Commit 93fd5d65 authored by Mário Pereira's avatar Mário Pereira

Code extraction (wip)

Some examples from the gallery adapted for extraction purposes
parent c60caecb
......@@ -158,15 +158,15 @@ module Euler001
use import SumMultiple
use import int.Int
use import int.ComputerDivision
use import mach.int.Int
let solve n
requires { n >= 1 }
ensures { result = sum_multiple_3_5_lt n }
= let n3 = div (n-1) 3 in
let n5 = div (n-1) 5 in
let n15 = div (n-1) 15 in
div (3 * n3 * (n3+1) + 5 * n5 * (n5+1) - 15 * n15 * (n15+1)) 2
= let n3 = (n-1) / 3 in
let n5 = (n-1) / 5 in
let n15 = (n-1) / 15 in
(3 * n3 * (n3+1) + 5 * n5 * (n5+1) - 15 * n15 * (n15+1)) / 2
(** Small test. Run it with
......
......@@ -53,7 +53,7 @@ end
module NewtonMethod
use import int.Int
use import int.ComputerDivision
use import mach.int.Int
use import ref.Ref
use import Square
......@@ -63,7 +63,7 @@ module NewtonMethod
= if x = 0 then 0 else
if x <= 3 then 1 else
let y = ref x in
let z = ref (div (1 + x) 2) in
let z = ref ((1 + x) / 2) in
while !z < !y do
variant { !y }
invariant { !z > 0 }
......@@ -72,7 +72,7 @@ module NewtonMethod
invariant { x < sqr (!y + 1) }
invariant { x < sqr (!z + 1) }
y := !z;
z := div (div x !z + !z) 2;
z := (x / !z + !z) / 2;
(* A few hints to prove preservation of the last invariant *)
assert { x < sqr (!z + 1)
by let a = div x !y in
......
......@@ -412,7 +412,7 @@ module KodaRuskey
use import int.Int
use import ref.Ref
val map_of_array (a: array 'a) : M.map int 'a
val ghost map_of_array (a: array 'a) : M.map int 'a
ensures { result = a.elts }
val ghost visited: ref visited
......
......@@ -9,7 +9,7 @@ What is the largest prime factor of the number 600851475143 ?
module PrimeFactor
use import int.ComputerDivision
use import mach.int.Int
use import number.Divisibility
use import number.Prime
use import number.Coprime
......@@ -29,14 +29,12 @@ module PrimeFactor
i >= d && let u = div n i in u * i = n && divides u n &&
u * i = n && (u >= d -> n >= d * i >= d * d && false)
&& u >= 2 && u < n && false } ; n
end else if d >= 2 && mod n d = 0 then d else
end else if d >= 2 && n % d = 0 then d else
smallest_divisor (d+1) n
use import ref.Ref
use import list.List
val factors : ref (list int)
let largest_prime_factor (n:int) : int
requires { 2 <= n }
ensures { prime result }
......@@ -44,8 +42,7 @@ module PrimeFactor
ensures { forall i:int. result < i <= n -> not (prime i /\ divides i n) }
= let d = smallest_divisor 2 n in
let factor = ref d in
let target = ref (div n d) in
factors := Cons d Nil;
let target = ref (n / d) in
assert { !target * d = n && divides !target n } ;
assert { forall i:int. prime i /\ divides i n /\ i > d ->
coprime d i && divides i !target };
......@@ -59,14 +56,13 @@ module PrimeFactor
invariant { forall i:int. prime i /\ divides i n /\ i > !factor ->
divides i !target }
variant { !target }
let ghost oldt = !target in
let oldt = ghost !target in
let ghost oldf = !factor in
assert { divides !target !target && !target >= 2 && !target >= !factor };
let d = smallest_divisor !factor !target in
assert { prime d };
factor := d;
factors := Cons d !factors;
target := div !target d;
target := !target / d;
assert { !target * d = oldt && divides !target oldt } ;
assert { forall i:int. prime i /\ divides i n /\ i > d ->
i > oldf && divides i oldt && 1 <= d < i
......
......@@ -2,230 +2,112 @@
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="Eprover" version="1.6" timelimit="5" steplimit="0" memlimit="4000"/>
<prover id="1" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="Z3" version="4.3.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="3" name="Eprover" version="1.8-001" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="4" name="Alt-Ergo" version="0.95.2" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="5" name="CVC4" version="1.3" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="6" name="Vampire" version="0.6" timelimit="5" steplimit="0" memlimit="4000"/>
<prover id="7" name="Alt-Ergo" version="1.30" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../largest_prime_factor.mlw" expanded="true">
<theory name="PrimeFactor" sum="12b4a559359f4d61b31d560dd2587a37" expanded="true">
<goal name="WP_parameter smallest_divisor" expl="VC for smallest_divisor">
<transf name="split_goal_wp">
<goal name="WP_parameter smallest_divisor.1" expl="1. assertion">
<transf name="split_goal_wp">
<goal name="WP_parameter smallest_divisor.1.1" expl="1. assertion">
<proof prover="4"><result status="valid" time="0.02" steps="21"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.1.2" expl="2. assertion">
<proof prover="4"><result status="valid" time="0.83" steps="51"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.1.3" expl="3. assertion">
<proof prover="4"><result status="valid" time="0.02" steps="16"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.1.4" expl="4. assertion">
<proof prover="4"><result status="valid" time="0.02" steps="13"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.1.5" expl="5. assertion">
<proof prover="4"><result status="valid" time="0.04" steps="21"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.1.6" expl="6. assertion">
<proof prover="2"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.1.7" expl="7. assertion">
<proof prover="4"><result status="valid" time="0.01" steps="15"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.1.8" expl="8. assertion">
<proof prover="2"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.1.9" expl="9. assertion">
<proof prover="4"><result status="valid" time="0.03" steps="15"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.1.10" expl="10. assertion">
<proof prover="4"><result status="valid" time="0.03" steps="33"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter smallest_divisor.2" expl="2. postcondition">
<proof prover="4"><result status="valid" time="0.00" steps="7"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.3" expl="3. postcondition">
<proof prover="4"><result status="valid" time="0.02" steps="10"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.4" expl="4. postcondition">
<proof prover="4"><result status="valid" time="0.04" steps="17"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.5" expl="5. postcondition">
<proof prover="4"><result status="valid" time="0.00" steps="8"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.6" expl="6. postcondition">
<proof prover="4"><result status="valid" time="0.02" steps="14"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.7" expl="7. postcondition">
<proof prover="4"><result status="valid" time="0.01" steps="18"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.8" expl="8. variant decrease">
<proof prover="4"><result status="valid" time="0.01" steps="8"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.9" expl="9. precondition">
<proof prover="4"><result status="valid" time="0.01" steps="8"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.10" expl="10. precondition">
<proof prover="4"><result status="valid" time="0.24" steps="39"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.11" expl="11. precondition">
<proof prover="4"><result status="valid" time="0.10" steps="38"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.12" expl="12. postcondition">
<proof prover="4"><result status="valid" time="0.02" steps="13"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.13" expl="13. postcondition">
<proof prover="4"><result status="valid" time="0.02" steps="13"/></proof>
</goal>
<goal name="WP_parameter smallest_divisor.14" expl="14. postcondition">
<proof prover="4"><result status="valid" time="0.02" steps="24"/></proof>
</goal>
</transf>
<theory name="PrimeFactor" sum="16f1aacc2afca1abcb78ba0c33740f40" expanded="true">
<goal name="VC smallest_divisor" expl="VC for smallest_divisor" expanded="true">
<proof prover="7"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor" expl="VC for largest_prime_factor">
<transf name="split_goal_wp">
<goal name="WP_parameter largest_prime_factor.1" expl="1. precondition">
<proof prover="4"><result status="valid" time="0.02" steps="4"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.2" expl="2. precondition">
<proof prover="4"><result status="valid" time="0.02" steps="4"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.3" expl="3. precondition">
<proof prover="4"><result status="valid" time="0.01" steps="5"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.4" expl="4. assertion">
<transf name="split_goal_wp">
<goal name="WP_parameter largest_prime_factor.4.1" expl="1. VC for largest_prime_factor">
<proof prover="4"><result status="valid" time="0.77" steps="49"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.4.2" expl="2. VC for largest_prime_factor">
<proof prover="4"><result status="valid" time="0.02" steps="13"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter largest_prime_factor.5" expl="5. assertion">
<proof prover="5"><result status="valid" time="0.94"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.6" expl="6. loop invariant init">
<proof prover="4"><result status="valid" time="0.14" steps="31"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.7" expl="7. loop invariant init">
<proof prover="4"><result status="valid" time="0.03" steps="11"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.8" expl="8. loop invariant init">
<proof prover="4"><result status="valid" time="0.03" steps="11"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.9" expl="9. loop invariant init">
<proof prover="5"><result status="valid" time="0.74"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.10" expl="10. loop invariant init">
<proof prover="4"><result status="valid" time="0.13" steps="22"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.11" expl="11. loop invariant init">
<proof prover="4"><result status="valid" time="0.10" steps="23"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.12" expl="12. assertion">
<transf name="split_goal_wp">
<goal name="WP_parameter largest_prime_factor.12.1" expl="1. VC for largest_prime_factor">
<proof prover="4"><result status="valid" time="0.02" steps="23"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.12.2" expl="2. VC for largest_prime_factor">
<proof prover="4"><result status="valid" time="0.02" steps="19"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.12.3" expl="3. VC for largest_prime_factor">
<proof prover="5"><result status="valid" time="0.04"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter largest_prime_factor.13" expl="13. precondition">
<proof prover="4"><result status="valid" time="0.02" steps="20"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.14" expl="14. precondition">
<proof prover="4"><result status="valid" time="0.02" steps="20"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.15" expl="15. precondition">
<proof prover="4"><result status="valid" time="0.10" steps="36"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.16" expl="16. assertion">
<proof prover="5"><result status="valid" time="3.00"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.17" expl="17. assertion">
<transf name="split_goal_wp">
<goal name="WP_parameter largest_prime_factor.17.1" expl="1. VC for largest_prime_factor">
<proof prover="4"><result status="valid" time="2.75" steps="85"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.17.2" expl="2. VC for largest_prime_factor">
<proof prover="4"><result status="valid" time="0.04" steps="36"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter largest_prime_factor.18" expl="18. assertion">
<transf name="split_goal_wp">
<goal name="WP_parameter largest_prime_factor.18.1" expl="1. assertion">
<proof prover="4"><result status="valid" time="0.02" steps="32"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.18.2" expl="2. assertion">
<proof prover="4"><result status="valid" time="0.11" steps="51"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.18.3" expl="3. assertion">
<proof prover="4"><result status="valid" time="0.02" steps="34"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.18.4" expl="4. assertion">
<proof prover="4"><result status="valid" time="0.02" steps="34"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.18.5" expl="5. assertion">
<proof prover="1"><result status="valid" time="0.79"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.18.6" expl="6. assertion">
<proof prover="0"><result status="valid" time="0.35"/></proof>
<proof prover="3"><result status="valid" time="0.47"/></proof>
<proof prover="6"><result status="valid" time="2.69"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter largest_prime_factor.19" expl="19. loop invariant preservation">
<proof prover="2"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.20" expl="20. loop invariant preservation">
<proof prover="4"><result status="valid" time="0.05" steps="29"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.21" expl="21. loop invariant preservation">
<proof prover="4"><result status="valid" time="0.17" steps="50"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.22" expl="22. loop invariant preservation">
<proof prover="4"><result status="valid" time="0.06" steps="29"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.23" expl="23. loop invariant preservation">
<proof prover="5"><result status="valid" time="0.23"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.24" expl="24. loop invariant preservation">
<proof prover="4"><result status="valid" time="0.11" steps="51"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.25" expl="25. loop variant decrease">
<proof prover="1"><result status="valid" time="0.07"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.26" expl="26. postcondition">
<proof prover="4"><result status="valid" time="0.02" steps="18"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.27" expl="27. postcondition">
<proof prover="4"><result status="valid" time="0.04" steps="18"/></proof>
</goal>
<goal name="WP_parameter largest_prime_factor.28" expl="28. postcondition">
<proof prover="5"><result status="valid" time="0.13"/></proof>
<goal name="VC largest_prime_factor" expl="VC for largest_prime_factor" expanded="true">
<proof prover="7"><result status="timeout" time="5.01"/></proof>
<transf name="split_goal_wp" expanded="true">
<goal name="VC largest_prime_factor.1" expl="1. precondition">
<proof prover="7"><result status="valid" time="0.00" steps="5"/></proof>
</goal>
<goal name="VC largest_prime_factor.2" expl="2. precondition">
<proof prover="7"><result status="valid" time="0.01" steps="5"/></proof>
</goal>
<goal name="VC largest_prime_factor.3" expl="3. precondition">
<proof prover="7"><result status="valid" time="0.00" steps="5"/></proof>
</goal>
<goal name="VC largest_prime_factor.4" expl="4. precondition">
<proof prover="7"><result status="valid" time="0.00" steps="8"/></proof>
</goal>
<goal name="VC largest_prime_factor.5" expl="5. assertion">
<proof prover="7"><result status="valid" time="0.02" steps="25"/></proof>
</goal>
<goal name="VC largest_prime_factor.6" expl="6. assertion">
<proof prover="7"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="VC largest_prime_factor.7" expl="7. loop invariant init">
<proof prover="7"><result status="valid" time="0.02" steps="30"/></proof>
</goal>
<goal name="VC largest_prime_factor.8" expl="8. loop invariant init">
<proof prover="7"><result status="valid" time="0.01" steps="10"/></proof>
</goal>
<goal name="VC largest_prime_factor.9" expl="9. loop invariant init">
<proof prover="7"><result status="valid" time="0.01" steps="10"/></proof>
</goal>
<goal name="VC largest_prime_factor.10" expl="10. loop invariant init">
<proof prover="7"><result status="timeout" time="5.01"/></proof>
</goal>
<goal name="VC largest_prime_factor.11" expl="11. loop invariant init">
<proof prover="7"><result status="valid" time="0.02" steps="19"/></proof>
</goal>
<goal name="VC largest_prime_factor.12" expl="12. loop invariant init">
<proof prover="7"><result status="valid" time="0.02" steps="17"/></proof>
</goal>
<goal name="VC largest_prime_factor.13" expl="13. assertion">
<proof prover="7"><result status="valid" time="0.02" steps="27"/></proof>
</goal>
<goal name="VC largest_prime_factor.14" expl="14. precondition">
<proof prover="7"><result status="valid" time="0.01" steps="19"/></proof>
</goal>
<goal name="VC largest_prime_factor.15" expl="15. precondition">
<proof prover="7"><result status="valid" time="0.01" steps="19"/></proof>
</goal>
<goal name="VC largest_prime_factor.16" expl="16. precondition">
<proof prover="7"><result status="valid" time="0.01" steps="31"/></proof>
</goal>
<goal name="VC largest_prime_factor.17" expl="17. assertion">
<proof prover="7"><result status="timeout" time="4.99"/></proof>
</goal>
<goal name="VC largest_prime_factor.18" expl="18. precondition">
<proof prover="7"><result status="valid" time="0.01" steps="24"/></proof>
</goal>
<goal name="VC largest_prime_factor.19" expl="19. assertion">
<proof prover="7"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="VC largest_prime_factor.20" expl="20. assertion">
<proof prover="7"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="VC largest_prime_factor.21" expl="21. loop variant decrease">
<proof prover="7"><result status="timeout" time="4.98"/></proof>
</goal>
<goal name="VC largest_prime_factor.22" expl="22. loop invariant preservation">
<proof prover="7"><result status="valid" time="0.14" steps="79"/></proof>
</goal>
<goal name="VC largest_prime_factor.23" expl="23. loop invariant preservation">
<proof prover="7"><result status="valid" time="0.02" steps="27"/></proof>
</goal>
<goal name="VC largest_prime_factor.24" expl="24. loop invariant preservation">
<proof prover="7"><result status="valid" time="0.02" steps="43"/></proof>
</goal>
<goal name="VC largest_prime_factor.25" expl="25. loop invariant preservation">
<proof prover="7"><result status="valid" time="0.01" steps="27"/></proof>
</goal>
<goal name="VC largest_prime_factor.26" expl="26. loop invariant preservation">
<proof prover="7"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="VC largest_prime_factor.27" expl="27. loop invariant preservation">
<proof prover="7"><result status="valid" time="0.02" steps="42"/></proof>
</goal>
<goal name="VC largest_prime_factor.28" expl="28. postcondition">
<proof prover="7"><result status="valid" time="0.01" steps="17"/></proof>
</goal>
<goal name="VC largest_prime_factor.29" expl="29. postcondition">
<proof prover="7"><result status="valid" time="0.01" steps="17"/></proof>
</goal>
<goal name="VC largest_prime_factor.30" expl="30. postcondition">
<proof prover="7"><result status="valid" time="3.67" steps="180"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter test" expl="VC for test">
<proof prover="4"><result status="valid" time="0.02" steps="3"/></proof>
<goal name="VC test" expl="VC for test" expanded="true">
<proof prover="7"><result status="valid" time="0.01" steps="4"/></proof>
</goal>
<goal name="WP_parameter solve" expl="VC for solve">
<proof prover="4"><result status="valid" time="0.01" steps="3"/></proof>
<goal name="VC solve" expl="VC for solve" expanded="true">
<proof prover="7"><result status="valid" time="0.01" steps="4"/></proof>
</goal>
</theory>
</file>
......
......@@ -9,8 +9,9 @@ module HeightCPS
use import bintree.Tree
use import bintree.Height
function height_cps (t: tree 'a) (k: int -> 'b) : 'b =
match t with
let rec function height_cps (t: tree 'a) (k: int -> 'b) : 'b
variant { t }
= match t with
| Empty -> k 0
| Node l _ r ->
height_cps l (fun hl ->
......@@ -18,7 +19,7 @@ module HeightCPS
k (1 + max hl hr)))
end
function height1 (t: tree 'a) : int = height_cps t (fun h -> h)
let function height1 (t: tree 'a) : int = height_cps t (fun h -> h)
lemma height_cps_correct:
forall t: tree 'a, k: int -> 'b. height_cps t k = k (height t)
......
......@@ -3,23 +3,69 @@
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="Alt-Ergo" version="0.99.1" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="1" name="CVC4" version="1.4" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="1" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="3" name="Eprover" version="1.8-001" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="4" name="Vampire" version="0.6" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="5" name="Z3" version="4.2" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="6" name="Alt-Ergo" version="1.30" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="7" name="Yices" version="1.0.38" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="8" name="Z3" version="4.4.0" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../tree_height.mlw" expanded="true">
<theory name="HeightCPS" sum="bf5f8a1bb7474cc558d4defd10f63945">
<goal name="height_cps_correct">
<transf name="induction_ty_lex">
<goal name="height_cps_correct.1" expl="1.">
<proof prover="0"><result status="valid" time="0.02" steps="20"/></proof>
<theory name="HeightCPS" sum="56143ea961123bc30fc2b184c2952c02" expanded="true">
<goal name="VC height_cps" expl="VC for height_cps">
<proof prover="6"><result status="valid" time="0.00" steps="26"/></proof>
</goal>
<goal name="VC height1" expl="VC for height1">
<proof prover="6"><result status="valid" time="0.00" steps="1"/></proof>
</goal>
<goal name="height_cps_correct" expanded="true">
<transf name="induction_ty_lex" expanded="true">
<goal name="height_cps_correct.1" expl="1." expanded="true">
<proof prover="0"><result status="unknown" time="0.00"/></proof>
<proof prover="1"><result status="unknown" time="0.01"/></proof>
<proof prover="2"><result status="unknown" time="0.02"/></proof>
<proof prover="3" timelimit="5"><internalfailure reason="Why3.Printer.UnknownPrinter(&quot;tptp-fof&quot;)"/></proof>
<proof prover="5"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="unknown" time="0.01"/></proof>
<proof prover="7"><result status="timeout" time="5.00"/></proof>
<proof prover="8"><result status="timeout" time="5.00"/></proof>
<transf name="split_goal_wp" expanded="true">
<goal name="height_cps_correct.1.1" expl="1." expanded="true">
<transf name="compute_in_goal" expanded="true">
<goal name="height_cps_correct.1.1.1" expl="1." expanded="true">
<proof prover="1"><result status="unknown" time="0.02"/></proof>
<proof prover="2"><result status="unknown" time="0.35"/></proof>
<proof prover="3" timelimit="5"><internalfailure reason="Why3.Printer.UnknownPrinter(&quot;tptp-fof&quot;)"/></proof>
<proof prover="5"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="timeout" time="5.01"/></proof>
<proof prover="7"><result status="unknown" time="1.91"/></proof>
<proof prover="8"><result status="timeout" time="5.00"/></proof>
</goal>
</transf>
</goal>
<goal name="height_cps_correct.1.2" expl="2." expanded="true">
<transf name="compute_in_goal" expanded="true">
<goal name="height_cps_correct.1.2.1" expl="1.">
</goal>
</transf>
</goal>
</transf>
</goal>
</transf>
</goal>
<goal name="height1_correct">
<proof prover="0"><result status="valid" time="0.01" steps="3"/></proof>
<goal name="height1_correct" expanded="true">
<proof prover="0"><result status="unknown" time="0.01"/></proof>
<proof prover="6"><result status="unknown" time="0.00"/></proof>
</goal>
</theory>
<theory name="Iteration" sum="31fb4ef8d79c1ff62c5bb0f69982f06c" expanded="true">
<theory name="Iteration" sum="d6b56da2821d62a146b19c957c33171b">
<goal name="VC is_id" expl="VC for is_id">
<proof prover="6"><result status="valid" time="0.00" steps="1"/></proof>
</goal>
<goal name="VC is_result" expl="VC for is_result">
<proof prover="6"><result status="valid" time="0.00" steps="1"/></proof>
</goal>
<goal name="sizek_nonneg">
<transf name="induction_ty_lex">
<goal name="sizek_nonneg.1" expl="1.">
......@@ -31,160 +77,28 @@
<proof prover="0"><result status="valid" time="0.01" steps="1"/></proof>
</goal>
<goal name="sizew_nonneg">
<proof prover="3"><result status="valid" time="0.11"/></proof>
<proof prover="3"><internalfailure reason="Why3.Printer.UnknownPrinter(&quot;tptp-fof&quot;)"/></proof>
<proof prover="6"><result status="unknown" time="0.01"/></proof>
</goal>
<goal name="WP_parameter height1" expl="VC for height1" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter height1.1" expl="1. loop invariant init">
<proof prover="0"><result status="valid" time="0.01" steps="2"/></proof>
</goal>
<goal name="WP_parameter height1.2" expl="2. loop invariant preservation">
<proof prover="0"><result status="valid" time="0.02" steps="28"/></proof>
</goal>
<goal name="WP_parameter height1.3" expl="3. loop variant decrease">
<proof prover="0"><result status="valid" time="0.01" steps="17"/></proof>
</goal>
<goal name="WP_parameter height1.4" expl="4. loop invariant preservation">
<proof prover="0"><result status="valid" time="0.02" steps="35"/></proof>
</goal>
<goal name="WP_parameter height1.5" expl="5. loop variant decrease">
<proof prover="0"><result status="valid" time="0.04" steps="56"/></proof>
</goal>
<goal name="WP_parameter height1.6" expl="6. unreachable point">
<proof prover="0"><result status="valid" time="0.00" steps="14"/></proof>
</goal>
<goal name="WP_parameter height1.7" expl="7. loop invariant preservation">
<proof prover="0"><result status="valid" time="0.02" steps="36"/></proof>
</goal>
<goal name="WP_parameter height1.8" expl="8. loop variant decrease">
<proof prover="0"><result status="valid" time="0.02" steps="19"/></proof>
</goal>
<goal name="WP_parameter height1.9" expl="9. loop invariant preservation">
<proof prover="0"><result status="valid" time="0.01" steps="39"/></proof>
</goal>
<goal name="WP_parameter height1.10" expl="10. loop variant decrease">
<proof prover="0"><result status="valid" time="0.04" steps="36"/></proof>
</goal>
<goal name="WP_parameter height1.11" expl="11. loop invariant preservation">
<proof prover="0"><result status="valid" time="0.01" steps="25"/></proof>
</goal>
<goal name="WP_parameter height1.12" expl="12. loop variant decrease">
<proof prover="0"><result status="valid" time="0.02" steps="16"/></proof>
</goal>
<goal name="WP_parameter height1.13" expl="13. loop invariant preservation">
<proof prover="0"><result status="valid" time="0.03" steps="34"/></proof>
</goal>
<goal