ <transf name="split_goal_wp">
+  <goal name="WP_parameter balance.1" expl="1. precondition" sum="42bf778ccff14a52a9755ce4a75e601d">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.2" expl="2. precondition" sum="96ca45799d434e4a5e935f22b3bff8d5">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.3" expl="3. precondition" sum="99930e6182bde9872af01044eb787993">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.4" expl="4. unreachable point" sum="de7b9e84375f7aa2060b07416883d07e">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.04"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.5" expl="5. precondition" sum="e4920d21495a5318e80ec05180ad5642">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.05"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.6" expl="6. precondition" sum="bfc3cd1a3313a57a40167c444d05f147">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.06"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.7" expl="7. precondition" sum="78f1038a2d64c3d6c4c9d01835ad5b3a">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.8" expl="8. precondition" sum="a9bd0c130b5c8d680b9d1ed3cb2f6359">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.19"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.9" expl="9. postcondition" sum="a6c9661fadb5db4d18dee52f6f82fec3">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.33"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.10" expl="10. postcondition" sum="f24b97f738b05ad7cf2e8abfce2fa78d">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.51"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.11" expl="11. precondition" sum="6ca1f36a678fec2b3ea3e0fc445909b2">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.12" expl="12. unreachable point" sum="71a68715f4355298c699920df1988d94">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.22"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.13" expl="13. precondition" sum="051b8b70c619b66e91a1ed3e0334e780">
+  <proof prover="1" memlimit="0"><result status="valid" time="1.00"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.14" expl="14. precondition" sum="c8ca0b096f08aa64bb553568ab79724b">
+  <proof prover="0" memlimit="1000"><result status="valid" time="0.11"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.15" expl="15. precondition" sum="7c139cb87e95f5ed717d62c48dcc92bc">
+  <proof prover="0" memlimit="1000"><result status="valid" time="0.16"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.16" expl="16. postcondition" sum="036d3e6ae2d53db7711959db26e177a4">
+  <proof prover="2" timelimit="5" memlimit="1000"><result status="valid" time="0.22"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.17" expl="17. postcondition" sum="d57d82b0b9538ffe765298f4e84e6ce1">
+  <proof prover="0" timelimit="2"><result status="valid" time="0.30"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.18" expl="18. precondition" sum="85d89c93f16f5150d537c7e4b717ba62">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.03"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.19" expl="19. unreachable point" sum="a8afa1fa04d621d09522d89e833b0ccd">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.09"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.20" expl="20. precondition" sum="dde0ec114b1694ae17ae2a9d5bcb5b84">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.12"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.21" expl="21. precondition" sum="bd206ceec0cc10156457584143ff02f8">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.10"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.22" expl="22. precondition" sum="c8b48bd1f3421929ab9d041b55f03be7">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.14"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.23" expl="23. precondition" sum="f8b6cf3f662a1e637e7d17be5bec6d1e">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.17"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.24" expl="24. postcondition" sum="68b204f0ee211d342cc35d1167d17b97">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.26"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.25" expl="25. postcondition" sum="236ecc0c579daaac426d17355069deea">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.40"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.26" expl="26. precondition" sum="ca3a185dec259f7512249768442a152c">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.03"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.27" expl="27. unreachable point" sum="eb1a6c51565bff12d5ba637dc12e6b8c">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.31"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.28" expl="28. precondition" sum="fc6d26d984a8aa41979fa0f2da18d482">
+  <proof prover="1" memlimit="0"><result status="valid" time="1.34"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.29" expl="29. precondition" sum="cf85610e16696019257e12dc89c70a66">
+  <proof prover="0" memlimit="1000"><result status="valid" time="0.10"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.30" expl="30. precondition" sum="32e09610beb7f4cbd13847b443c7d892">
+  <proof prover="0" memlimit="1000"><result status="valid" time="0.12"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.31" expl="31. postcondition" sum="7ad4ed353e4fbe5ef667092b2f54da9a">
+  <proof prover="0" memlimit="1000"><result status="valid" time="0.22"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.32" expl="32. postcondition" sum="4d82338257141401eed526bff12399a4">
+  <proof prover="0" timelimit="2"><result status="valid" time="0.32"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.33" expl="33. precondition" sum="2327039f72fc85542d3930455d005439">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.34" expl="34. postcondition" sum="201f0a49abb3a152e11efcbb9afaa04f">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.02"/></proof>
+  </goal>
+  <goal name="WP_parameter balance.35" expl="35. postcondition" sum="e7f4753e93d3a51b000a79aeb13c3779">
+  <proof prover="1" memlimit="0"><result status="valid" time="0.03"/></proof>
+  </goal>
+ </transf>
+ </goal>
+ <goal name="WP_parameter decompose_front_node" expl="VC for decompose_front_node" sum="04ae581b864e41405dc1629f31836060">
+ <proof prover="0" timelimit="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="WP_parameter decompose_front" expl="VC for decompose_front" sum="a7d693b5dd07be82b1dd0e9d0ce14695">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.63"/></proof>
+ </goal>
+ <goal name="WP_parameter decompose_back_node" expl="VC for decompose_back_node" sum="5b466d1a2655c3d82aafbdf230057797">
+ <proof prover="0" timelimit="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="WP_parameter decompose_back" expl="VC for decompose_back" sum="182c47849ff2bfffa5bb6dfb8a33fadf">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.57"/></proof>
+ </goal>
+ <goal name="WP_parameter front_node" expl="VC for front_node" sum="b38f64e1022f2cf1173b9620f09d6ef4">
+ <proof prover="0" timelimit="2"><result status="valid" time="1.08"/></proof>
+ </goal>
+ <goal name="WP_parameter front" expl="VC for front" sum="33fa8a9c225a907e83ccb6b894a36747">
+ <proof prover="0" timelimit="2"><result status="valid" time="0.61"/></proof>
+ </goal>
+ <goal name="WP_parameter back_node" expl="VC for back_node" sum="a63d6d1c9218bfb7b96ddafe87316cde">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="WP_parameter back" expl="VC for back" sum="b70c9adefa09dc13c39c46514da3c26b">
+ <proof prover="1" memlimit="0"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="WP_parameter fuse" expl="VC for fuse" sum="15819dbe42559823fc69b52a9571717b">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="WP_parameter cons" expl="VC for cons" sum="f0492430124868ac1f0423bcdc43e4ed">
+ <proof prover="0" timelimit="2"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="WP_parameter snoc" expl="VC for snoc" sum="78d84d60b02141a8bb51ef063e60cbc7">
+ <proof prover="0" timelimit="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="WP_parameter join" expl="VC for join" sum="26189b3d18f3a9744ea435fff293261b">
+ <proof prover="0" timelimit="2"><result status="valid" time="1.27"/></proof>
+ </goal>
+ <goal name="WP_parameter concat" expl="VC for concat" sum="60676e596cb2f82a285fdcebadcde8ac">
+ <proof prover="2"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="WP_parameter default_split" expl="VC for default_split" sum="7e934783bcad65e7332fed203ecae563">
+ <proof prover="1" timelimit="5"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="WP_parameter insert" expl="VC for insert" sum="fa6d931017ac6d50372c9a4d8e3997c7">
+ <proof prover="0" memlimit="1000"><result status="valid" time="1.44"/></proof>
+ </goal>
+ <goal name="WP_parameter remove" expl="VC for remove" sum="a7b61c6202aa919088b54df3b61d343a">
+ <proof prover="0" memlimit="1000"><result status="valid" time="1.34"/></proof>
+ </goal>
+ <goal name="WP_parameter get" expl="VC for get" sum="1ce787841220ea7570feb6b0fce6e741">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.71"/></proof>
+ </goal>
+ <goal name="WP_parameter extract" expl="VC for extract" sum="0e9f869de492ea4c577331e496d8048e">
+ <proof prover="0" memlimit="1000"><result status="valid" time="1.51"/></proof>
+ </goal>
+ <goal name="WP_parameter split" expl="VC for split" sum="fb8e723f9826d04b7f67520ae6470a79">
+ <proof prover="0" memlimit="1000"><result status="valid" time="1.23"/></proof>