diff --git a/bench/bench b/bench/bench
index 8c3b007e7ceeda650f0aad66cdde7e0d16d5815d..07e4a113ec3e02858a5a63c3c390956742ba3bd2 100755
--- a/bench/bench
+++ b/bench/bench
@@ -269,8 +269,8 @@ goods examples/avl "-L examples/avl"
goods examples/verifythis_2016_matrix_multiplication "-L examples/verifythis_2016_matrix_multiplication"
goods examples/double_wp "-L examples/double_wp"
goods examples/ring_decision "-L examples/ring_decision"
+goods examples/multiprecision "-L examples/multiprecision"
goods examples/in_progress
-goods examples/in_progress/multiprecision "-L examples/in_progress/multiprecision"
echo ""
echo "=== Checking replay (no prover) ==="
@@ -290,6 +290,7 @@ replay examples/avl "-L examples/avl --merging-only"
#replay examples/to_port/verifythis_2016_matrix_multiplication "-L examples/to_port/verifythis_2016_matrix_multiplication --merging-only"
replay examples/double_wp "-L examples/double_wp --merging-only"
replay examples/ring_decision "-L examples/ring_decision --merging-only"
+replay examples/multiprecision "-L examples/multiprecision --merging-only"
#replay examples/in_progress --merging-only
#replay examples/in_progress/multiprecision "-L examples/in_progress/multiprecision --merging-only"
echo ""
diff --git a/examples/multiprecision/add.mlw b/examples/multiprecision/add.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..57f19fe3e2c6b9339ae47172ed9d0564230169b8
--- /dev/null
+++ b/examples/multiprecision/add.mlw
@@ -0,0 +1,548 @@
+module Add
+
+ use import int.Int
+ use import mach.int.Int32
+ use import mach.int.UInt64GMP as Limb
+ use import int.Power
+ use import ref.Ref
+ use import mach.c.C
+ use import array.Array
+ use import map.Map
+ use import types.Types
+ use import lemmas.Lemmas
+
+ (** [add_limb r x y sz] adds to [x] the value of the limb [y],
+ writes the result in [r] and returns the carry. [r] and [x]
+ have size [sz]. This corresponds to the function [mpn_add_1] *)
+ (* r and x must be separated. This is enforced by Why3 regions in typing *)
+ let add_limb (r x:t) (y:limb) (sz:int32) : limb
+ requires { valid x sz }
+ requires { valid r sz }
+ requires { sz > 0 } (* ? GMP does the same for 0 and 1*)
+ ensures { value r sz + (power radix sz) * result =
+ value x sz + y }
+ ensures { 0 <= result <= 1 }
+ ensures { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ writes { r.data.elts }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let c = ref y in
+ let lx = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sz && (not (Limb.(=) !c limb_zero)) do
+ invariant { 0 <= !i <= sz }
+ invariant { !i > 0 -> 0 <= !c <= 1 }
+ invariant { value r !i + (power radix !i) * !c =
+ value x !i + y }
+ invariant { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ variant { sz - !i }
+ label StartLoop in
+ lx := get_ofs x !i;
+ let (res, carry) = add_with_carry !lx !c limb_zero in
+ set_ofs r !i res;
+ assert { value r !i + (power radix !i) * !c =
+ value x !i + y };
+ c := carry;
+ value_tail r !i;
+ value_tail x !i;
+ assert { value r (!i+1) + (power radix (!i+1)) * !c
+ = value x (!i+1) + y
+ (* by
+ value r !i + (power radix !i) * !c
+ = value r k + (power radix k) * res
+ + (power radix !i) * !c
+ = value r k + (power radix k) * res
+ + (power radix k) * radix * !c
+ = value r k + (power radix k) * (res + radix * !c)
+ = value r k +
+ (power radix k) * (!lx + (!c at StartLoop))
+ = value r k + (power radix k) * (!c at StartLoop)
+ + (power radix k) * !lx
+ = value x k + y + (power radix k) * !lx
+ = value x !i + y*) };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ if Int32.(=) !i sz then !c
+ else begin
+ while Int32.(<) !i sz do
+ invariant { !c = 0 }
+ invariant { 0 <= !i <= sz }
+ invariant { value r !i + (power radix !i) * !c =
+ value x !i + y }
+ invariant { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ variant { sz - !i }
+ lx := get_ofs x !i;
+ set_ofs r !i !lx;
+ assert { value r !i + (power radix !i) * !c =
+ value x !i + y };
+ let ghost k = p2i !i in
+ i := Int32.(+) !i (Int32.of_int 1);
+ value_sub_tail (pelts r) r.offset (r.offset + k);
+ value_sub_tail (pelts x) x.offset (x.offset + k);
+ done;
+ !c
+ end
+
+
+ (** [add_limbs r x y sz] adds [x[0..sz-1]] and [y[0..sz-1]] and writes the result in [r].
+ Returns the carry, either [0] or [1]. Corresponds to the function [mpn_add_n]. *)
+
+ let add_limbs (r x y:t) (sz:int32) : limb
+ requires { valid x sz }
+ requires { valid y sz }
+ requires { valid r sz }
+ ensures { 0 <= result <= 1 }
+ ensures { value r sz + (power radix sz) * result =
+ value x sz + value y sz }
+ ensures { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ writes { r.data.elts }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let lx = ref limb_zero in
+ let ly = ref limb_zero in
+ let c = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sz do
+ variant { sz - !i }
+ invariant { 0 <= !i <= sz }
+ invariant { value r !i + (power radix !i) * !c =
+ value x !i + value y !i }
+ invariant { 0 <= !c <= 1 }
+ invariant { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ label StartLoop in
+ lx := get_ofs x !i;
+ ly := get_ofs y !i;
+ let res, carry = add_with_carry !lx !ly !c in
+ set_ofs r !i res;
+ assert { value r !i + (power radix !i) * !c =
+ value x !i + value y !i
+ by value r !i = (value r !i at StartLoop) };
+ c := carry;
+ value_tail r !i;
+ value_tail x !i;
+ value_tail y !i;
+ assert { value r (!i+1) + (power radix (!i+1)) * !c =
+ value x (!i+1) + value y (!i+1)
+ (*by
+ value r !i + (power radix !i) * !c
+ = value r k + (power radix k) * res
+ + (power radix !i) * !c
+ = value r k + (power radix k) * res
+ + (power radix k) * radix * !c
+ = value r k + (power radix k) * (res + radix * !c)
+ = value r k +
+ (power radix k) * (!lx + !ly + (!c at StartLoop))
+ = value r k + (power radix k) * (!c at StartLoop)
+ + (power radix k) * (!lx + !ly)
+ = value x k + value y k
+ + (power radix k) * (!lx + !ly)
+ = value x k + (power radix k) * !lx
+ + value y k + (power radix k) * !ly
+ = value x !i
+ + value y k + (power radix k) * !ly
+ = value x !i
+ + (value y k + (power radix k) * !ly)
+ = value x !i + value y !i*) };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ !c
+
+ (** [add r x y sx sy] adds [(x, sx)] to [(y,sy)] and writes the
+ result in [(r, sx)]. [sx] must be greater than or equal to
+ [sy]. Returns carry, either 0 or 1. Corresponds to [mpn_add]. *)
+ let add (r x y:t) (sx sy:int32) : limb
+ requires { 0 <= sy <= sx }
+ requires { valid x sx }
+ requires { valid y sy }
+ requires { valid r sx }
+ ensures { value r sx + (power radix sx) * result =
+ value x sx + value y sy }
+ ensures { forall j. (j < offset r \/ offset r + sx <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ ensures { 0 <= result <= 1 }
+ writes { r.data.elts }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let lx = ref limb_zero in
+ let ly = ref limb_zero in
+ let c = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sy do
+ variant { sy - !i }
+ invariant { 0 <= !i <= sy }
+ invariant { value r !i + (power radix !i) * !c =
+ value x !i + value y !i }
+ invariant { 0 <= !c <= 1 }
+ invariant { forall j. (j < offset r \/ offset r + sx <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ label StartLoop in
+ lx := get_ofs x !i;
+ ly := get_ofs y !i;
+ let res, carry = add_with_carry !lx !ly !c in
+ set_ofs r !i res;
+ assert { value r !i + (power radix !i) * !c =
+ value x !i + value y !i };
+ c := carry;
+ value_tail r !i;
+ value_tail x !i;
+ value_tail y !i;
+ assert { value r (!i+1) + (power radix (!i+1)) * !c =
+ value x (!i+1) + value y (!i+1)
+ (*by
+ value r !i + (power radix !i) * !c
+ = value r k + (power radix k) * res
+ + (power radix !i) * !c
+ = value r k + (power radix k) * res
+ + (power radix k) * radix * !c
+ = value r k + (power radix k) * (res + radix * !c)
+ = value r k +
+ (power radix k) * (!lx + !ly + (!c at StartLoop))
+ = value r k + (power radix k) * (!c at StartLoop)
+ + (power radix k) * (!lx + !ly)
+ = value x k + value y k
+ + (power radix k) * (!lx + !ly)
+ = value x k + (power radix k) * !lx
+ + value y k + (power radix k) * !ly
+ = value x !i
+ + value y k + (power radix k) * !ly
+ = value x !i
+ + (value y k + (power radix k) * !ly)
+ = value x !i + value y !i*) };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ try
+ begin while Int32.(<) !i sx do
+ variant { sx - !i }
+ invariant { sy <= !i <= sx }
+ invariant { value r !i + (power radix !i) * !c =
+ value x !i + value y sy }
+ invariant { 0 <= !c <= 1 }
+ invariant { forall j. (j < offset r \/ offset r + sx <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ (if (Limb.(=) !c (Limb.of_int 0)) then raise Break);
+ label StartLoop2 in
+ lx := get_ofs x !i;
+ let res, carry = add_with_carry !lx limb_zero !c in
+ set_ofs r !i res;
+ assert { value r !i + (power radix !i) * !c =
+ value x !i + value y sy };
+ c := carry;
+ value_tail r !i;
+ value_tail x !i;
+ assert { value r (!i+1) + (power radix (!i+1)) * !c =
+ value x (!i+1) + value y sy
+ (*by
+ value r !i + (power radix !i) * !c
+ = value r k + (power radix k) * res
+ + (power radix !i) * !c
+ = value r k + (power radix k) * res
+ + (power radix k) * radix * !c
+ = value r k + (power radix k) * (res + radix * !c)
+ = value r k +
+ (power radix k) * (!lx + 0 + (!c at StartLoop2))
+ = value r k + (power radix k) * (!c at StartLoop2)
+ + (power radix k) * !lx
+ = value x k + value y sy
+ + (power radix k) * !lx
+ = value x !i
+ + value y sy*) };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ assert { !i = sx }
+ end
+ with Break -> assert { !c = 0 }
+ end;
+ while Int32.(<) !i sx do
+ variant { sx - !i }
+ invariant { sy <= !i <= sx }
+ invariant { !i = sx \/ !c = 0 }
+ invariant { value r !i + power radix !i * !c =
+ value x !i + value y sy }
+ invariant { forall j. (j < offset r \/ offset r + sx <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ assert { !c = 0 by !i < sx };
+ lx := get_ofs x !i;
+ set_ofs r !i !lx;
+ value_tail r !i;
+ value_tail x !i;
+ assert { value r !i = value x !i + value y sy }; (* true with this, should not be needed *)
+ assert { value r (!i+1) + power radix (!i+1) * !c
+ = value x (!i+1) + value y sy
+ (*
+ by
+ value r !i + power radix !i * !c
+ = value r !i
+ = value r k + power radix k * !lx
+ so value x !i
+ = value x k + power radix k * !lx
+ so value r k
+ = value r k + power radix k * !c
+ = value x k + value y sy*) };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ !c
+
+ let add_in_place (x y:t) (sx sy:int32) : limb
+ requires { 0 <= sy <= sx }
+ requires { valid x sx }
+ requires { valid y sy }
+ ensures { value x sx + (power radix sx) * result
+ = value (old x) sx + value y sy }
+ ensures { 0 <= result <= 1 }
+ ensures { forall j. j < x.offset \/ x.offset + sx <= j ->
+ (pelts x)[j] = (pelts (old x))[j] }
+ writes { x.data.elts }
+ =
+ let ghost ox = { x } in
+ let limb_zero = Limb.of_int 0 in
+ let lx = ref limb_zero in
+ let ly = ref limb_zero in
+ let c = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sy do
+ variant { sy - !i }
+ invariant { 0 <= !i <= sy }
+ invariant { value x !i + (power radix !i) * !c =
+ value ox !i + value y !i }
+ invariant { 0 <= !c <= 1 }
+ invariant { forall j. !i <= j < sx ->
+ (pelts x)[x.offset + j] = (pelts ox)[x.offset + j] }
+ invariant { forall j. j < x.offset \/ x.offset + sx <= j ->
+ (pelts x)[j] = (pelts (old x))[j] }
+ label StartLoop in
+ lx := get_ofs x !i;
+ assert { !lx = (pelts ox)[ox.offset + !i] };
+ ly := get_ofs y !i;
+ let res, carry = add_with_carry !lx !ly !c in
+ set_ofs x !i res;
+ assert { forall j. !i < j < sx ->
+ (pelts x)[x.offset + j]
+ = (pelts ox)[x.offset + j]
+ by (pelts x)[x.offset + j]
+ = (pelts (x at StartLoop))[x.offset + j]
+ = (pelts ox)[x.offset + j]};
+ assert { value x !i + (power radix !i) * !c = value ox !i + value y !i };
+ c := carry;
+ value_tail x !i;
+ value_tail ox !i;
+ value_tail y !i;
+ assert { value x (!i+1) + (power radix (!i+1)) * !c =
+ value ox (!i+1) + value y (!i+1)
+ (*by value ox k + (power radix k) * !lx
+ = value ox !i
+ so value x !i + (power radix !i) * !c
+ = value x k + (power radix k) * res
+ + (power radix !i) * !c
+ = value x k + (power radix k) * res
+ + (power radix k) * radix * !c
+ = value x k + (power radix k) * (res + radix * !c)
+ = value x k +
+ (power radix k) * (!lx + !ly + (!c at StartLoop))
+ = value x k + (power radix k) * (!c at StartLoop)
+ + (power radix k) * (!lx + !ly)
+ = value ox k + value y k
+ + (power radix k) * (!lx + !ly)
+ = (value ox k + (power radix k) * !lx)
+ + (value y k + (power radix k) * !ly)
+ = value ox !i
+ + (value y k + (power radix k) * !ly)
+ = value ox !i
+ + (value y k + (power radix k) * !ly)
+ = value ox !i + value y !i*) };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ try
+ while Int32.(<) !i sx do
+ variant { sx - !i }
+ invariant { sy <= !i <= sx }
+ invariant { value x !i + (power radix !i) * !c =
+ value ox !i + value y sy }
+ invariant { 0 <= !c <= 1 }
+ invariant { forall j. !i <= j < sx ->
+ (pelts x)[x.offset + j] = (pelts ox) [x.offset + j] }
+ invariant { forall j. j < x.offset \/ x.offset + sx <= j ->
+ (pelts x)[j] = (pelts (old x))[j] }
+ (if (Limb.(=) !c limb_zero) then raise ReturnLimb limb_zero);
+ label StartLoop2 in
+ lx := get_ofs x !i;
+ assert { !lx = (pelts ox)[ox.offset + !i] };
+ let res, carry = add_with_carry !lx limb_zero !c in
+ value_sub_update_no_change (pelts x) (x.offset + p2i !i)
+ (x.offset + p2i !i + 1)
+ (x.offset + p2i sx) res;
+ set_ofs x !i res;
+ assert { value x !i + (power radix !i) * !c = value ox !i + value y sy };
+ c := carry;
+ assert { forall j. !i < j < sx ->
+ (pelts x)[x.offset + j] = (pelts ox) [x.offset + j] };
+ value_tail ox !i;
+ value_tail x !i;
+ assert { value x (!i+1) + (power radix (!i+1)) * !c =
+ value ox (!i+1) + value y sy
+ (*by value ox k + (power radix k) * !lx
+ = value ox !i
+ so
+ value x !i + (power radix !i) * !c
+ = value x k + (power radix k) * res
+ + (power radix !i) * !c
+ = value x k + (power radix k) * res
+ + (power radix k) * radix * !c
+ = value x k + (power radix k) * (res + radix * !c)
+ = value x k +
+ (power radix k) * (!lx + 0 + (!c at StartLoop2))
+ = value x k + (power radix k) * (!c at StartLoop2)
+ + (power radix k) * !lx
+ = value ox k + value y sy
+ + (power radix k) * !lx
+ = value ox !i
+ + value y sy*) };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ assert { !i = sx };
+ !c
+ with ReturnLimb n -> begin
+ assert { n = 0 = !c };
+ assert { forall j. x.offset + !i <= j < x.offset + sx
+ -> (pelts x)[j] = (pelts ox)[j]
+ by !i <= j - x.offset < sx
+ so (pelts x)[x.offset + (j - x.offset)]
+ = (pelts ox)[x.offset + (j - x.offset)] };
+ value_sub_frame (pelts x) (pelts ox) (x.offset + p2i !i) (x.offset + p2i sx);
+ value_sub_concat (pelts x) x.offset (x.offset + p2i !i) (x.offset + p2i sx);
+ value_sub_concat (pelts ox) x.offset (x.offset + p2i !i) (x.offset + p2i sx);
+ assert { value x sx = value (old x) sx + value y sy };
+ n
+ end
+ end
+
+ use import int.EuclideanDivision
+
+ (** [incr x y sz] adds to [x] the value of the limb [y] in place.
+ [x] has size [sz]. The addition must not overflow. This corresponds
+ to [mpn_incr] *)
+ let incr (x:t) (y:limb) (ghost sz:int32) : unit
+ requires { valid x sz }
+ requires { sz > 0 }
+ requires { value x sz + y < power radix sz }
+ ensures { value x sz = value (old x) sz + y }
+ ensures { forall j. j < x.offset \/ x.offset + sz <= j ->
+ (pelts x)[j] = (pelts (old x))[j] }
+ writes { x.data.elts }
+ =
+ let ghost ox = { x } in
+ let c = ref y in
+ let lx : ref limb = ref 0 in
+ let i : ref int32 = ref 0 in
+ while not (Limb.(=) !c 0) do
+ invariant { 0 <= !i <= sz }
+ invariant { !i = sz -> !c = 0 }
+ invariant { !i > 0 -> 0 <= !c <= 1 }
+ invariant { value x !i + (power radix !i) * !c
+ = value ox !i + y }
+ invariant { forall j. !i <= j < sz ->
+ (pelts x)[x.offset + j] = (pelts ox)[x.offset + j] }
+ invariant { forall j. j < x.offset \/ x.offset + sz <= j ->
+ (pelts x)[j] = (pelts ox)[j] }
+ variant { sz - !i }
+ label StartLoop in
+ lx := get_ofs x !i;
+ assert { !lx = (pelts ox)[ox.offset + !i] };
+ let (res, carry) = add_with_carry !lx !c 0 in (*TODO*)
+ assert { res + radix * carry = !lx + !c }; (* TODO remove this *)
+ value_sub_update_no_change (pelts x) (x.offset + p2i !i)
+ (x.offset + p2i !i + 1)
+ (x.offset + p2i sz) res;
+ set_ofs x !i res;
+ assert { forall j. !i < j < sz ->
+ (pelts x)[x.offset + j]
+ = (pelts ox)[x.offset + j] };
+ assert { value x !i + (power radix !i) * !c = value ox !i + y };
+ c := carry;
+ value_tail x !i;
+ value_tail ox !i;
+ assert { value x (!i+1) + power radix (!i+1) * !c =
+ value ox (!i+1) + y };
+ i := Int32.(+) !i 1;
+ assert { !i = sz -> !c = 0
+ by value x sz + power radix sz * !c = value ox sz + y
+ so value ox sz + y < power radix sz
+ so 0 <= !c <= 1};
+ done;
+ value_concat x !i sz;
+ value_concat ox !i sz;
+ assert { forall j. x.offset + !i <= j < x.offset + sz ->
+ (pelts x)[j] = (pelts ox)[j]
+ by let k = j - x.offset in
+ !i <= k < sz
+ so (pelts x)[x.offset + k] = (pelts ox)[x.offset + k]};
+ value_sub_frame (pelts x) (pelts ox) (x.offset + p2i !i) (x.offset + p2i sz)
+
+ (** [incr_1 x sz] adds 1 to [x] in place.
+ [x] has size [sz]. The addition must not overflow.
+ This corresponds to [mpn_incr] *)
+ let incr_1 (x:t) (ghost sz:int32) : unit
+ requires { valid x sz }
+ requires { sz > 0 }
+ requires { value x sz + 1 < power radix sz }
+ ensures { value x sz = value (old x) sz + 1 }
+ ensures { forall j. j < x.offset \/ x.offset + sz <= j ->
+ (pelts x)[j] = (pelts (old x))[j] }
+ writes { x.data.elts }
+ =
+ let ghost ox = { x } in
+ let r : ref limb = ref 0 in
+ let ghost c : ref limb = ref 1 in
+ let lx : ref limb = ref 0 in
+ let i : ref int32 = ref 0 in
+ while (Limb.(=) !r 0) do
+ invariant { 0 <= !i <= sz }
+ invariant { !i = sz -> !r <> 0 }
+ invariant { !r <> 0 <-> !c = 0 }
+ invariant { 0 <= !c <= 1 }
+ invariant { value x !i + (power radix !i) * !c
+ = value ox !i + 1 }
+ invariant { forall j. !i <= j < sz ->
+ (pelts x)[x.offset + j] = (pelts ox)[x.offset + j] }
+ invariant { forall j. j < x.offset \/ x.offset + sz <= j ->
+ (pelts x)[j] = (pelts ox)[j] }
+ variant { sz - !i }
+ label StartLoop in
+ lx := get_ofs x !i;
+ assert { !lx = (pelts ox)[ox.offset + !i] };
+ let res = add_mod !lx 1 in
+ r := res;
+ ghost (if Limb.(=) res 0 then c := 1 else c := 0);
+ assert { res + radix * !c = !lx + 1 };
+ value_sub_update_no_change (pelts x) (x.offset + p2i !i)
+ (x.offset + p2i !i + 1)
+ (x.offset + p2i sz) res;
+ set_ofs x !i res;
+ assert { forall j. !i < j < sz ->
+ (pelts x)[x.offset + j]
+ = (pelts ox)[x.offset + j] };
+ assert { value x !i + (power radix !i) * (!c at StartLoop) = value ox !i + 1 };
+ value_tail x !i;
+ value_tail ox !i;
+ assert { value x (!i+1) + power radix (!i+1) * !c =
+ value ox (!i+1) + 1 };
+ i := Int32.(+) !i 1;
+ assert { !i = sz -> !c = 0
+ by value x sz + power radix sz * !c = value ox sz + 1
+ so value ox sz + 1 < power radix sz
+ so 0 <= !c <= 1};
+ done;
+ value_concat x !i sz;
+ value_concat ox !i sz;
+ assert { forall j. x.offset + !i <= j < x.offset + sz ->
+ (pelts x)[j] = (pelts ox)[j]
+ by let k = j - x.offset in
+ !i <= k < sz
+ so (pelts x)[x.offset + k] = (pelts ox)[x.offset + k]};
+ value_sub_frame (pelts x) (pelts ox) (x.offset + p2i !i) (x.offset + p2i sz)
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/add/why3session.xml b/examples/multiprecision/add/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..bd1f243383f766950650eacfa789f44220130b02
--- /dev/null
+++ b/examples/multiprecision/add/why3session.xml
@@ -0,0 +1,1307 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="Eprover" version="1.9.1-001" timelimit="5" steplimit="0" memlimit="2000"/>
+<prover id="1" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="2" name="CVC4" version="1.4" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="3" name="Z3" version="4.5.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="4" name="Z3" version="4.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="5" name="Alt-Ergo" version="2.0.0" timelimit="5" steplimit="0" memlimit="1000"/>
+<file name="../add.mlw" proved="true">
+<theory name="Add" proved="true">
+ <goal name="VC add_limb" expl="VC for add_limb" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_limb.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.04" steps="20"/></proof>
+ </goal>
+ <goal name="VC add_limb.1" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.03" steps="21"/></proof>
+ </goal>
+ <goal name="VC add_limb.2" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.04" steps="11"/></proof>
+ </goal>
+ <goal name="VC add_limb.3" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.01" steps="13"/></proof>
+ </goal>
+ <goal name="VC add_limb.4" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="70"/></proof>
+ </goal>
+ <goal name="VC add_limb.5" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_limb.6" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="1.22"/></proof>
+ <proof prover="5"><result status="valid" time="0.06" steps="49"/></proof>
+ </goal>
+ <goal name="VC add_limb.7" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="21"/></proof>
+ </goal>
+ <goal name="VC add_limb.8" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_limb.8.0" expl="VC for add_limb" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add_limb.8.0.0" expl="VC for add_limb" proved="true">
+ <proof prover="0"><result status="valid" time="0.09"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_limb.8.1" expl="VC for add_limb" proved="true">
+ <proof prover="1" memlimit="2000"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_limb.9" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.51"/></proof>
+ </goal>
+ <goal name="VC add_limb.10" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_limb.11" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_limb.12" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC add_limb.12.0" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add_limb.12.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC add_limb.12.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC add_limb.12.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC add_limb.12.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.34"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_limb.13" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_limb.14" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_limb.15" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_limb.16" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_limb.17" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_limb.18" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_limb.19" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC add_limb.20" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_limb.20.0" expl="postcondition" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC add_limb.20.0.0" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_limb.20.1" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="25"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_limb.21" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ <proof prover="5"><result status="valid" time="0.04" steps="25"/></proof>
+ </goal>
+ <goal name="VC add_limb.22" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_limb.23" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.04" steps="45"/></proof>
+ </goal>
+ <goal name="VC add_limb.24" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ <proof prover="5"><result status="valid" time="0.08" steps="23"/></proof>
+ </goal>
+ <goal name="VC add_limb.25" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.06" steps="23"/></proof>
+ </goal>
+ <goal name="VC add_limb.26" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_limb.27" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="42"/></proof>
+ </goal>
+ <goal name="VC add_limb.28" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="43"/></proof>
+ </goal>
+ <goal name="VC add_limb.29" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="123"/></proof>
+ </goal>
+ <goal name="VC add_limb.30" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="52"/></proof>
+ </goal>
+ <goal name="VC add_limb.31" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="54"/></proof>
+ </goal>
+ <goal name="VC add_limb.32" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.05" steps="44"/></proof>
+ </goal>
+ <goal name="VC add_limb.33" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_limb.34" expl="loop variant decrease" proved="true">
+ <proof prover="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC add_limb.35" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5"><result status="valid" time="0.02" steps="46"/></proof>
+ </goal>
+ <goal name="VC add_limb.36" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ <proof prover="5"><result status="valid" time="0.05" steps="46"/></proof>
+ </goal>
+ <goal name="VC add_limb.37" expl="loop invariant preservation" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="87"/></proof>
+ </goal>
+ <goal name="VC add_limb.38" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="79"/></proof>
+ </goal>
+ <goal name="VC add_limb.39" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="32"/></proof>
+ </goal>
+ <goal name="VC add_limb.40" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="33"/></proof>
+ </goal>
+ <goal name="VC add_limb.41" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_limbs" expl="VC for add_limbs" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_limbs.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ <proof prover="5"><result status="valid" time="0.05" steps="24"/></proof>
+ </goal>
+ <goal name="VC add_limbs.1" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="25"/></proof>
+ </goal>
+ <goal name="VC add_limbs.2" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_limbs.2.0" expl="VC for add_limbs" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="11"/></proof>
+ </goal>
+ <goal name="VC add_limbs.2.1" expl="VC for add_limbs" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_limbs.3" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="77"/></proof>
+ </goal>
+ <goal name="VC add_limbs.4" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.10" steps="14"/></proof>
+ </goal>
+ <goal name="VC add_limbs.5" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_limbs.6" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ <proof prover="5"><result status="valid" time="0.04" steps="36"/></proof>
+ </goal>
+ <goal name="VC add_limbs.7" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.07" steps="37"/></proof>
+ </goal>
+ <goal name="VC add_limbs.8" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.08" steps="24"/></proof>
+ </goal>
+ <goal name="VC add_limbs.9" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="41"/></proof>
+ </goal>
+ <goal name="VC add_limbs.10" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.81"/></proof>
+ </goal>
+ <goal name="VC add_limbs.11" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ <proof prover="5"><result status="valid" time="0.10" steps="36"/></proof>
+ </goal>
+ <goal name="VC add_limbs.12" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5"><result status="valid" time="0.12" steps="37"/></proof>
+ </goal>
+ <goal name="VC add_limbs.13" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ <proof prover="5"><result status="valid" time="0.02" steps="38"/></proof>
+ </goal>
+ <goal name="VC add_limbs.14" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add_limbs.14.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC add_limbs.14.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC add_limbs.14.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.39"/></proof>
+ </goal>
+ <goal name="VC add_limbs.14.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC add_limbs.14.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_limbs.15" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_limbs.16" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_limbs.16.0" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_limbs.17" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_limbs.18" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_limbs.19" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_limbs.20" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_limbs.21" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC add_limbs.22" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.04" steps="22"/></proof>
+ </goal>
+ <goal name="VC add_limbs.23" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="22"/></proof>
+ </goal>
+ <goal name="VC add_limbs.24" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add" expl="VC for add" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.1" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="28"/></proof>
+ </goal>
+ <goal name="VC add.2" expl="loop invariant init" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.3" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="84"/></proof>
+ </goal>
+ <goal name="VC add.4" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC add.5" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add.6" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="39"/></proof>
+ </goal>
+ <goal name="VC add.7" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.8" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.9" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add.9.0" expl="VC for add" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add.9.1" expl="VC for add" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="30"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add.10" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.93"/></proof>
+ </goal>
+ <goal name="VC add.11" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add.12" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.13" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.14" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add.14.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC add.14.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC add.14.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.39"/></proof>
+ </goal>
+ <goal name="VC add.14.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC add.14.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.19"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add.15" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add.16" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.17" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.18" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.19" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.20" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add.21" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC add.22" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="24"/></proof>
+ </goal>
+ <goal name="VC add.23" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="26"/></proof>
+ </goal>
+ <goal name="VC add.24" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="27"/></proof>
+ </goal>
+ <goal name="VC add.25" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add.26" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="51"/></proof>
+ </goal>
+ <goal name="VC add.27" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.28" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.29" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.30" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.31" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.32" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add.32.0" expl="VC for add" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.11" steps="48"/></proof>
+ </goal>
+ <goal name="VC add.32.1" expl="VC for add" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.08" steps="48"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add.33" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="63"/></proof>
+ </goal>
+ <goal name="VC add.34" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="64"/></proof>
+ </goal>
+ <goal name="VC add.35" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.36" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.37" expl="assertion" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="1.05"/></proof>
+ </goal>
+ <goal name="VC add.38" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add.38.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC add.38.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC add.38.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC add.38.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC add.38.0.0.2" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.32" steps="188"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add.39" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="76"/></proof>
+ </goal>
+ <goal name="VC add.40" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="78"/></proof>
+ </goal>
+ <goal name="VC add.41" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.42" expl="loop invariant preservation" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="63"/></proof>
+ </goal>
+ <goal name="VC add.43" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="65"/></proof>
+ </goal>
+ <goal name="VC add.44" expl="loop invariant preservation" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="65"/></proof>
+ </goal>
+ <goal name="VC add.45" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.10" steps="106"/></proof>
+ </goal>
+ <goal name="VC add.46" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="48"/></proof>
+ </goal>
+ <goal name="VC add.47" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.48" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add.49" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.50" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="39"/></proof>
+ </goal>
+ <goal name="VC add.51" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add.51.0" expl="VC for add" proved="true">
+ <proof prover="0"><result status="valid" time="5.70"/></proof>
+ </goal>
+ <goal name="VC add.51.1" expl="VC for add" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add.52" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.21" steps="156"/></proof>
+ </goal>
+ <goal name="VC add.53" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.54" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.55" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add.55.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC add.55.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC add.55.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC add.55.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC add.55.0.0.2" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add.56" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC add.57" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.67" steps="72"/></proof>
+ </goal>
+ <goal name="VC add.58" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.59" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC add.60" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.61" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.62" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC add.63" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.64" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC add.65" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="36"/></proof>
+ </goal>
+ <goal name="VC add.66" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="36"/></proof>
+ </goal>
+ <goal name="VC add.67" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add.68" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add.68.0" expl="VC for add" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="45"/></proof>
+ </goal>
+ <goal name="VC add.68.1" expl="VC for add" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.10" steps="46"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add.69" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="61"/></proof>
+ </goal>
+ <goal name="VC add.70" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="62"/></proof>
+ </goal>
+ <goal name="VC add.71" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.72" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.73" expl="assertion" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="1.10"/></proof>
+ </goal>
+ <goal name="VC add.74" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add.74.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC add.74.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC add.74.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC add.74.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC add.74.0.0.2" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.23" steps="186"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add.75" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="74"/></proof>
+ </goal>
+ <goal name="VC add.76" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.77" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.78" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add.79" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add.79.0" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="63"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add.80" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.81" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.12" steps="104"/></proof>
+ </goal>
+ <goal name="VC add.82" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="45"/></proof>
+ </goal>
+ <goal name="VC add.83" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add.84" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_in_place" expl="VC for add_in_place" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_in_place.0" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="22"/></proof>
+ </goal>
+ <goal name="VC add_in_place.1" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="23"/></proof>
+ </goal>
+ <goal name="VC add_in_place.2" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="12"/></proof>
+ </goal>
+ <goal name="VC add_in_place.3" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="70"/></proof>
+ </goal>
+ <goal name="VC add_in_place.4" expl="loop invariant init" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC add_in_place.5" expl="loop invariant init" proved="true">
+ <proof prover="0"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_in_place.6" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="6"/></proof>
+ </goal>
+ <goal name="VC add_in_place.7" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="34"/></proof>
+ </goal>
+ <goal name="VC add_in_place.8" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="50"/></proof>
+ </goal>
+ <goal name="VC add_in_place.9" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="36"/></proof>
+ </goal>
+ <goal name="VC add_in_place.10" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="26"/></proof>
+ </goal>
+ <goal name="VC add_in_place.11" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_in_place.11.0" expl="VC for add_in_place" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="30"/></proof>
+ </goal>
+ <goal name="VC add_in_place.11.1" expl="VC for add_in_place" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_in_place.12" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="62"/></proof>
+ </goal>
+ <goal name="VC add_in_place.13" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="1.08"/></proof>
+ </goal>
+ <goal name="VC add_in_place.14" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.08" steps="38"/></proof>
+ </goal>
+ <goal name="VC add_in_place.15" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_in_place.16" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_in_place.17" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add_in_place.17.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC add_in_place.17.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC add_in_place.17.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC add_in_place.17.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC add_in_place.17.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.22"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_in_place.18" expl="integer overflow" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC add_in_place.19" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_in_place.20" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_in_place.21" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_in_place.22" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_in_place.23" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_in_place.24" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.39"/></proof>
+ </goal>
+ <goal name="VC add_in_place.25" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_in_place.25.0" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_in_place.26" expl="loop invariant init" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC add_in_place.27" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="25"/></proof>
+ </goal>
+ <goal name="VC add_in_place.28" expl="loop invariant init" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC add_in_place.29" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="53"/></proof>
+ </goal>
+ <goal name="VC add_in_place.30" expl="loop invariant init" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add_in_place.30.0" expl="loop invariant init" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC add_in_place.30.0.0" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="51"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_in_place.31" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="36"/></proof>
+ </goal>
+ <goal name="VC add_in_place.32" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_in_place.32.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_in_place.32.1" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_in_place.32.2" expl="VC for add_in_place" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="66"/></proof>
+ </goal>
+ <goal name="VC add_in_place.32.3" expl="VC for add_in_place" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_in_place.33" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="78"/></proof>
+ </goal>
+ <goal name="VC add_in_place.34" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_in_place.35" expl="precondition" proved="true">
+ <proof prover="5" timelimit="50" memlimit="2000"><result status="valid" time="0.04" steps="39"/></proof>
+ </goal>
+ <goal name="VC add_in_place.36" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="69"/></proof>
+ </goal>
+ <goal name="VC add_in_place.37" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="50" memlimit="2000"><result status="valid" time="0.03" steps="41"/></proof>
+ </goal>
+ <goal name="VC add_in_place.38" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="42"/></proof>
+ </goal>
+ <goal name="VC add_in_place.39" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_in_place.39.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_in_place.40" expl="precondition" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC add_in_place.41" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="63"/></proof>
+ </goal>
+ <goal name="VC add_in_place.42" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.06" steps="38"/></proof>
+ </goal>
+ <goal name="VC add_in_place.43" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="41"/></proof>
+ </goal>
+ <goal name="VC add_in_place.44" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="42"/></proof>
+ </goal>
+ <goal name="VC add_in_place.45" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="53"/></proof>
+ </goal>
+ <goal name="VC add_in_place.46" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_in_place.46.0" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.25" steps="149"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_in_place.47" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_in_place.47.0" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="81"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_in_place.48" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC add_in_place.49" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="52"/></proof>
+ </goal>
+ <goal name="VC add_in_place.50" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add_in_place.50.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC add_in_place.50.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC add_in_place.50.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC add_in_place.50.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC add_in_place.50.0.0.2" proved="true">
+ <proof prover="2"><result status="valid" time="0.31"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_in_place.51" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.13" steps="66"/></proof>
+ </goal>
+ <goal name="VC add_in_place.52" expl="integer overflow" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC add_in_place.53" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC add_in_place.54" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC add_in_place.55" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.26" steps="59"/></proof>
+ </goal>
+ <goal name="VC add_in_place.56" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC add_in_place.57" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.43"/></proof>
+ </goal>
+ <goal name="VC add_in_place.58" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC add_in_place.59" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="99"/></proof>
+ </goal>
+ <goal name="VC add_in_place.60" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="35"/></proof>
+ </goal>
+ <goal name="VC add_in_place.61" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="36"/></proof>
+ </goal>
+ <goal name="VC add_in_place.62" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="61"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC incr" expl="VC for incr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC incr.0" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC incr.1" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC incr.2" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr.3" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="26"/></proof>
+ </goal>
+ <goal name="VC incr.4" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr.5" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr.6" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="98"/></proof>
+ </goal>
+ <goal name="VC incr.7" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="38"/></proof>
+ </goal>
+ <goal name="VC incr.8" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr.9" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC incr.10" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC incr.11" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr.12" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.05" steps="129"/></proof>
+ </goal>
+ <goal name="VC incr.13" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="51"/></proof>
+ </goal>
+ <goal name="VC incr.14" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="1.06"/></proof>
+ </goal>
+ <goal name="VC incr.15" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr.16" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr.17" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC incr.17.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC incr.17.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC incr.17.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.35"/></proof>
+ </goal>
+ <goal name="VC incr.17.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC incr.17.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.24"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC incr.18" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC incr.19" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC incr.19.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC incr.19.1" expl="VC for incr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr.19.2" expl="VC for incr" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC incr.19.3" expl="VC for incr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC incr.19.4" expl="VC for incr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC incr.20" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr.21" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC incr.22" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr.23" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr.24" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr.25" expl="loop invariant preservation" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC incr.25.0" expl="loop invariant preservation" proved="true">
+ <transf name="apply" proved="true" arg1="H14">
+ <goal name="VC incr.25.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC incr.26" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC incr.27" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr.28" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr.29" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC incr.29.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr.29.1" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr.29.2" expl="VC for incr" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="39"/></proof>
+ </goal>
+ <goal name="VC incr.29.3" expl="VC for incr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC incr.30" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC incr.30.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC incr.30.0.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC incr.31" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="23"/></proof>
+ </goal>
+ <goal name="VC incr.32" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC incr_1" expl="VC for incr_1" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC incr_1.0" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC incr_1.1" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.2" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.3" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.4" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC incr_1.5" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.09" steps="20"/></proof>
+ </goal>
+ <goal name="VC incr_1.6" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="18"/></proof>
+ </goal>
+ <goal name="VC incr_1.7" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="90"/></proof>
+ </goal>
+ <goal name="VC incr_1.8" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="40"/></proof>
+ </goal>
+ <goal name="VC incr_1.9" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="52"/></proof>
+ </goal>
+ <goal name="VC incr_1.10" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.11" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr_1.12" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="131"/></proof>
+ </goal>
+ <goal name="VC incr_1.13" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="55"/></proof>
+ </goal>
+ <goal name="VC incr_1.14" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.09" steps="117"/></proof>
+ </goal>
+ <goal name="VC incr_1.15" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.16" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr_1.17" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="55"/></proof>
+ </goal>
+ <goal name="VC incr_1.18" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC incr_1.19" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC incr_1.19.0" expl="VC for incr_1" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="47"/></proof>
+ </goal>
+ <goal name="VC incr_1.19.1" expl="VC for incr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr_1.19.2" expl="VC for incr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC incr_1.19.3" expl="VC for incr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.19.4" expl="VC for incr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC incr_1.20" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC incr_1.21" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.07" steps="123"/></proof>
+ </goal>
+ <goal name="VC incr_1.22" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.23" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC incr_1.24" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.25" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="51"/></proof>
+ </goal>
+ <goal name="VC incr_1.26" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="67"/></proof>
+ </goal>
+ <goal name="VC incr_1.27" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.07" steps="70"/></proof>
+ </goal>
+ <goal name="VC incr_1.28" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="53"/></proof>
+ </goal>
+ <goal name="VC incr_1.29" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC incr_1.30" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr_1.31" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.05" steps="132"/></proof>
+ </goal>
+ <goal name="VC incr_1.32" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="56"/></proof>
+ </goal>
+ <goal name="VC incr_1.33" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.11" steps="115"/></proof>
+ </goal>
+ <goal name="VC incr_1.34" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr_1.35" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr_1.36" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="43"/></proof>
+ </goal>
+ <goal name="VC incr_1.37" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC incr_1.38" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC incr_1.39" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC incr_1.40" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="123"/></proof>
+ </goal>
+ <goal name="VC incr_1.41" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.42" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.43" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.44" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.05" steps="51"/></proof>
+ </goal>
+ <goal name="VC incr_1.45" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="67"/></proof>
+ </goal>
+ <goal name="VC incr_1.46" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="70"/></proof>
+ </goal>
+ <goal name="VC incr_1.47" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.48" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC incr_1.49" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC incr_1.49.0" expl="VC for incr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC incr_1.49.1" expl="VC for incr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC incr_1.49.2" expl="VC for incr_1" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="44"/></proof>
+ </goal>
+ <goal name="VC incr_1.49.3" expl="VC for incr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC incr_1.50" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC incr_1.51" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="26"/></proof>
+ </goal>
+ <goal name="VC incr_1.52" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="40"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+</file>
+</why3session>
diff --git a/examples/multiprecision/add/why3shapes.gz b/examples/multiprecision/add/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..62d04273f3f86547bb4dc5f9a51c1c695bcbd336
Binary files /dev/null and b/examples/multiprecision/add/why3shapes.gz differ
diff --git a/examples/multiprecision/compare.mlw b/examples/multiprecision/compare.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..acbda8e76b21bd3d006bd80ea288c87c52ac073e
--- /dev/null
+++ b/examples/multiprecision/compare.mlw
@@ -0,0 +1,87 @@
+module Compare
+
+ use import int.Int
+ use import mach.int.Int32
+ use import mach.int.UInt64GMP as Limb
+ use import int.Power
+ use import ref.Ref
+ use import mach.c.C
+ use import map.Map
+ use import types.Types
+ use import lemmas.Lemmas
+
+ function compare_int (x y:int) : int =
+ if x < y then -1 else if x=y then 0 else 1
+
+ (** [compare_same_size] compares [x[0..sz-1]] and [y[0..sz-1]] as unsigned integers. It corresponds to [GMPN_CMP]. *)
+ let compare_same_size (x y:t) (sz:int32) : int32
+ requires { valid x sz }
+ requires { valid y sz }
+ ensures { result = compare_int (value x sz) (value y sz) }
+ =
+ let i = ref sz in
+ try
+ while Int32.(>=) !i (Int32.of_int 1) do
+ variant { p2i !i }
+ invariant { 0 <= !i <= sz }
+ invariant { forall j. !i <= j < sz ->
+ (pelts x)[x.offset+j] = (pelts y)[y.offset+j] }
+ assert { forall j. 0 <= j < sz - !i ->
+ let k = !i+j in
+ !i <= k < sz ->
+ (pelts x)[x.offset+k] = (pelts y)[y.offset+k] /\
+ (pelts x)[!i+x.offset+j] = (pelts y)[!i+y.offset+j] };
+ value_sub_frame_shift (pelts x) (pelts y) (p2i !i+x.offset)
+ (p2i !i+y.offset) ((p2i sz) - (p2i !i));
+ let ghost k = p2i !i in
+ i := Int32.(-) !i (Int32.of_int 1);
+
+ assert { 0 <= !i < sz };
+ let lx = get_ofs x !i in
+ let ly = get_ofs y !i in
+ if (not (Limb.(=) lx ly))
+ then begin
+ value_sub_concat (pelts x) x.offset (x.offset+k) (x.offset+p2i sz);
+ value_sub_concat (pelts y) y.offset (y.offset+k) (y.offset+p2i sz);
+ assert { compare_int (value x sz)
+ (value y sz)
+ = compare_int (value x k) (value y k) };
+ value_sub_tail (pelts x) x.offset (x.offset+k-1);
+ value_sub_tail (pelts y) y.offset (y.offset+k-1);
+ if Limb.(>) lx ly
+ then begin
+ value_sub_upper_bound (pelts y) y.offset (y.offset+k-1);
+ value_sub_lower_bound (pelts x) x.offset (x.offset+k-1);
+ assert { value x k - value y k =
+ (l2i lx - ly) * (power radix (k-1))
+ - ((value y (k-1)) - (value x (k-1)))
+ };
+ assert { (lx - ly) * (power radix (k-1))
+ >= power radix (k-1)
+ > ((value y (k-1)) - (value x (k-1)))
+ };
+ raise Return32 (Int32.of_int 1)
+ end
+ else begin
+ assert { ly > lx };
+ value_sub_upper_bound (pelts x) x.offset (x.offset+k-1);
+ value_sub_lower_bound (pelts y) y.offset (y.offset+k-1);
+ assert { value y k - value x k =
+ (ly - lx) * (power radix (k-1))
+ - ((value x (k-1)) - (value y (k-1)))
+ };
+ assert { (ly - lx) * (power radix (k-1))
+ >= power radix (k-1)
+ > ((value x (k-1)) - (value y (k-1)))
+ };
+ raise Return32 (Int32.(-_) (Int32.of_int 1))
+ end
+ end
+ else ()
+ done;
+ value_sub_frame_shift (pelts x) (pelts y) x.offset y.offset (p2i sz);
+ Int32.of_int 0
+ with Return32 r -> r
+ end
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/compare/why3session.xml b/examples/multiprecision/compare/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..fd61f6bc3ef5d40ae95be76939284d9607d6a56e
--- /dev/null
+++ b/examples/multiprecision/compare/why3session.xml
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="1" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="3" name="Z3" version="4.5.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="4" name="Z3" version="4.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="5" name="Alt-Ergo" version="2.0.0" timelimit="5" steplimit="0" memlimit="1000"/>
+<file name="../compare.mlw" proved="true">
+<theory name="Compare" proved="true">
+ <goal name="VC compare_same_size" expl="VC for compare_same_size" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC compare_same_size.0" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="9"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.1" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.03" steps="10"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.2" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="21"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.3" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="39"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.4" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="46"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.5" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5"><result status="valid" time="0.04" steps="24"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.6" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="26"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.7" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="16"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.8" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="28"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.9" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ <proof prover="5"><result status="valid" time="0.06" steps="28"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.10" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ <proof prover="5"><result status="valid" time="0.05" steps="20"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.11" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="21"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.12" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="51"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.13" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ <proof prover="5"><result status="valid" time="0.05" steps="23"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.14" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ <proof prover="5"><result status="valid" time="0.07" steps="24"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.15" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.16" expl="assertion" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC compare_same_size.16.0" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="19"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC compare_same_size.17" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC compare_same_size.17.0" expl="VC for compare_same_size" proved="true">
+ <proof prover="1" memlimit="2000"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.17.1" expl="VC for compare_same_size" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC compare_same_size.18" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.19" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.20" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.05" steps="26"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.21" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.22" expl="assertion" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC compare_same_size.22.0" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.05" steps="20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC compare_same_size.23" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC compare_same_size.23.0" expl="VC for compare_same_size" proved="true">
+ <proof prover="1" memlimit="2000"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.23.1" expl="VC for compare_same_size" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC compare_same_size.24" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5"><result status="valid" time="0.23" steps="43"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.25" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.26" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.27" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.03" steps="20"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.28" expl="loop invariant preservation" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="20"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.29" expl="loop invariant preservation" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="44"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.30" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="43"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.31" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC compare_same_size.32" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="37"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+</file>
+</why3session>
diff --git a/examples/multiprecision/compare/why3shapes.gz b/examples/multiprecision/compare/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..d96164e40957441c3c528c27d1ae5e976946bc0a
Binary files /dev/null and b/examples/multiprecision/compare/why3shapes.gz differ
diff --git a/examples/multiprecision/div.mlw b/examples/multiprecision/div.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..5ff4e649d008f8ca3a7a0f06880f8f8f2f4a89ed
--- /dev/null
+++ b/examples/multiprecision/div.mlw
@@ -0,0 +1,4433 @@
+module Div
+
+ use import int.Int
+ use import mach.int.Int32
+ use import mach.int.UInt64GMP as Limb
+ use import int.Power
+ use import ref.Ref
+ use import mach.c.C
+ use import array.Array
+ use import map.Map
+ use import types.Types
+ use import lemmas.Lemmas
+ use import compare.Compare
+ use import util.Util
+ use import add.Add
+ use import sub.Sub
+ use import logical.Logical
+ use import int.EuclideanDivision
+
+ (** Based on Niels Möller and Torbjörn Granlund, “Improved
+ division by invariant integers” 2010 *)
+
+ use int.MinMax as MM
+
+ predicate reciprocal (v d:limb) =
+ v = (div (radix*radix - 1) (d)) - radix
+
+ let lemma fact_div (x y z:int)
+ requires { y > 0 }
+ ensures { div (x + y * z) y = (div x y) + z }
+ =
+ assert { x + y * z = y * (div (x + y * z) y) + mod (x + y * z) y
+ so mod (x + y * z) y = mod (y * z + x) y = mod x y
+ so x + y * z = y * (div (x + y * z) y) + mod x y
+ so
+ x = y * div x y + mod x y
+ so x + y * z = y * div x y + mod x y + y * z
+ so y * (div (x + y * z) y) + mod x y
+ = y * div x y + mod x y + y * z
+ so y * (div (x + y * z) y) = y * div x y + y * z
+ = y * ((div x y) + z)
+ so y <> 0
+ so div (x + y * z) y = div x y + z
+ }
+
+ let invert_limb (d:limb) : limb
+ requires { d >= div radix 2 }
+ ensures { reciprocal result d }
+ =
+ let v = div2by1 (Limb.of_int max_uint64)
+ (Limb.(-) (Limb.of_int max_uint64) d)
+ d in
+ fact_div (radix * radix - 1) (l2i d) (- radix);
+ assert { v = (div (radix*radix - 1) (d)) - radix
+ by
+ radix - 1 + radix * (radix - 1 - d)
+ = radix - 1 + radix * (radix - 1) - radix * d
+ = radix - 1 + radix * radix - radix - radix * d
+ = radix * radix - 1 - radix * d
+ so
+ radix - 1 + radix * (radix - 1 - d)
+ = radix * radix - 1 - radix * d
+ so
+ v
+ = div ((radix - 1) + radix * (radix - 1 - d)) (d)
+ = div (radix * radix - 1 - radix * d) (d)
+ = div (radix * radix - 1) (d) - radix
+ };
+ v
+
+ (** Divide a two-word integer by a one-word integer given the
+ reciprocal of the divisor. *)
+ let div2by1_inv (uh ul d v:limb) : (limb,limb)
+ requires { d >= div radix 2 }
+ requires { uh < d }
+ requires { reciprocal v d }
+ returns { q, r -> l2i q * d + l2i r = ul + radix * uh }
+ returns { _q, r -> 0 <= l2i r < d }
+ =
+ let zero = Limb.of_int 0 in
+ let one = Limb.of_int 1 in
+ let ghost k = radix * radix - (radix + l2i v) * l2i d in
+ let ghost u = l2i ul + radix * l2i uh in
+ assert { 1 <= k <= d };
+ let l,h = mul_double v uh in
+ let sl,c = add_with_carry l ul zero in
+ let (sh,ghost c') = add_with_carry uh h c in (* <c',sh,sl> = <uh, ul> + <h,l> *)
+ assert { sl + radix * sh + radix * radix * c'
+ = l + radix * h + ul + radix * uh };
+ assert { c' = 0
+ by
+ uh < d
+ so v * uh <= v * d
+ so k = radix * radix - (radix + v) * d
+ = radix * radix - radix * d - v * d
+ so v * d = radix * radix - radix * d - k
+ = radix * (radix - d) - k
+ so k > 0
+ so v * d < radix * (radix - d)
+ so v * uh < radix * (radix - d)
+ so l + radix * h = v * uh
+ so l + radix * h < radix * (radix - d)
+ so uh <= d - 1
+ so radix * uh <= radix * (d - 1) = radix * d - radix
+ so l + radix * h + radix * uh
+ < radix * (radix - d) + radix * uh
+ <= radix * (radix - d) + radix * d - radix
+ <= radix * (radix - d + d) - radix = radix * radix - radix
+ so ul < radix
+ so l + radix * h + ul + radix * uh
+ = l + radix * h + radix * uh + ul
+ < radix * radix - radix + ul
+ < radix * radix - radix + radix = radix * radix
+ so sl + radix * sh + radix * radix * c'
+ = l + radix * h + ul + radix * uh
+ < radix * radix
+ so radix * radix * c' <= sl + radix * sh + radix * radix * c'
+ so radix * radix * c' < radix * radix
+ };
+ assert { sl + radix * sh = l + radix * h + ul + radix * uh
+ = v * uh + ul + radix * uh
+ = ul + (radix + v) * uh };
+ let qh = ref (sh:limb) in
+ let ql = ref sl in
+ let ghost q0 = l2i !ql in
+ let ghost cq = l2i sh + 1 in (*candidate quotient*)
+ let ghost cr = l2i ul - cq * l2i d + radix * l2i uh in (*candidate remainder*)
+ assert { cq * d + cr = u};
+ qh := add_mod !qh one;
+ assert { !qh = mod cq radix };
+ let p = mul_mod !qh d in
+ let r = ref (sub_mod ul p) in
+ let ghost r' = !r in
+ assert { r' = mod cr radix
+ by
+ let a = (- div (!qh * d) radix) in
+ r' = !r
+ = mod (ul - p) radix
+ = mod (ul - mod (!qh * d) radix) radix
+ = mod (radix * a
+ + ul - mod (!qh * d) radix) radix
+ = mod (ul - mod (!qh * d) radix
+ - radix * div (!qh * d) radix) radix
+ = mod (ul - !qh * d) radix
+ = mod (ul - mod cq radix * d) radix
+ = mod (radix * (- (div cq radix)) * d + ul - mod cq radix * d) radix
+ = mod (ul - (mod cq radix + radix * div cq radix) * d) radix
+ = mod (ul - cq * d) radix
+ = mod (radix * uh + ul - cq * d) radix
+ = mod (ul - cq * d + radix * uh) radix
+ = mod cr radix };
+ assert { radix * cr = uh * k + ul * (radix - d) + q0 * d - radix * d };
+ prod_compat_strict_r (l2i ul) radix (radix - l2i d);
+ prod_compat_strict_r (l2i d) radix (radix - q0);
+ assert { (* Theorem 2 of Möller&Granlund 2010 *)
+ (MM.max (radix - d) (q0 + 1)) - radix <= cr < MM.max (radix - d) q0
+ by radix * cr = uh * k + ul * (radix - d) + q0 * d - radix * d
+ so (uh * k + ul * (radix - d) >= 0
+ by uh >= 0 /\ k >= 0 /\ ul >= 0 /\ radix - d >= 0)
+ so radix * cr >= q0 * d - radix * d
+ so radix * cr >= - radix * d
+ so cr >= - d
+ so radix * cr >= q0 * d - radix * d = (q0 - radix) * d
+ so radix > d
+ so radix - q0 > 0
+ so d * (radix-q0) < radix * (radix - q0)
+ so (q0 - radix) * d > (q0 - radix) * radix
+ so radix * cr > (q0 - radix) * radix
+ so cr > q0 - radix
+ so (let m = MM.max (radix - d) (q0 +1) in
+ cr >= m - radix
+ by (cr + radix >= - d + radix
+ /\ (cr + radix > q0 so cr + radix >= q0 + 1))
+ so cr + radix >= m)
+ so 0 < k <= d so 0 <= uh < d
+ so k * uh < k * d <= d * d
+ so radix * cr < d * d + ul * (radix - d) + q0 * d - radix * d
+ so ul * (radix - d) < radix * (radix - d)
+ so radix * cr < d * d + radix * (radix - d) + q0 * d - radix * d
+ so (radix * cr < (radix - d) * (radix - d) + q0 * d
+ by
+ d * d + radix * (radix - d) + q0 * d - radix * d
+ = radix * (radix - d) + d * d - radix * d + q0 * d
+ = radix * (radix - d) + (d - radix) * d + q0 * d
+ = radix * (radix - d) - d * (radix - d) + q0 * d
+ = (radix - d) * (radix - d) + q0 * d)
+ so let m = MM.max (radix - d) q0 in
+ radix - d <= m
+ so (radix - d) * (radix - d) <= m* (radix - d)
+ so (q0 * d <= m * d by 0 <= q0 <= m /\ 0 < d)
+ so radix * cr < (radix - d) * (radix - d) + q0 * d
+ <= m* (radix - d) + q0 * d
+ <= m* (radix - d) + m * d
+ = m * radix
+ so cr < m
+ };
+ assert { cr >= 0 -> r' = cr };
+ assert { cr < 0 ->
+ ( r' = cr + radix
+ by cr >= MM.max (radix - d) (q0 + 1) - radix
+ so cr >= - d
+ so cr + radix >= radix - d >= 0
+ so 0 <= cr + radix < radix
+ so mod (cr + radix) radix = mod cr radix
+ so r' = mod (cr + radix) radix ) };
+ assert { cr < 0 ->
+ ( !r > !ql
+ by MM.max (radix - d) (q0 + 1) >= q0 + 1 > q0
+ so cr >= (MM.max (radix - d) (q0 +1)) - radix > q0 - radix
+ so r' = cr + radix > q0 - radix + radix = q0 ) };
+ assert { 1 <= cq <= radix };
+ assert { (!qh = cq \/ (!qh = 0 /\ cq = radix)
+ by (1 <= cq < radix -> !qh = mod cq radix = cq)
+ so (cq = radix -> !qh = 0) ) };
+ assert { cq = radix ->
+ (cr < 0
+ by cq * d + cr = u
+ so uh <= d - 1
+ so 1 + uh <= d
+ so ul < radix
+ so u = ul + radix * uh
+ < radix + radix * uh
+ = radix * (1 + uh)
+ <= radix * d
+ so u < radix * d
+ so radix * d + cr = u
+ so radix * d + cr < radix * d
+ so cr < 0) };
+ assert { 1 <= cq < radix -> !qh = cq /\ !qh * d + cr = u };
+ if Limb.(>) !r !ql
+ then
+ begin
+ qh := sub_mod !qh one;
+ r := add_mod !r d;
+ assert { cr >= 0 ->
+ (!r = cr + d
+ by r' = cr
+ so r' < MM.max (radix - d) q0
+ so r' > q0
+ so 0 <= r' < radix - d
+ so d <= r' + d < radix
+ so !r = mod (r' + d) radix = r' + d) };
+ assert { cr >= 0 ->
+ ( !r >= d
+ by r' = cr >= 0
+ so !r = r' + d >= d ) };
+ assert { cr < 0 ->
+ ( !r = r' + d - radix
+ by r' = cr + radix < radix
+ so cr >= MM.max (radix - d) (q0 + 1) - radix
+ >= radix - d - radix = - d
+ so r' = cr + radix >= radix - d
+ so !r = mod (r' + d) radix
+ so radix + radix >= r' + d >= radix
+ so !r = mod (r' + d) radix = r' + d - radix ) };
+ assert { cr < 0 ->
+ ( 0 <= !r < d
+ by r' = cr + radix < radix
+ so !r = mod (r' + d) radix = r' + d - radix
+ so !r >= 0
+ so !r = r' + d - radix < d ) };
+ assert { cq = radix ->
+ ( !qh * d + !r = u
+ by cq * d + cr = u
+ so cr < 0
+ so r' = cr + radix
+ so u = radix * d + cr
+ = (radix - 1) * d + d + cr
+ = (radix - 1) * d + d + r' - radix
+ so r' = cr + radix >= MM.max (radix - d) (q0 + 1)
+ >= radix - d
+ so radix + radix >= d + r' >= radix
+ so !r = mod (d + r') radix = d + r' - radix
+ so (radix - 1) * d + !r = u
+ so !qh = mod ((mod cq radix) - 1) radix
+ = mod (-1) radix
+ = radix - 1
+ so !qh * d + !r = u
+ ) };
+ assert { !r = cr + d by [@case_split] cr >= 0 \/ cr < 0 };
+ assert { 1 <= cq <= radix ->
+ ( !qh * d + !r = u
+ by cq * d + cr = u
+ so !qh = cq - 1
+ so !qh * d + cr + d = u
+ so !r = cr + d ) };
+ end
+ else
+ begin
+ assert { cr >= 0 };
+ assert { 1 <= cq < radix };
+ end;
+ assert { !qh * d + !r = ul + radix * uh
+ by [@case_split] cq = radix \/ 1 <= cq < radix };
+ if Limb.(>=) !r d
+ then begin
+ assert { cr >= 0 };
+ assert { !qh < radix - 1
+ by
+ !qh * d = ul + radix * uh - !r
+ so uh <= d - 1
+ so ul + radix * uh - !r
+ <= ul + radix * (d - 1) - !r
+ = ul + radix * d - radix - !r
+ = (ul - radix) + radix * d - !r
+ < radix * d - !r
+ <= radix * d - d
+ = (radix - 1) * d
+ so !qh * d < (radix - 1) * d
+ so d > 0
+ so !qh < radix - 1 };
+ qh := Limb.(+) !qh one;
+ r := Limb.(-) !r d;
+ assert { 0 <= !r < d };
+ assert { !qh * d + !r = ul + radix * uh };
+ end;
+ assert { 0 <= !r < d };
+ assert { !qh * d + !r = ul + radix * uh };
+ (!qh,!r)
+
+(** [divmod_1 q x y sz] divides [(x,sz)] by [y], writes the quotient
+ in [(q, sz)] and returns the remainder. Corresponds to
+ [mpn_divmod_1]. *)
+(* TODO develop further decimal points (qxn) *)
+let divmod_1 (q x:t) (y:limb) (sz:int32) : limb
+ requires { valid x sz }
+ requires { valid q sz }
+ requires { 0 < sz }
+ requires { 0 < y }
+ ensures { value x sz
+ = value q sz * y + result }
+ ensures { result < y }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let zero = Int32.of_int 0 in
+ let one = Int32.of_int 1 in
+ let msb = Int32.(-) sz one in
+ let lx = ref limb_zero in
+ let i = ref msb in
+ let r = ref limb_zero in
+ (*normalize divisor*)
+ let clz = count_leading_zeros y in
+ if (Int32.(>) clz zero)
+ then begin
+ let ghost mult = power 2 (p2i clz) in
+ let ry = lsl y (Limb.of_int32 clz) in
+ assert { ry = mult * y };
+ let ghost tlum = power 2 (Limb.length - p2i clz) in
+ assert { tlum * mult = radix };
+ let v = invert_limb ry in
+ while (Int32.(>=) !i zero) do
+ variant { p2i !i }
+ invariant { -1 <= !i <= msb }
+ invariant { !r < ry }
+ invariant { mult * value_sub (pelts x) (x.offset + !i + 1) (x.offset + sz)
+ = value_sub (pelts q) (q.offset + !i + 1)
+ (q.offset + sz)
+ * ry
+ + !r }
+ invariant { !r <= radix - mult }
+ invariant { mod (!r) mult = 0 }
+ assert { !i >= 0 };
+ label StartLoop in
+ lx := C.get_ofs x !i;
+ (*TODO lshift in place would simplify things*)
+ let l,h = lsld_ext !lx (Limb.of_int32 clz) in
+ mod_mult mult (l2i y) 0;
+ assert { !r + h < ry
+ by
+ let drm = div (!r) mult in
+ let dym = div (ry) mult in
+ mod (!r) mult = 0
+ so !r = mult * drm
+ so mod (ry) mult
+ = mod (mult * (y) + 0) mult
+ = mod 0 mult
+ = 0
+ so ry = mult * dym
+ so !r < ry
+ so 0 < ry - !r
+ = mult * dym - mult * drm
+ = mult * (dym - drm)
+ so mult > 0
+ so dym - drm > 0
+ so dym >= drm + 1
+ so h < mult
+ so !r + h = mult * drm + h
+ < mult * drm + mult
+ = mult * (drm + 1)
+ <= mult * dym = l2i ry };
+ assert { !r + h < radix by
+ !r + h < ry < radix };
+ let (qu,rem) = div2by1_inv (Limb.(+) !r h) l ry v in
+ mod_mult mult (l2i y * l2i qu) (l2i rem);
+ mod_mult mult (tlum * (l2i !r + l2i h)) (l2i l);
+ assert { mod (rem) mult = 0
+ by
+ ry * qu + rem
+ = (radix * (!r + h) + l)
+ so
+ mult * y * qu + rem
+ = (mult * tlum * (!r + h) + l)
+ so mod (mult * y * qu + rem) mult
+ = mod (mult * tlum * (!r + h) + l) mult
+ so mult > 0
+ so mod (mult * (y * qu) + rem) mult
+ = mod (rem) mult
+ so mod (mult * tlum * (!r + h) + l) mult
+ = mod (l) mult
+ = 0
+ };
+ let ghost mer = div (l2i rem) mult in
+ assert { rem <= radix - mult
+ by
+ mod (rem) mult = 0
+ so mult * mer = l2i rem < radix = mult * tlum
+ so mult > 0
+ so 0 < mult * tlum - mult * mer = mult * (tlum - mer)
+ so tlum - mer > 0
+ so mer < tlum
+ so rem = mult * mer <= mult * (tlum - 1) = radix - mult
+ };
+ r:=rem;
+ assert { qu * ry + !r = l + radix * h + radix * (!r at StartLoop) };
+ (* coerced div2by1 postcondition *)
+ value_sub_update_no_change (pelts q) (q.offset + p2i !i)
+ (q.offset + 1 + p2i !i)
+ (q.offset + p2i sz) qu;
+ C.set_ofs q !i qu;
+ assert { mult * value_sub (pelts x) (x.offset + !i + 1) (x.offset + sz)
+ = value_sub (pelts q) (q.offset + !i + 1)
+ (q.offset + sz)
+ * ry
+ + (!r at StartLoop) }; (* previous invariant is still true *)
+ value_sub_head (pelts x) (x.offset + int32'int !i) (x.offset + p2i sz);
+ value_sub_head (pelts q) (q.offset + int32'int !i) (q.offset + p2i sz);
+ assert { l + radix * h = mult * !lx }; (*lsld_ext postcondition *)
+ assert { mult * value_sub (pelts x) (x.offset + !i)
+ (x.offset + sz)
+ = mult * !lx
+ + radix * (mult * value_sub (pelts x) (x.offset + !i + 1)
+ (x.offset + sz))
+ by (pelts x)[x.offset + !i] = !lx
+ so value_sub (pelts x) (x.offset + !i) (x.offset + sz)
+ = !lx + radix * value_sub (pelts x) (x.offset + !i + 1)
+ (x.offset + sz) }; (*nonlinear*)
+ assert { value_sub (pelts q) (q.offset + !i) (q.offset + sz) * ry
+ = qu * ry
+ + radix
+ * (value_sub (pelts q) (q.offset + !i + 1) (q.offset + sz)
+ * ry)
+ by (pelts q)[q.offset + !i] = qu
+ so value_sub (pelts q) (q.offset + !i) (q.offset + sz)
+ = qu + radix * value_sub (pelts q) (q.offset + !i + 1)
+ (q.offset + sz) }; (*nonlinear*)
+ assert { mult * value_sub (pelts x) (x.offset + !i)
+ (x.offset + sz)
+ = value_sub (pelts q) (q.offset + !i) (q.offset + sz)
+ * ry
+ + !r
+ (* by
+ (pelts q)[q.offset + k] = qu
+ so
+ (pelts x)[x.offset + k] = !lx
+ so
+ l + radix * h = !lx * mult
+ so
+ mult * value_sub (pelts x) (x.offset + !i + 1)
+ (x.offset + sz)
+ = mult * value_sub (pelts x) (x.offset + k) (x.offset + sz)
+ = mult * ((pelts x)[x.offset + k]
+ + radix * value_sub (pelts x) (x.offset + k + 1)
+ (x.offset + sz))
+ = mult * !lx
+ + mult * radix * value_sub (pelts x) (x.offset + k + 1)
+ (x.offset + sz)
+ = l + radix * h
+ + mult * radix * value_sub (pelts x) (x.offset + k + 1)
+ (x.offset + sz)
+ = l + radix * h
+ + radix * (value_sub (pelts q) (q.offset + k + 1)
+ (q.offset + sz)
+ * ry
+ + (!r at StartLoop))
+ = l + radix * h + radix * (!r at StartLoop)
+ + radix * (value_sub (pelts q) (q.offset + k + 1)
+ (q.offset + sz)
+ * ry)
+ = l + radix * (h + (!r at StartLoop))
+ + radix * (value_sub (pelts q) (q.offset + k + 1)
+ (q.offset + sz)
+ * ry)
+ = qu * ry + !r
+ + radix * value_sub (pelts q) (q.offset + k + 1)
+ (q.offset + sz)
+ * ry
+ = (pelts q)[q.offset + k] * ry + !r
+ + radix * value_sub (pelts q) (q.offset + k + 1)
+ (q.offset + sz)
+ * ry
+ = ry * ((pelts q)[q.offset + k]
+ + radix * value_sub (pelts q) (q.offset + k + 1)
+ (q.offset + sz))
+ + !r
+ = ry * value_sub (pelts q) (q.offset + !i + 1)
+ (q.offset + sz)
+ + !r *)
+ };
+ i := Int32.(-) !i one;
+ done;
+ let ghost res = lsr !r (Limb.of_int32 clz) in
+ assert { value x sz = value q sz * y + res
+ by !r = res * mult
+ so mult * value x sz
+ = value q sz * ry + !r
+ = value q sz * y * mult + !r
+ = value q sz * y * mult + res * mult
+ = (value q sz * y + res) * mult };
+ lsr !r (Limb.of_int32 clz) end
+ else begin
+ let v = invert_limb y in
+ while (Int32.(>=) !i zero) do
+ variant { p2i !i }
+ invariant { -1 <= !i <= msb }
+ invariant { !r < y }
+ invariant { value_sub (pelts x) (x.offset + !i + 1) (x.offset + sz)
+ = value_sub (pelts q) (q.offset + !i + 1)
+ (q.offset + sz)
+ * y
+ + !r }
+ assert { !i >= 0 };
+ label StartLoop in
+ let ghost k = p2i !i in
+ lx := C.get_ofs x !i;
+ let (qu, rem) = div2by1_inv !r !lx y v in
+ r := rem;
+ value_sub_update_no_change (pelts q) (q.offset + p2i !i)
+ (q.offset + 1 + p2i !i)
+ (q.offset + p2i sz) qu;
+ C.set_ofs q !i qu;
+ i := Int32.(-) !i one;
+ value_sub_head (pelts x) (x.offset + k) (x.offset + p2i sz);
+ value_sub_head (pelts q) (q.offset + k) (q.offset + p2i sz);
+ assert { value_sub (pelts x) (x.offset + !i + 1) (x.offset + sz)
+ = value_sub (pelts q) (q.offset + !i + 1)
+ (q.offset + sz)
+ * y
+ + !r
+ by (pelts q)[q.offset + k] = qu
+ so (pelts x)[x.offset + k] = !lx
+ so value_sub (pelts x) (x.offset + !i + 1) (x.offset + sz)
+ = value_sub (pelts x) (x.offset + k) (x.offset + sz)
+ = !lx + radix * value_sub (pelts x) (x.offset + k + 1)
+ (x.offset + sz)
+ = !lx + radix * (value_sub (pelts q) (q.offset + k + 1)
+ (q.offset + sz)
+ * y + (!r at StartLoop))
+ = !lx + radix * (!r at StartLoop)
+ + radix * (value_sub (pelts q) (q.offset + k + 1)
+ (q.offset + sz)
+ * y)
+ = qu * y + !r
+ + radix * (value_sub (pelts q) (q.offset + k + 1)
+ (q.offset + sz)
+ * y)
+ = (qu + radix * value_sub (pelts q) (q.offset + k + 1)
+ (q.offset + sz))
+ * y
+ + !r
+ = value_sub (pelts q) (q.offset + !i + 1)
+ (q.offset + sz)
+ * y
+ + !r };
+ done;
+ !r
+ end
+
+
+ predicate reciprocal_3by2 (v dh dl:limb) =
+ v = div (radix*radix*radix -1) (dl + radix * dh) - radix
+
+ let div3by2_inv (uh um ul dh dl v: limb) : (limb,limb,limb)
+ requires { dh >= div radix 2 }
+ requires { reciprocal_3by2 v dh dl }
+ requires { um + radix * uh < dl + radix * dh }
+ returns { q, rl, rh -> uint64'int q * dl + radix * q * dh
+ + uint64'int rl + radix * uint64'int rh
+ = ul + radix * um + radix * radix * uh }
+ returns { _q, rl, rh -> 0 <= uint64'int rl + radix * uint64'int rh < dl + radix * dh }
+ =
+ let ghost d = l2i dl + radix * l2i dh in
+ let ghost u = l2i ul + radix * (l2i um + radix * l2i uh) in
+ let zero = Limb.of_int 0 in
+ let one = Limb.of_int 1 in
+ let q1 = ref zero in
+ let r0 = ref zero in
+ let r1 = ref zero in
+ let l,h = mul_double v uh in
+ let sl, c = add_with_carry um l zero in
+ let sh, ghost c' = add_with_carry uh h c in
+ assert { sl + radix * sh + radix * radix * c'
+ = um + radix * uh + v * uh };
+ assert { c' = 0
+ by
+ um + radix * uh < d
+ so radix * uh < d
+ so radix * (um + radix * uh + v * uh)
+ < radix * (d + v * uh)
+ = radix * d + v * radix * uh
+ <= radix * d + v * d
+ = (div (radix * radix * radix - 1) d) * d
+ <= radix * radix * radix - 1
+ < radix * radix * radix
+ so um + radix * uh + v * uh < radix * radix
+ so sl + radix * sh + radix * radix * c' < radix * radix
+ so radix * radix * c' < radix * radix
+ };
+ q1 := sh;
+ let ghost q0 = l2i sl in
+ let ghost cq = l2i !q1 + 1 in (*candidate quotient*)
+ q1 := add_mod !q1 one;
+ assert { !q1 = mod cq radix };
+ let p = mul_mod dh sh in
+ r1 := sub_mod um p;
+ label CQuot in
+ let ghost a = div (l2i um - l2i dh * l2i sh) radix in
+ (*assert { um - dh * sh = a * radix + !r1
+ by !r1 = mod (um - dh * sh) radix };*)
+ let tl, th = mul_double sh dl in
+ let il, b = sub_with_borrow ul tl zero in
+ let (ih, ghost b') = sub_with_borrow !r1 th b in
+ assert { il + radix * ih - radix * radix * b'
+ = ul + radix * !r1 - sh * dl };
+ let bl,b2 = sub_with_borrow il dl zero in
+ let bh, ghost b2' = sub_with_borrow ih dh b2 in
+ assert { bl + radix * bh - radix * radix * b2'
+ = il + radix * ih - dl - radix * dh };
+ mod_mult (radix * radix) (l2i b')
+ (l2i ul + radix * l2i !r1 - l2i sh * l2i dl - l2i dl
+ - radix * l2i dh);
+ assert { bl + radix * bh
+ = mod (ul + radix * !r1
+ - sh * dl- dl
+ - radix * dh) (radix * radix)
+ by
+ bl + radix * bh
+ = mod (il + radix * ih
+ - dl - radix * dh) (radix * radix)
+ so il + radix * ih
+ = radix * radix * b' + ul + radix * !r1
+ - sh * dl
+ so mod (il + radix * ih
+ - dl - radix * dh) (radix * radix)
+ = mod (radix * radix * b' + ul + radix * !r1
+ - sh * dl - dl - radix * dh)
+ (radix * radix)
+ = mod (ul + radix * !r1
+ - sh * dl - dl
+ - radix * dh) (radix * radix) };
+ r1 := bh;
+ r0 := bl;
+ let ghost r' = l2i !r0 + radix * l2i !r1 in
+ let ghost cr = u - d * cq in
+ assert { r' = mod cr(radix * radix)
+ by
+ (!r1 at CQuot = mod (um - dh * sh) radix
+ by let a' = div (dh * sh) radix in
+ dh * sh = p + radix * a'
+ so !r1 at CQuot = mod (um - p) radix
+ = mod (radix * a' + um - dh * sh) radix
+ = mod (um - dh * sh) radix )
+ so um - dh * sh = a * radix + !r1 at CQuot
+ so !r0 + radix * !r1
+ = mod (ul + radix * (!r1 at CQuot)
+ - sh * dl - dl
+ - radix * dh) (radix * radix)
+ so ul + radix * (!r1 at CQuot)
+ - sh * dl - dl - radix * dh
+ = ul + radix * (um - dh * sh - a * radix)
+ - sh * dl - dl - radix * dh
+ = ul + radix * um - radix * dh * sh
+ - radix * radix * a - sh * dl - dl
+ - radix * dh
+ = ul + radix * um - radix * dh * (sh + 1)
+ - radix * radix * a - sh * dl - dl
+ = ul + radix * um - radix * dh * (sh + 1)
+ - radix * radix * a - dl * (sh + 1)
+ = ul + radix * um
+ - (dl + radix * dh) * (sh + 1)
+ - radix * radix * a
+ = ul + radix * um - d * cq - radix * radix * a
+ = u - radix * radix * uh - d * cq - radix * radix * a
+ = cr + radix * radix * (- a - uh)
+ so (*let y = - a - uh in*)
+ mod (ul + radix * (!r1 at CQuot)
+ - sh * dl - dl
+ - radix * dh) (radix * radix)
+ = mod (radix * radix * (-a - uh) + cr)
+ (radix * radix)
+ = mod cr (radix*radix)
+ };
+ let ghost m = MM.max (radix * radix - d) (q0 * radix) in
+ assert { (* Theorem 3 of Moller&Granlund 2010 *)
+ m - radix * radix <= cr < m
+ by
+ let k = radix * radix * radix - (radix + v) * d in
+ reciprocal_3by2 v dh dl
+ so let m3 = radix * radix * radix - 1 in
+ (radix + v) * d = d * div m3 d = m3 - mod m3 d
+ so (k = 1 + mod m3 d
+ by k = radix * radix * radix - (radix + v) * d
+ = m3 + 1 - (radix + v) * d
+ = m3 + 1 - m3 + mod m3 d
+ = 1 + mod m3 d)
+ so 1 <= k <= d
+ so q0 + radix * sh = (radix + v) * uh + um
+ so cq = sh + 1
+ so radix * cq = radix * sh + radix
+ = (radix + v) * uh + um - q0 + radix
+ so (radix * cr = k * uh + (radix * radix - d) * um
+ + radix * ul + d * q0 - d * radix
+ by radix * cr = radix * (u - cq * d)
+ = radix * u
+ - ((radix + v) * uh + um - q0 + radix) * d
+ = radix * u - d * (radix + v) * uh
+ - d * um + d * q0 - d * radix
+ = radix * u - (radix * radix * radix - k) * uh
+ - d * um + d * q0 - d * radix
+ = (radix * radix * radix * uh + radix * radix * um
+ + radix * ul) - (radix * radix * radix - k) * uh
+ - d * um + d * q0 - d * radix
+ = k * uh + radix * radix * um + radix * ul
+ - d * um + d * q0 - d * radix
+ = k * uh + (radix * radix - d) * um + radix * ul
+ + d * q0 - d * radix )
+ so (cr >= m - radix * radix
+ by (
+ k >= 0 so radix * radix - d >= 0
+ so uh >= 0 so um >= 0 so ul >= 0
+ so k * uh + (radix * radix - d) * um + radix * ul
+ >= 0
+ so radix * cr >= d * q0 - d * radix
+ so q0 >= 0 so d >= 0
+ so d * q0 >= 0
+ so radix * cr >= - d * radix
+ so cr >= -d = radix * radix - d - radix * radix
+ so radix * cr >= d * (q0 - radix)
+ so (
+ (radix - q0) * d < (radix - q0) * radix * radix
+ by let rq = radix - q0 in let r2 = radix * radix in
+ rq > 0 /\ d < r2
+ so rq * d < rq * r2
+ )
+ so d * (q0 - radix) > radix * radix * (q0 - radix)
+ so radix * cr > radix * radix * (q0 - radix)
+ so cr > radix * (q0 - radix) = radix * q0 - radix * radix
+ ))
+ so cr < m
+ by (
+ let bbd = radix * radix - d in
+ bbd > 0 /\ bbd <= m /\ q0 * radix <= m
+ so (bbd * bbd <= bbd * m
+ by [@case_split]
+ (bbd = m \/ (bbd < m so bbd * bbd < bbd * m)))
+ so (d*(radix * q0) <= d * m
+ by [@case_split]
+ (radix * q0 = m \/ (radix * q0 < m so d > 0 so d * (radix * q0) < d * m)))
+ so if uh <= dh - 1
+ then
+ let dm = dh - 1 in
+ uh <= dm
+ so
+ k * uh <= k * dm
+ so (k * dm <= d * dm
+ by k <= d /\ 0 <= dm
+ so [@case_split] (k = d \/ dm = 0 \/
+ (k < d /\ dm > 0 so k * dm < d * dm)))
+ so k * uh <= d * dm
+ so
+ bbd * um <= bbd * (radix - 1)
+ so
+ radix * cr
+ = k * uh + (radix * radix - d) * um
+ + radix * ul + d * q0 - radix * d
+ <= d * dm + bbd * um
+ + radix * ul + d * q0 - radix * d
+ <= d * dm + bbd * (radix - 1)
+ + radix * ul + d * q0 - radix * d
+ < d * dm + bbd * (radix - 1)
+ + radix * radix + d * q0 - radix * d
+ so radix * radix * cr
+ < radix * (d * dm + bbd * (radix - 1)
+ + radix * radix + d * q0 - radix * d)
+ = d * radix * (dh - 1) + bbd * radix * (radix - 1)
+ + radix * radix * radix + radix * d * q0 - radix * radix * d
+ = d * radix * dh - d * radix + bbd * radix * (radix - 1)
+ + radix * radix * radix + radix * d * q0 - radix * radix * d
+ = d * (d - dl) - d * radix + bbd * radix * (radix - 1)
+ + radix * radix * radix + radix * d * q0 - radix * radix * d
+ = d * d - d * radix + bbd * radix * (radix - 1)
+ + radix * radix * radix + radix * d * q0 - radix * radix * d - d * dl
+ so (d * dl >= 0 by d >= 0 /\ dl >= 0)
+ so radix * radix * cr
+ < d * d - d * radix + bbd * radix * (radix - 1)
+ + radix * radix * radix + radix * d * q0 - radix * radix * d - d * dl
+ <= d * d - d * radix + bbd * radix * (radix - 1)
+ + radix * radix * radix + radix * d * q0 - radix * radix * d
+ = d * d - d * radix + bbd * (radix * radix - radix)
+ + radix * radix * radix + radix * d * q0 - radix * radix * d
+ = d * d - d * radix + bbd * radix * radix - (radix * radix - d) * radix
+ + radix * radix * radix + radix * d * q0 - radix * radix * d
+ = d * d - d * radix + bbd * radix * radix
+ + radix * d - radix * radix * radix
+ + radix * radix * radix + radix * d * q0 - radix * radix * d
+ = d * d + bbd * radix * radix - radix * radix * d + radix * d * q0
+ = bbd * radix * radix - d * (radix * radix - d) + radix * d * q0
+ = bbd * radix * radix - d * bbd + radix * d * q0
+ = bbd * bbd + d * (radix * q0)
+ <= bbd * m + d * (radix * q0)
+ <= bbd * m + d * m
+ = radix * radix * m
+ so cr < m
+ else
+ uh = dh
+ so
+ (um <= dl - 1
+ by um + radix * uh < dl + radix * dh)
+ so (radix * radix - d) * um <= (radix * radix - d) * (dl - 1)
+ so
+ ( radix * radix * cr
+ < radix * radix * m
+ - (radix - dl) * (radix * radix * radix - d * (1+ radix))
+ by radix * cr
+ = k * dh + (radix * radix - d) * um
+ + radix * ul + d * q0 - radix * d
+ <= d * dh + (radix * radix - d) * um
+ + radix * ul + d * q0 - radix * d
+ <= d * dh + (radix * radix - d) * (dl - 1)
+ + radix * ul + d * q0 - radix * d
+ < d * dh + (radix * radix - d) * (dl - 1)
+ + radix * radix + d * q0 - radix * d
+ so radix * radix * cr
+ < radix * (d * dh + (radix * radix - d) * (dl - 1)
+ + radix * radix + d * q0 - radix * d)
+ = d * radix * dh
+ + (radix * radix - d) * (dl - 1) * radix
+ + radix * radix * radix + d * q0 * radix - radix * radix * d
+ = d * (d - dl)
+ + (radix * radix - d) * (radix * dl - radix)
+ + radix * radix * radix + d * q0 * radix - radix * radix * d
+ = d * d - d * dl + radix * radix * radix * dl
+ - d * radix * dl + d * radix - radix * radix * radix
+ + radix * radix * radix + d * q0 * radix - radix * radix * d
+ = d * d - d * dl + radix * radix * radix * dl
+ - d * radix * dl + d * radix + d * q0 * radix
+ - radix * radix * d
+ = d * d - radix * radix * d + d * radix + d * q0 * radix
+ + dl * (radix * radix * radix - d - d * radix)
+ = d * (d - radix * radix) + d * radix + d * q0 * radix
+ + dl * (radix * radix * radix - d - d * radix)
+ = bbd * (-d) + d * radix + d * q0 * radix
+ + dl * (radix * radix * radix - d - d * radix)
+ = bbd * (bbd - radix * radix) + d * radix + d * q0 * radix
+ + dl * (radix * radix * radix - d - d * radix)
+ = bbd * bbd + d * q0 * radix
+ - bbd * radix * radix + d * radix
+ + dl * (radix * radix * radix - d * (1 + radix))
+ = bbd * bbd + d * q0 * radix
+ - (radix * radix - d) * radix * radix + d * radix
+ + dl * (radix * radix * radix - d * (1 + radix))
+ = bbd * bbd + d * q0 * radix
+ - radix * ((radix * radix - d) * radix - d)
+ + dl * (radix * radix * radix - d * (1 + radix))
+ = bbd * bbd + d * q0 * radix
+ - radix * (radix * radix * radix - d * radix - d)
+ + dl * (radix * radix * radix - d * (1 + radix))
+ = bbd * bbd + d * q0 * radix
+ - radix * (radix * radix * radix - d * (1+ radix))
+ + dl * (radix * radix * radix - d * (1 + radix))
+ = bbd * bbd + d * q0 * radix
+ - (radix - dl) * (radix * radix * radix - d * (1+ radix))
+ <= bbd * m + d * q0 * radix
+ - (radix - dl) * (radix * radix * radix - d * (1+ radix))
+ <= bbd * m + d * m
+ - (radix - dl) * (radix * radix * radix - d * (1+ radix))
+ = (bbd + d) * m
+ - (radix - dl) * (radix * radix * radix - d * (1+ radix))
+ = radix * radix * m
+ - (radix - dl) * (radix * radix * radix - d * (1+ radix))
+ )
+ so
+ (cr < m by
+ if d <= radix * (radix - 1)
+ then (radix + 1) * d <= radix * (radix - 1) * (radix + 1)
+ = radix * (radix * radix - 1)
+ = radix * radix * radix - radix
+ < radix * radix * radix
+ so (radix * radix * radix - d * (1+ radix)) > 0
+ so radix - dl > 0
+ so (radix - dl) * (radix * radix * radix
+ - d * (1+ radix))
+ > 0
+ so
+ radix * radix * cr
+ < radix * radix * m
+ - (radix - dl) * (radix * radix * radix
+ - d * (1+ radix))
+ < radix * radix * m
+ so radix * radix * cr < radix * radix * m
+ else
+ dl + radix * dh = d > radix * (radix - 1)
+ so dl < radix
+ so dl + radix * dh < radix * (1 + dh)
+ so radix - 1 < 1 + dh
+ so dh > radix - 2
+ so dh = radix - 1
+ so uh = dh
+ so d >= radix * (radix - 1) +1
+ so d * (radix + 1)
+ >= (radix * (radix - 1) + 1) * (radix +1)
+ = radix * (radix * radix - 1) + radix + 1
+ = radix * radix * radix - radix + radix + 1
+ = radix * radix * radix + 1
+ so
+ (d * div (radix * radix * radix - 1) d
+ <= d * (radix + 1)
+ by d * div (radix * radix * radix - 1) d
+ <= radix * radix * radix - 1
+ < radix * radix * radix + 1
+ <= d * (radix + 1))
+ so (let a = div (radix * radix * radix - 1) d in
+ a < radix + 1
+ by d > 0
+ so (forall x y z. x * z < y * z /\ z > 0 -> x < y)
+ so (forall x y. x * d < y * d -> x < y)
+ so let r = radix + 1 in
+ a * d < r * d
+ so a < r)
+ so v = div (radix * radix * radix - 1) d - radix
+ < radix + 1 - radix = 1
+ so v = 0
+ so sh = uh = radix - 1
+ so cq = sh + 1 = radix
+ so cr = u - cq * d
+ = u - radix * d
+ = ul + radix * (um + radix * dh)
+ - radix * (dl + radix * dh)
+ = ul + radix * (um - dl)
+ so um <= dl - 1
+ so 1 + um - dl <= 0
+ so ul < radix
+ so cr = ul + radix * (um - dl)
+ < radix + radix * (um - dl)
+ = radix * (1 + um - dl) <= 0
+ so cr < 0 <= m
+ )
+ )
+ };
+ assert { cr >= 0 -> r' = cr };
+ assert { cr < 0 -> r' = radix * radix + cr
+ by
+ m >= radix * radix - d
+ so cr >= m - radix * radix >= -d
+ so cr + radix * radix >= radix * radix - d >= 0
+ so 0 <= cr + radix * radix < radix * radix
+ so mod (radix * radix + cr) (radix*radix) = mod cr (radix*radix)
+ so r' = mod (radix * radix + cr) (radix*radix) };
+ assert { cr < 0 -> !r1 >= sl
+ by m >= radix * q0
+ so cr >= m - radix * radix >= radix * q0 - radix * radix
+ so r' = radix * radix + cr >= radix * q0
+ so r' = radix * !r1 + !r0 >= radix * q0
+ so !r0 < radix
+ so r' < radix * !r1 + radix = radix * (!r1 + 1)
+ so radix * q0 < radix * (!r1 + 1)
+ so sl = q0 < !r1 + 1 };
+ assert { 1 <= cq <= radix };
+ assert { 1 <= cq < radix -> !q1 = cq so !q1 * d + cr = u };
+ assert { cq = radix ->
+ (cr < 0
+ by cq * d + cr = u
+ so um + radix * uh <= d - 1
+ so radix * d + cr = ul
+ + radix * (um + radix * uh)
+ <= ul + radix * (d - 1)
+ = ul - radix + radix * d
+ < radix * d
+ )
+ };
+ label PreCorrections in
+ if Limb.(>=) !r1 sl
+ then begin
+ q1 := sub_mod !q1 one;
+ assert { !q1 = cq - 1
+ by
+ if cq = radix
+ then
+ (!q1 at PreCorrections)
+ = mod cq radix = mod radix radix= 0
+ so !q1 = mod (0 - 1) radix = radix - 1 = cq - 1
+ else
+ 0 <= cq - 1 < radix - 1
+ so (!q1 at PreCorrections) = cq
+ so !q1 = mod (cq - 1) radix = cq - 1
+ };
+ let rl, c = add_with_carry !r0 dl zero in
+ let rh, ghost c' = add_with_carry !r1 dh c in
+ assert { rl + radix * rh = mod (r' + d) (radix * radix)
+ by radix * radix * c' + rl + radix * rh
+ = r' + d
+ so mod (r' + d) (radix * radix)
+ = mod (radix * radix * c' + rl + radix * rh)
+ (radix * radix)
+ = mod (rl + radix * rh) (radix * radix) };
+ assert { rl + radix * rh = cr + d
+ by
+ if cr >= 0
+ then r' = cr
+ so rl + radix * rh = mod (cr + d) (radix * radix)
+ so cr < MM.max (radix * radix - d) (q0*radix)
+ so (cr >= q0 * radix
+ by
+ r' = radix * !r1 + !r0
+ >= radix * !r1
+ >= radix * q0)
+ so cr < radix * radix - d
+ so cr + d < radix * radix
+ so (cr + d >= 0 by cr + d >= cr)
+ so mod (cr + d) (radix * radix) = cr + d
+ else
+ r' = cr + radix * radix
+ so cr >= m - radix * radix
+ so r' >= m >= radix * radix - d
+ so r' + d >= radix * radix
+ so r' < radix * radix
+ so d < radix * radix
+ so r' + d < radix * radix + radix * radix
+ so mod (r' + d) (radix * radix)
+ = r' + d - radix * radix
+ = cr + d
+ };
+ r1 := rh;
+ r0 := rl;
+ assert { !q1 * d + !r0 + radix * !r1 = u
+ by
+ cq * d + cr = u
+ so !q1 = cq - 1
+ so !r0 + radix * !r1 = cr + d
+ so !q1 * d + !r0 + radix * !r1
+ = (cq - 1) * d + cr + d
+ = cq * d - d + cr + d
+ = cq * d + cr };
+ end
+ else assert { !q1 * d + r' = u
+ by cr >= 0
+ so r' = cr
+ so 1 <= cq < radix
+ so !q1 * d + cr = u };
+ assert { !q1 * d + !r0 + radix * !r1 = u };
+ label PreRemAdjust in
+ if [@ex:unlikely] (Limb.(>) !r1 dh) || (Limb.(=) !r1 dh && Limb.(>=) !r0 dl)
+ then begin
+ let bl, b = sub_with_borrow !r0 dl zero in
+ let bh, ghost b'= sub_with_borrow !r1 dh b in
+ assert { b' = 0 };
+ assert { bl + radix * bh = !r0 + radix * !r1 - d };
+ assert { !q1 < radix - 1
+ by !q1 * d + !r0 + radix * !r1 = u
+ so !r0 + radix * !r1 >= d
+ so um + radix * uh <= d - 1
+ so u = ul + radix * (um + radix * uh)
+ <= ul + radix * (d - 1)
+ < radix + radix * (d-1)
+ = radix * d
+ so (!q1 * d < (radix - 1) * d
+ by
+ !q1 * d = u - (!r0 + radix * !r1)
+ <= u - d
+ < radix * d - d
+ = (radix - 1) * d )
+ };
+ q1 := add_mod !q1 one;
+ assert { !q1 = (!q1 at PreRemAdjust) + 1 };
+ r1 := bh;
+ r0 := bl;
+ assert { !q1 * d + !r0 + radix * !r1 = u
+ by
+ !q1 * d + !r0 + radix * !r1
+ = ((!q1 at PreRemAdjust) + 1) * d
+ + (!r0 + radix * !r1 at PreRemAdjust) - d
+ = (!q1 * d + !r0 + radix * !r1 at PreRemAdjust)
+ };
+ end;
+ assert { 0 <= !r0 + radix * !r1 < d };
+ (!q1,!r0,!r1)
+
+ let lemma bounds_imply_rec3by2 (v dh dl:limb)
+ requires { radix * radix * radix - (dl + radix * dh)
+ <= (radix + v) * (dl + radix * dh)
+ < radix * radix * radix }
+ ensures { reciprocal_3by2 v dh dl }
+ = ()
+ (*let ghost d = dl + radix * dh in
+ let ghost w = Limb.of_int (div (radix*radix*radix -1) d - radix) in
+ assert { reciprocal_3by2 w dh dl };
+ let ghost e = v - w in
+ assert { radix * radix * radix - d
+ <= (radix + w) * d
+ < radix * radix * radix };
+ assert { e = 0 }*)
+
+
+ let reciprocal_word_3by2 (dh dl:limb) : limb
+ requires { dh >= div radix 2 }
+ ensures { reciprocal_3by2 result dh dl }
+ =
+ let ghost d = l2i dl + radix * l2i dh in
+ let one = Limb.of_int 1 in
+ let v = ref (invert_limb dh) in
+ assert { radix * radix - dh
+ <= (radix + !v) * dh
+ < radix * radix
+ by
+ radix + !v = div (radix * radix - 1) (dh) };
+ let p = ref (mul_mod dh !v) in
+ assert { (radix + !v) * dh
+ = radix * (radix-1)
+ + !p
+ by
+ mod ((radix + !v) * dh) radix
+ = mod (radix * dh + dh * !v) radix
+ = mod (dh * !v) radix = l2i !p
+ so
+ div ((radix + !v) * dh) radix = radix - 1
+ so
+ (radix + !v) * dh
+ = radix * div ((radix + !v) * dh) radix
+ + mod (dh * !v) radix
+ = radix * (radix - 1) + !p
+ };
+ label Estimate in
+ p := add_mod !p dl;
+ if Limb.(<) !p dl (* carry out *)
+ then begin
+ assert { (!p at Estimate) + dl >= radix };
+ assert { (!p at Estimate) + dl = radix + !p };
+ assert { !v >= 1
+ by
+ (!p at Estimate) + dl >= radix
+ so (!p at Estimate) > 0
+ };
+ assert { (radix + !v) * dh + dl
+ = radix * (radix - 1) + radix + !p };
+ label Carry in
+ if Limb.(>=) !p dh
+ then begin
+ v := Limb.(-) !v one;
+ p := Limb.(-) !p dh;
+ assert { (radix + !v) * dh + dl
+ = radix * (radix - 1) + radix + !p
+ };
+ end;
+ label Borrow in
+ v := Limb.(-) !v one;
+ assert { !p < dh };
+ p := sub_mod !p dh;
+ assert { !p = radix + !p at Borrow - dh };
+ end;
+ assert { (radix + !v) * dh * radix + radix * dl
+ = radix * radix * (radix - 1) + radix * !p
+ by (radix + !v) * dh + dl
+ = radix * (radix - 1) + !p };
+ assert { radix * radix - dh
+ <= (radix + !v) * dh + dl
+ < radix * radix };
+ let tl, th = mul_double !v dl in
+ label Adjust in
+ p := add_mod !p th;
+ if Limb.(<) !p th (* carry out *)
+ then begin
+ assert { (!p at Adjust) + th >= radix };
+ assert { (!p at Adjust) + th = radix + !p
+ by (!p at Adjust) + th < radix + radix
+ so div ((!p at Adjust) + th) radix = 1
+ so !p = mod ((!p at Adjust) + th) radix
+ so (!p at Adjust) + th
+ = radix * div ((!p at Adjust) + th) radix
+ + mod ((!p at Adjust) + th) radix
+ = radix + !p
+ };
+ assert { !v >= 1
+ by
+ th <> 0
+ so !v <> 0
+ };
+ if Limb.(>) !p dh || (Limb.(=) !p dh && Limb.(>=) tl dl)
+ then begin
+ assert { tl + radix * !p >= d };
+ v := Limb.(-) !v one;
+ assert { (radix + !v) * dh * radix + radix * dl
+ + !v * dl
+ = radix * radix * radix
+ + radix * !p + tl - d
+ by
+ (radix + !v) * dh * radix + radix * dl
+ + !v * dl
+ = (radix + !v at Adjust - 1) * dh * radix
+ + radix * dl
+ + (!v at Adjust - 1) * dl
+ = (radix + !v at Adjust) * dh * radix
+ + radix * dl
+ + (!v at Adjust) * dl - radix * dh
+ - dl
+ = radix * radix * (radix - 1) + radix * (!p at Adjust)
+ + (!v at Adjust) * dl - radix * dh
+ - dl
+ = radix * radix * (radix - 1) + radix * (!p at Adjust)
+ + radix * th + tl - d
+ = radix * radix * (radix - 1) + radix * (radix + !p)
+ + tl - d
+ = radix * radix * (radix - 1) + radix * radix + radix * !p
+ + tl - d
+ = radix * radix * radix + radix * !p + tl - d
+ };
+ end;
+ assert { radix * radix * radix
+ <= (radix + !v) * dh * radix + radix * dl
+ + !v * dl
+ < radix * radix * radix + d };
+ v := Limb.(-) !v one;
+ end;
+ bounds_imply_rec3by2 !v dh dl;
+ !v
+
+ let sub3 (x y z:limb) : (limb,limb)
+ returns { (r,d) -> x - y - z = l2i r - radix * l2i d
+ /\ 0 <= d <= 2 }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let u1, b1 = sub_with_borrow x y limb_zero in
+ let u2, b2 = sub_with_borrow u1 z limb_zero in
+ (u2, (Limb.(+) b1 b2))
+
+ (** [submul_limb r x y sz] multiplies [(x, sz)] by [y], substracts the [sz]
+ least significant limbs from [(r, sz)] and writes the result in [(r,sz)].
+ Returns the most significant limb of the product plus the borrow
+ of the substraction. Corresponds to [mpn_submul_1].*)
+ let submul_limb (r x:t) (y:limb) (sz:int32):limb
+ requires { valid x sz }
+ requires { valid r sz }
+ ensures { value r sz - (power radix sz) * result
+ = value (old r) sz
+ - value x sz * y }
+ writes { r.data.elts }
+ ensures { forall j. j < r.offset \/ r.offset + sz <= j ->
+ (pelts r)[j] = (pelts (old r))[j] }
+=
+ let limb_zero = Limb.of_int 0 in
+ let lx = ref limb_zero in
+ let lr = ref limb_zero in
+ let b = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sz do
+ variant { sz - !i }
+ invariant { 0 <= !i <= sz }
+ invariant { value r !i - (power radix !i) * !b
+ = value (old r) !i
+ - value x !i * y }
+ invariant { forall j. !i <= j < sz ->
+ (pelts (old r)) [r.offset+j] = (pelts r)[r.offset + j] }
+ invariant { forall j. j < r.offset \/ r.offset + sz <= j ->
+ (pelts r)[j] = (pelts (old r))[j] }
+ label StartLoop in
+ let ghost k = p2i !i in
+ lx := get_ofs x !i;
+ lr := get_ofs r !i;
+ assert { !lr = (pelts (old r))[r.offset + !i] };
+ let rl, rh = Limb.mul_double !lx y in
+ let res, borrow = sub3 !lr rl !b in
+ value_sub_tail (pelts r) r.offset (r.offset + k);
+ value_sub_tail (pelts x) x.offset (x.offset + k);
+ value_sub_update (pelts r) (r.offset + p2i !i)
+ r.offset (r.offset + p2i !i +1) res;
+ set_ofs r !i res;
+ assert { forall j. (!i + 1) <= j < sz ->
+ (pelts (old r))[r.offset+j] = (pelts r)[r.offset+j]
+ by
+ (pelts r)[r.offset+j] = ((pelts r) at StartLoop)[r.offset+j]
+ = (pelts (old r))[r.offset+j] };
+ assert { value r (!i + 1)
+ = value (r at StartLoop) (!i + 1)
+ + (power radix !i) * (res - !lr)
+ };
+ assert { rl + radix * rh <= (radix-1)*(radix-1)
+ by
+ (!lx * y <= !lx * (radix-1) <= (radix-1)*(radix-1)
+ by
+ 0 <= !lx <= radix - 1 /\ 0 <= y <= radix -1)
+ /\
+ rl + radix * rh = !lx * y
+ };
+ assert { rh < radix - 1
+ by
+ rl + radix * rh <= (radix -1) * (radix -1)
+ so
+ radix * rh <= (radix -1) * (radix -1)
+ };
+ assert { rh = radix - 2 -> rl <= 1
+ by
+ rl + radix * rh <= (radix-1)*(radix-1) };
+ assert { rh = radix - 2 -> borrow <= 1
+ by rl <= 1 };
+ b := Limb.(+) rh borrow;
+ i := Int32.(+) !i (Int32.of_int 1);
+ assert { value r !i - (power radix !i) * !b
+ = value (old r) !i
+ - value x !i * y
+ by
+ (value r !i - (power radix !i) * !b
+ = value (r at StartLoop) !i +
+ (power radix k) * (res - !lr)
+ - (power radix !i) * !b
+ = value (r at StartLoop) !i +
+ (power radix k) * (res - !lr)
+ - (power radix !i) * (rh + borrow)
+ = value (r at StartLoop) !i +
+ (power radix k) * (res - !lr)
+ - (power radix k) * radix * (rh + borrow)
+ = value (r at StartLoop) !i +
+ (power radix k) * (res - !lr
+ - radix * (rh + borrow))
+ = value (r at StartLoop) !i +
+ (power radix k) * (res - radix * borrow
+ - !lr - radix * rh)
+ = value (r at StartLoop) !i +
+ (power radix k) * (!lr - rl - (!b at StartLoop)
+ - !lr - radix * rh)
+ = value (r at StartLoop) !i -
+ (power radix k) * (rl + radix * rh + (!b at StartLoop))
+ = value (r at StartLoop) !i -
+ (power radix k) * (!lx * y + (!b at StartLoop))
+ = value (r at StartLoop) k
+ + (power radix k) * !lr
+ - (power radix k) * (!lx * y + (!b at StartLoop))
+ = value (r at StartLoop) k
+ - (power radix k) * (!b at StartLoop)
+ + (power radix k) * (!lr - !lx * y)
+ = value (old r) k
+ - value x k * y
+ + (power radix k) * (!lr - !lx * y)
+ = value (old r) k
+ + (power radix k) * !lr
+ - (value x k + (power radix k)*(!lx)) * y
+ = value (old r) !i
+ - (value x k + (power radix k)*(!lx)) * y
+ = value (old r) !i
+ - value x !i * y
+ by
+ value (old r) !i = value (old r) k
+ + (power radix k) * (!lr)
+ )
+ };
+ done;
+ !b
+
+ (* [(x,sz)] is normalized if its most significant bit is set. *)
+ predicate normalized (x:t) (sz:int32) =
+ valid x sz
+ /\ (pelts x)[x.offset + sz - 1] >= div radix 2
+
+ let div_sb_qr (q x y:t) (sx sy:int32) : limb
+ requires { 3 <= sy <= sx }
+ requires { valid x sx }
+ requires { valid y sy }
+ requires { valid q (sx - sy) }
+ requires { normalized y sy }
+ ensures { value (old x) sx =
+ (value q (sx - sy)
+ + power radix (sx - sy) * result)
+ * value y sy
+ + value x sy }
+ ensures { value x sy < value y sy }
+ ensures { 0 <= result <= 1 }
+ =
+ let one = Int32.of_int 1 in
+ let two = Int32.of_int 2 in
+ let limb_zero = Limb.of_int 0 in
+ let zero = Int32.of_int 0 in
+ let uone = Limb.of_int 1 in
+ let xp = ref (C.incr x (Int32.(-) sx two)) in
+ let qp = ref (C.incr q (Int32.(-) sx sy)) in
+ let dh = C.get_ofs y (Int32.(-) sy one) in
+ assert { dh >= div radix 2 by normalized y sy };
+ let dl = C.get_ofs y (Int32.(-) sy two) in
+ let v = reciprocal_word_3by2 dh dl in
+ let i = ref (Int32.(-) sx sy) in
+ let mdn = Int32.(-) two sy in
+ let ql = ref limb_zero in
+ let xd = C.incr !xp mdn in
+ let ghost vy = value y (p2i sy) in
+ let x1 = ref limb_zero in
+ let x0 = ref limb_zero in
+ let r = compare_same_size xd y sy in
+ let qh = (*begin
+ ensures { r >= 0 -> result = 1 }
+ ensures { r < 0 -> result = 0 }*)
+ if (Int32.(>=) r zero)
+ then uone
+ else limb_zero
+ (*end*) in
+ label PreAdjust in
+ begin
+ ensures { value (old x) sx =
+ (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1 }
+ ensures { value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ < vy }
+ ensures { dl + radix * dh
+ >= (pelts x)[(!xp).offset] + radix * !x1 }
+ let ghost ox = pelts x in
+ begin [@vc:sp]
+ if (not (Limb.(=) qh limb_zero))
+ then begin
+ assert { qh = 1 };
+ let ghost b = sub_in_place xd y sy sy in
+ begin
+ ensures { value (x at PreAdjust) sx =
+ (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x sx }
+ ensures { value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy)
+ < vy }
+ value_sub_upper_bound (pelts x) xd.offset (xd.offset + p2i sy);
+ assert { b = 0 };
+ assert { value (xd at PreAdjust) sy
+ = value xd sy + vy };
+ value_sub_concat (pelts x) x.offset xd.offset (xd.offset + p2i sy);
+ value_sub_concat ox x.offset xd.offset (xd.offset + p2i sy);
+ value_sub_frame (pelts x) ox x.offset xd.offset;
+ assert { value (x at PreAdjust) sx
+ = value x sx
+ + power radix (sx - sy) * vy
+ by
+ value_sub (pelts (x at PreAdjust)) x.offset xd.offset
+ = value_sub (pelts x) x.offset xd.offset
+ so pelts (xd at PreAdjust) = pelts (x at PreAdjust)
+ so value_sub (pelts (x at PreAdjust)) xd.offset (xd.offset + sy)
+ = value (xd at PreAdjust) sy
+ so value (x at PreAdjust) sx
+ = value_sub (pelts (x at PreAdjust)) x.offset xd.offset
+ + power radix (sx - sy)
+ * value_sub (pelts (x at PreAdjust)) xd.offset (xd.offset + sy)
+ = value_sub (pelts x) x.offset xd.offset
+ + power radix (sx - sy)
+ * value (xd at PreAdjust) sy
+ = value_sub (pelts x) x.offset xd.offset
+ + power radix (sx - sy)
+ * (value xd sy + vy)
+ = value_sub (pelts x) x.offset xd.offset
+ + power radix (sx - sy)
+ * (value_sub (pelts x) (xd.offset) (xd.offset + sy) + vy)
+ = value_sub (pelts x) x.offset xd.offset
+ + power radix (sx - sy)
+ * value_sub (pelts x) (xd.offset) (xd.offset + sy)
+ + power radix (sx - sy) * vy
+ = value x sx
+ + power radix (sx - sy) * vy
+ };
+ value_sub_tail (pelts x) x.offset (x.offset + p2i sy + p2i !i - 1);
+ assert { value (x at PreAdjust) sx =
+ (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x sx
+ by
+ !i = sx - sy
+ so power radix (sx - sy - !i) = 1
+ so value !qp (sx - sy - !i) = 0 };
+ value_sub_lower_bound_tight (pelts y) y.offset (y.offset + p2i sy);
+ assert { value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy)
+ < vy
+ by
+ value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy)
+ = value xd sy
+ = value (xd at PreAdjust) sy - vy
+ so value (xd at PreAdjust) sy
+ < power radix sy
+ so vy >= dh * power radix (sy - 1)
+ so 2 * vy >= 2 * dh * power radix (sy - 1)
+ so 2 * dh >= radix
+ so 2 * dh * power radix (sy - 1) >= radix * power radix (sy - 1)
+ so 2 * vy >= radix * power radix (sy - 1) = power radix sy
+ so value (xd at PreAdjust) sy < 2 * vy
+ so value (xd at PreAdjust) sy - vy < vy };
+ end
+ end
+ else begin
+ assert { value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy)
+ < vy
+ by r < 0 };
+ assert { value (x at PreAdjust) sx =
+ (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x sx
+ by qh = 0
+ so sx - sy - !i = 0
+ so (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i)) = 0 };
+ end
+ end;
+ let ghost gx1 = (C.get_ofs !xp one) in
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_upper_bound_tight (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_tail (pelts x) (!xp.offset) (!xp.offset + p2i sy - 1);
+ value_sub_lower_bound_tight (pelts x) (!xp.offset) (!xp.offset + p2i sy - 1);
+ assert { dl + radix * dh
+ >= (pelts x)[(!xp).offset] + radix * gx1
+ by value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy)
+ < vy
+ so value y (sy - 1) < (dl + 1) * power radix (sy - 1 - 1)
+ so vy = dh * power radix (sy - 1)
+ + value y (sy - 1)
+ < dh * power radix (sy - 1)
+ + (dl + 1) * power radix (sy - 1 - 1)
+ = power radix (sy - 2) * (dl+1 + radix * dh)
+ so !xp.offset + mdn + sy - 1 = !xp.offset + 1
+ so (pelts x)[!xp.offset + mdn + sy - 1]
+ = (pelts x)[!xp.offset + 1] = gx1
+ so value_sub (pelts x) (!xp.offset + mdn) (!xp.offset + mdn + sy)
+ = gx1 * power radix (sy - 1)
+ + value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ >= gx1 * power radix (sy - 1)
+ + (pelts x)[!xp.offset] * power radix (sy - 1 - 1)
+ = power radix (sy - 2)
+ * ((pelts x) [!xp.offset] + radix * gx1)
+ so power radix (sy - 2) * ((pelts x) [!xp.offset] + radix * gx1)
+ < power radix (sy - 2) * (dl+1 + radix * dh)
+ so (pelts x) [!xp.offset] + radix * gx1
+ < dl + 1 + radix * dh
+ };
+ value_sub_tail (pelts x) (!xp.offset + p2i mdn)
+ (!xp.offset + p2i mdn + p2i sy - 1);
+ value_sub_tail (pelts x) x.offset (x.offset + p2i sy + p2i !i - 1);
+
+ x1 := (C.get_ofs !xp one);
+ assert { value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ < vy
+ by
+ !xp.offset + mdn + sy - 1 = !xp.offset + 1
+ so value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * (pelts x)[!xp.offset + 1]
+ = value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1)
+ * (pelts x)[!xp.offset + mdn + sy - 1]
+ = value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy)
+ < vy };
+ assert { value (x at PreAdjust) sx =
+ (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ by value (x at PreAdjust) sx =
+ (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x sx
+ so sx = sy + !i
+ so x.offset + sy + !i - 1 = !xp.offset + 1
+ so (pelts x)[x.offset + sy + !i - 1] =
+ (pelts x)[!xp.offset + 1]= !x1
+ so value x sx
+ = value x (sx - 1)
+ + power radix (sx -1) * (pelts x)[x.offset + sx - 1]
+ = value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * (pelts x)[x.offset + sy + !i - 1]
+ so value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = value x sx
+ };
+ end;
+ while (Int32.(>) !i zero) do
+ variant { p2i !i }
+ invariant { 0 <= !i <= sx - sy }
+ invariant { (!qp).offset = q.offset + !i }
+ invariant { (!xp).offset = x.offset + sy + !i - 2 }
+ invariant { plength !qp = plength q }
+ invariant { !qp.min = q.min }
+ invariant { !qp.max = q.max }
+ invariant { plength !xp = plength x }
+ invariant { !xp.min = x.min }
+ invariant { !xp.max = x.max }
+ invariant { pelts !qp = pelts q }
+ invariant { pelts !xp = pelts x }
+ invariant { value (old x) sx =
+ (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1 }
+ invariant { value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ < vy }
+ invariant { dl + radix * dh
+ >= (pelts x)[(!xp).offset] + radix * !x1 }
+ label StartLoop in
+ let ghost k = int32'int !i in
+ i := Int32.(-) !i one;
+ let ghost s = int32'int sy + int32'int !i - 1 in
+ xp.contents <- C.incr !xp (-1);
+ let xd = C.incr !xp mdn in
+ let nx0 = C.get_ofs !xp one in
+ if [@ex:unlikely] (Limb.(=) !x1 dh && Limb.(=) nx0 dl)
+ then begin
+ ql := Limb.of_int Limb.max_uint64;
+ value_sub_concat (pelts x) x.offset xd.offset (xd.offset + p2i sy);
+ value_sub_tail (pelts xd) xd.offset (xd.offset + p2i sy - 1);
+ let ghost vlx = value xd (p2i sy - 1) in
+ assert { value xd sy
+ = vlx + power radix (sy - 1) * dl
+ by value xd sy
+ = vlx + power radix (sy - 1)
+ * (pelts xd)[xd.offset + sy - 1]
+ so xd.offset + sy - 1 = !xp.offset + mdn + sy - 1
+ = !xp.offset + 1
+ so pelts xd = pelts !xp
+ so (pelts xd)[xd.offset + sy - 1]
+ = (pelts !xp)[!xp.offset + 1] = dl
+ };
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 2);
+ let ghost vly = value y (p2i sy - 2) in
+ assert { vy = vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh
+ by (pelts y)[y.offset + sy - 1] = dh
+ so (pelts y)[y.offset + sy - 2] = dl
+ so
+ vy = value y (sy - 1)
+ + power radix (sy - 1) * dh
+ = vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh };
+ begin
+ ensures { value_sub (pelts xd) (xd.offset+1) (xd.offset + p2i sy - 1)
+ + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh
+ < vy }
+ value_sub_tail (pelts xd) (xd.offset + 1) (xd.offset + p2i sy - 2);
+ assert { value_sub (pelts x) (!xp.offset at StartLoop + mdn)
+ (!xp.offset at StartLoop + mdn + sy - 1)
+ = value_sub (pelts xd) (xd.offset+1) (xd.offset + p2i sy - 1)
+ + power radix (sy - 2) * dl
+ by
+ pelts x = pelts xd
+ so !xp.offset at StartLoop + mdn = xd.offset + 1
+ so !xp.offset at StartLoop + mdn + sy - 1 = xd.offset + sy
+ so xd.offset + sy - 1 = !xp.offset + 1
+ so pelts xd = pelts !xp
+ so (pelts xd)[xd.offset + sy - 1] = (pelts !xp)[!xp.offset+1] = dl
+ so value_sub (pelts x) (!xp.offset at StartLoop + mdn)
+ (!xp.offset at StartLoop + mdn + sy - 1)
+ = value_sub (pelts xd) (xd.offset+1) (xd.offset + sy)
+ = value_sub (pelts xd) (xd.offset+1) (xd.offset + p2i sy - 1)
+ + power radix (sy - 2)
+ * (pelts xd)[xd.offset + p2i sy - 1]
+ = value_sub (pelts xd) (xd.offset+1) (xd.offset + p2i sy - 1)
+ + power radix (sy - 2) * dl
+ };
+ assert { !x1 = dh };
+ end;
+ label SubMax in
+ let ghost xc = Array.copy (x.data) in
+ value_sub_frame (pelts x) xc.elts x.offset (x.offset + p2i !i);
+ let ghost b = submul_limb xd y !ql sy in
+ begin
+ ensures { value x !i
+ = value (x at SubMax) !i }
+ assert { forall j. x.offset <= j < x.offset + !i
+ -> (pelts x)[j] = xc.elts[j]
+ by
+ (pelts x)[j] = (pelts x at SubMax)[j]
+ so
+ ((pelts x at SubMax)[j] = xc.elts[j]
+ by
+ 0 <= j /\ j < xc.Array.length
+ ) };
+ value_sub_frame (pelts x) xc.elts x.offset (x.offset + p2i !i);
+ end;
+ value_sub_upper_bound (pelts xd) xd.offset (xd.offset + p2i sy);
+ value_sub_lower_bound (pelts xd) xd.offset (xd.offset + p2i sy);
+ value_sub_head (pelts xd) xd.offset (xd.offset + p2i sy - 1);
+ assert { vlx < radix * vly
+ by
+ vlx = value_sub (pelts xd at SubMax) xd.offset
+ (xd.offset + sy - 1)
+ = (pelts xd at SubMax)[xd.offset]
+ + radix * value_sub (pelts xd at SubMax)
+ (xd.offset + 1)
+ (xd.offset + sy - 1)
+ so value_sub (pelts xd at SubMax) (xd.offset + 1)
+ (xd.offset + sy - 1)
+ + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh
+ < vy
+ = vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh
+ so value_sub (pelts xd at SubMax) (xd.offset + 1)
+ (xd.offset + sy - 1)
+ < vly
+ so value_sub (pelts xd at SubMax) (xd.offset + 1)
+ (xd.offset + sy - 1)
+ <= vly - 1
+ so vlx = (pelts xd at SubMax)[xd.offset]
+ + radix * value_sub (pelts xd at SubMax)
+ (xd.offset + 1)
+ (xd.offset + sy - 1)
+ <= (pelts xd at SubMax)[xd.offset]
+ + radix * (vly - 1)
+ < radix + radix * (vly - 1)
+ = radix * vly
+ };
+ assert { b = dh
+ by
+ value xd sy
+ = value (xd at SubMax) sy
+ - (!ql) * vy
+ + power radix sy * b
+ so !ql = radix - 1
+ so 0 <= value xd sy < power radix sy
+ so radix * power radix (sy - 2) = power radix (sy - 1)
+ so radix * power radix (sy - 1) = power radix sy
+ so value xd sy
+ = power radix (sy - 1) * dl + vlx
+ - (radix - 1) * vy
+ + power radix sy * b
+ = power radix (sy - 1) * dl + vlx
+ - radix * (vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh)
+ + vy + power radix sy * b
+ = power radix (sy - 1) * dl + vlx
+ - radix * vly - radix * power radix (sy - 2) * dl
+ - radix * power radix (sy - 1) * dh
+ + vy + power radix sy * b
+ = power radix (sy - 1) * dl + vlx
+ - radix * vly - power radix (sy - 1) * dl
+ - power radix sy * dh
+ + vy + power radix sy * b
+ = power radix sy * (b - dh)
+ + vlx - radix * vly + vy
+ so vlx < radix * vly
+ so (0 <= vlx - radix * vly + vy < power radix sy
+ by
+ vy - radix * vly
+ = vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh
+ - radix * vly
+ = power radix (sy - 2) * (dl + radix * dh)
+ - vly * (radix - 1)
+ so let pr2 = power radix (sy - 2) in
+ 0 <= vly < pr2
+ so 0 <= vly * (radix - 1) < pr2 * (radix - 1)
+ so vy - radix * vly
+ >= pr2 * (dl + radix * dh)
+ - pr2 * (radix - 1)
+ = pr2 * (dl + radix * dh - (radix - 1))
+ so dh + radix * dh - (radix - 1) >= 0
+ so pr2 >= 0
+ so vy - radix * vly
+ >= pr2 * (dl + radix * dh - (radix - 1)) >= 0
+ so vlx - radix * vly < 0
+ so vlx - radix * vly + vy < vy < power radix sy
+ )
+ so - (power radix sy)
+ < power radix sy * (b - dh)
+ < power radix sy
+ so - 1 < b - dh < 1
+ };
+ value_sub_concat (pelts x) x.offset xd.offset (x.offset + s);
+ x1 := C.get_ofs !xp one;
+ qp.contents <- C.incr !qp (-1);
+ value_sub_update_no_change (pelts q) (!qp).offset
+ ((!qp).offset + 1)
+ ((!qp).offset + p2i sx - p2i sy - p2i !i)
+ !ql;
+ label QUp in
+ C.set !qp !ql;
+ assert { value_sub (pelts q) ((!qp).offset + 1)
+ ((!qp).offset + sx - sy - !i)
+ = value (!qp at StartLoop)
+ (sx - sy - k)
+ by value_sub (pelts q) ((!qp).offset + 1)
+ ((!qp).offset + sx - sy - !i)
+ = value_sub (pelts q at QUp) (!qp.offset + 1)
+ ((!qp).offset + sx - sy - !i)
+ = value (!qp at StartLoop) (sx - sy - k)
+ (* by offset !qp at StartLoop = (!qp).offset + 1
+ so offset (!qp at StartLoop) + sx - sy - k
+ = (!qp).offset + sx - sy - !i
+ so map_eq_sub_shift (pelts q) (pelts !qp at StartLoop)
+ ((!qp).offset + 1) ((!qp).offset + 1) (sx + sy - k) *) };
+ value_sub_head (pelts q) (!qp).offset
+ ((!qp).offset + p2i sx - p2i sy - p2i !i);
+ value_sub_tail (pelts x) x.offset (x.offset + p2i sy + p2i !i - 1);
+ assert { value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ = value (xd at SubMax) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ by
+ value xd sy
+ = value (xd at SubMax) sy
+ - (!ql) * vy
+ + power radix sy * b
+ so b = dh = !x1 at StartLoop
+ so pelts !xp = pelts x = pelts xd
+ so ((pelts xd)[xd.offset + sy - 1] = !x1
+ by
+ xd.offset = x.offset + !i
+ so (!xp).offset = x.offset + !i + sy - 2
+ so (!xp).offset + 1 = xd.offset + sy - 1
+ so (pelts xd)[xd.offset + sy - 1]
+ = (pelts !xp)[(!xp).offset + 1]
+ = !x1
+ )
+ so value xd sy
+ = value xd (sy - 1)
+ + power radix (sy - 1) * (pelts xd)[xd.offset + sy - 1]
+ = value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ };
+ (* refl *)
+ assert { value (old x) sx =
+ (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ by
+ pelts !xp = pelts x = pelts xd
+ so
+ value xd sy
+ = value (xd at SubMax) sy
+ - (!ql) * vy
+ + power radix sy * b
+ = value (xd at SubMax) sy
+ - (!ql) * vy
+ + power radix sy * dh
+ so (value x s
+ = value x !i
+ + power radix !i
+ * value xd (sy - 1)
+ by
+ xd.offset = x.offset + !i
+ so x.offset + s = xd.offset + sy - 1
+ so value_sub (pelts x) (x.offset + !i) (x.offset + s)
+ = value xd (sy - 1)
+ so value x s
+ = value x !i
+ + power radix !i
+ * value_sub (pelts x) (x.offset + !i)
+ (x.offset + s)
+ = value x !i
+ + power radix !i
+ * value xd (sy - 1))
+ so (power radix s
+ = power radix !i * power radix (sy - 1)
+ by
+ let n = !i in
+ let m = sy - 1 in
+ let x = radix in
+ power x s = power x (n + m)
+ so (power x (n + m) = power x n * power x m
+ by 0 <= n
+ so 0 <= m
+ so forall x:int, n:int, m:int.
+ 0 <= n -> 0 <= m ->
+ power x (n + m) = (power x n * power x m)))
+ so (value x s + power radix s * !x1
+ = value x !i
+ + power radix !i * (value xd sy)
+ by
+ value x s + power radix s * !x1
+ = value x !i
+ + power radix !i
+ * value xd (sy - 1)
+ + power radix (!i + sy - 1) * !x1
+ = value x !i
+ + power radix !i *
+ (value xd (sy - 1)
+ + power radix (sy - 1) * !x1)
+ = value x !i
+ + power radix !i * (value xd sy)
+ )
+ so (value (x at StartLoop) (sy + k - 1)
+ = value (x at SubMax) !i
+ + power radix !i
+ * value (xd at SubMax) sy
+ by
+ pelts xd at SubMax = pelts x at SubMax
+ so x.offset at SubMax + !i = xd.offset at SubMax
+ so
+ value (x at StartLoop) (sy + k - 1)
+ = value_sub (pelts x at SubMax) (x at SubMax).offset
+ (xd.offset at SubMax)
+ + power radix !i
+ * value_sub (pelts x at SubMax)
+ (xd.offset at SubMax)
+ (xd.offset at SubMax + sy)
+ so value_sub (pelts x at SubMax) (x at SubMax).offset
+ (xd at SubMax).offset
+ = value (x at SubMax) !i
+ so value_sub (pelts x at SubMax) (xd.offset at SubMax)
+ (xd.offset at SubMax + sy)
+ = value (xd at SubMax) sy
+ )
+ so value x !i
+ = value (x at SubMax) !i
+ so value x s + power radix s * !x1
+ = value (x at StartLoop) (sy + k - 1)
+ + power radix !i
+ * (value xd sy
+ - value (xd at SubMax) sy)
+ = value (x at StartLoop) (sy + k - 1)
+ + power radix !i
+ * (- (!ql) * vy
+ + power radix sy * b)
+ = value (x at StartLoop) (sy + k - 1)
+ + power radix !i
+ * (- (!ql) * vy
+ + power radix sy * (!x1 at StartLoop))
+ so value !qp (sx - sy - !i)
+ = !ql + radix *
+ value_sub (pelts q) ((!qp).offset + 1)
+ ((!qp).offset + sx - sy - !i)
+ so (value_sub (pelts q) ((!qp).offset + 1)
+ ((!qp).offset + sx - sy - !i)
+ = value (!qp at StartLoop)
+ (sx - sy - k)
+ by value (!qp at StartLoop) (sx - sy - k)
+ = value_sub (pelts q at StartLoop)
+ (!qp.offset + 1) (!qp.offset + sx - sy - !i))
+ so value !qp (sx - sy - !i)
+ = !ql + radix * value (!qp at StartLoop)
+ (sx - sy - k)
+ so power radix (sx - sy - !i)
+ = radix * power radix (sx - sy - k)
+ so radix * power radix !i = power radix k
+ so (power radix !i * power radix sy
+ = power radix (sy + k - 1)
+ by !i + sy = sy + k - 1
+ so power radix !i * power radix sy
+ = power radix (!i + sy))
+ so (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = (!ql + radix * value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = (!ql + radix * value (!qp at StartLoop)
+ (sx - sy - k)
+ + radix * qh * power radix (sx - sy - k))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = (!ql + radix * value (!qp at StartLoop)
+ (sx - sy - k)
+ + radix * qh * power radix (sx - sy - k))
+ * vy * power radix !i
+ + value x s
+ + power radix s * !x1
+ = !ql * vy * power radix !i
+ + radix * (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix !i
+ + value x s
+ + power radix s * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * radix * power radix !i
+ + value x s
+ + power radix s * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value x s
+ + power radix s * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value (x at StartLoop) (sy + k - 1)
+ + power radix !i
+ * (- (!ql) * vy
+ + power radix sy * (!x1 at StartLoop))
+ = (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value (x at StartLoop) (sy + k - 1)
+ + power radix !i * power radix sy
+ * (!x1 at StartLoop)
+ = (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value (x at StartLoop) (sy + k - 1)
+ + power radix (sy + k - 1) * (!x1 at StartLoop)
+ = value (old x) sx
+ };
+ assert { value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ < vy
+ by
+ pelts x = pelts xd
+ so xd.offset = !xp.offset + mdn
+ so !xp.offset + mdn + sy - 1 = xd.offset + sy - 1
+ so
+ value xd (sy - 1)
+ = value_sub (pelts xd) xd.offset (xd.offset + sy - 1)
+ = value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ so value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ = value (xd at SubMax) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ so value (xd at SubMax) sy =
+ vlx + power radix (sy - 1) * dl
+ so vlx < radix * vly
+ so (value (xd at SubMax) sy
+ + power radix sy * (!x1 at StartLoop)
+ < radix * vy
+ by
+ !x1 at StartLoop = dh
+ so power radix sy = radix * power radix (sy - 1)
+ so power radix (sy - 1) = radix * power radix (sy - 2)
+ so value (xd at SubMax) sy
+ + power radix sy * (!x1 at StartLoop)
+ = vlx + power radix (sy - 1) * dl
+ + power radix sy * dh
+ < radix * vly + power radix (sy - 1) * dl
+ + power radix sy * dh
+ = radix * vly + radix * power radix (sy - 2) * dl
+ + radix * power radix (sy - 1) * dh
+ = radix * (vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh)
+ = radix * vy
+ )
+ so !ql = radix - 1
+ so value (xd at SubMax) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ < radix * vy - (radix - 1) * vy
+ = vy
+ };
+ value_sub_tail (pelts x) (!xp.offset + p2i mdn) (!xp.offset);
+ value_sub_upper_bound (pelts y) (y.offset) (y.offset + p2i sy - 2);
+ value_sub_lower_bound (pelts x) (!xp.offset + p2i mdn) (!xp.offset);
+ assert { dl + radix * dh
+ >= (pelts x)[(!xp).offset] + radix * !x1
+ by
+ vy = vly + power radix (sy - 2)
+ * (dl + radix * dh)
+ so value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ < vy
+ so !xp.offset + mdn + sy - 1 = !xp.offset + 1
+ so power radix (sy - 1) = power radix (sy - 2) * radix
+ so - mdn = sy - 2
+ so vy
+ > value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + 1)
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (- mdn) * (pelts x)[(!xp).offset]
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (sy - 2) * (pelts x)[(!xp).offset]
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (sy - 2) * (pelts x)[(!xp).offset]
+ + power radix (sy - 2) * radix * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1)
+ >= power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1)
+ so vly < power radix (sy - 2)
+ so vy < power radix (sy - 2)
+ + power radix (sy - 2)
+ * (dl + radix * dh)
+ = power radix (sy - 2)
+ * (1 + dl + radix * dh)
+ so power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1)
+ < power radix (sy - 2) * (1 + dl + radix * dh)
+ so power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1
+ - (1 + dl + radix * dh))
+ < 0
+ so (pelts x)[(!xp).offset] + radix * !x1
+ - (1 + dl + radix * dh)
+ < 0
+ };
+ end
+ else begin
+ assert { dl + radix * dh
+ > (pelts x)[(!xp).offset + 1] + radix * !x1
+ by
+ dl + radix * dh
+ >= (pelts x)[(!xp).offset + 1] + radix * !x1
+ so dh >= !x1
+ so [@case_split] dh <> !x1
+ \/ (dh = !x1
+ /\ dl <> (pelts x)[(!xp).offset + 1])
+ so
+ [@case_split] dh > !x1 \/
+ (dh = !x1 /\ dl > (pelts x)[(!xp).offset + 1])
+ };
+ label SmallDiv in
+ let ghost vlx = value xd (p2i sy - 2) in
+ let xp0 = C.get !xp in
+ let xp1 = C.get_ofs !xp one in
+ begin
+ ensures { value xd sy =
+ vlx
+ + power radix (sy - 2) * (xp0 + radix * xp1) }
+ value_sub_tail (pelts xd) xd.offset (xd.offset + p2i sy - 1);
+ value_sub_tail (pelts xd) xd.offset (xd.offset + p2i sy - 2);
+ value_sub_upper_bound (pelts xd) xd.offset (xd.offset + p2i sy - 2);
+ assert { value xd sy
+ = vlx + power radix (sy - 2)
+ * (xp0 + radix * xp1)
+ by xd.offset + sy - 2 = !xp.offset
+ so (pelts xd)[xd.offset + sy - 1] = xp1
+ so (pelts xd)[xd.offset + sy - 2] = xp0
+ so pelts xd = pelts !xp
+ so value xd sy
+ = value xd (sy - 1)
+ + power radix (sy - 1)
+ * (pelts xd)[xd.offset + sy - 1]
+ = value xd (sy - 2)
+ + power radix (sy - 2)
+ * (pelts xd)[xd.offset + sy - 2]
+ + power radix (sy - 1)
+ * (pelts xd)[xd.offset + sy - 1]
+ = vlx
+ + power radix (sy - 2) * xp0
+ + power radix (sy - 1) * xp1
+ = value xd (sy - 2)
+ + power radix (sy - 2) * xp0
+ + power radix (sy - 2) * radix * xp1
+ = vlx + power radix (sy - 2)
+ * (xp0 + radix * xp1)
+ };
+ end;
+ let qu, rl, rh =
+ div3by2_inv !x1 xp1 xp0 dh dl v in
+ ql := qu;
+ x1 := rh;
+ x0 := rl;
+ label SubProd in
+ value_sub_concat (pelts x) x.offset xd.offset
+ (x.offset + p2i sy + k - 1);
+ let ghost xc = Array.copy (x.data) in
+ value_sub_frame (pelts x) xc.elts x.offset (x.offset + p2i !i);
+ let cy = submul_limb xd y !ql (Int32.(-) sy two) in
+ label PostSub in
+ begin
+ ensures { value x !i
+ = value (x at SubProd) !i }
+ assert { forall j. x.offset <= j < x.offset + !i
+ -> (pelts x)[j] = xc.elts[j]
+ by
+ (pelts x)[j] = (pelts x at SubProd)[j]
+ so
+ ((pelts x at SubProd)[j] = xc.elts[j]
+ by
+ 0 <= j /\ j < xc.Array.length
+ ) };
+ value_sub_frame (pelts x) xc.elts x.offset (x.offset + p2i !i);
+ end;
+ let cy1 = [@vc:sp] if (Limb.(<) !x0 cy) then uone else limb_zero in
+ x0 := sub_mod !x0 cy;
+ let cy2 = [@vc:sp] if (Limb.(<) !x1 cy1) then uone else limb_zero in
+ x1 := sub_mod !x1 cy1;
+ assert { 0 <= cy2 <= 1 };
+ (* assert { cy2 = 1 -> rh = 0 }; (* and cy > rl *)*)
+ value_sub_update (pelts x) (!xp).offset xd.offset
+ (xd.offset + p2i sy - 1) !x0;
+ value_sub_update_no_change (pelts x) (!xp).offset
+ x.offset (x.offset + p2i !i) !x0;
+ value_sub_update_no_change (pelts x) (!xp).offset
+ xd.offset (xd.offset + p2i sy - 2) !x0;
+ C.set !xp !x0;
+ assert { value x !i
+ = value (x at SubProd) !i
+ by
+ value x !i
+ = value (x at PostSub) !i
+ = value (x at SubProd) !i };
+ value_sub_tail (pelts x) xd.offset (xd.offset + p2i sy - 1);
+ begin
+ ensures { value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ - power radix sy * cy2
+ = value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy }
+ assert { value xd (sy - 2)
+ = value (xd at PostSub) (sy - 2) };
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 2);
+ let ghost vly = value y (p2i sy - 2) in
+ assert { vy = vly + power radix (sy - 2)
+ * (dl + radix * dh)
+ by (pelts y)[y.offset + sy - 1] = dh
+ so (pelts y)[y.offset + sy - 2] = dl
+ so
+ vy = value y (sy - 1)
+ + power radix (sy - 1) * dh
+ = vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh
+ so power radix (sy - 1)
+ = power radix (sy - 2) * radix };
+ assert { value xd (sy - 2)
+ - power radix (sy - 2) * cy
+ = vlx - !ql * vly
+ by
+ value xd (sy - 2)
+ - power radix (sy - 2) * cy
+ = value (xd at PostSub) (sy - 2)
+ - power radix (sy - 2) * cy
+ = vlx - !ql * vly
+ };
+ assert { power radix sy
+ = power radix (sy - 2) * radix * radix };
+ assert { xp0 + radix * xp1
+ + radix * radix * !x1 at StartLoop
+ - !ql * (dl + radix * dh)
+ = rl + radix * rh };
+ begin ensures { value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ = value xd (sy - 2)
+ - power radix (sy - 2) * cy
+ + power radix (sy - 2) *
+ (rl + radix * rh) }
+ assert { value (xd at SubProd) sy
+ = vlx + power radix (sy - 2) * xp0
+ + power radix (sy - 1) * xp1 }; (*nonlinear*)
+ assert { !ql * vy = !ql * vly
+ + power radix (sy - 2)
+ * (!ql * (dl + radix * dh)) }; (*nonlinear*)
+ (*assert { value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ = value xd (sy - 2)
+ - power radix (sy - 2) * cy
+ + power radix (sy - 2) * (rl + radix * rh)
+ by
+ value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ = vlx + power radix (sy - 2)
+ * (xp0 + radix * xp1)
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ = vlx + power radix (sy - 2)
+ * (xp0 + radix * xp1)
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * (vly + power radix (sy - 2)
+ * (dl + radix * dh))
+ = vlx
+ + power radix (sy - 2)
+ * (xp0 + radix * xp1
+ + radix * radix * !x1 at StartLoop)
+ - !ql * (vly + power radix (sy - 2)
+ * (dl + radix * dh))
+ = vlx
+ + power radix (sy - 2)
+ * (xp0 + radix * xp1
+ + radix * radix * !x1 at StartLoop)
+ - !ql * vly
+ - power radix (sy - 2)
+ * !ql * (dl + radix * dh)
+ = vlx - !ql * vly
+ + power radix (sy - 2)
+ * (xp0 + radix * xp1
+ + radix * radix * !x1 at StartLoop
+ - !ql * (dl + radix * dh))
+ = vlx - !ql * vly
+ + power radix (sy - 2) *
+ (rl + radix * rh)
+ = value xd (sy - 2)
+ - power radix (sy - 2) * cy
+ + power radix (sy - 2) *
+ (rl + radix * rh)
+ } *)
+ end;
+ begin ensures { value xd (sy - 2)
+ - power radix (sy - 2) * cy
+ + power radix (sy - 2) * (rl + radix * rh)
+ = value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ - power radix sy * cy2 }
+ value_sub_tail (pelts xd) xd.offset (xd.offset + p2i sy - 2);
+ assert { value xd (sy - 1)
+ = value xd (sy - 2)
+ + power radix (sy - 2) * !x0
+ by (pelts xd)[xd.offset + sy - 2] = !x0
+ so value xd (sy - 1)
+ = value_sub (pelts xd) xd.offset (xd.offset + sy - 1)
+ = value_sub (pelts xd) xd.offset (xd.offset + sy - 2)
+ + power radix (sy - 2) * !x0
+ = value xd (sy - 2)
+ + power radix (sy - 2) * !x0 };
+ assert { rl + radix * rh - cy
+ = !x0 + radix * !x1 - power radix 2 * cy2
+ by
+ (!x0 - radix * cy1 = rl - cy
+ by
+ !x0 = mod (rl - cy) radix
+ so - radix < rl - cy < radix
+ so (if rl < cy
+ then cy1 = 1
+ /\ (- radix < rl - cy < 0
+ so
+ div (rl - cy) radix = - 1
+ so rl - cy
+ = radix * div (rl - cy) radix
+ + mod (rl - cy) radix
+ = !x0 - radix
+ = !x0 - radix * cy1)
+ else cy1 = 0 /\ rl - cy = l2i !x0)) }
+ (* nonlinear *)
+ (* refl example *)
+ (* assert { value xd (sy - 2)
+ - power radix (sy - 2) * cy
+ + power radix (sy - 2) *
+ (rl + radix * rh)
+ = value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ - power radix sy * cy2
+ by
+ (rl + radix * rh - cy
+ = !x0 + radix * !x1 - radix * radix * cy2
+ by
+ (!x0 - radix * cy1 = rl - cy
+ by
+ !x0 = mod (rl - cy) radix
+ so - radix < rl - cy < radix
+ so (if rl < cy
+ then cy1 = 1
+ /\ (- radix < rl - cy < 0
+ so
+ div (rl - cy) radix = - 1
+ so rl - cy
+ = radix * div (rl - cy) radix
+ + mod (rl - cy) radix
+ = !x0 - radix
+ = !x0 - radix * cy1)
+ else cy1 = 0 /\ rl - cy = l2i !x0)
+ )
+ so !x1 - radix * cy2 = rh - cy1
+ so radix * !x1 - radix * radix * cy2
+ = radix * rh - radix * cy1
+ so radix * rh
+ = radix * cy1
+ + radix * !x1 - radix * radix * cy2
+ so rl + radix * rh - cy
+ = rl - cy + radix * rh
+ = !x0 - radix * cy1 + radix * rh
+ = !x0 - radix * cy1
+ + radix * cy1
+ + radix * !x1 - radix * radix * cy2
+ = !x0 + radix * !x1 - radix * radix * cy2
+ )
+ so
+ ( - power radix (sy - 2) * cy
+ + power radix (sy - 2) * (rl + radix * rh)
+ = power radix (sy - 2)
+ * (rl + radix * rh - cy)
+ = power radix (sy - 2)
+ * (!x0 + radix * !x1 - radix * radix * cy2)
+ = power radix (sy - 2) * !x0
+ + power radix (sy - 1) * !x1
+ - power radix sy * cy2
+ by power radix (sy - 2) * radix = power radix (sy - 1)
+ so power radix (sy - 2) * radix * radix = power radix sy
+ )
+ so value xd (sy - 2)
+ - power radix (sy - 2) * cy
+ + power radix (sy - 2) * (rl + radix * rh)
+ = value xd (sy - 2)
+ + power radix (sy - 2) * !x0
+ + power radix (sy - 1) * !x1
+ - power radix sy * cy2
+ = value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ - power radix sy * cy2
+ }*)
+ end;
+ end;
+ if [@ex:unlikely] (not (Limb.(=) cy2 limb_zero))
+ then begin
+ label Adjust in
+ assert { cy2 = 1 };
+ begin ensures { !ql > 0 }
+ value_sub_lower_bound (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_upper_bound (pelts xd) xd.offset (xd.offset + p2i sy - 1);
+ assert { !ql > 0
+ by
+ (value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ - power radix sy * cy2
+ < 0
+ by
+ value xd (sy - 1) < power radix (sy - 1)
+ so !x1 <= radix - 1
+ so value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ < power radix (sy - 1)
+ + power radix (sy - 1) * !x1
+ = power radix (sy - 1) * (1 + !x1)
+ <= power radix (sy - 1) * radix
+ = power radix sy
+ so value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ - power radix sy * cy2
+ < power radix sy - power radix sy * cy2
+ = 0
+ )
+ so value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ < 0
+ so (value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop) >= 0
+ by value (xd at SubProd) sy >= 0
+ so !x1 at StartLoop >= 0
+ so power radix sy * (!x1 at StartLoop) >= 0
+ )
+ so !ql * vy > 0
+ so vy = value_sub (pelts y)
+ y.offset (y.offset + sy - 1)
+ + power radix (sy - 1) * dh
+ so dh > 0
+ so vy > 0
+ };
+ end;
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 2);
+ let ghost vly = value y (p2i sy - 2) in
+ assert { vy = vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh
+ by (pelts y)[y.offset + sy - 1] = dh
+ so (pelts y)[y.offset + sy - 2] = dl
+ so
+ vy = value y (sy - 1)
+ + power radix (sy - 1) * dh
+ = vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh };
+ begin
+ ensures { value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ >= power radix sy - vy }
+ assert { value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ = power radix sy + value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy };
+ assert { value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ >= - vy
+ by
+ value (xd at SubProd) sy
+ = vlx + power radix (sy - 2) * (xp0 + radix * xp1)
+ so xp0 + radix * xp1 + radix * radix * (!x1 at StartLoop)
+ = !ql * (dl + radix * dh) + rl + radix * rh
+ so power radix (sy - 1) = power radix (sy - 2) * radix
+ so vy = vly + power radix (sy - 2) * (dl + radix * dh)
+ so (!ql * vly < vy
+ by
+ vly <= power radix (sy - 2)
+ so !ql < radix
+ so !ql * vly <= !ql * power radix (sy - 2)
+ < radix * power radix (sy - 2)
+ = power radix (sy - 1)
+ so vy = vly + power radix (sy - 2) * (dl + radix * dh)
+ so dh >= div radix 2 > 1
+ so vly >= 0
+ so dl >= 0
+ so vy >= power radix (sy - 2) * radix * dh
+ > power radix (sy - 2) * radix * 1
+ = power radix (sy - 1)
+ )
+ so - !ql * vly > - vy
+ so vlx >= 0
+ so power radix sy = power radix (sy - 2) * radix * radix
+ so value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ = vlx + power radix (sy - 2) * (xp0 + radix * xp1)
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ = vlx + power radix (sy - 2) * (xp0 + radix * xp1)
+ + power radix (sy - 2)
+ * radix * radix * (!x1 at StartLoop)
+ - !ql * vy
+ = vlx + power radix (sy - 2)
+ * (xp0 + radix * xp1
+ + radix * radix * (!x1 at StartLoop))
+ - !ql * vy
+ = vlx + power radix (sy - 2) *
+ (!ql * (dl + radix * dh) + rl + radix * rh)
+ - !ql * vy
+ = vlx + power radix (sy - 2) *
+ (!ql * (dl + radix * dh) + rl + radix * rh)
+ - !ql * (vly
+ + power radix (sy - 2) * (dl + radix * dh))
+ = vlx + power radix (sy - 2) * (rl + radix * rh)
+ - !ql * vly
+ >= power radix (sy - 2) * (rl + radix * rh)
+ - !ql * vly
+ >= - !ql * vly > - vy
+ };
+ end;
+ let ghost xc = Array.copy (x.data) in
+ assert { forall j. x.offset <= j < x.offset + !i
+ -> (pelts x)[j] = xc.elts[j]
+ by
+ 0 <= x.offset <= j /\ j < x.offset + !i <= xc.Array.length
+ so 0 <= j < xc.Array.length
+ } ;
+ value_sub_frame (pelts x) xc.elts x.offset (x.offset + p2i !i);
+ let c = add_in_place xd y (Int32.(-) sy one) (Int32.(-) sy one) in
+ begin
+ ensures { value x !i
+ = value (x at Adjust) !i }
+ assert { forall j. x.offset <= j < x.offset + !i
+ -> (pelts x)[j] = xc.elts[j]
+ by
+ pelts (xd at Adjust) = pelts (x at Adjust)
+ so pelts x = pelts xd
+ so (pelts x)[j] = (pelts x at Adjust)[j]
+ so
+ ((pelts x at Adjust)[j] = xc.elts[j]
+ by
+ 0 <= j /\ j < xc.Array.length
+ ) } ;
+ value_sub_frame (pelts x) xc.elts x.offset (x.offset + p2i !i);
+ end;
+ label MidAdd in
+ begin
+ ensures { value xd (sy - 1) + power radix (sy - 1) * !x1
+ = value (xd at Adjust) (sy - 1)
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + vy
+ - power radix sy }
+ assert { 0 <= c <= 1
+ by
+ value xd (sy - 1) + c * power radix (sy - 1)
+ = value (xd at Adjust) (sy - 1)
+ + value y (sy - 1)
+ so
+ value (xd at Adjust) (sy - 1)
+ < power radix (sy - 1)
+ so value y (sy - 1) < power radix (sy - 1)
+ so value xd (sy - 1) >= 0
+ so c * power radix (sy - 1) < 2 * power radix (sy - 1)
+ so let p = power radix (sy - 1) in
+ (c < 2 by c * p < 2 * p so p > 0)
+ };
+ let ghost c' = div (l2i !x1 + l2i dh + l2i c) radix in
+ x1 := add_mod !x1 (add_mod dh c);
+ assert { !x1 + c' * radix = !x1 at Adjust + dh + c
+ by
+ (!x1 = mod (!x1 at Adjust + dh + c) radix
+ by
+ !x1 = mod (!x1 at Adjust + (mod (dh + c) radix)) radix
+ so mod (div (dh + c) radix * radix + !x1 at Adjust
+ + mod (dh + c) radix) radix
+ = mod (!x1 at Adjust + (mod (dh + c) radix)) radix
+ so !x1 = mod (div (dh + c) radix * radix + !x1 at Adjust
+ + mod (dh + c) radix) radix
+ = mod (!x1 at Adjust + dh + c) radix
+ )
+ so (!x1 at Adjust) + dh + c
+ = div (!x1 at Adjust + dh + c) radix * radix
+ + mod (!x1 at Adjust + dh + c) radix
+ = c' * radix + !x1
+ };
+ assert { 0 <= c' <= 1 };
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 1);
+ assert { value xd (sy - 1) + power radix (sy - 1) * !x1
+ = value (xd at Adjust) (sy - 1)
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + vy
+ - power radix sy
+ by
+ value xd (sy - 1) + power radix (sy - 1) * c
+ = value (xd at Adjust) (sy - 1)
+ + value y (sy - 1)
+ so vy = value y (sy - 1)
+ + power radix (sy - 1) * dh
+ so value xd (sy - 1) + power radix (sy - 1) * c
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + power radix (sy - 1) * dh
+ = value (xd at Adjust) (sy - 1)
+ + value y (sy - 1)
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + power radix (sy - 1) * dh
+ = value (xd at Adjust) (sy - 1)
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + vy
+ so value xd (sy - 1) + power radix (sy - 1) * c
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + power radix (sy - 1) * dh
+ = value xd (sy - 1)
+ + power radix (sy - 1) * (c + dh + !x1 at Adjust)
+ = value xd (sy - 1)
+ + power radix (sy - 1) * (!x1 + radix * c')
+ = value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ + power radix sy * c'
+ so value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ + power radix sy * c'
+ = value (xd at Adjust) (sy - 1)
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + vy
+ so value (xd at Adjust) (sy - 1)
+ + power radix (sy - 1) * (!x1 at Adjust)
+ >= power radix sy - vy
+ so value xd (sy - 1) < power radix (sy - 1)
+ so !x1 <= radix - 1
+ so power radix (sy - 1) * !x1
+ <= power radix (sy - 1) * (radix - 1)
+ so value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ <= value xd (sy - 1)
+ + power radix (sy - 1) * (radix - 1)
+ < power radix (sy - 1)
+ + power radix (sy - 1) * (radix - 1)
+ = power radix sy
+ so c' <> 0
+ so c' = 1
+ };
+ end;
+ ql := Limb.(-) !ql uone;
+ (* todo refl *)
+ assert { value xd (sy - 1) + power radix (sy - 1) * !x1
+ = value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ by
+ value xd (sy - 1) + power radix (sy - 1) * !x1
+ = value (xd at Adjust) (sy - 1)
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + vy
+ - power radix sy
+ = value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - (!ql at Adjust) * vy
+ + vy
+ = value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - (!ql + 1) * vy
+ + vy
+ = value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy };
+ qp.contents <- C.incr !qp (-1);
+ value_sub_update_no_change (pelts q) (!qp).offset
+ ((!qp).offset + 1)
+ ((!qp).offset + p2i sx - p2i sy - p2i !i)
+ !ql;
+ C.set !qp !ql;
+ value_sub_head (pelts q) (!qp).offset
+ ((!qp).offset + p2i sx - p2i sy - p2i !i);
+ value_sub_tail (pelts x) x.offset (x.offset + p2i sy + p2i !i - 1);
+ value_sub_concat (pelts x) x.offset xd.offset (x.offset + s);
+ (* todo refl *)
+ assert { value (old x) sx =
+ (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ by
+ value !qp (sx - sy - !i)
+ = !ql + radix *
+ value_sub (pelts q) ((!qp).offset + 1)
+ ((!qp).offset + sx - sy - !i)
+ so (value_sub (pelts q) ((!qp).offset + 1)
+ ((!qp).offset + sx - sy - !i)
+ = value (!qp at StartLoop)
+ (sx - sy - k)
+ by
+ (!qp at StartLoop).offset = (!qp).offset + 1
+ so ((!qp).offset + sx - sy - !i)
+ - ((!qp).offset + 1)
+ = sx - sy - k
+ )
+ so value !qp (sx - sy - !i)
+ = !ql + radix * value (!qp at StartLoop)
+ (sx - sy - k)
+ so (value x s
+ = value x !i
+ + power radix !i
+ * value xd (sy - 1)
+ by
+ xd.offset = x.offset + !i
+ so x.offset + s = xd.offset + sy - 1
+ so pelts x = pelts xd
+ so x.offset + s - xd.offset = sy - 1
+ so value_sub (pelts x) xd.offset (x.offset + s)
+ = value xd (sy - 1)
+ so value x s
+ = value_sub (pelts x) x.offset xd.offset
+ + power radix !i * value_sub (pelts x) xd.offset (x.offset + s)
+ = value x !i
+ + power radix !i * value xd (sy - 1)
+ )
+ so (power radix s
+ = power radix !i * power radix (sy - 1)
+ by
+ let n = !i in
+ let m = sy - 1 in
+ let x = radix in
+ power x s = power x (n + m)
+ so (power x (n + m) = power x n * power x m
+ by 0 <= n
+ so 0 <= m
+ so forall x:int, n:int, m:int.
+ 0 <= n -> 0 <= m -> power x (n + m) = (power x n * power x m)))
+ so (value x s + power radix s * !x1
+ = value x !i
+ + power radix !i *
+ (value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy)
+ by value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ = value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ so value x s + power radix s * !x1
+ = value x !i
+ + power radix !i
+ * value xd (sy - 1)
+ + power radix (!i + sy - 1) * !x1
+ = value x !i
+ + power radix !i
+ * value xd (sy - 1)
+ + power radix !i
+ * power radix (sy - 1) * !x1
+ = value x !i
+ + power radix !i *
+ (value xd (sy - 1)
+ + power radix (sy - 1) * !x1)
+ = value x !i
+ + power radix !i *
+ (value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy)
+ )
+ so (value (x at StartLoop) (sy + k - 1)
+ = value (x at SubProd) !i
+ + power radix !i
+ * value (xd at SubProd) sy
+ by
+ value (x at StartLoop) (sy + k - 1)
+ = value_sub (pelts x at SubProd) (x at SubProd).offset
+ ((x at SubProd).offset + sy + k - 1)
+ = value_sub (pelts x at SubProd) (x at SubProd).offset xd.offset
+ + power radix (xd.offset - (x at SubProd).offset)
+ * value_sub (pelts x at SubProd) xd.offset
+ ((x at SubProd).offset + sy + k - 1)
+ so (x at SubProd).offset = x.offset
+ so xd.offset = x.offset + !i
+ so value_sub (pelts x at SubProd) (x at SubProd).offset xd.offset
+ = value (x at SubProd) !i
+ so power radix (xd.offset - x.offset) = power radix !i
+ so x.offset + sy + k - 1 - xd.offset = p2i sy
+ so value_sub (pelts x at SubProd) xd.offset
+ (x.offset + sy + k - 1)
+ = value (xd at SubProd) sy
+ )
+ so (value x !i
+ = value (x at SubProd) !i
+ by
+ value x !i
+ = value (x at Adjust) !i
+ = value (x at SubProd) !i
+ )
+ so power radix !i * power radix sy = power radix (!i + sy)
+ so value x s + power radix s * !x1
+ - value (x at StartLoop) (sy + k - 1)
+ = value x !i
+ + power radix !i *
+ (value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy)
+ - (value (x at SubProd) !i
+ + power radix !i
+ * value (xd at SubProd) sy)
+ = value x !i
+ + power radix !i *
+ (value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy)
+ - (value x !i
+ + power radix !i
+ * value (xd at SubProd) sy)
+ = power radix !i
+ * (power radix sy * (!x1 at StartLoop)
+ - !ql * vy)
+ = power radix !i * power radix sy * (!x1 at StartLoop)
+ - power radix !i * !ql * vy
+ = power radix (!i + sy) * (!x1 at StartLoop)
+ - power radix !i * !ql * vy
+ = power radix (sy + k - 1) * (!x1 at StartLoop)
+ - power radix !i * !ql * vy
+ so value x s + power radix s * !x1
+ = value (x at StartLoop) (sy + k - 1)
+ + power radix (sy + k - 1) * (!x1 at StartLoop)
+ - power radix !i * !ql * vy
+ so power radix (sx - sy - !i)
+ = radix * power radix (sx - sy - k)
+ so radix * power radix !i = power radix k
+ so (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = (!ql + radix * value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = (!ql + radix * value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * radix * power radix (sx - sy - k))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * radix * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value x s
+ + power radix s * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value (x at StartLoop) (sy + k - 1)
+ + power radix (sy + k - 1) * (!x1 at StartLoop)
+ - power radix !i * !ql * vy
+ = (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value (x at StartLoop) (sy + k - 1)
+ + power radix (sy + k - 1) * (!x1 at StartLoop)
+ = value (old x) sx
+ };
+ assert { value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ < vy
+ by
+ (value xd (sy - 1) + power radix (sy - 1) * !x1 < vy
+ by
+ value xd (sy - 1) + power radix (sy - 1) * !x1
+ = value (xd at Adjust) (sy - 1)
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + vy
+ - power radix sy
+ so value (xd at Adjust) (sy - 1)
+ < power radix (sy - 1)
+ so 1 + (!x1 at Adjust) <= radix
+ so value (xd at Adjust) (sy - 1)
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + vy
+ - power radix sy
+ < power radix (sy - 1)
+ + power radix (sy - 1) * (!x1 at Adjust)
+ + vy
+ - power radix sy
+ = power radix (sy - 1) * (1 + !x1 at Adjust)
+ + vy
+ - power radix sy
+ <= power radix (sy - 1) * radix
+ + vy
+ - power radix sy
+ = vy
+ )
+ so pelts x = pelts xd
+ so xd.offset = !xp.offset + mdn
+ so value xd (sy - 1)
+ = value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ };
+ assert { dl + radix * dh
+ >= (pelts x)[(!xp).offset] + radix * !x1
+ by
+ vy = vly + power radix (sy - 2)
+ * (dl + radix * dh)
+ so value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ < vy
+ so !xp.offset + mdn + sy - 1 = !xp.offset + 1
+ so power radix (sy - 1) = power radix (sy - 2) * radix
+ so - mdn = sy - 2
+ so vy
+ > value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + 1)
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (- mdn) * (pelts x)[(!xp).offset]
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (sy - 2) * (pelts x)[(!xp).offset]
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (sy - 2) * (pelts x)[(!xp).offset]
+ + power radix (sy - 2) * radix * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1)
+ >= power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1)
+ so vly < power radix (sy - 2)
+ so vy < power radix (sy - 2)
+ + power radix (sy - 2)
+ * (dl + radix * dh)
+ = power radix (sy - 2)
+ * (1 + dl + radix * dh)
+ so power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1)
+ < power radix (sy - 2) * (1 + dl + radix * dh)
+ so power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1
+ - (1 + dl + radix * dh))
+ < 0
+ so (pelts x)[(!xp).offset] + radix * !x1
+ - (1 + dl + radix * dh)
+ < 0
+ };
+ end
+ else begin
+ qp.contents <- C.incr !qp (-1);
+ value_sub_update_no_change (pelts q) (!qp).offset
+ ((!qp).offset + 1)
+ ((!qp).offset + p2i sx - p2i sy - p2i !i)
+ !ql;
+ C.set !qp !ql;
+ value_sub_head (pelts q) (!qp).offset
+ ((!qp).offset + p2i sx - p2i sy - p2i !i);
+ assert { value !qp (sx - sy - !i) * vy
+ = !ql * vy + radix *
+ (value_sub (pelts q) ((!qp).offset + 1)
+ ((!qp).offset + sx - sy - !i) * vy) }; (*nonlinear*)
+ assert { value_sub (pelts q) ((!qp).offset + 1)
+ ((!qp).offset + sx - sy - !i) * vy
+ = (value !qp (sx - sy - !i) * vy at StartLoop) }; (*nonlinear*)
+ value_tail x (sy + !i - 1);
+ value_sub_concat (pelts x) x.offset xd.offset (x.offset + s);
+ (* todo refl *)
+ assert { cy2 = 0 };
+ assert { value x !i = value (x at SubProd) !i };
+ assert { value x s = value x !i + power radix !i * value xd (sy-1)
+ by xd.offset = x.offset + !i
+ so x.offset + s = xd.offset + sy - 1
+ so pelts x = pelts xd
+ so x.offset + s - xd.offset = sy - 1
+ so value_sub (pelts x) xd.offset (x.offset + s)
+ = value xd (sy - 1)
+ so value x s
+ = value_sub (pelts x) x.offset xd.offset
+ + power radix !i * value_sub (pelts x) xd.offset (x.offset + s)
+ = value x !i
+ + power radix !i * value xd (sy - 1)}; (*lifted from assertion*)
+ assert { (value !qp (sx - sy - !i) + qh * power radix (sx - sy - !i))
+ * vy
+ = value !qp (sx - sy - !i) * vy
+ + qh * vy * power radix (sx - sy - !i) }; (*nonlinear*)
+ assert { ((value !qp (sx - sy - !i) + qh * power radix (sx - sy - !i))
+ * vy at StartLoop)
+ = (value !qp (sx - sy - !i) * vy
+ + qh * vy * power radix (sx - sy - !i) at StartLoop) }; (*nonlinear*)
+ assert { value x s = value x (sy + !i - 1) };
+ assert { value (xd at SmallDiv) sy =
+ vlx + power radix (sy - 2) * xp0
+ + power radix (sy - 1) * xp1 }; (*nonlinear*)
+ assert { value (x at SubProd) (sy + (!i at StartLoop) - 1)
+ = value (x at SubProd) !i + power radix !i * value (xd at SubProd) sy };
+ assert { value (old x) sx =
+ (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ (*by
+ value !qp (sx - sy - !i)
+ = !ql + radix *
+ value_sub (pelts q) ((!qp).offset + 1)
+ ((!qp).offset + sx - sy - !i)
+ so (value_sub (pelts q) ((!qp).offset + 1)
+ ((!qp).offset + sx - sy - !i)
+ = value (!qp at StartLoop)
+ (sx - sy - k)
+ by
+ (!qp at StartLoop).offset = (!qp).offset + 1
+ so ((!qp).offset + sx - sy - !i)
+ - ((!qp).offset + 1)
+ = sx - sy - k
+ )
+ so value !qp (sx - sy - !i)
+ = !ql + radix * value (!qp at StartLoop)
+ (sx - sy - k)
+ so (value x s
+ = value x !i
+ + power radix !i
+ * value xd (sy - 1)
+ by
+ xd.offset = x.offset + !i
+ so x.offset + s = xd.offset + sy - 1
+ so pelts x = pelts xd
+ so x.offset + s - xd.offset = sy - 1
+ so value_sub (pelts x) xd.offset (x.offset + s)
+ = value xd (sy - 1)
+ so value x s
+ = value_sub (pelts x) x.offset xd.offset
+ + power radix !i * value_sub (pelts x) xd.offset (x.offset + s)
+ = value x !i
+ + power radix !i * value xd (sy - 1)
+ )
+ so (power radix s
+ = power radix !i * power radix (sy - 1)
+ by
+ let n = !i in
+ let m = sy - 1 in
+ let x = radix in
+ power x s = power x (n + m)
+ so (power x (n + m) = power x n * power x m
+ by 0 <= n
+ so 0 <= m
+ so forall x:int, n:int, m:int.
+ 0 <= n -> 0 <= m -> power x (n + m) = (power x n * power x m)))
+ so (value x s + power radix s * !x1
+ = value x !i
+ + power radix !i *
+ (value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy)
+ by
+ cy2 = 0
+ so value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ = value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ so value x s + power radix s * !x1
+ = value x !i
+ + power radix !i
+ * value xd (sy - 1)
+ + power radix (!i + sy - 1) * !x1
+ = value x !i
+ + power radix !i
+ * value xd (sy - 1)
+ + power radix !i
+ * power radix (sy - 1) * !x1
+ = value x !i
+ + power radix !i *
+ (value xd (sy - 1)
+ + power radix (sy - 1) * !x1)
+ = value x !i
+ + power radix !i *
+ (value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy)
+ )
+ so (value (x at StartLoop) (sy + k - 1)
+ = value (x at SubProd) !i
+ + power radix !i
+ * value (xd at SubProd) sy
+ by
+ value (x at StartLoop) (sy + k - 1)
+ = value_sub (pelts x at SubProd) (x at SubProd).offset
+ ((x at SubProd).offset + sy + k - 1)
+ = value_sub (pelts x at SubProd) (x at SubProd).offset xd.offset
+ + power radix (xd.offset - (x at SubProd).offset)
+ * value_sub (pelts x at SubProd) xd.offset
+ ((x at SubProd).offset + sy + k - 1)
+ so (x at SubProd).offset = x.offset
+ so xd.offset = x.offset + !i
+ so value_sub (pelts x at SubProd) (x at SubProd).offset xd.offset
+ = value (x at SubProd) !i
+ so power radix (xd.offset - x.offset) = power radix !i
+ so x.offset + sy + k - 1 - xd.offset = p2i sy
+ so value_sub (pelts x at SubProd) xd.offset
+ (x.offset + sy + k - 1)
+ = value (xd at SubProd) sy
+ )
+ so (value x !i
+ = value (x at SubProd) !i
+ )
+ so power radix !i * power radix sy = power radix (!i + sy)
+ so value x s + power radix s * !x1
+ - value (x at StartLoop) (sy + k - 1)
+ = value x !i
+ + power radix !i *
+ (value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy)
+ - (value (x at SubProd) !i
+ + power radix !i
+ * value (xd at SubProd) sy)
+ = value x !i
+ + power radix !i *
+ (value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy)
+ - (value x !i
+ + power radix !i
+ * value (xd at SubProd) sy)
+ = power radix !i
+ * (power radix sy * (!x1 at StartLoop)
+ - !ql * vy)
+ = power radix !i * power radix sy * (!x1 at StartLoop)
+ - power radix !i * !ql * vy
+ = power radix (!i + sy) * (!x1 at StartLoop)
+ - power radix !i * !ql * vy
+ = power radix (sy + k - 1) * (!x1 at StartLoop)
+ - power radix !i * !ql * vy
+ so value x s + power radix s * !x1
+ = value (x at StartLoop) (sy + k - 1)
+ + power radix (sy + k - 1) * (!x1 at StartLoop)
+ - power radix !i * !ql * vy
+ so power radix (sx - sy - !i)
+ = radix * power radix (sx - sy - k)
+ so radix * power radix !i = power radix k
+ so (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = (!ql + radix * value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = (!ql + radix * value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * radix * power radix (sx - sy - k))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * radix * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value x s
+ + power radix s * !x1
+ = !ql * vy * power radix !i
+ + (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value (x at StartLoop) (sy + k - 1)
+ + power radix (sy + k - 1) * (!x1 at StartLoop)
+ - power radix !i * !ql * vy
+ = (value (!qp at StartLoop)
+ (sx - sy - k)
+ + qh * power radix (sx - sy - k))
+ * vy * power radix k
+ + value (x at StartLoop) (sy + k - 1)
+ + power radix (sy + k - 1) * (!x1 at StartLoop)
+ = value (old x) sx *)
+ };
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 2);
+ let ghost vly = value y (p2i sy - 2) in
+ assert { vy = vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh
+ by (pelts y)[y.offset + sy - 1] = dh
+ so (pelts y)[y.offset + sy - 2] = dl
+ so
+ vy = value y (sy - 1)
+ + power radix (sy - 1) * dh
+ = vly + power radix (sy - 2) * dl
+ + power radix (sy - 1) * dh };
+ assert { value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ < vy
+ by
+ pelts x = pelts xd
+ so xd.offset = !xp.offset + mdn
+ so !xp.offset + mdn + sy - 1 = xd.offset + sy - 1
+ so
+ value xd (sy - 1)
+ = value_sub (pelts xd) xd.offset (xd.offset + sy - 1)
+ = value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ so value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ - power radix sy * cy2
+ = value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ so cy2 = 0
+ so value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ = value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ so !ql * (dl + radix * dh)
+ + (rl + radix * rh)
+ = xp0
+ + radix * xp1
+ + radix * radix * (!x1 at StartLoop)
+ so vy = vly + power radix (sy - 2)
+ * (dl + radix * dh)
+ so !ql * vy
+ = power radix (sy - 2) *
+ (xp0
+ + radix * xp1
+ + radix * radix * (!x1 at StartLoop))
+ - power radix (sy - 2) * (rl + radix * rh)
+ + !ql * vly
+ so value (xd at SubProd) sy
+ = vlx
+ + power radix (sy - 2) * (xp0 + radix * xp1)
+ so power radix sy
+ = power radix (sy - 2) * radix * radix
+ so (value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ < vy
+ by
+ (!ql * vly >= 0
+ by !ql >= 0 so vly >= 0)
+ so (power radix (sy - 2) * (rl + radix * rh)
+ <= power radix (sy - 2)
+ * (dl + radix * dh)
+ - power radix (sy - 2)
+ by
+ rl + radix * rh <= dl + radix * dh - 1
+ so power radix (sy - 2) >= 0
+ so power radix (sy - 2) * (rl + radix * rh)
+ <= power radix (sy - 2)
+ * (dl + radix * dh - 1)
+ = power radix (sy - 2)
+ * (dl + radix * dh)
+ - power radix (sy - 2)
+ )
+ so vlx < power radix (sy - 2)
+ so value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ = vlx
+ + power radix (sy - 2) * (xp0 + radix * xp1)
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ = vlx
+ + power radix (sy - 2) *
+ (xp0 + radix * xp1
+ + radix * radix * (!x1 at StartLoop))
+ - !ql * vy
+ = vlx
+ + power radix (sy - 2) *
+ (xp0 + radix * xp1
+ + radix * radix * (!x1 at StartLoop))
+ - (power radix (sy - 2) *
+ (xp0
+ + radix * xp1
+ + radix * radix * (!x1 at StartLoop))
+ - power radix (sy - 2) * (rl + radix * rh)
+ + !ql * vly)
+ = vlx
+ + power radix (sy - 2) * (rl + radix * rh)
+ - !ql * vly
+ <= vlx
+ + power radix (sy - 2) * (rl + radix * rh)
+ <= vlx
+ + power radix (sy - 2)
+ * (dl + radix * dh)
+ - power radix (sy - 2)
+ < power radix (sy - 2)
+ + power radix (sy - 2)
+ * (dl + radix * dh)
+ - power radix (sy - 2)
+ = power radix (sy - 2) * (dl + radix * dh)
+ = vy - vly <= vy
+ )
+ so value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ = value xd (sy - 1)
+ + power radix (sy - 1) * !x1
+ = value (xd at SubProd) sy
+ + power radix sy * (!x1 at StartLoop)
+ - !ql * vy
+ < vy
+ };
+ value_sub_tail (pelts x) (!xp.offset + p2i mdn) (!xp.offset);
+ value_sub_upper_bound (pelts y) (y.offset) (y.offset + p2i sy - 2);
+ value_sub_lower_bound (pelts x) (!xp.offset + p2i mdn) (!xp.offset);
+ assert { dl + radix * dh
+ >= (pelts x)[(!xp).offset] + radix * !x1
+ by
+ vy = vly + power radix (sy - 2)
+ * (dl + radix * dh)
+ so value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ < vy
+ so !xp.offset + mdn + sy - 1 = !xp.offset + 1
+ so power radix (sy - 1) = power radix (sy - 2) * radix
+ so - mdn = sy - 2
+ so vy
+ > value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + mdn + sy - 1)
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn)
+ (!xp.offset + 1)
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (- mdn) * (pelts x)[(!xp).offset]
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (sy - 2) * (pelts x)[(!xp).offset]
+ + power radix (sy - 1) * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (sy - 2) * (pelts x)[(!xp).offset]
+ + power radix (sy - 2) * radix * !x1
+ = value_sub (pelts x) (!xp.offset + mdn) (!xp.offset)
+ + power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1)
+ >= power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1)
+ so vly < power radix (sy - 2)
+ so vy < power radix (sy - 2)
+ + power radix (sy - 2)
+ * (dl + radix * dh)
+ = power radix (sy - 2)
+ * (1 + dl + radix * dh)
+ so power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1)
+ < power radix (sy - 2) * (1 + dl + radix * dh)
+ so power radix (sy - 2)
+ * ((pelts x)[(!xp).offset] + radix * !x1
+ - (1 + dl + radix * dh))
+ < 0
+ so (pelts x)[(!xp).offset] + radix * !x1
+ - (1 + dl + radix * dh)
+ < 0
+ };
+ end;
+ end;
+ done;
+ label EndLoop in
+ assert { !i = 0 };
+ assert { !xp.offset = x.offset + sy - 2 };
+ value_sub_update_no_change (pelts x) (!xp.offset + 1)
+ x.offset (!xp.offset) !x1;
+ C.set_ofs !xp 1 !x1;
+ assert { value x (sy - 1) =
+ value (x at EndLoop) (sy - 1)
+ by pelts x = Map.set (pelts x at EndLoop) (x.offset + sy - 1) !x1 };
+ value_sub_tail (pelts x) x.offset (!xp.offset+1);
+ (* todo refl *)
+ assert { value (old x) sx =
+ (value q (sx - sy)
+ + power radix (sx - sy) * qh)
+ * value y sy
+ + value x sy
+ by
+ value x sy
+ = value x (sy - 1)
+ + power radix (sy - 1) * !x1
+ so vy = value y sy
+ so value (old x) sx
+ = (value !qp (sx - sy - !i)
+ + qh * power radix (sx - sy - !i))
+ * vy * power radix !i
+ + value x (sy + !i - 1)
+ + power radix (sy + !i - 1) * !x1
+ = (value !qp (sx - sy)
+ + qh * power radix (sx - sy))
+ * vy * 1
+ + value x (sy - 1)
+ + power radix (sy - 1) * !x1
+ = (value !qp (sx - sy)
+ + qh * power radix (sx - sy))
+ * value y sy
+ + value x sy };
+ qh
+
+ let divmod_2 (q x y:t) (sx:int32) : limb
+ requires { 2 <= sx }
+ requires { valid x sx }
+ requires { valid y 2 }
+ requires { valid q (sx - 2) }
+ requires { (pelts y)[y.offset + 1] >= div radix 2 }
+ ensures { value (old x) sx =
+ (value q (sx - 2)
+ + power radix (sx - 2) * result)
+ * value y 2
+ + value x 2 }
+ ensures { value x 2 < value y 2 }
+ ensures { 0 <= result <= 1 }
+ =
+ let one = Int32.of_int 1 in
+ let zero = Int32.of_int 0 in
+ let two = Int32.of_int 2 in
+ let uzero = Limb.of_int 0 in
+ let uone = Limb.of_int 1 in
+ let xp = ref (C.incr x (Int32.(-) sx two)) in
+ let dh = C.get_ofs y one in
+ let dl = C.get y in
+ let rh = ref (C.get_ofs !xp one) in
+ let rl = ref (C.get !xp) in
+ let qh = ref uzero in
+ let lx = ref uzero in
+ assert { value y 2 = dl + radix * dh };
+ let i = ref (Int32.(-) sx two) in
+ let dinv = reciprocal_word_3by2 dh dl in
+ ([@vc:sp] if (Limb.(>=) !rh dh && ([@vc:sp] Limb.(>) !rh dh || Limb.(>=) !rl dl))
+ then
+ label Adjust in
+ begin
+ ensures { value x sx
+ = (value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - !i))
+ * value y 2 * power radix !i
+ + value x !i
+ + power radix !i * (!rl + radix * !rh) }
+ ensures { !rl + radix * !rh < dl + radix * dh }
+ ensures { !qh = 1 }
+ let (r0, b) = sub_with_borrow !rl dl uzero in
+ let (r1, ghost b') = sub_with_borrow !rh dh b in
+ assert { b' = 0 };
+ assert { r0 + radix * r1 = !rl + radix * !rh - (dl + radix * dh) };
+ value_sub_tail (pelts x) x.offset (x.offset + p2i sx - 1);
+ value_sub_tail (pelts x) x.offset (x.offset + p2i sx - 2);
+ rh := r1;
+ rl := r0;
+ qh := uone;
+ assert { value x sx
+ = (value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - !i))
+ * value y 2 * power radix !i
+ + value x !i
+ + power radix !i * (!rl + radix * !rh)
+ by
+ value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2) = 0
+ so (value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - !i))
+ * value y 2 * power radix !i
+ + value x !i
+ + power radix !i * (!rl + radix * !rh)
+ = value y 2 * power radix !i
+ + value x !i
+ + power radix !i * (!rl + radix * !rh)
+ = value x !i
+ + power radix !i * (dl + radix * dh + !rl + radix * !rh)
+ = value x !i
+ + power radix !i * (!rl at Adjust + radix * !rh at Adjust)
+ = value x !i
+ + power radix !i * !rl at Adjust
+ + power radix (!i+1) * !rh at Adjust
+ = value x sx
+ };
+ end
+ else
+ begin
+ ensures { value x sx
+ = (value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - !i))
+ * value y 2 * power radix !i
+ + value x !i
+ + power radix !i * (!rl + radix * !rh) }
+ ensures { !rl + radix * !rh < dl + radix * dh }
+ ensures { !qh = 0 }
+ value_sub_tail (pelts x) x.offset (x.offset + p2i sx - 1);
+ value_sub_tail (pelts x) x.offset (x.offset + p2i sx - 2);
+ end);
+ while (Int32.(>) !i zero) do
+ variant { p2i !i }
+ invariant { 0 <= !i <= sx - 2 }
+ invariant { !xp.offset = x.offset + !i }
+ invariant { plength !xp = plength x }
+ invariant { !xp.min = x.min }
+ invariant { !xp.max = x.max }
+ invariant { pelts !xp = pelts x }
+ invariant { value x sx
+ = (value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - !i))
+ * value y 2 * power radix !i
+ + value x !i
+ + power radix !i * (!rl + radix * !rh) }
+ invariant { !rl + radix * !rh < dl + radix * dh }
+ label StartLoop in
+ let ghost k = p2i !i in
+ xp.contents <- C.incr !xp (-1);
+ lx := C.get !xp;
+ label Got in
+ let (qu, r0, r1) = div3by2_inv !rh !rl !lx dh dl dinv in
+ rh := r1;
+ rl := r0;
+ i := Int32.(-) !i one;
+ C.set_ofs q !i qu;
+ assert { qu * (dl + radix * dh) + r0 + radix * r1
+ = !lx + radix * (!rl at StartLoop)
+ + radix * radix * (!rh at StartLoop)
+ by
+ radix * ((!rl at StartLoop) + radix * (!rh at StartLoop))
+ = radix * (!rl at StartLoop) + radix * radix * (!rh at StartLoop)
+ so
+ qu * (dl + radix * dh) + r0 + radix * r1
+ = !lx + radix * ((!rl at StartLoop) + radix * (!rh at StartLoop))
+ = !lx + radix * (!rl at StartLoop)
+ + radix * radix * (!rh at StartLoop)
+ };
+ value_sub_head (pelts q) (q.offset + p2i !i) (q.offset + p2i sx - 2);
+ value_sub_tail (pelts x) x.offset (x.offset + p2i !i);
+ assert { value x sx
+ = (value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - !i))
+ * value y 2 * power radix !i
+ + value x !i
+ + power radix !i * (!rl + radix * !rh)
+ by
+ value x k = value x !i + power radix !i * !lx
+ so value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ = qu + radix
+ * value_sub (pelts q) (q.offset + k) (q.offset + sx - 2)
+ so power radix (sx - 2 - !i) = radix * power radix (sx - 2 - k)
+ so
+ (value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - !i))
+ = qu + radix
+ * (value_sub (pelts q) (q.offset + k) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k))
+ so power radix !i * radix = power radix k
+ so ((value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - !i))
+ * value y 2 * power radix !i
+ = power radix !i * qu * (dl + radix * dh)
+ + (value_sub (pelts q) (q.offset + k)
+ (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k))
+ * value y 2 * power radix k
+ by
+ (value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - !i))
+ * value y 2 * power radix !i
+ = (qu + radix
+ * (value_sub (pelts q) (q.offset + k)
+ (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k)))
+ * value y 2 * power radix !i
+ = power radix !i * qu * (dl + radix * dh)
+ + radix * (value_sub (pelts q) (q.offset + k)
+ (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k))
+ * value y 2 * power radix !i
+ = power radix !i * qu * (dl + radix * dh)
+ + (value_sub (pelts q) (q.offset + k)
+ (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k))
+ * value y 2 * power radix k)
+ so (value_sub (pelts q) (q.offset + !i) (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - !i))
+ * value y 2 * power radix !i
+ + value x !i
+ + power radix !i * (!rl + radix * !rh)
+ = power radix !i * qu * (dl + radix * dh)
+ + (value_sub (pelts q) (q.offset + k)
+ (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k))
+ * value y 2 * power radix k
+ + value x !i
+ + power radix !i * (!rl + radix * !rh)
+ = (value_sub (pelts q) (q.offset + k)
+ (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k))
+ * value y 2 * power radix k
+ + value x !i
+ + power radix !i * (qu * (dl + radix * dh)
+ + !rl + radix * !rh)
+ = (value_sub (pelts q) (q.offset + k)
+ (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k))
+ * value y 2 * power radix k
+ + value x !i
+ + power radix !i
+ * (!lx + radix * (!rl at StartLoop)
+ + radix * radix * (!rh at StartLoop))
+ = (value_sub (pelts q) (q.offset + k)
+ (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k))
+ * value y 2 * power radix k
+ + value x !i
+ + power radix !i * !lx
+ + power radix !i * (radix * (!rl at StartLoop
+ + radix * !rh at StartLoop))
+ = (value_sub (pelts q) (q.offset + k)
+ (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k))
+ * value y 2 * power radix k
+ + value x k
+ + power radix !i * (radix * (!rl at StartLoop
+ + radix * !rh at StartLoop))
+ = (value_sub (pelts q) (q.offset + k)
+ (q.offset + sx - 2)
+ + !qh * power radix (sx - 2 - k))
+ * value y 2 * power radix k
+ + value x k
+ + power radix k * (!rl at StartLoop
+ + radix * !rh at StartLoop)
+ = value x sx
+ };
+ done;
+ assert { !i = 0 };
+ assert { value x sx
+ = (value_sub (pelts q) q.offset (q.offset + sx - 2)
+ + !qh * power radix (sx - 2))
+ * value y 2
+ + !rl + radix * !rh
+ by power radix !i = 1 };
+ C.set_ofs x one !rh;
+ C.set x !rl;
+ assert { value x 2 = !rl + radix * !rh
+ by (pelts x)[x.offset] = !rl
+ /\ (pelts x)[x.offset + 1] = !rh};
+ !qh
+
+
+(* val sub_limb_in_place (x:t) (y:limb) (sz:int32) : limb*)
+
+ (** [div_qr q r x y sx sy] divides [(x,sx)] by [(y,sy)], writes the quotient
+ in [(q, (sx-sy))] and the remainder in [(r, sy)]. Corresponds to
+ [mpn_tdiv_qr]. *)
+ let div_qr (q r x y nx ny:t) (sx sy:int32) : unit
+ requires { 1 <= sy <= sx <= (Int32.max_int32 - 1) }
+ requires { valid x sx }
+ requires { valid y sy }
+ requires { valid q (sx - sy + 1) }
+ requires { valid r sy }
+ requires { valid nx (sx + 1) }
+ requires { valid ny sy }
+ requires { (pelts y)[y.offset + sy - 1] > 0 }
+ ensures { value x sx
+ = value q (sx - sy + 1) * value y sy
+ + value r sy }
+ ensures { value r sy < value y sy }
+ =
+ label Start in
+ let one = Int32.of_int 1 in
+ let limb_zero = Limb.of_int 0 in
+ let zero = Int32.of_int 0 in
+ let two = Int32.of_int 2 in
+ value_sub_tail (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_lower_bound (pelts y) y.offset (y.offset + p2i sy - 1);
+ assert { value y sy >= power radix (sy - 1) };
+ if (Int32.(=) sy one)
+ then
+ let lr = divmod_1 q x (C.get y) sx in
+ C.set r lr
+ else
+ if (Int32.(=) sy two)
+ then
+ let clz = clz_ext (C.get_ofs y (Int32.(-) sy one)) in
+ let ghost p = power 2 (p2i clz) in
+ if Int32.(=) clz zero
+ then begin
+ copy nx x sx;
+ value_sub_shift_no_change (pelts x) x.offset (p2i sx) (p2i sx) limb_zero;
+ C.set_ofs nx sx limb_zero;
+ value_sub_frame_shift (pelts x) (pelts nx) x.offset nx.offset (p2i sx);
+ label Div2_ns in
+ let ghost _qh = divmod_2 q nx y (Int32.(+) sx one) in
+ copy r nx sy;
+ assert { value x sx
+ = value q (sx - sy + 1) * value y sy
+ + value r sy
+ by value r sy = value nx sy
+ so value (nx at Div2_ns) (sx + 1) < power radix sx
+ so value (nx at Div2_ns) (sx + 1)
+ = value (nx at Div2_ns) sx
+ so (_qh = 0
+ by
+ power radix sx
+ > value (nx at Div2_ns) (sx + 1)
+ = (value q (sx - 1) + power radix (sx - 1) * _qh)
+ * value y 2
+ + value nx 2
+ so value nx 2 >= 0
+ so value y 2 >= radix
+ so value q (sx - 1) >= 0
+ so _qh >= 0
+ so (value q (sx - 1)
+ + power radix (sx - 1) * _qh) >= 0
+ so (value q (sx - 1) + power radix (sx - 1) * _qh)
+ * value y 2
+ + value nx 2
+ >= (value q (sx - 1)
+ + power radix (sx - 1) * _qh)
+ * value y 2
+ >= (value q (sx - 1)
+ + power radix (sx - 1) * _qh)
+ * radix
+ >= power radix (sx - 1) * _qh * radix
+ = power radix sx * _qh
+ so power radix sx > power radix sx * _qh
+ )
+ so value x sx = value (nx at Div2_ns) sx
+ };
+ ()
+ end
+ else begin
+ let ghost _c = lshift ny y sy (Limb.of_int32 clz) in
+ begin
+ ensures { normalized ny sy }
+ ensures { value ny sy = power 2 clz * value y sy }
+ let ghost dh = (pelts y)[y.offset + p2i sy - 1] in
+ assert { value y sy
+ = value y (sy - 1) + power radix (sy - 1) * dh };
+ value_sub_upper_bound (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_tail (pelts ny) ny.offset (ny.offset + p2i sy - 1);
+ value_sub_upper_bound (pelts ny) ny.offset (ny.offset + p2i sy - 1);
+ let ghost ndh = (pelts ny)[ny.offset + p2i sy - 1] in
+ assert { normalized ny sy
+ /\ value ny sy = power 2 clz * value y sy
+ by
+ value y sy < (dh + 1) * power radix (sy - 1)
+ so value ny sy + (power radix sy) * _c
+ = power 2 clz * value y sy
+ = power 2 clz
+ * (value y (sy - 1)
+ + dh * power radix (sy - 1))
+ so power 2 clz * dh <= radix - power 2 clz
+ so value ny sy + (power radix sy) * _c
+ = power 2 clz * value y (sy - 1)
+ + power 2 clz * dh * power radix (sy - 1)
+ < power 2 clz * power radix (sy - 1)
+ + power 2 clz * dh * power radix (sy - 1)
+ <= power 2 clz * power radix (sy - 1)
+ + (radix - power 2 clz) * power radix (sy - 1)
+ = radix * power radix (sy - 1)
+ = power radix sy
+ so _c = 0
+ so value ny sy
+ = power 2 clz * value y sy
+ so value y sy >= dh * power radix (sy - 1)
+ so value ny sy
+ >= power 2 clz * dh * power radix (sy - 1)
+ so value ny sy =
+ value ny (sy - 1) + power radix (sy - 1) * ndh
+ < power radix (sy - 1) + power radix (sy - 1) * ndh
+ = power radix (sy - 1) * (ndh + 1)
+ so power radix (sy - 1) * (ndh + 1)
+ > power radix (sy - 1) * (power 2 clz * dh)
+ so ndh + 1 > power 2 clz * dh
+ so ndh >= power 2 clz * dh
+ so 2 * power 2 clz * dh >= radix
+ so 2 * ndh >= radix
+ so ndh >= div radix 2
+ };
+ end;
+ let h = lshift nx x sx (Limb.of_int32 clz) in
+ C.set_ofs nx sx h;
+ begin
+ ensures { value nx (sx + 1)
+ = p * value x sx }
+ value_sub_tail (pelts nx) nx.offset (nx.offset + p2i sx);
+ assert { value nx (sx + 1)
+ = p * value x sx
+ by
+ value nx sx + power radix sx * h
+ = p * value x sx
+ so value nx (sx + 1)
+ = value nx sx + power radix sx * h
+ }
+ end;
+ label Div2_s in
+ (* TODO don't add 1 when not needed, cf "adjust" in GMP algo *)
+ let ghost _qh = divmod_2 q nx ny (Int32.(+) sx one) in
+ let ghost _l = rshift r nx sy (Limb.of_int32 clz) in
+ begin ensures { value nx 2 = p * value r 2 }
+ assert { _l = 0
+ by
+ (mod (value nx sy) p = 0
+ by
+ value (nx at Div2_s) (sx + 1)
+ = (value q (sx - 1) + power radix (sx - 1) * _qh)
+ * value ny sy
+ + value nx sy
+ so value (nx at Div2_s) (sx + 1)
+ = p * value x sx
+ so value ny sy = p * value y sy
+ so value nx sy
+ = value (nx at Div2_s) (sx + 1)
+ - (value q (sx - 1)
+ + power radix (sx - 1) * _qh)
+ * value ny sy
+ = p * value x sx
+ - p * (value q (sx - 1)
+ + power radix (sx - 1) * _qh)
+ * value y sy
+ = p * (value x sx
+ - (value q (sx - 1)
+ + power radix (sx - 1) * _qh)
+ * value y sy)
+ so let n = (value x sx
+ - (value q (sx - 1)
+ + power radix (sx - 1) * _qh)
+ * value y sy)
+ in
+ value nx sy = p * n
+ so value nx sy >= 0
+ so p > 0
+ so n >= 0
+ so mod (value nx sy) p
+ = mod (p * n) p
+ = mod ((p*n)+0) p
+ = mod 0 p
+ = 0
+ )
+ so _l + radix * value r sy
+ = power 2 (Limb.length - clz) * (value nx sy)
+ so let a = div (value nx sy) p in
+ value nx sy = p * a
+ so power 2 (Limb.length - clz) * p = radix
+ so power 2 (Limb.length - clz) * (value nx sy)
+ = power 2 (Limb.length - clz) * (p * a)
+ = (power 2 (Limb.length - clz) * p) * a
+ = radix * a
+ so mod (radix * value r sy + _l) radix
+ = mod _l radix
+ so mod (radix * value r sy + _l) radix
+ = mod (radix * a) radix = 0
+ so mod _l radix = 0
+ so 0 <= _l < radix
+ };
+ assert { value nx 2 = p * value r 2
+ by
+ radix * value r 2
+ = power 2 (Limb.length - clz) * value nx 2
+ so p * power 2 (Limb.length - clz)
+ = radix
+ so p * radix * value r 2
+ = p * power 2 (Limb.length - clz) * value nx 2
+ = radix * value nx 2
+ so p * value r 2 = value nx 2
+ }
+ end;
+ assert { value x sx
+ = value q (sx - sy + 1) * value y sy
+ + value r sy
+ by
+ value (nx at Div2_s) (sx + 1)
+ = (value q (sx - 1) + power radix (sx - 1) * _qh)
+ * value ny 2
+ + value nx 2
+ so value (nx at Div2_s) (sx + 1)
+ = p * value x sx
+ so value ny 2 = p * value y 2
+ so (_qh = 0
+ by
+ value x sx < power radix sx
+ so value y 2 >= radix
+ so value ny 2 >= p * radix
+ so value q (sx - 1) >= 0
+ so value nx 2 >= 0
+ so (value q (sx - 1) + power radix (sx - 1) * _qh)
+ >= 0
+ so (value q (sx - 1) + power radix (sx - 1) * _qh)
+ * value ny 2
+ + value nx 2
+ >= (value q (sx - 1)
+ + power radix (sx - 1) * _qh)
+ * value ny 2
+ >= (value q (sx - 1)
+ + power radix (sx - 1) * _qh)
+ * (p * radix)
+ >= power radix (sx - 1) * _qh * p * radix
+ = power radix sx * p * _qh
+ so power radix sx * p
+ > value (nx at Div2_s) (sx + 1)
+ >= power radix sx * p * _qh
+ )
+ so value nx 2 = p * value r 2
+ so p * value x sx
+ = value q (sx - 1) * p * value y 2
+ + p * value r 2
+ = p * (value q (sx - 1) * value y 2
+ + value r 2)
+ };
+ ()
+ end
+ else
+ (* let qn = ref (Int32.(-) (Int32.(+) sx one) sy) in
+ if (Int32.(>=) (Int32.(+) !qn !qn) sx)
+ then*) begin
+ let adjust =
+ if Limb.(>=) (get_ofs x (Int32.(-) sx one))
+ (get_ofs y (Int32.(-) sy one))
+ then one
+ else zero
+ in
+ let clz = clz_ext (C.get_ofs y (Int32.(-) sy one)) in
+ let ghost p = power 2 (p2i clz) in
+ if Int32.(=) clz zero
+ then begin
+ copy nx x sx;
+ value_sub_shift_no_change (pelts x) x.offset
+ (p2i sx) (p2i sx) limb_zero;
+ C.set_ofs nx sx limb_zero;
+ value_sub_frame_shift (pelts x) (pelts nx) x.offset nx.offset (p2i sx);
+ assert { value y sy * (power radix (sx - sy + adjust))
+ > value nx (sx + adjust)
+ by
+ let dh = (pelts y)[y.offset + sy - 1] in
+ value y sy >= dh * power radix (sy - 1)
+ so value nx (sx + adjust) = value nx sx = value x sx
+ so [@case_split]
+ ((adjust = 1
+ so value x sx < power radix sx
+ so value y sy * power radix (sx - sy + adjust)
+ >= dh * power radix (sy - 1)
+ * power radix (sx - sy + adjust)
+ = dh * power radix ((sy - 1) + (sx - sy + adjust))
+ = dh * power radix sx
+ so dh >= div radix 2 > 1
+ so dh * power radix sx > power radix sx )
+ \/
+ (adjust = 0
+ so let ah = (pelts x)[x.offset + sx - 1] in
+ value x sx < (ah + 1) * power radix (sx - 1)
+ so ah + 1 <= dh
+ so value x sx < dh * power radix (sx - 1)
+ so value y sy * power radix (sx - sy + adjust)
+ = value y sy * power radix (sx - sy)
+ >= dh * power radix (sy - 1)
+ * power radix (sx - sy)
+ = dh * power radix (sy - 1 + sx - sy)
+ = dh * power radix (sx - 1))) };
+ label Div_ns in
+ let ghost _qh = div_sb_qr q nx y (Int32.(+) sx adjust) sy in
+ copy r nx sy;
+ assert { value x sx
+ = value q (sx - sy + adjust) * value y sy
+ + value r sy
+ by value r sy = value nx sy
+ so value (nx at Div_ns) (sx + adjust) = value x sx < power radix sx
+ so value (nx at Div_ns) (sx + adjust)
+ = value (nx at Div_ns) sx
+ so (_qh = 0
+ by
+ value (nx at Div_ns) (sx + adjust)
+ = (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value y sy
+ + value nx sy
+ so value nx sy >= 0
+ so value q (sx - sy + adjust) >= 0
+ so _qh >= 0
+ so (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh) >= 0
+ so (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value y sy
+ + value nx sy
+ >= (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value y sy
+ >= power radix (sx - sy + adjust) * _qh * value y sy
+ so _qh <> 1)
+ so value x sx = value (nx at Div_ns) sx
+ };
+ label Ret_ns in
+ begin
+ ensures { value q (sx - sy + 1)
+ = value (q at Ret_ns) (sx - sy + adjust) }
+ if (Int32.(=) adjust zero)
+ then begin
+ value_sub_shift_no_change (pelts x) x.offset
+ (p2i sx) (p2i sx) limb_zero;
+ set_ofs q (Int32.(-) sx sy) limb_zero;
+ value_sub_tail (pelts q) q.offset (q.offset + p2i sx - p2i sy);
+ ()
+ end
+ end
+ end
+ else begin
+ let ghost _c = lshift ny y sy (Limb.of_int32 clz) in
+ begin
+ ensures { normalized ny sy }
+ ensures { value ny sy
+ = power 2 clz * value y sy }
+ let ghost dh = (pelts y)[y.offset + p2i sy - 1] in
+ assert { value y sy
+ = value y (sy - 1) + power radix (sy - 1) * dh };
+ value_sub_upper_bound (pelts y) y.offset (y.offset + p2i sy - 1);
+ value_sub_tail (pelts ny) ny.offset (ny.offset + p2i sy - 1);
+ value_sub_upper_bound (pelts ny) ny.offset (ny.offset + p2i sy - 1);
+ let ghost ndh = (pelts ny)[ny.offset + p2i sy - 1] in
+ assert { normalized ny sy
+ /\ value ny sy
+ = power 2 clz * value y sy
+ by
+ value y sy < (dh + 1) * power radix (sy - 1)
+ so value ny sy + (power radix sy) * _c
+ = power 2 clz * value y sy
+ = power 2 clz
+ * (value y (sy - 1)
+ + dh * power radix (sy - 1))
+ so power 2 clz * dh <= radix - power 2 clz
+ so (_c = 0
+ by
+ value ny sy + (power radix sy) * _c
+ = power 2 clz * value y (sy - 1)
+ + power 2 clz * dh * power radix (sy - 1)
+ < power 2 clz * power radix (sy - 1)
+ + power 2 clz * dh * power radix (sy - 1)
+ <= power 2 clz * power radix (sy - 1)
+ + (radix - power 2 clz) * power radix (sy - 1)
+ = radix * power radix (sy - 1)
+ = power radix sy
+ so value ny sy >= 0
+ so power radix sy * _c < power radix sy
+ so power radix sy > 0
+ so _c >= 0
+ )
+ so value ny sy
+ = power 2 clz * value y sy
+ so value y sy >= dh * power radix (sy - 1)
+ so value ny sy
+ >= power 2 clz * dh * power radix (sy - 1)
+ so value ny sy =
+ value ny (sy - 1) + power radix (sy - 1) * ndh
+ < power radix (sy - 1) + power radix (sy - 1) * ndh
+ = power radix (sy - 1) * (ndh + 1)
+ so power radix (sy - 1) * (ndh + 1)
+ > power radix (sy - 1) * (power 2 clz * dh)
+ so ndh + 1 > power 2 clz * dh
+ so ndh >= power 2 clz * dh
+ so 2 * power 2 clz * dh >= radix
+ so 2 * ndh >= radix
+ so ndh >= div radix 2
+ };
+ end;
+ let h = lshift nx x sx (Limb.of_int32 clz) in
+ label Shifted in
+ C.set_ofs nx sx h;
+ begin
+ ensures { value nx (sx + adjust)
+ = p * value x sx }
+ if (Int32.(=) adjust one)
+ then begin
+ value_sub_tail (pelts nx) nx.offset (nx.offset + p2i sx);
+ assert { value nx (sx + 1)
+ = p * value x sx
+ by
+ value nx sx + power radix sx * h
+ = p * value x sx
+ so value nx (sx + 1)
+ = value nx sx + power radix sx * h
+ } end
+ else begin
+ assert { adjust = 0 };
+ assert { h = 0
+ by
+ let dh = (pelts y)[y.offset + sy - 1] in
+ let ah = (pelts x)[x.offset + sx - 1] in
+ p * dh < radix
+ so 0 <= ah <= dh
+ so p * ah < radix
+ so (p * ah <= radix - p
+ by
+ let q = power 2 (Limb.length - clz) in
+ radix = p * q
+ so p * ah < p * q
+ so ah < q
+ so ah <= q - 1
+ so p * ah <= p * (q - 1) = radix - p
+ )
+ so p * (ah + 1) <= radix
+ so let s = power radix (sx - 1) in
+ value x sx < (ah + 1) * s
+ so p * value x sx < p * (ah + 1) * s
+ so (p * (ah + 1) * s
+ <= radix * s
+ by
+ [@case_split]
+ (p * (ah + 1) = radix
+ \/ (p * (ah + 1) < radix
+ so s > 0
+ so p * (ah + 1) * s
+ < radix * s)))
+ so radix * power radix (sx - 1) = power radix sx
+ so value (nx at Shifted) sx + power radix sx * h
+ < power radix sx
+ so power radix sx * h < power radix sx * 1
+ so (h < 1 by power radix sx > 0)
+ }
+ end
+ end;
+ label Div_s in
+ assert { value ny sy * (power radix (sx - sy + adjust))
+ > value nx (sx + adjust)
+ by
+ let dh = (pelts y)[y.offset + sy - 1] in
+ value ny sy >= p * dh * power radix (sy - 1)
+ so value nx (sx + adjust) = p * value x sx
+ so p > 0
+ so [@case_split]
+ ((adjust = 1
+ so value x sx < power radix sx
+ so p * value x sx < p * power radix sx
+ so value ny sy * power radix (sx - sy + adjust)
+ >= p * dh * power radix (sy - 1)
+ * power radix (sx - sy + adjust)
+ = p * dh * power radix ((sy - 1) + (sx - sy + adjust))
+ = p * dh * power radix sx
+ so dh >= 1
+ so p * dh * power radix sx >= p * power radix sx )
+ \/
+ (adjust = 0
+ so let ah = (pelts x)[x.offset + sx - 1] in
+ value x sx < (ah + 1) * power radix (sx - 1)
+ so ah + 1 <= dh
+ so value x sx < dh * power radix (sx - 1)
+ so p * value x sx < p * dh * power radix (sx - 1)
+ so value ny sy * power radix (sx - sy + adjust)
+ = value ny sy * power radix (sx - sy)
+ >= p * dh * power radix (sy - 1)
+ * power radix (sx - sy)
+ = p * dh * power radix (sy - 1 + sx - sy)
+ = p * dh * power radix (sx - 1))) };
+ let ghost _qh = div_sb_qr q nx ny (Int32.(+) sx adjust) sy in
+ let ghost _l = rshift r nx sy (Limb.of_int32 clz) in
+ begin ensures { value nx sy = p * value r sy }
+ assert { _l = 0
+ by
+ (mod (value nx sy) p = 0
+ by
+ value (nx at Div_s) (sx + adjust)
+ = (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value ny sy
+ + value nx sy
+ so value (nx at Div_s) (sx + adjust)
+ = p * value x sx
+ so value ny sy = p * value y sy
+ so value nx sy
+ = value (nx at Div_s) (sx + adjust)
+ - (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value ny sy
+ = p * value x sx
+ - p * (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value y sy
+ = p * (value x sx
+ - (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value y sy)
+ so let n = (value x sx
+ - (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value y sy)
+ in
+ value nx sy = p * n
+ so value nx sy >= 0
+ so p > 0
+ so n >= 0
+ so mod (value nx sy) p
+ = mod (p * n) p
+ = mod ((p*n)+0) p
+ = mod 0 p
+ = 0
+ )
+ so _l + radix * value r sy
+ = power 2 (Limb.length - clz) * (value nx sy)
+ so let a = div (value nx sy) p in
+ value nx sy = p * a
+ so power 2 (Limb.length - clz) * p = radix
+ so power 2 (Limb.length - clz) * (value nx sy)
+ = power 2 (Limb.length - clz) * (p * a)
+ = (power 2 (Limb.length - clz) * p) * a
+ = radix * a
+ so mod (radix * value r sy + _l) radix
+ = mod _l radix
+ so mod (radix * value r sy + _l) radix
+ = mod (radix * a) radix = 0
+ so mod _l radix = 0
+ so 0 <= _l < radix
+ };
+ assert { value nx sy = p * value r sy
+ by
+ radix * value r sy
+ = power 2 (Limb.length - clz) * value nx sy
+ so p * power 2 (Limb.length - clz)
+ = radix
+ so p * radix * value r sy
+ = p * power 2 (Limb.length - clz) * value nx sy
+ = radix * value nx sy
+ so p * value r sy = value nx sy
+ }
+ end;
+ assert { value x sx
+ = value q (sx - sy + adjust) * value y sy
+ + value r sy
+ by
+ value (nx at Div_s) (sx + adjust)
+ = (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value ny sy
+ + value nx sy
+ so value (nx at Div_s) (sx + adjust)
+ = p * value x sx
+ so power radix (sx - sy + 1) * power radix (sy - 1)
+ = power radix sx
+ so value ny sy = p * value y sy
+ so (_qh = 0
+ by
+ value (nx at Div_s) (sx + adjust)
+ = (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value ny sy
+ + value nx sy
+ so value nx sy >= 0
+ so value q (sx - sy + adjust) >= 0
+ so _qh >= 0
+ so (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh) >= 0
+ so (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value ny sy
+ + value nx sy
+ >= (value q (sx - sy + adjust)
+ + power radix (sx - sy + adjust) * _qh)
+ * value ny sy
+ >= power radix (sx - sy + adjust) * _qh * value ny sy
+ so _qh <> 1)
+ so value nx sy = p * value r sy
+ so p * value x sx
+ = value q (sx - sy + adjust) * p * value y sy
+ + p * value r sy
+ = p * (value q (sx - sy + adjust)
+ * value y sy
+ + value r sy)
+ };
+ label Ret_s in
+ begin
+ ensures { value q (sx - sy + 1)
+ = value (q at Ret_s) (sx - sy + adjust) }
+ if (Int32.(=) adjust zero)
+ then begin
+ value_sub_shift_no_change (pelts x) x.offset
+ (p2i sx) (p2i sx) limb_zero;
+ set_ofs q (Int32.(-) sx sy) limb_zero;
+ value_sub_tail (pelts q) q.offset (q.offset + p2i sx - p2i sy);
+ assert { value q (sx - sy + 1) = value (q at Ret_s) (sx - sy)
+ by value q (sx - sy + 1)
+ = value (q at Ret_s) (sx - sy) + power radix (sx - sy) * 0
+ = value (q at Ret_s) (sx - sy) }
+ end
+ end;
+ ()
+ end
+ end
+ (* else begin
+ let dn = Int32.(+) !qn one in
+ let dqn = Int32.(+) !qn !qn in
+ let ign = Int32.(-) sy dn in
+ let ix = C.incr nx (Int32.(-) sx dqn) in
+ let iy = C.incr y ign in
+ let clz = clz_ext (C.get_ofs y (Int32.(-) sy one)) in
+ (*let ghost p = power 2 (p2i clz) in*)
+ (if Int32.(=) clz zero
+ then begin
+ copy nx x sx;
+ C.set_ofs nx sx limb_zero;
+ (
+ if (Int32.(=) dn two)
+ then
+ let _d1 = divmod_2 q ix iy (Int32.(+) dqn one) in ()
+ else
+ let _s1 = div_sb_qr q ix iy (Int32.(+) dqn one) dn in ()
+ )
+ end
+ else begin
+ let _ = lshift ny y sy (Limb.of_int32 clz) in
+ let h = lshift nx x sx (Limb.of_int32 clz) in
+ C.set_ofs nx sx h;
+ begin
+ if (Int32.(=) dn two)
+ then
+ let _d2 = divmod_2 q ix (incr ny ign) (Int32.(+) dqn one) in ()
+ else
+ let _s2 = div_sb_qr q ix (incr ny ign) (Int32.(+) dqn one) dn in ()
+ end
+ end);
+ (* we have an estimated q, adjust by at most 1 *)
+ let dl = ref limb_zero in
+ let st = Int32.(-) sy one in
+ let snx = Int32.(+) sx one in
+ let tp = C.malloc (UInt32.of_int32 st) in
+ mul tp q ny !qn ign;
+ let b = sub_in_place nx tp snx st in
+ (if Limb.(>) b limb_zero
+ then (* quotient too large *)
+ let _s = sub_limb_in_place q (Limb.of_int 1) (!qn) in
+ let _a = add_in_place nx ny snx sy in
+ ()
+ else ());
+ if Int32.(=) clz zero
+ then begin copy r nx sy end
+ else let _r = rshift r nx sy (Limb.of_int32 clz) in ();
+ C.free tp;
+ ()
+ end*)
+
+ let tdiv_qr (q r x y:t) (sx sy:int32) : unit
+ requires { 1 <= sy <= sx <= (Int32.max_int32 - 1) }
+ requires { valid x sx }
+ requires { valid y sy }
+ requires { valid q (sx - sy + 1) }
+ requires { valid r sy }
+ requires { (pelts y)[y.offset + sy - 1] > 0 }
+ ensures { value x sx
+ = value q (sx - sy + 1) * value y sy
+ + value r sy }
+ ensures { value r sy < value y sy }
+ diverges
+ =
+ let uone = UInt32.of_int 1 in
+ let nx = malloc (UInt32.(+) (UInt32.of_int32 sx) uone) in
+ c_assert (is_not_null nx);
+ let ny = malloc (UInt32.of_int32 sy) in
+ c_assert (is_not_null ny);
+ div_qr q r x y nx ny sx sy;
+ free nx;
+ free ny;
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/div/why3session.xml b/examples/multiprecision/div/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..400b55d67bc824d19d669f88ffb671b8c3cce274
--- /dev/null
+++ b/examples/multiprecision/div/why3session.xml
@@ -0,0 +1,10635 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="Eprover" version="1.9.1-001" timelimit="5" steplimit="0" memlimit="2000"/>
+<prover id="1" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="2000"/>
+<prover id="2" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="3" name="Z3" version="4.5.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="4" name="Z3" version="4.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="5" name="Alt-Ergo" version="2.0.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<file name="../div.mlw" proved="true">
+<theory name="Div" proved="true">
+ <goal name="VC fact_div" expl="VC for fact_div" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC fact_div.0" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC fact_div.0.0" expl="VC for fact_div" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="9"/></proof>
+ </goal>
+ <goal name="VC fact_div.0.1" expl="VC for fact_div" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC fact_div.0.2" expl="VC for fact_div" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="10"/></proof>
+ </goal>
+ <goal name="VC fact_div.0.3" expl="VC for fact_div" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="11"/></proof>
+ </goal>
+ <goal name="VC fact_div.0.4" expl="VC for fact_div" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="13"/></proof>
+ </goal>
+ <goal name="VC fact_div.0.5" expl="VC for fact_div" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="13"/></proof>
+ </goal>
+ <goal name="VC fact_div.0.6" expl="VC for fact_div" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="14"/></proof>
+ </goal>
+ <goal name="VC fact_div.0.7" expl="VC for fact_div" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="15"/></proof>
+ </goal>
+ <goal name="VC fact_div.0.8" expl="VC for fact_div" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="15"/></proof>
+ </goal>
+ <goal name="VC fact_div.0.9" expl="VC for fact_div" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="17"/></proof>
+ </goal>
+ <goal name="VC fact_div.0.10" expl="VC for fact_div" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="26"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC fact_div.1" expl="postcondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC invert_limb" expl="VC for invert_limb" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC invert_limb.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC invert_limb.1" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC invert_limb.2" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.06" steps="11"/></proof>
+ </goal>
+ <goal name="VC invert_limb.3" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC invert_limb.4" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC invert_limb.4.0" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.05"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC invert_limb.5" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.01" steps="13"/></proof>
+ </goal>
+ <goal name="VC invert_limb.6" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv" expl="VC for div2by1_inv" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.0" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.1" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.2" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.3" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.3.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.3.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.4" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.5" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="21"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.6" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.7" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.8" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.9" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="29"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.10.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="32"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.4" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.5" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.6" expl="VC for div2by1_inv" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="32"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.7" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.8" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.9" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.10" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.11" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.12" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.10.13" expl="VC for div2by1_inv" proved="true">
+ <proof prover="5"><result status="valid" time="0.21" steps="42"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.11" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.11.0" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.12" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.12.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.12.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.13" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.14" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.15" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.16.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.4" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.5" expl="VC for div2by1_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.6" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.7" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.8" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.9" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.10" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.11" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.12" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.13" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.14" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.15" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.16" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.17" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.18" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.19" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.20" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.21" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.22" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.23" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.24" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.25" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.26" expl="VC for div2by1_inv" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div2by1_inv.16.26.0" expl="VC for div2by1_inv" proved="true">
+ <transf name="apply" proved="true" arg1="prod_compat_strict_r">
+ <goal name="VC div2by1_inv.16.26.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.26.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.16.27" expl="VC for div2by1_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.28" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.29" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.30" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.31" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.32" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.33" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.34" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.35" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.36" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.37" expl="VC for div2by1_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.38" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.39" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.40" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.41" expl="VC for div2by1_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.42" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.43" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.44" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.45" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.46" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.47" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.16.48" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.17" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.17.0" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.31"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.18" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.18.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.18.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.18.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.18.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.18.4" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.18.5" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.18.6" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.18.7" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.18.8" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.29"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.19" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.19.0" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.19.1" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.19.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.19.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.19.4" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.19.5" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.19.6" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.19.7" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.20" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.20.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.20.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.21" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.21.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.03"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.12"/></proof>
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.21.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.21.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.21.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.22" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.23" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="3.42"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.24" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.24.0" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.24.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.24.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.24.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.24.4" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.24.5" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.24.6" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.24.7" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.24.8" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.24.9" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.25" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.26" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="1.71"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.27" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.27.0" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.27.1" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.27.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.27.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.27.4" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.27.5" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.27.6" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.27.7" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.27.8" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.28" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.28.0" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.4" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.5" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.6" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.7" expl="VC for div2by1_inv" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div2by1_inv.28.7.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.28.8" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.9" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.10" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.11" expl="VC for div2by1_inv" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div2by1_inv.28.11.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="0" timelimit="55"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.28.12" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.13" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.14" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.56"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.15" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.16" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.17" expl="VC for div2by1_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.28.18" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.29" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.30" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.30.0" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.30.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.30.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.30.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.30.4" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.31" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.32" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.33.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.4" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.5" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.6" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.7" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.8" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.9" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.10" expl="VC for div2by1_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.33.11" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.34" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.34.0" expl="integer overflow" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.35" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.36" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.37" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.38" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.39" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.40" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.41" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.41.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.41.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.42" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.42.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.42.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.43" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.44" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.45" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.46" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.46.0" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.47" expl="assertion" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.04"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.19"/></proof>
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.48" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.49" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.49.0" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.50" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.50.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.2" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.3" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.4" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.5" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.6" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.7" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.8" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.9" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.10" expl="VC for div2by1_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.50.11" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.51" expl="integer overflow" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.52" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.53" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.54" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.55" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.55.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.55.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.56" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.56.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.57" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.57.0" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.58" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.59" expl="assertion" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.02"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.12"/></proof>
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.60" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.61" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.61.0" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div2by1_inv.62" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div2by1_inv.62.0" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div2by1_inv.62.1" expl="VC for div2by1_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1" expl="VC for divmod_1" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.0" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="22"/></proof>
+ </goal>
+ <goal name="VC divmod_1.1" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.1.0" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.08" steps="23"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.2" expl="integer overflow" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC divmod_1.3" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.06" steps="26"/></proof>
+ </goal>
+ <goal name="VC divmod_1.4" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.5" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.6" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.7" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.03" steps="23"/></proof>
+ </goal>
+ <goal name="VC divmod_1.8" expl="assertion" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.05" steps="22"/></proof>
+ </goal>
+ <goal name="VC divmod_1.9" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_1.10" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.11" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.12" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.04" steps="27"/></proof>
+ </goal>
+ <goal name="VC divmod_1.13" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="55"/></proof>
+ </goal>
+ <goal name="VC divmod_1.14" expl="loop invariant init" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_1.15" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="53"/></proof>
+ </goal>
+ <goal name="VC divmod_1.16" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC divmod_1.17" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC divmod_1.18" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.19" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.20" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.20.0" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.21" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.21.0" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.1" expl="VC for divmod_1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.2" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.3" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.4" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.5" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.60"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.6" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.7" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.8" expl="VC for divmod_1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.9" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.10" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.11" expl="VC for divmod_1" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC divmod_1.21.11.0" expl="VC for divmod_1" proved="true">
+ <proof prover="1"><result status="valid" time="0.26"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.21.12" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.13" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.14" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.15" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.16" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.17" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.18" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.21.19" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.22" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.22.0" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC divmod_1.22.1" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.22.2" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.23" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_1.24" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_1.25" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.25.0" expl="precondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.26" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.27" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.27.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.28" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC divmod_1.29" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.29.0" expl="VC for divmod_1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC divmod_1.29.1" expl="VC for divmod_1" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.29.2" expl="VC for divmod_1" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.29.3" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.29.4" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC divmod_1.29.5" expl="VC for divmod_1" proved="true">
+ <proof prover="0"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC divmod_1.29.6" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_1.29.7" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.30" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.31.0" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.1" expl="VC for divmod_1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.2" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.3" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.4" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.5" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.6" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.7" expl="VC for divmod_1" proved="true">
+ <proof prover="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.8" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.9" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.10" expl="VC for divmod_1" proved="true">
+ <proof prover="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.11" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_1.31.12" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.32" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_1.33" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC divmod_1.34" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.35" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC divmod_1.36" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_1.37" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.38" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC divmod_1.39" expl="assertion" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.40" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.40.0" expl="VC for divmod_1" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.40.1" expl="VC for divmod_1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC divmod_1.40.2" expl="VC for divmod_1" proved="true">
+ <proof prover="1" timelimit="10"><result status="valid" time="0.11"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.41" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.41.0" expl="VC for divmod_1" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.41.1" expl="VC for divmod_1" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.41.2" expl="VC for divmod_1" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="4.44"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.42" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_1.43" expl="integer overflow" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC divmod_1.44" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.45" expl="loop invariant preservation" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC divmod_1.46" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_1.47" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="4.18"/></proof>
+ </goal>
+ <goal name="VC divmod_1.48" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.48.0" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.49" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_1.50" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.51" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.08"/></proof>
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.52" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_1.53" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC divmod_1.54" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.55" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.56" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.57" expl="postcondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC divmod_1.57.0" expl="postcondition" proved="true">
+ <transf name="replace" proved="true" arg1="result" arg2="res">
+ <goal name="VC divmod_1.57.0.0" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.57.0.1" proved="true">
+ <proof prover="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.58" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_1.59" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.06" steps="46"/></proof>
+ </goal>
+ <goal name="VC divmod_1.60" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="21"/></proof>
+ </goal>
+ <goal name="VC divmod_1.61" expl="loop invariant init" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC divmod_1.62" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="51"/></proof>
+ </goal>
+ <goal name="VC divmod_1.63" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC divmod_1.64" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC divmod_1.65" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="61"/></proof>
+ </goal>
+ <goal name="VC divmod_1.66" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.66.0" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.67" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.68" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.69" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.70" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC divmod_1.71" expl="integer overflow" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC divmod_1.72" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC divmod_1.73" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC divmod_1.74" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_1.74.0" expl="VC for divmod_1" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_1.74.1" expl="VC for divmod_1" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_1.74.2" expl="VC for divmod_1" proved="true">
+ <proof prover="0"><result status="valid" time="2.92"/></proof>
+ </goal>
+ <goal name="VC divmod_1.74.3" expl="VC for divmod_1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC divmod_1.74.4" expl="VC for divmod_1" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC divmod_1.74.5" expl="VC for divmod_1" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC divmod_1.74.6" expl="VC for divmod_1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC divmod_1.74.7" expl="VC for divmod_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.74.8" expl="VC for divmod_1" proved="true">
+ <proof prover="0"><result status="valid" time="3.09"/></proof>
+ </goal>
+ <goal name="VC divmod_1.74.9" expl="VC for divmod_1" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_1.75" expl="loop variant decrease" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC divmod_1.76" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_1.77" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC divmod_1.78" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_1.79" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC divmod_1.80" expl="postcondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv" expl="VC for div3by2_inv" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.0" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="12"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.1" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="13"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.2" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.2.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.2.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.3" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.3.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.3.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.11"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.4" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.09"/></proof>
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.5.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.2" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.3" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.4" expl="VC for div3by2_inv" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div3by2_inv.5.4.0" expl="VC for div3by2_inv" proved="true">
+ <transf name="cut" proved="true" arg1="(v * (radix2 * uh) <= v * d)">
+ <goal name="VC div3by2_inv.5.4.0.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.4.0.1" proved="true">
+ <transf name="apply" proved="true" arg1="prod_compat_r">
+ <goal name="VC div3by2_inv.5.4.0.1.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.4.0.1.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.5.5" expl="VC for div3by2_inv" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="23"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.6" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.7" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.8" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.9" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.10" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.5.11" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.6" expl="assertion" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.02"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.12"/></proof>
+ <proof prover="2"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.7" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.8" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.9" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.09"/></proof>
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.10" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.10.0" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.09"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.11" expl="precondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.02"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.09"/></proof>
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.12" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.13" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.14" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.09"/></proof>
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.15" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="2.78"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.16.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.2" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.3" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.4" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.5" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.6" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.7" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.8" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.9" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.10" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.11" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.12" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.13" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.14" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.15" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.16" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.16.17" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.07"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.17" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.17.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.2" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.3" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.4" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.5" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.6" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.7" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.8" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.9" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.58"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.10" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.11" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.12" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.13" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.14" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.15" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.16" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.17" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.18" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.19" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.20" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.21" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.22" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.23" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.24" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.25" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.26" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.27" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.28" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.29" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.30" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.31" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.32" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.33" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.34" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.35" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.36" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.37" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.38" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="4.33"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.39" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.40" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.41" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.42" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.43" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.44" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.45" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.46" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.47" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.48" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.49" expl="VC for div3by2_inv" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div3by2_inv.17.49.0" expl="VC for div3by2_inv" proved="true">
+ <transf name="apply" proved="true" arg1="prod_compat_strict_r">
+ <goal name="VC div3by2_inv.17.49.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.49.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.17.50" expl="VC for div3by2_inv" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div3by2_inv.17.50.0" expl="VC for div3by2_inv" proved="true">
+ <transf name="apply" proved="true" arg1="prod_compat_r">
+ <goal name="VC div3by2_inv.17.50.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.50.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.17.51" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.52" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.53" expl="VC for div3by2_inv" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div3by2_inv.17.53.0" expl="VC for div3by2_inv" proved="true">
+ <transf name="apply" proved="true" arg1="prod_compat_strict_r">
+ <goal name="VC div3by2_inv.17.53.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.53.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.17.54" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="1.79"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.55" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.56" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.57" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="1.07"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.58" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.59" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.60" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.61" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="1.18"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.62" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="1.31"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.63" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.64" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="1.95"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.65" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.66" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.67" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.68" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.69" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.70" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.71" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.72" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.73" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.74" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.75" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.76" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.77" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.78" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.79" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.80" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.81" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.82" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.83" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.84" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.85" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.86" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.87" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.88" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.89" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.90" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.91" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.92" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="1.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.93" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.94" expl="VC for div3by2_inv" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div3by2_inv.17.94.0" expl="VC for div3by2_inv" proved="true">
+ <transf name="cut" proved="true" arg1="(k*dh <= d*dh)">
+ <goal name="VC div3by2_inv.17.94.0.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.94.0.1" proved="true">
+ <proof prover="0"><result status="valid" time="1.33"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.17.95" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.96" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.97" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.98" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.99" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.100" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.101" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.102" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.103" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.104" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.105" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.106" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.107" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.108" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.109" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.110" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.111" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.112" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.113" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.114" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.115" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.116" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.117" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.118" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.119" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.120" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.121" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.122" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.123" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.124" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.125" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.126" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.127" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.128" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.129" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.130" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.131" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.132" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.133" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.134" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.135" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.136" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.137" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.138" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.139" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.140" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.141" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.142" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.143" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.144" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.145" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.146" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.147" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.148" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.149" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.150" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.151" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.152" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.153" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.154" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.155" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.156" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.157" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.158" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.159" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.160" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.161" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.162" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.163" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.164" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.165" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.166" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.167" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.168" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.169" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.170" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.171" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.172" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.173" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.17.174" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.18" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.18.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.51"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.19" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.19.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.34"/></proof>
+ <proof prover="4"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.19.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.19.2" expl="VC for div3by2_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.19.3" expl="VC for div3by2_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.19.4" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.19.5" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.19.6" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.19.7" expl="VC for div3by2_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.19.8" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.19.9" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="1.45"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.20" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.20.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.2" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.3" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.4" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.5" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.6" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.7" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.8" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.9" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.10" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.11" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.12" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.13" expl="VC for div3by2_inv" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div3by2_inv.20.13.0" expl="VC for div3by2_inv" proved="true">
+ <transf name="cut" proved="true" arg1="(v * (radix2 * uh) <= v * d)">
+ <goal name="VC div3by2_inv.20.13.0.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.13.0.1" proved="true">
+ <transf name="apply" proved="true" arg1="prod_compat_r">
+ <goal name="VC div3by2_inv.20.13.0.1.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.20.13.0.1.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.21" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.09"/></proof>
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.22" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.22.0" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.67"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.22.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.23" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.23.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.23.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.23.2" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.23.3" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.23.4" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.23.5" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.23.6" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.24" expl="assertion" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="2.96"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.25" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.26" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.26.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.26.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.27" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.27.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.27.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.27.2" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.27.3" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="1.94"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.28" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.77"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.29" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.30" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.30.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.31" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.23"/></proof>
+ <proof prover="4"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.32" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.32.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.32.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.33" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.33.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.33.1" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.34" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.34.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.34.1" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.35" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.36" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.27"/></proof>
+ <proof prover="2"><result status="valid" time="1.20"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.37" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.38" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.38.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.38.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.39" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.40" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.41" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.41.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.41.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.26"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.42" expl="postcondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.24"/></proof>
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.43" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.43.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.43.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.44" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.44.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.44.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.44.2" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.44.3" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.44.4" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.94"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.44.5" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.45" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.45.0" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.46" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.46.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.46.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.47" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.48" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.49" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.50.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.2" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.3" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.4" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.5" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.6" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.7" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.8" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.9" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.10" expl="VC for div3by2_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.11" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.50.12" expl="VC for div3by2_inv" proved="true">
+ <proof prover="1"><result status="valid" time="0.34"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.51" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="1.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.52" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.52.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="0"><result status="valid" time="0.48"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.52.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.52.2" expl="VC for div3by2_inv" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div3by2_inv.53" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="4.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.54" expl="postcondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.13"/></proof>
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.55" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.56" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.57" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.58" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div3by2_inv.58.0" expl="VC for div3by2_inv" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div3by2_inv.58.1" expl="VC for div3by2_inv" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC bounds_imply_rec3by2" expl="VC for bounds_imply_rec3by2" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="12"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2" expl="VC for reciprocal_word_3by2" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.0" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.0.0" expl="integer overflow" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.09"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.1" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.1.0" expl="precondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.03"/></proof>
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="9"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.2" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC reciprocal_word_3by2.2.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.2.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="87"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.2.2" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="53"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.3" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.3.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.06" steps="13"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.3.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="72"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.3.2" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="13"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.3.3" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="20"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.3.4" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="16"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.3.5" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="16"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.3.6" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.4" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="17"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.5" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.26"/></proof>
+ <proof prover="2"><result status="valid" time="0.89"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.6" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.7" expl="assertion" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.02"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.08"/></proof>
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.8" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.9" expl="integer overflow" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.10" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.11" expl="integer overflow" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.12" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.13" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.13.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="1.13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.14" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.14.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="1"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.14.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="2"><result status="valid" time="0.11"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.15" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.15.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.15.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="34"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.16" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.16.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.17" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.17.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.17.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.32" steps="42"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.17.2" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.26" steps="43"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.17.3" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.35" steps="44"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.17.4" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.17.5" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.22" steps="46"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.18" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.18.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.18.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.18.2" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.21"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.19" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.19.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.19.1" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.20" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.45"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.21" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.21.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.68" steps="47"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.21.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.21.2" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.21.3" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.21.4" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.21.5" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.21.6" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.21.7" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.22" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.23" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.23.0" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.35"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.23.1" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.29"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.24" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.25" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.26" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.37"/></proof>
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.27" expl="integer overflow" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.28" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.29" expl="postcondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.07"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.67" steps="49"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.30" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.62"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.31" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.31.0" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.18" steps="41"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.32" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.33" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.34" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.34.0" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.35" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.36" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.37" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.37.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.38" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.38.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.38.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="37"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.38.2" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.13" steps="38"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.38.3" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="39"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.38.4" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.38.5" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="41"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.39" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.39.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.39.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.39.2" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.40" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.40.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ <proof prover="4"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.40.1" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.41" expl="integer overflow" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.53"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.47"/></proof>
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.42" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.42.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.20" steps="42"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.42.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.42.2" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.42.3" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.42.4" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.42.5" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.42.6" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.42.7" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.43" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.44" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.45" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.46" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.47" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.47.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.47.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.48" expl="integer overflow" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.49" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.49.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.49.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.50" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.50.0" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.12" steps="40"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.50.1" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.51" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.52" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.52.0" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.53" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.35"/></proof>
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.54" expl="assertion" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.07" steps="22"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.55" expl="assertion" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="24"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.56" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.56.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.56.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="26"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.56.2" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="27"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.56.3" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="28"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.56.4" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="28"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.56.5" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="30"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.57" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.58" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.58.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.58.1" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.59" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.59.0" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.10" steps="32"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.59.1" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.60" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.60.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="31"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.60.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.60.2" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.60.3" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.60.4" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.60.5" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.60.6" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.60.7" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.61" expl="assertion" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="2.30" steps="38"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.62" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.62.0" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.62.0.0" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.29"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.62.1" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.62.1.0" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.63" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC reciprocal_word_3by2.63.0" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.63.1" expl="VC for reciprocal_word_3by2" proved="true">
+ <proof prover="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.64" expl="postcondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.07"/></proof>
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.65" expl="assertion" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.28"/></proof>
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.66" expl="integer overflow" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.67" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.68" expl="postcondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.02"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.69" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC reciprocal_word_3by2.70" expl="postcondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub3" expl="VC for sub3" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub3.0" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.02" steps="8"/></proof>
+ </goal>
+ <goal name="VC sub3.1" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.02" steps="8"/></proof>
+ </goal>
+ <goal name="VC sub3.2" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="11"/></proof>
+ </goal>
+ <goal name="VC sub3.3" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="15"/></proof>
+ </goal>
+ <goal name="VC sub3.4" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb" expl="VC for submul_limb" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.0" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.0.0" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.02" steps="20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.1" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.09" steps="21"/></proof>
+ </goal>
+ <goal name="VC submul_limb.2" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.06" steps="12"/></proof>
+ </goal>
+ <goal name="VC submul_limb.3" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="73"/></proof>
+ </goal>
+ <goal name="VC submul_limb.4" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.5" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.6" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.02" steps="30"/></proof>
+ </goal>
+ <goal name="VC submul_limb.7" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.7.0" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC submul_limb.7.1" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.8" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="46"/></proof>
+ </goal>
+ <goal name="VC submul_limb.9" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.9.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.00"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.10" expl="precondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.74"/></proof>
+ </goal>
+ <goal name="VC submul_limb.11" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.11.0" expl="VC for submul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC submul_limb.11.1" expl="VC for submul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.12" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC submul_limb.13" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.13.0" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC submul_limb.13.1" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.52"/></proof>
+ </goal>
+ <goal name="VC submul_limb.13.2" expl="VC for submul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.14" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.50"/></proof>
+ </goal>
+ <goal name="VC submul_limb.15" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.15.0" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC submul_limb.15.1" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC submul_limb.15.2" expl="VC for submul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC submul_limb.15.3" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC submul_limb.15.4" expl="VC for submul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC submul_limb.15.5" expl="VC for submul_limb" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC submul_limb.15.6" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC submul_limb.15.7" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.16" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC submul_limb.17" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.17.0" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC submul_limb.17.1" expl="VC for submul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.18" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC submul_limb.19" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.19.0" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.20" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC submul_limb.21" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.21.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.22" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.22.0" expl="VC for submul_limb" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="6.36"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.1" expl="VC for submul_limb" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.2" expl="VC for submul_limb" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.3" expl="VC for submul_limb" proved="true">
+ <proof prover="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.4" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.5" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.6" expl="VC for submul_limb" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.7" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.8" expl="VC for submul_limb" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.9" expl="VC for submul_limb" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC submul_limb.22.9.0" expl="VC for submul_limb" proved="true">
+ <transf name="cut" proved="true" arg1="(value r1 i = value r1 k + power radix2 k * lr)">
+ <goal name="VC submul_limb.22.9.0.0" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.9.0.1" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.22.10" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.11" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.12" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.13" expl="VC for submul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.14" expl="VC for submul_limb" proved="true">
+ <proof prover="0"><result status="valid" time="0.52"/></proof>
+ </goal>
+ <goal name="VC submul_limb.22.15" expl="VC for submul_limb" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.23" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC submul_limb.24" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.24.0" expl="VC for submul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC submul_limb.24.1" expl="VC for submul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.25" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.25.0" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.26" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.54"/></proof>
+ </goal>
+ <goal name="VC submul_limb.27" expl="loop invariant preservation" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC submul_limb.28" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.28.0" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC submul_limb.29" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC submul_limb.29.0" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="44"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr" expl="VC for div_sb_qr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.0" expl="integer overflow" proved="true">
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.1" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.2" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.2.0" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="35"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.3" expl="integer overflow" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.3.0" expl="integer overflow" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.3.0.0" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.4" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.4.0" expl="integer overflow" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.4.0.0" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.5" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.02" steps="39"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.6" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.10"/></proof>
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.7" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.8" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="46"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.9" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.06" steps="55"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.10" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.11" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="36"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.12" expl="integer overflow" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.12.0" expl="integer overflow" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.12.0.0" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.12.0.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.12.0.0.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.13" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.14" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.15" expl="integer overflow" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.16" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.16.0" expl="integer overflow" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.16.0.0" expl="integer overflow" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.16.0.0.0" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.17" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.17"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.12"/></proof>
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.18" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.18.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.18.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.18.0.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.18.0.0.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.18.0.0.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.18.0.0.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.18.0.0.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.18.0.0.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.19" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.20" expl="assertion" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC div_sb_qr.20.0" expl="assertion" proved="true">
+ <proof prover="1" timelimit="55"><result status="valid" time="0.29"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.21" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.22" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.23" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="54"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.24" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.25" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.25.0" expl="assertion" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.25.0.0" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="1.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.26" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.26.0" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="74"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.26.1" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="51"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.27" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="74"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.28" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.29" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.53"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.30" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.30.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.30.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.30.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.30.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="127"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.30.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="120"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.30.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="79"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.30.5" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.30.5.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.30.5.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.30.6" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.30.6.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.30.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.30.8" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.30.8.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.30.8.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="120"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.30.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.66" steps="85"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.31" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.31.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.31.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.32" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.32.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.04" steps="79"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.32.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.04" steps="120"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.32.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.32.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.03" steps="81"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.33" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.34.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="1.62"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.60" steps="150"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.34.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.35" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.36" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.37" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.37.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.37.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.38" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.38.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.38.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.38.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="189"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.38.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="54"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.39" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.39.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.39.0.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.39.0.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="97"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.39.1" expl="VC for div_sb_qr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.39.1.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.39.1.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.40" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.40.0" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.40.1" expl="precondition" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC div_sb_qr.40.1.0" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.41" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.42" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.43" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ <proof prover="4"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.44.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="106"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.92"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.74"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="95"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="3.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="3.17"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.47"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.44.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.45" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.46" expl="precondition" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC div_sb_qr.46.0" expl="precondition" proved="true">
+ <proof prover="1" timelimit="20"><result status="valid" time="0.13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.47" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.48" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.48.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.48.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.48.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="57"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.48.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.48.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.20" steps="108"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.48.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.49" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.49.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.49.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.49.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="102"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.49.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.49.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.49.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="1.39"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.49.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.20" steps="62"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.49.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.12" steps="64"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.49.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.13" steps="65"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.50" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.51" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="58"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.52" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.53" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.54" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="64"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.55" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.55.0" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.55.1" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="67"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.56" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.56.0" expl="loop invariant init" proved="true">
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.56.1" expl="loop invariant init" proved="true">
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.57" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.58" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.59" expl="loop invariant init" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.60" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.61" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.62" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.63" expl="loop invariant init" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.64" expl="loop invariant init" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.65" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.65.0" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.02" steps="72"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.65.1" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.66" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.66.0" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.66.1" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="72"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.67" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.67.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.67.1" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.09"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.68" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.69" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.70" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.71" expl="integer overflow" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.72" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.73" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.29" steps="110"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.74" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.95"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.75" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.75.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.75.1" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.07"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.76" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.77" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.77.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.77.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="4.66"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.77.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.94"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.77.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.98"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.77.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.78" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.79.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="1.18" steps="122"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.41"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.79.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.80" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.80.0" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.80.1" expl="assertion" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.26" steps="109"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.81" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.82" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.82.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.82.0.0" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.82.0.0.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.82.0.0.0.0" expl="precondition" proved="true">
+ <transf name="split_all_full" proved="true" >
+ <goal name="VC div_sb_qr.82.0.0.0.0.0" expl="precondition" proved="true">
+ <proof prover="3" timelimit="10" memlimit="4000"><result status="valid" time="6.84"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.83" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.83.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.83.0.0" expl="precondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.25"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.84" expl="precondition" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC div_sb_qr.84.0" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.84.1" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.85" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.85.0" expl="assertion" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.64"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.85.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.85.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.85.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.85.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.86" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="2.15"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.87" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="2.52" steps="178"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.88" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.89" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.89.0" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.89.0.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.89.0.0.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.89.1" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.89.1.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.89.1.1" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.90" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.90.0" expl="assertion" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.90.0.0" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.90.0.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="4" timelimit="30" memlimit="2000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.6" expl="VC for div_sb_qr" proved="true">
+ <transf name="cut" proved="true" arg1="(plength xd = plength x)">
+ <goal name="VC div_sb_qr.90.0.0.6.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.6.1" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.90.0.0.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.91" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.91.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.18" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.19" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.20" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.21" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.22" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.23" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.76"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.24" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.25" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.26" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.27" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.28" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.29" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.30" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.31" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.32" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.91.33" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.09"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.92" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.93" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.45"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.94" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.94.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.94.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.19"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.95" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.95.0" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.95.1" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.96" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.97" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.97.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.97.1" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC div_sb_qr.97.1.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="1.46"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.98" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.98.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.98.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.98.1" expl="VC for div_sb_qr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.98.1.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.98.1.0.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.98.1.0.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.60"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.98.1.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.15"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.98.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.99" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.100" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.100.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.100.1" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.11"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.101" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.101.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.52"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.64"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.101.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.36"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.102" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.102.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.46"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.6" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.102.6.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.102.6.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.102.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="2.57"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.18" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.19" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.20" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.21" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.22" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="1.19"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.23" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.24" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.25" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.26" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.27" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.28" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.29" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.30" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.31" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.32" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.33" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.34" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="1.16"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="3.90"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.35" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.44"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="3.86"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.36" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.45"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.37" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.38" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.53"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.39" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.40" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.41" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.42" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.43" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.44" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.45" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.46" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.47" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.48" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.102.49" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.35"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.103" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.103.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.18" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.19" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.103.20" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.104" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.104.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.104.0.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.104.0.1" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.104.1" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.105" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.106.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="1.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.74"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.4" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.106.4.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1" timelimit="15"><result status="valid" time="0.42"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.106.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.6" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC div_sb_qr.106.6.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.22"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.106.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="1.32"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.106.18" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC div_sb_qr.106.18.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.31"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.107" expl="loop variant decrease" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.107.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.107.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.108" expl="loop invariant preservation" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.38"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.109" expl="loop invariant preservation" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.110" expl="loop invariant preservation" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.49"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.111" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.77"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.112" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.113" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.114" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.70"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.115" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.116" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.117" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.117.0" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.117.1" expl="loop invariant preservation" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.117.1.0" expl="loop invariant preservation" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.117.1.0.0" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.118" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.82"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.119" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.120" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.35"/></proof>
+ <proof prover="4"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.121" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.122" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.122.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.28" steps="107"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.122.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.122.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.39" steps="152"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.122.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.41" steps="158"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.122.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.123" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="1.83"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.124" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.20"/></proof>
+ <proof prover="4"><result status="valid" time="1.76"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.125" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.126" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.126.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.126.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.127" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.127.0" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.127.1" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.128" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.128.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.128.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.37" steps="112"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.128.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.40" steps="113"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.128.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.128.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.45" steps="155"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.128.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.44" steps="155"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.128.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.38" steps="114"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.128.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.44" steps="162"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.128.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.128.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.15"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.129" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.130" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.130.0" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.130.1" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.131" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.132" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.26" steps="109"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.133" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.133.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.133.0.0" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.134" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.134.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.134.0.0" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.134.0.0.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.134.0.0.0.0" expl="precondition" proved="true">
+ <transf name="split_all_full" proved="true" >
+ <goal name="VC div_sb_qr.134.0.0.0.0.0" expl="precondition" proved="true">
+ <proof prover="3" timelimit="10" memlimit="4000"><result status="valid" time="4.36"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.135" expl="integer overflow" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.136" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.136.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.136.0.0" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.26"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.137" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.138" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.138.0" expl="assertion" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.92"/></proof>
+ <proof prover="3" timelimit="5" memlimit="2000"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.138.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.138.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.138.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.138.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.139" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="2.63"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.140" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.141" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.142" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.143" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.144" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.145" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.146" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.146.0" expl="precondition" proved="true">
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.146.1" expl="precondition" proved="true">
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.147" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.50"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.148" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.148.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.148.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.148.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.149" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.25"/></proof>
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.150" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.151" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.152" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.152.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.152.1" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.152.1.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.152.1.0.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.153" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.153.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.153.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.153.2" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.153.2.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.153.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="3.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.153.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.153.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.154" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.154.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.154.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.154.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.35"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.155" expl="assertion" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.66"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.156" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.157.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.EqPropMP">
+ <goal name="VC div_sb_qr.157.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC div_sb_qr.157.0.0.0" expl="assertion" proved="true">
+ <transf name="apply" proved="true" arg1="HR">
+ <goal name="VC div_sb_qr.157.0.0.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.3" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.4" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.5" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.6" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.7" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.8" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.9" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.10" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.11" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.12" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.13" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.14" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.15" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.16" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.17" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.18" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.19" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.20" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.21" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.22" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.23" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.24" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.25" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.26" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.27" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.28" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.29" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.30" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.31" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.32" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.33" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.34" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.35" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.36" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.37" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.38" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.39" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.40" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.41" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.42" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.43" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.44" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.45" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.46" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.47" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.48" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.49" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.50" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.51" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.52" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.53" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.54" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.55" proved="true">
+ <proof prover="3"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.56" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.57" proved="true">
+ <proof prover="3"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.58" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.59" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.60" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.61" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.62" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.63" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.64" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.65" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.66" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.67" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.68" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.69" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.70" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.71" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.72" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.73" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.74" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.75" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.76" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.77" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.78" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.79" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.80" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.81" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.82" proved="true">
+ <proof prover="3"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.83" proved="true">
+ <proof prover="3"><result status="valid" time="0.38"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.84" proved="true">
+ <proof prover="3"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.85" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.86" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.87" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.88" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.89" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.90" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.91" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.92" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.93" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.94" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.95" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.96" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.97" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.98" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.99" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.100" proved="true">
+ <proof prover="3"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.101" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.102" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.103" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.104" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.105" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.106" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.107" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.108" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.109" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.110" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.111" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.112" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.113" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.114" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.115" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.116" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.117" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.118" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.119" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.120" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.121" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.122" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.123" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.124" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.125" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.126" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.127" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.128" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.129" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.130" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.131" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.132" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.133" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.134" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.135" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.136" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.137" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.138" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.139" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.140" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.141" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.142" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.143" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.144" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.145" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.146" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.147" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.148" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.149" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.150" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.151" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.152" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.153" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.154" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.155" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.156" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.157" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.158" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.159" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.160" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.161" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.162" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.163" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.164" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.165" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.166" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.167" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.168" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.169" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.170" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.171" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.172" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.173" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.174" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.175" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.176" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.177" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.178" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.0.179" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.38"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.157.0.0.2" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.46"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.158" expl="assertion" proved="true">
+ <proof prover="1" timelimit="10"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.159" expl="postcondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.159.0" expl="postcondition" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC div_sb_qr.159.0.0" expl="postcondition" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC div_sb_qr.159.0.0.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="3.50"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.159.0.0.1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.159.0.0.2" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.39"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.160" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.36"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.161" expl="assertion" proved="true">
+ <proof prover="1" timelimit="10"><result status="valid" time="4.99"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.162.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.7" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.162.7.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="split_all_full" proved="true" >
+ <goal name="VC div_sb_qr.162.7.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="10" memlimit="4000"><result status="valid" time="3.45"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.162.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.43"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.38"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.13" expl="VC for div_sb_qr" proved="true">
+ <transf name="replace" proved="true" arg1="(power radix2 2)" arg2="(radix2 * radix2)">
+ <goal name="VC div_sb_qr.162.13.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="4.43"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.162.13.1" proved="true">
+ <proof prover="3" timelimit="5" memlimit="2000"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.163" expl="postcondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.163.0" expl="postcondition" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC div_sb_qr.163.0.0" expl="postcondition" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC div_sb_qr.163.0.0.0" expl="postcondition" proved="true">
+ <transf name="apply" proved="true" arg1="HR">
+ <goal name="VC div_sb_qr.163.0.0.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.3" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.4" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.5" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.6" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.7" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.8" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.9" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.10" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.11" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.12" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.13" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.14" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.15" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.16" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.17" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.18" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.19" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.20" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.21" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.22" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.23" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.24" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.25" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.26" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.27" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.28" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.29" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.30" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.31" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.32" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.33" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.34" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.35" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.36" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.37" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.38" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.39" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.40" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.41" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.42" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.43" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.44" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.45" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.46" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.47" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.48" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.49" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.50" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.51" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.52" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.53" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.54" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.55" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.56" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.57" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.58" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.59" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.60" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.61" proved="true">
+ <proof prover="3"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.62" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.63" proved="true">
+ <proof prover="3"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.64" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.65" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.66" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.67" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.68" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.69" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.70" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.71" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.72" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.73" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.74" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.75" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.76" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.77" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.78" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.79" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.80" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.81" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.82" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.83" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.84" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.85" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.86" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.87" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.88" proved="true">
+ <proof prover="3"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.89" proved="true">
+ <proof prover="3"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.90" proved="true">
+ <proof prover="3"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.91" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.92" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.93" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.94" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.95" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.96" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.97" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.98" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.99" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.100" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.101" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.102" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.103" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.104" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.105" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.106" proved="true">
+ <proof prover="3"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.107" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.108" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.109" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.110" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.111" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.112" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.113" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.114" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.115" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.116" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.117" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.118" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.119" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.120" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.121" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.122" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.123" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.124" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.125" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.126" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.127" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.128" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.129" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.130" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.131" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.132" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.133" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.134" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.135" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.136" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.137" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.138" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.139" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.140" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.141" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.142" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.143" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.144" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.145" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.146" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.147" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.148" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.149" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.150" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.151" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.152" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.153" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.154" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.155" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.156" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.157" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.158" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.159" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.160" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.161" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.162" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.163" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.164" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.165" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.166" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.167" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.168" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.169" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.170" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.171" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.172" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.173" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.174" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.175" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.176" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.177" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.178" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.179" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.180" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.181" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.182" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.183" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.184" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.0.185" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.163.0.0.2" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.46"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.164" expl="postcondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.165" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.165.0" expl="assertion" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC div_sb_qr.165.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ <proof prover="1"><result status="valid" time="0.21"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.165.1" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.166" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.167" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.38"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.168.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.4" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.168.4.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="apply" proved="true" arg1="prod_compat_r">
+ <goal name="VC div_sb_qr.168.4.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.4.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.168.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.10" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.168.10.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.168.10.0.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="unfold" proved="true" arg1="value">
+ <goal name="VC div_sb_qr.168.10.0.0.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="apply" proved="true" arg1="value_sub_lower_bound">
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.168.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.12" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.168.12.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.168.12.0.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="cut" proved="true" arg1="(0 <= x12 /\ 0 <= power radix2 sy)">
+ <goal name="VC div_sb_qr.168.12.0.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.65"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.12.0.0.1" proved="true">
+ <proof prover="3" timelimit="5" memlimit="2000"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.168.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="4.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.74"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.168.18" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.58"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.169" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.169.0" expl="postcondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.169.1" expl="postcondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.30"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.170" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.171" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.172" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.172.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC div_sb_qr.172.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.32"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.172.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.172.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="2.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.172.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="2.31"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.172.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.19"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.173" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.174.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.92"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="3.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.18" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.19" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="3.89"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.20" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.21" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.22" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.23" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.24" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.25" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.26" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.27" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.28" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.91"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.29" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.174.30" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.175" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.176" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.176.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.176.1" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.176.2" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.176.3" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.176.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.176.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.176.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.29"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.177" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="3.62"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.178" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.179" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.52"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.180" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.180.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.180.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.181" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="5.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.182" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.182.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.182.0.0" expl="precondition" proved="true">
+ <proof prover="2" timelimit="20" memlimit="1500"><result status="valid" time="0.28"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.183" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.183.0" expl="assertion" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.183.0.0" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.26"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.184" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="4.72"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.185" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.186" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.187" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.188" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.188.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.188.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="4.36"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.188.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.188.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.68"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.188.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.188.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.64"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.188.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.188.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.38"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.189" expl="assertion" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.76"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.190" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.191.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.1" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.191.1.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.07"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.191.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.6" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.191.6.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="cut" proved="true" arg1="((power radix2 (int32'int sy - 1) * (uint64'int x1 + radix2 * c'))=(power radix2 (int32'int sy - 1) * uint64'int x1) + (power radix2 (int32'int sy) * c'))">
+ <goal name="VC div_sb_qr.191.6.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3" timelimit="5" memlimit="2000"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.6.0.1" proved="true">
+ <proof prover="1"><result status="valid" time="0.53"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.191.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.53"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="6.70"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="1.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.191.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.34"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.192" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.192.0" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.192.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.30"/></proof>
+ <proof prover="4"><result status="valid" time="0.12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.193" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.193.0" expl="integer overflow" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.60"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.193.1" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.193.1.0" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.193.1.1" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.194" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.194.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.194.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.194.2" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.194.2.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="replace" proved="true" arg1="(uint64'int ql1)" arg2="(uint64'int ql+1)">
+ <goal name="VC div_sb_qr.194.2.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.194.2.0.1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.07"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.194.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.194.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.195" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.195.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2"><result status="valid" time="0.91"/></proof>
+ <proof prover="4"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.195.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2"><result status="valid" time="0.70"/></proof>
+ <proof prover="4"><result status="valid" time="0.33"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.196" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.197" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.197.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.197.1" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.198" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.83"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.199" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.199.0" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.199.1" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.200" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.200.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.50"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.200.1" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.201" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.202.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.86"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.87"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.92"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.3" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.202.3.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.202.3.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.38"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.202.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.49"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.64"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="3.77"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.61"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.18" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.19" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.20" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.41"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.21" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.22" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.23" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.24" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.47"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.25" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.26" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.27" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.50"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.28" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.52"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.29" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="4.67"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.30" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.31" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.32" expl="VC for div_sb_qr" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.202.32.0" expl="VC for div_sb_qr" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.202.32.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.30"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.202.33" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.34" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.57"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.35" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.36" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.37" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.38" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.58"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.39" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.40" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.41" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.42" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.43" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.44" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.66"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.45" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="1.14"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="7.18"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.46" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.43"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="7.50"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.47" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.48" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.49" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.50" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.48"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.51" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.52" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.53" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.54" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.202.55" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.74"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.203" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.203.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.96"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="1.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.203.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.11"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.204" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.204.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="1.56"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.84"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="1.29"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.204.18" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.205" expl="loop variant decrease" proved="true">
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.206" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.57"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.207" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.48"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.208" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="1.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.209" expl="loop invariant preservation" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.209.0" expl="loop invariant preservation" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.209.0.0" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.11"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.210" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.211" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.212" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.80"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.213" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.214" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.215" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.76"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.216" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.82"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.217" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.218" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.218.0" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.45"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.218.1" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.42"/></proof>
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.219" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.219.0" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.219.1" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.220" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.220.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.220.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.22"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.221" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.222" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.222.0" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.222.1" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.222.1.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.222.1.0.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.223" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.53"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.224" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.225" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.225.0" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.225.0.0" expl="assertion" proved="true">
+ <transf name="replace" proved="true" arg1="(value qp ((int32'int sx - int32'int sy) - int32'int i))" arg2="(uint64'int ql+ radix2 *value_sub (pelts q) (offset qp + 1) (((offset qp + int32'int sx) - int32'int sy) - int32'int i))">
+ <goal name="VC div_sb_qr.225.0.0.0" expl="assertion" proved="true">
+ <proof prover="3" timelimit="5" memlimit="2000"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.225.0.0.1" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.225.1" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.225.1.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="1.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.226" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.226.0" expl="assertion" proved="true">
+ <transf name="replace" proved="true" arg1="(value_sub (pelts q) (offset qp + 1) (((offset qp + int32'int sx) - int32'int sy) - int32'int i))" arg2="(value qp2 ((int32'int sx - int32'int sy) - int32'int i1))">
+ <goal name="VC div_sb_qr.226.0.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.226.0.1" proved="true">
+ <proof prover="0"><result status="valid" time="0.51"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.227" expl="integer overflow" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.68"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.228" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.229" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.229.0" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.229.1" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.28"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.230" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.230.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.20"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.230.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.31"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.231" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.232" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.233" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.233.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.233.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.233.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.233.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.233.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.233.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="1.58"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.233.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.233.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.55"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.234" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.234.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.234.1" expl="assertion" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.235" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.235.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.235.1" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.236" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.237" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.237.0" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.237.1" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.237.1.0" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.42"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.238" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.238.0" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.238.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.238.1" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.238.1.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="3.15"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.239" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.239.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.EqPropMP">
+ <goal name="VC div_sb_qr.239.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="prop_mp_decision">
+ <goal name="VC div_sb_qr.239.0.0.0" expl="assertion" proved="true">
+ <transf name="apply" proved="true" arg1="HR">
+ <goal name="VC div_sb_qr.239.0.0.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.3" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.4" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.5" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.6" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.7" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.8" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.9" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.10" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.11" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.12" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.13" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.14" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.15" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.16" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.17" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.18" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.19" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.20" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.21" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.22" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.23" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.24" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.25" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.26" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.27" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.28" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.29" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.30" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.31" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.32" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.33" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.34" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.35" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.36" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.37" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.38" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.39" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.40" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.41" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.42" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.43" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.44" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.45" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.46" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.47" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.48" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.49" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.50" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.51" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.52" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.53" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.54" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.55" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.56" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.57" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.58" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.59" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.60" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.61" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.62" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.63" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.64" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.65" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.66" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.67" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.68" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.69" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.70" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.71" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.72" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.73" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.74" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.75" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.76" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.77" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.78" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.79" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.80" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.81" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.82" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.83" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.84" proved="true">
+ <proof prover="3"><result status="valid" time="0.38"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.85" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.86" proved="true">
+ <proof prover="3"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.87" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.88" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.89" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.90" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.91" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.92" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.93" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.94" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.95" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.96" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.97" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.98" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.99" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.100" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.101" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.102" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.103" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.104" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.105" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.106" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.107" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.108" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.109" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.110" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.111" proved="true">
+ <proof prover="3"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.112" proved="true">
+ <proof prover="3"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.113" proved="true">
+ <proof prover="3"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.114" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.115" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.116" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.117" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.118" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.119" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.120" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.121" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.122" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.123" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.124" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.125" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.126" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.127" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.128" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.129" proved="true">
+ <proof prover="3"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.130" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.131" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.132" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.133" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.134" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.135" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.136" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.137" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.138" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.139" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.140" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.141" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.142" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.143" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.144" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.145" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.146" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.147" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.148" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.149" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.150" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.151" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.152" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.153" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.154" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.155" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.156" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.157" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.158" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.159" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.160" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.161" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.162" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.163" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.164" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.165" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.166" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.167" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.168" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.169" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.170" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.171" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.172" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.173" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.174" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.175" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.176" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.177" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.178" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.179" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.180" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.181" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.182" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.183" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.184" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.185" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.186" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.187" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.188" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.189" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.190" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.191" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.192" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.193" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.194" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.195" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.196" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.197" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.198" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.199" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.200" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.201" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.202" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.203" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.204" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.205" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.206" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.207" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.0.208" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.2" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.50"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.239.0.0.3" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.50"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.240" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.241" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.35"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.242" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_sb_qr.242.0" expl="assertion" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_sb_qr.242.0.0" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.242.0.0.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.242.0.0.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.242.0.0.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.242.0.0.3" expl="VC for div_sb_qr" proved="true">
+ <transf name="cut" proved="true" arg1="(value y (sy - 1) = vly + (power radix2 (sy-2) * dl))">
+ <goal name="VC div_sb_qr.242.0.0.3.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3" timelimit="5" memlimit="2000"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.242.0.0.3.1" proved="true">
+ <transf name="replace" proved="true" arg1="(sy - 1)" arg2="((sy - 2) + 1)">
+ <goal name="VC div_sb_qr.242.0.0.3.1.0" proved="true">
+ <transf name="unfold" proved="true" arg1="vly">
+ <goal name="VC div_sb_qr.242.0.0.3.1.0.0" proved="true">
+ <transf name="unfold" proved="true" arg1="value">
+ <goal name="VC div_sb_qr.242.0.0.3.1.0.0.0" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.242.0.0.3.1.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.242.0.0.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.243" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.243.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.37"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.54"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="1.33"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.37"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.18" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.19" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.20" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.21" expl="VC for div_sb_qr" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="7.58"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.22" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.23" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.35"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.24" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.25" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.26" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.27" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.28" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.29" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.30" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.31" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.32" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.33" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.34" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.35" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.243.36" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.15"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.244" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.245" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.56"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.246.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="1.37"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.6" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.7" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.8" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.9" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.10" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.11" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.12" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.13" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.14" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.15" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.16" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.17" expl="VC for div_sb_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.97"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.246.18" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.247" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.248" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.51"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.249" expl="loop invariant preservation" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.250" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.250.0" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.38"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.250.1" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.77"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.251" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.71"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.252" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.253" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.254" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.96"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.255" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.256" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.257" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.257.0" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.60"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.257.1" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.70"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.258" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.258.0" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.41"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.258.1" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.77"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.259" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.259.0" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.259.1" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.08"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.58"/></proof>
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.260" expl="loop invariant preservation" proved="true">
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.261" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.261.0" expl="loop invariant preservation" proved="true">
+ <proof prover="1"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.261.1" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.262" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.263" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.264" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.265" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.266" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.267" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.267.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.67" steps="157"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.267.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="5.54"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.268" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.268.0" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.268.1" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.269" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.269.0" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.59" steps="157"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.269.1" expl="VC for div_sb_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.269.2" expl="VC for div_sb_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.35" steps="108"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.269.3" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.269.4" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="1.15"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.269.5" expl="VC for div_sb_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.270" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.270.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.270.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.271" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_sb_qr.271.0" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.51" steps="157"/></proof>
+ </goal>
+ <goal name="VC div_sb_qr.271.1" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.23" steps="157"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_sb_qr.272" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.13"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2" expl="VC for divmod_2" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.0" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.06" steps="31"/></proof>
+ </goal>
+ <goal name="VC divmod_2.1" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="32"/></proof>
+ </goal>
+ <goal name="VC divmod_2.2" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.2.0" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.3" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_2.4" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_2.5" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_2.6" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.01" steps="36"/></proof>
+ </goal>
+ <goal name="VC divmod_2.7" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.06" steps="43"/></proof>
+ </goal>
+ <goal name="VC divmod_2.8" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC divmod_2.9" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC divmod_2.10" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.10.0" expl="VC for divmod_2" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.13"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ <proof prover="2"><result status="valid" time="0.15"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_2.10.1" expl="VC for divmod_2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.11" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC divmod_2.12" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_2.13" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.46"/></proof>
+ </goal>
+ <goal name="VC divmod_2.14" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_2.15" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_2.16" expl="assertion" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.16" steps="292"/></proof>
+ </goal>
+ <goal name="VC divmod_2.17" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC divmod_2.18" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_2.19" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC divmod_2.20" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.20.0" expl="VC for divmod_2" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_2.20.1" expl="VC for divmod_2" proved="true">
+ <proof prover="5"><result status="valid" time="0.18" steps="82"/></proof>
+ </goal>
+ <goal name="VC divmod_2.20.2" expl="VC for divmod_2" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="43"/></proof>
+ </goal>
+ <goal name="VC divmod_2.20.3" expl="VC for divmod_2" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="43"/></proof>
+ </goal>
+ <goal name="VC divmod_2.20.4" expl="VC for divmod_2" proved="true">
+ <proof prover="5"><result status="valid" time="0.26" steps="83"/></proof>
+ </goal>
+ <goal name="VC divmod_2.20.5" expl="VC for divmod_2" proved="true">
+ <proof prover="5"><result status="valid" time="0.23" steps="82"/></proof>
+ </goal>
+ <goal name="VC divmod_2.20.6" expl="VC for divmod_2" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.21" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_2.22" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC divmod_2.23" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_2.24" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC divmod_2.25" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_2.26" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="81"/></proof>
+ </goal>
+ <goal name="VC divmod_2.27" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC divmod_2.28" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_2.29" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="28"/></proof>
+ </goal>
+ <goal name="VC divmod_2.30" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC divmod_2.31" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.31.0" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_2.31.1" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.32" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_2.33" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_2.34" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.34.0" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_2.34.1" expl="loop invariant init" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.35" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.44" steps="135"/></proof>
+ </goal>
+ <goal name="VC divmod_2.36" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_2.37" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC divmod_2.38" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="71"/></proof>
+ </goal>
+ <goal name="VC divmod_2.39" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_2.40" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.40.0" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC divmod_2.40.0.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC divmod_2.40.0.0.0" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="1.38"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.40.1" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.40.1.0" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_2.40.1.1" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.41" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_2.42" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC divmod_2.43" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC divmod_2.44" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_2.45" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_2.46" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.47.0" expl="VC for divmod_2" proved="true">
+ <proof prover="0"><result status="valid" time="1.96"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.1" expl="VC for divmod_2" proved="true">
+ <proof prover="1"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.2" expl="VC for divmod_2" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.94"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.3" expl="VC for divmod_2" proved="true">
+ <proof prover="0"><result status="valid" time="4.48"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.4" expl="VC for divmod_2" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="1.07"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.5" expl="VC for divmod_2" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.6" expl="VC for divmod_2" proved="true">
+ <proof prover="1"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.7" expl="VC for divmod_2" proved="true">
+ <proof prover="0"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.8" expl="VC for divmod_2" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.9" expl="VC for divmod_2" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC divmod_2.47.9.0" expl="VC for divmod_2" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC divmod_2.47.9.0.0" expl="VC for divmod_2" proved="true">
+ <proof prover="1"><result status="valid" time="0.20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.47.10" expl="VC for divmod_2" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.11" expl="VC for divmod_2" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC divmod_2.47.11.0" expl="VC for divmod_2" proved="true">
+ <transf name="revert" proved="true" arg1="H26">
+ <goal name="VC divmod_2.47.11.0.0" expl="VC for divmod_2" proved="true">
+ <proof prover="1" timelimit="10"><result status="valid" time="0.13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.47.12" expl="VC for divmod_2" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC divmod_2.47.12.0" expl="VC for divmod_2" proved="true">
+ <transf name="revert" proved="true" arg1="H26">
+ <goal name="VC divmod_2.47.12.0.0" expl="VC for divmod_2" proved="true">
+ <proof prover="1" timelimit="10"><result status="valid" time="0.13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.47.13" expl="VC for divmod_2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.14" expl="VC for divmod_2" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC divmod_2.47.14.0" expl="VC for divmod_2" proved="true">
+ <transf name="replace" proved="true" arg1="(value_sub (pelts q) (offset q + k) ((offset q + int32'int sx) - 2) + (uint64'int qh * power radix2 ((int32'int sx - 2) - k)))" arg2="(value_sub (pelts q1) (offset q1 + k) ((offset q1 + int32'int sx) - 2) + (uint64'int qh * power radix2 ((int32'int sx - 2) - k)))">
+ <goal name="VC divmod_2.47.14.0.0" expl="VC for divmod_2" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC divmod_2.47.14.0.1" proved="true">
+ <proof prover="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.47.15" expl="VC for divmod_2" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC divmod_2.47.15.0" expl="VC for divmod_2" proved="true">
+ <proof prover="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.47.16" expl="VC for divmod_2" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.48" expl="loop variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.11"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_2.49" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.49.0" expl="VC for divmod_2" proved="true">
+ <proof prover="2"><result status="valid" time="0.15"/></proof>
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_2.49.1" expl="VC for divmod_2" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.50" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC divmod_2.51" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_2.52" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_2.53" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_2.54" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.54.0" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC divmod_2.54.1" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.55" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_2.56" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC divmod_2.57" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC divmod_2.58" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC divmod_2.59" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC divmod_2.60" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC divmod_2.61" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC divmod_2.61.0" expl="VC for divmod_2" proved="true">
+ <proof prover="5"><result status="valid" time="0.20" steps="58"/></proof>
+ </goal>
+ <goal name="VC divmod_2.61.1" expl="VC for divmod_2" proved="true">
+ <proof prover="5"><result status="valid" time="0.22" steps="58"/></proof>
+ </goal>
+ <goal name="VC divmod_2.61.2" expl="VC for divmod_2" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC divmod_2.61.2.0" expl="VC for divmod_2" proved="true">
+ <transf name="split_all_full" proved="true" >
+ <goal name="VC divmod_2.61.2.0.0" expl="VC for divmod_2" proved="true">
+ <proof prover="2" timelimit="10" memlimit="4000"><result status="valid" time="2.73"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC divmod_2.62" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.17" steps="98"/></proof>
+ </goal>
+ <goal name="VC divmod_2.63" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC divmod_2.64" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr" expl="VC for div_qr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.1" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="51"/></proof>
+ </goal>
+ <goal name="VC div_qr.2" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.3" expl="integer overflow" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.4" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.4.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.5" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.6" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.7" expl="precondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.10"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="26"/></proof>
+ </goal>
+ <goal name="VC div_qr.8" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.9" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.9.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.9.0.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.10" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.07" steps="28"/></proof>
+ </goal>
+ <goal name="VC div_qr.11" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.12" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.27" steps="171"/></proof>
+ </goal>
+ <goal name="VC div_qr.13" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_qr.14" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.14.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.15" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="61"/></proof>
+ </goal>
+ <goal name="VC div_qr.16" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.16.0" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.17" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.18" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20" memlimit="2000"><result status="valid" time="0.06" steps="69"/></proof>
+ </goal>
+ <goal name="VC div_qr.19" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="42"/></proof>
+ </goal>
+ <goal name="VC div_qr.20" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.21" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="75"/></proof>
+ </goal>
+ <goal name="VC div_qr.22" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.22.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="131"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.23" expl="integer overflow" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.30"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.06" steps="84"/></proof>
+ </goal>
+ <goal name="VC div_qr.24" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.24.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.24.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.24.0.0.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.25" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.25.0" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.07" steps="141"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.26" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.26.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.27" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.27.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="55"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.28" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.14" steps="167"/></proof>
+ </goal>
+ <goal name="VC div_qr.29" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.06" steps="151"/></proof>
+ </goal>
+ <goal name="VC div_qr.30" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.30.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.30.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.30.0.0.0" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.30.0.0.1" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_qr.30.0.0.2" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.30.0.0.3" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_qr.30.0.0.4" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_qr.30.0.0.5" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.31" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.31.0" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.48" steps="227"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.1" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.57" steps="237"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.2" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.35" steps="227"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.3" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.4" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="75"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.6" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.46"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.7" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.8" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.9" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.10" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.11" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="146"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.12" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.13" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.37" steps="240"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.14" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.15" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.16" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.31.17" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="77"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.32" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.33" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.82"/></proof>
+ </goal>
+ <goal name="VC div_qr.34" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.34.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="36"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.35" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.35.0" expl="VC for div_qr" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.10" steps="37"/></proof>
+ </goal>
+ <goal name="VC div_qr.35.1" expl="VC for div_qr" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.36" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_qr.37" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.38" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div_qr.39" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="123"/></proof>
+ </goal>
+ <goal name="VC div_qr.40" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.41" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC div_qr.42" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_qr.43" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.43.0" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.1" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="48"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.2" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="48"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.3" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="50"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.4" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="51"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.6" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="118"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.7" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.8" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.9" expl="VC for div_qr" proved="true">
+ <proof prover="1" timelimit="20"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.10" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.11" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.12" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="132"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.13" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="136"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.14" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.15" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.16" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.17" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.16" steps="138"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.18" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.19" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="66"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.20" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.21" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.22" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="155"/></proof>
+ </goal>
+ <goal name="VC div_qr.43.23" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.44" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.45" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.46" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.46.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.47" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.47.0" expl="VC for div_qr" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.02" steps="46"/></proof>
+ </goal>
+ <goal name="VC div_qr.47.1" expl="VC for div_qr" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.08" steps="46"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.48" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.04" steps="83"/></proof>
+ </goal>
+ <goal name="VC div_qr.49" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_qr.50" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.08" steps="49"/></proof>
+ </goal>
+ <goal name="VC div_qr.51" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="86"/></proof>
+ </goal>
+ <goal name="VC div_qr.52" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.52.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.53" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.71"/></proof>
+ </goal>
+ <goal name="VC div_qr.54" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_qr.55" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.09" steps="95"/></proof>
+ </goal>
+ <goal name="VC div_qr.56" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.57" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.57.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.57.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.57.0.0.0" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.57.0.0.1" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.57.0.0.2" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.57.0.0.3" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.57.0.0.4" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.57.0.0.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.58" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.59" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.60" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.55"/></proof>
+ </goal>
+ <goal name="VC div_qr.61" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.61.0" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.62" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.62.0" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.63" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.64" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="77"/></proof>
+ </goal>
+ <goal name="VC div_qr.65" expl="precondition" proved="true">
+ <proof prover="4" timelimit="10"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.66" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.66.0" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="82"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.1" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.2" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.3" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.4" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.76"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.6" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.7" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.58"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.8" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.9" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.10" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.11" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.12" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.13" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.14" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.15" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="83"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.16" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.17" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.18" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.19" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.20" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.21" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.22" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.23" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.24" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.25" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.26" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.66.27" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.67" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.67.0" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="83"/></proof>
+ </goal>
+ <goal name="VC div_qr.67.1" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_qr.67.2" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="85"/></proof>
+ </goal>
+ <goal name="VC div_qr.67.3" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="85"/></proof>
+ </goal>
+ <goal name="VC div_qr.67.4" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="87"/></proof>
+ </goal>
+ <goal name="VC div_qr.67.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.68" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.69" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.69.0" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.1" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.2" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.3" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="1.00"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.4" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.6" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.52"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.7" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.52"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.8" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.9" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.10" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.11" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.12" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.13" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.14" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.15" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.37"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.16" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.17" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.68"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.18" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.69.19" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.70" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.71" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div_qr.72" expl="integer overflow" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.72.0" expl="integer overflow" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.72.0.0" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.72.0.0.0" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.72.0.0.1" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.73" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="61"/></proof>
+ </goal>
+ <goal name="VC div_qr.74" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_qr.75" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="62"/></proof>
+ </goal>
+ <goal name="VC div_qr.76" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.77" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="63"/></proof>
+ </goal>
+ <goal name="VC div_qr.78" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.78.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="33"/></proof>
+ </goal>
+ <goal name="VC div_qr.78.1" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="33"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.79" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.79.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.79.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.79.0.0.0" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.79.0.0.1" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_qr.79.0.0.2" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_qr.79.0.0.3" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.79.0.0.4" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.79.0.0.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.80" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.81" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.81.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.81.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.81.0.0.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.82" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.82.0" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.11" steps="46"/></proof>
+ </goal>
+ <goal name="VC div_qr.82.1" expl="precondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.83" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="77"/></proof>
+ </goal>
+ <goal name="VC div_qr.84" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="132"/></proof>
+ </goal>
+ <goal name="VC div_qr.85" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.85.0" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.1" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="213"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.2" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.3" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="122"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.4" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.5" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="129"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.6" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="128"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.7" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="58"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.8" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.14" steps="139"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.9" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.10" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.63"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.11" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.12" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="123"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.13" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.46" steps="339"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.14" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="60"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.15" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="128"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.16" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.17" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.85.18" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.86" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.08" steps="130"/></proof>
+ </goal>
+ <goal name="VC div_qr.87" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.87.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.87.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.87.0.0.0" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.87.0.0.1" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="126"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.88" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.88.0" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.96"/></proof>
+ </goal>
+ <goal name="VC div_qr.88.1" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.08" steps="147"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.89" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.89.0" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.89.1" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.90" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.90.0" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.05" steps="60"/></proof>
+ </goal>
+ <goal name="VC div_qr.90.1" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.10" steps="171"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.91" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="173"/></proof>
+ </goal>
+ <goal name="VC div_qr.92" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_qr.93" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.94" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.94.0" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.25" steps="243"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.1" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="2.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.2" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.3" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.4" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="79"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.6" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.7" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.8" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="83"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.9" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.10" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="83"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.11" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="85"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.12" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.13" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.94.14" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="81"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.95" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.95.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.95.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.95.0.0.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.96" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.96.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.96.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.96.0.0.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.97" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.15" steps="111"/></proof>
+ </goal>
+ <goal name="VC div_qr.98" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.17" steps="111"/></proof>
+ </goal>
+ <goal name="VC div_qr.99" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.99.0" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20" memlimit="2000"><result status="valid" time="0.08" steps="79"/></proof>
+ </goal>
+ <goal name="VC div_qr.99.1" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.10" steps="87"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.100" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="4.57"/></proof>
+ </goal>
+ <goal name="VC div_qr.101" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="144"/></proof>
+ </goal>
+ <goal name="VC div_qr.102" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="82"/></proof>
+ </goal>
+ <goal name="VC div_qr.103" expl="postcondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_qr.104" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.104.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="40"/></proof>
+ </goal>
+ <goal name="VC div_qr.104.1" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20" memlimit="2000"><result status="valid" time="0.07" steps="40"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.105" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20" memlimit="2000"><result status="valid" time="0.05" steps="39"/></proof>
+ </goal>
+ <goal name="VC div_qr.106" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.107" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.108" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.108.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.108.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.108.0.0.0" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.109" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="127"/></proof>
+ </goal>
+ <goal name="VC div_qr.110" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.111" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.112" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.112.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.112.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.112.0.0.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.113" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.113.0" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.1" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="50"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.2" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="50"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.3" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="52"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.4" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="53"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.5" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.35"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.6" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="120"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.7" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.8" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.9" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.10" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.11" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.12" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.13" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.14" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="54"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.15" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.16" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.17" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="135"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.18" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.19" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.20" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.21" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.22" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.23" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.14" steps="63"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.24" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.25" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.26" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.52"/></proof>
+ </goal>
+ <goal name="VC div_qr.113.27" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.114" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_qr.115" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.116" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.116.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.116.1" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.117" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.05" steps="48"/></proof>
+ </goal>
+ <goal name="VC div_qr.118" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.118.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.118.0.0" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.07" steps="86"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.119" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.119.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div_qr.119.1" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.120" expl="precondition" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC div_qr.120.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.18"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.121" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_qr.122" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.123" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.60"/></proof>
+ </goal>
+ <goal name="VC div_qr.124" expl="assertion" proved="true">
+ <proof prover="5" timelimit="20" memlimit="2000"><result status="valid" time="0.04" steps="132"/></proof>
+ </goal>
+ <goal name="VC div_qr.125" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.125.0" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="64"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.1" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.2" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.16" steps="147"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.3" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="136"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.4" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.6" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.7" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.8" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="147"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.9" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.10" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.11" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.12" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.60"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.13" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.54"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.14" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.15" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.16" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.17" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="144"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.18" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.19" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="74"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.20" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.79"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.21" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.22" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_qr.125.23" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.126" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="4.75"/></proof>
+ </goal>
+ <goal name="VC div_qr.127" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.127.0" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.1" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.2" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.3" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="134"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.4" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.72"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.57"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.6" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="142"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.7" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="141"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.8" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="67"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.9" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.10" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="2.48"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.11" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.12" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="135"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.13" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="1.41"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.14" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.83"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.15" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="69"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.16" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.12" steps="141"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.17" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.42"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.18" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.127.19" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.128" expl="integer overflow" proved="true">
+ <proof prover="0"><result status="valid" time="2.55"/></proof>
+ <proof prover="1"><result status="valid" time="0.85"/></proof>
+ </goal>
+ <goal name="VC div_qr.129" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="133"/></proof>
+ </goal>
+ <goal name="VC div_qr.130" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.54"/></proof>
+ </goal>
+ <goal name="VC div_qr.131" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5" memlimit="2000"><result status="valid" time="0.08" steps="68"/></proof>
+ </goal>
+ <goal name="VC div_qr.132" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.11" steps="193"/></proof>
+ </goal>
+ <goal name="VC div_qr.133" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.134" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.134.0" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.134.1" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.135" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20" memlimit="2000"><result status="valid" time="0.18" steps="178"/></proof>
+ </goal>
+ <goal name="VC div_qr.136" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.136.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.136.0.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.136.0.0.0" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.136.0.0.1" expl="VC for div_qr" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC div_qr.136.0.0.2" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.136.0.0.3" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.136.0.0.4" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.136.0.0.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.137" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20" memlimit="2000"><result status="valid" time="0.06" steps="80"/></proof>
+ </goal>
+ <goal name="VC div_qr.138" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.138.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.138.0.0" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.22" steps="82"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.139" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.139.0" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="85"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.1" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.2" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.3" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.4" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.92"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.5" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.6" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.7" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.74"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.8" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.9" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.10" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.11" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.12" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.13" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.14" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.15" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="86"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.16" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.59"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.17" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.18" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.19" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.20" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.21" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.22" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.23" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.24" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.25" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.26" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC div_qr.139.27" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.140" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC div_qr.140.0" expl="assertion" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC div_qr.140.0.0" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.140.0.0.0" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.23" steps="86"/></proof>
+ </goal>
+ <goal name="VC div_qr.140.0.0.1" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.140.0.0.2" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.29" steps="88"/></proof>
+ </goal>
+ <goal name="VC div_qr.140.0.0.3" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.26" steps="88"/></proof>
+ </goal>
+ <goal name="VC div_qr.140.0.0.4" expl="VC for div_qr" proved="true">
+ <proof prover="5"><result status="valid" time="0.52" steps="188"/></proof>
+ </goal>
+ <goal name="VC div_qr.140.0.0.5" expl="VC for div_qr" proved="true">
+ <proof prover="4"><result status="valid" time="0.07"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.141" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC div_qr.142" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.142.0" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.1" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.2" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.3" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.4" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.5" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.90"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.6" expl="VC for div_qr" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.94"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.7" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.8" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="1.14"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.9" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.10" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.11" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.12" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.13" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.14" expl="VC for div_qr" proved="true">
+ <proof prover="0"><result status="valid" time="0.97"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.15" expl="VC for div_qr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.142.16" expl="VC for div_qr" proved="true">
+ <proof prover="1"><result status="valid" time="0.17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.143" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.143.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.143.1" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.144" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.145" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC div_qr.146" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC div_qr.147" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.147.0" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC div_qr.147.1" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="4.72"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC div_qr.148" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="4.43"/></proof>
+ </goal>
+ <goal name="VC div_qr.149" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.150" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC div_qr.151" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC div_qr.152" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC div_qr.152.0" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.54"/></proof>
+ </goal>
+ <goal name="VC div_qr.152.1" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.74"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC tdiv_qr" expl="VC for tdiv_qr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC tdiv_qr.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.06" steps="38"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.1" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="16"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.2" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="40"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.3" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.4" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="24"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.5" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.6" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="31"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.7" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="31"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.8" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="31"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.9" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="31"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.10" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="31"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.11" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.21"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="99"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.12" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="97"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.13" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="33"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.14" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="53"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.15" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="54"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.16" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.17" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.04" steps="53"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.18" expl="precondition" proved="true">
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="54"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.19" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.20" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.03" steps="53"/></proof>
+ </goal>
+ <goal name="VC tdiv_qr.21" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ <proof prover="5" timelimit="5"><result status="valid" time="0.05" steps="53"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+</file>
+</why3session>
diff --git a/examples/multiprecision/div/why3shapes.gz b/examples/multiprecision/div/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..0f30d444872710aa0a6ddcdb2a636438b0ca460b
Binary files /dev/null and b/examples/multiprecision/div/why3shapes.gz differ
diff --git a/examples/multiprecision/lemmas.mlw b/examples/multiprecision/lemmas.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..f2abb6ebbbdd765be31e5fa685c455163d5150d6
--- /dev/null
+++ b/examples/multiprecision/lemmas.mlw
@@ -0,0 +1,207 @@
+module Lemmas
+
+ use import array.Array
+ use import map.Map
+ use map.MapEq
+ use map.Const
+ use import int.Int
+
+ (** {3 complements to map standard library} *)
+
+ predicate map_eq_sub_shift (x y:map int 'a) (xi yi sz:int) =
+ forall i. 0 <= i < sz -> x[xi+i] = y[yi+i]
+
+ let lemma map_eq_shift (x y:map int 'a) (xi yi sz k:int)
+ requires { map_eq_sub_shift x y xi yi sz }
+ requires { 0 <= k < sz }
+ ensures { x[xi+k] = y[yi+k] }
+ = ()
+
+ let rec lemma map_eq_shift_zero (x y: map int 'a) (n m: int)
+ requires { map_eq_sub_shift x y n n (m-n) }
+ variant { m - n }
+ ensures { MapEq.map_eq_sub x y n m }
+ =
+ if n < m then
+ begin
+ assert { forall i. 0 <= i < m-n -> x[n+i] = y[n+i] };
+ assert { forall i. n <= i < m ->
+ let j = i - n in 0 <= j < m-n ->
+ x[n+j] = y[n+j] -> x[i] = y[i]};
+ map_eq_shift_zero x y (n+1) m;
+ end
+ else ()
+
+ use import mach.int.Int32
+ use import ref.Ref
+ use import mach.int.UInt64GMP as Limb
+ use import int.Int
+ use import int.Power
+ use import mach.c.C
+ use import types.Types
+
+ meta compute_max_steps 0x100000
+
+ (** {3 Long integers as arrays of libs} *)
+
+ lemma limb_max_bound: 1 <= max_uint64
+
+ function l2i (x:limb) : int = Limb.to_int x
+
+ function p2i (i:int32) : int = int32'int i
+
+ let lemma prod_compat_strict_r (a b c:int)
+ requires { 0 <= a < b }
+ requires { 0 < c }
+ ensures { c * a < c * b }
+ = ()
+ let lemma prod_compat_r (a b c:int)
+ requires { 0 <= a <= b }
+ requires { 0 <= c }
+ ensures { c * a <= c * b }
+ = ()
+
+ (** {3 Integer value of a natural number} *)
+
+ (** [value_sub x n m] denotes the integer represented by
+ the digits x[n..m-1] with lsb at index n *)
+ let rec ghost function value_sub (x:map int limb) (n:int) (m:int) : int
+ variant {m - n}
+ =
+ if n < m then
+ l2i x[n] + radix * value_sub x (n+1) m
+ else 0
+
+ let rec lemma value_sub_frame (x y:map int limb) (n m:int)
+ requires { MapEq.map_eq_sub x y n m }
+ variant { m - n }
+ ensures { value_sub x n m = value_sub y n m }
+ =
+ if n < m then value_sub_frame x y (n+1) m else ()
+
+ let rec lemma value_sub_frame_shift (x y:map int limb) (xi yi sz:int)
+ requires { map_eq_sub_shift x y xi yi sz }
+ variant { sz }
+ ensures { value_sub x xi (xi+sz) = value_sub y yi (yi+sz) }
+ =
+ if sz>0
+ then begin
+ map_eq_shift x y xi yi sz 0;
+ assert { forall i. 0 <= i < sz-1 ->
+ let j = 1+i in x[xi+j] = y[yi+j] };
+ value_sub_frame_shift x y (xi+1) (yi+1) (sz-1)
+ end
+ else assert { 1+2 = 3 }
+
+ let rec lemma value_sub_tail (x:map int limb) (n m:int)
+ requires { n <= m }
+ variant { m - n }
+ ensures {
+ value_sub x n (m+1) =
+ value_sub x n m + (Map.get x m) * power radix (m-n) }
+ = [@vc:sp] if n < m then value_sub_tail x (n+1) m else ()(*assert { 1+2=3 }*)
+
+ let rec lemma value_sub_concat (x:map int limb) (n m l:int)
+ requires { n <= m <= l}
+ variant { m - n }
+ ensures {
+ value_sub x n l =
+ value_sub x n m + value_sub x m l * power radix (m-n) }
+ =
+ if n < m then
+ begin
+ assert {n<m};
+ value_sub_concat x (n+1) m l
+ end
+ else ()
+
+ let lemma value_sub_head (x:map int limb) (n m:int)
+ requires { n < m }
+ ensures { value_sub x n m = x[n] + radix * value_sub x (n+1) m }
+ = value_sub_concat x n (n+1) m
+
+ let lemma value_sub_update (x:map int limb) (i n m:int) (v:limb)
+ requires { n <= i < m }
+ ensures {
+ value_sub (Map.set x i v) n m =
+ value_sub x n m + power radix (i - n) * (v -(Map.get x i))
+ }
+ = assert { MapEq.map_eq_sub x (Map.set x i v) n i };
+ assert { MapEq.map_eq_sub x (Map.set x i v) (i+1) m };
+ value_sub_concat x n i m;
+ value_sub_concat (Map.set x i v) n i m;
+ value_sub_head x i m;
+ value_sub_head (Map.set x i v) i m
+
+ let rec lemma value_zero (x:map int limb) (n m:int)
+ requires { MapEq.map_eq_sub x (Const.const Limb.zero_unsigned) n m }
+ variant { m - n }
+ ensures { value_sub x n m = 0 }
+ = if n < m then value_zero x (n+1) m else ()
+
+ let lemma value_sub_update_no_change (x: map int limb) (i n m: int) (v:limb)
+ requires { n <= m }
+ requires { i < n \/ m <= i }
+ ensures { value_sub x n m = value_sub (Map.set x i v) n m }
+ = value_sub_frame x (Map.set x i v) n m
+
+ let lemma value_sub_shift_no_change (x:map int limb) (ofs i sz:int) (v:limb)
+ requires { i < 0 \/ sz <= i }
+ requires { 0 <= sz }
+ ensures { value_sub x ofs (ofs + sz) =
+ value_sub (Map.set x (ofs+i) v) ofs (ofs+sz) }
+ = value_sub_frame_shift x (Map.set x (ofs+i) v) ofs ofs sz
+
+ (** {3 Comparisons} *)
+
+ let rec lemma value_sub_lower_bound (x:map int limb) (x1 x2:int)
+ variant { x2 - x1 }
+ ensures { 0 <= value_sub x x1 x2 }
+ = if x2 <= x1 then () else
+ begin
+ value_sub_head x x1 x2;
+ value_sub_lower_bound x (x1+1) x2
+ end
+
+ let rec lemma value_sub_upper_bound (x:map int limb) (x1 x2:int)
+ requires { x1 <= x2 }
+ variant { x2 - x1 }
+ ensures { value_sub x x1 x2 < power radix (x2 - x1) }
+ = if x1 = x2 then () else
+ begin
+ value_sub_tail x x1 (x2-1);
+ assert { value_sub x x1 x2
+ <= value_sub x x1 (x2-1) + power radix (x2-x1-1) * (radix - 1) };
+ value_sub_upper_bound x x1 (x2-1)
+ end
+
+ let lemma value_sub_lower_bound_tight (x:map int limb) (x1 x2:int)
+ requires { x1 < x2 }
+ ensures { power radix (x2-x1-1) * l2i (Map.get x (x2-1)) <= value_sub x x1 x2 }
+ = assert { value_sub x x1 x2 = value_sub x x1 (x2-1)
+ + power radix (x2-x1-1) * l2i (Map.get x (x2-1)) }
+
+ let lemma value_sub_upper_bound_tight (x:map int limb) (x1 x2:int)
+ requires { x1 < x2 }
+ ensures { value_sub x x1 x2 < power radix (x2-x1-1) * (l2i (Map.get x (x2-1)) + 1) }
+ = value_sub_upper_bound x x1 (x2-1)
+
+ function value (x:t) (sz:int) : int =
+ value_sub (pelts x) x.offset (x.offset + sz)
+
+ let lemma value_tail (x:t) (sz:int32)
+ requires { 0 <= sz }
+ ensures { value x (sz+1) = value x sz + (pelts x)[x.offset + sz] * power radix sz }
+ = value_sub_tail (pelts x) x.offset (x.offset + p2i sz)
+
+ meta remove_prop axiom value_tail
+
+ let lemma value_concat (x:t) (n m:int32)
+ requires { 0 <= n <= m }
+ ensures { value x m
+ = value x n + power radix n
+ * value_sub (pelts x) (x.offset + n) (x.offset + m) }
+
+ = value_sub_concat (pelts x) x.offset (x.offset + p2i n) (x.offset + p2i m)
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/lemmas/why3session.xml b/examples/multiprecision/lemmas/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b3d8e0e259925d1bf72af7a23f1f55f1fc01d
--- /dev/null
+++ b/examples/multiprecision/lemmas/why3session.xml
@@ -0,0 +1,272 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="Eprover" version="1.9.1-001" timelimit="5" steplimit="0" memlimit="2000"/>
+<prover id="1" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="2" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="3" name="Z3" version="4.5.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="4" name="Z3" version="4.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="5" name="Alt-Ergo" version="2.0.0" timelimit="5" steplimit="0" memlimit="1000"/>
+<file name="../lemmas.mlw" proved="true">
+<theory name="Lemmas" proved="true">
+ <goal name="VC map_eq_shift" expl="VC for map_eq_shift" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC map_eq_shift.0" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="5"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC map_eq_shift_zero" expl="VC for map_eq_shift_zero" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC map_eq_shift_zero.0" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="6"/></proof>
+ </goal>
+ <goal name="VC map_eq_shift_zero.1" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="8"/></proof>
+ </goal>
+ <goal name="VC map_eq_shift_zero.2" expl="variant decrease" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="3"/></proof>
+ </goal>
+ <goal name="VC map_eq_shift_zero.3" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC map_eq_shift_zero.3.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC map_eq_shift_zero.3.0.0" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.00" steps="10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC map_eq_shift_zero.4" expl="postcondition" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC map_eq_shift_zero.4.0" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.00" steps="10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="limb_max_bound" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="5"/></proof>
+ </goal>
+ <goal name="VC prod_compat_strict_r" expl="VC for prod_compat_strict_r" proved="true">
+ <proof prover="1"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC prod_compat_r" expl="VC for prod_compat_r" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="10"/></proof>
+ </goal>
+ <goal name="VC value_sub" expl="VC for value_sub" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub.0" expl="variant decrease" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="7"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_frame" expl="VC for value_sub_frame" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_frame.0" expl="variant decrease" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="8"/></proof>
+ </goal>
+ <goal name="VC value_sub_frame.1" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="23"/></proof>
+ </goal>
+ <goal name="VC value_sub_frame.2" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="34"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_frame_shift" expl="VC for value_sub_frame_shift" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_frame_shift.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="8"/></proof>
+ </goal>
+ <goal name="VC value_sub_frame_shift.1" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="8"/></proof>
+ </goal>
+ <goal name="VC value_sub_frame_shift.2" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="12"/></proof>
+ </goal>
+ <goal name="VC value_sub_frame_shift.3" expl="variant decrease" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="9"/></proof>
+ </goal>
+ <goal name="VC value_sub_frame_shift.4" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC value_sub_frame_shift.4.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC value_sub_frame_shift.4.0.0" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.17"/></proof>
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_frame_shift.5" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="8"/></proof>
+ </goal>
+ <goal name="VC value_sub_frame_shift.6" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_tail" expl="VC for value_sub_tail" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_tail.0" expl="variant decrease" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="8"/></proof>
+ </goal>
+ <goal name="VC value_sub_tail.1" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="8"/></proof>
+ </goal>
+ <goal name="VC value_sub_tail.2" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="34"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_concat" expl="VC for value_sub_concat" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_concat.0" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="9"/></proof>
+ </goal>
+ <goal name="VC value_sub_concat.1" expl="variant decrease" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="9"/></proof>
+ </goal>
+ <goal name="VC value_sub_concat.2" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="9"/></proof>
+ </goal>
+ <goal name="VC value_sub_concat.3" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_head" expl="VC for value_sub_head" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_head.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="7"/></proof>
+ </goal>
+ <goal name="VC value_sub_head.1" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="24"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_update" expl="VC for value_sub_update" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_update.0" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="12"/></proof>
+ </goal>
+ <goal name="VC value_sub_update.1" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="13"/></proof>
+ </goal>
+ <goal name="VC value_sub_update.2" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="10"/></proof>
+ </goal>
+ <goal name="VC value_sub_update.3" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="11"/></proof>
+ </goal>
+ <goal name="VC value_sub_update.4" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20" memlimit="2000"><result status="valid" time="0.02" steps="12"/></proof>
+ </goal>
+ <goal name="VC value_sub_update.5" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20" memlimit="2000"><result status="valid" time="0.02" steps="13"/></proof>
+ </goal>
+ <goal name="VC value_sub_update.6" expl="postcondition" proved="true">
+ <proof prover="1" memlimit="2000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_zero" expl="VC for value_zero" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_zero.0" expl="variant decrease" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="8"/></proof>
+ </goal>
+ <goal name="VC value_zero.1" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="25"/></proof>
+ </goal>
+ <goal name="VC value_zero.2" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_update_no_change" expl="VC for value_sub_update_no_change" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_update_no_change.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="31"/></proof>
+ </goal>
+ <goal name="VC value_sub_update_no_change.1" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="8"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_shift_no_change" expl="VC for value_sub_shift_no_change" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_shift_no_change.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="21"/></proof>
+ </goal>
+ <goal name="VC value_sub_shift_no_change.1" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="8"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_lower_bound" expl="VC for value_sub_lower_bound" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_lower_bound.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="7"/></proof>
+ </goal>
+ <goal name="VC value_sub_lower_bound.1" expl="variant decrease" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="8"/></proof>
+ </goal>
+ <goal name="VC value_sub_lower_bound.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_upper_bound" expl="VC for value_sub_upper_bound" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_upper_bound.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="8"/></proof>
+ </goal>
+ <goal name="VC value_sub_upper_bound.1" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC value_sub_upper_bound.2" expl="variant decrease" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="10"/></proof>
+ </goal>
+ <goal name="VC value_sub_upper_bound.3" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="10"/></proof>
+ </goal>
+ <goal name="VC value_sub_upper_bound.4" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="33"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_lower_bound_tight" expl="VC for value_sub_lower_bound_tight" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_lower_bound_tight.0" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="13"/></proof>
+ </goal>
+ <goal name="VC value_sub_lower_bound_tight.1" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="9"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_sub_upper_bound_tight" expl="VC for value_sub_upper_bound_tight" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC value_sub_upper_bound_tight.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="7"/></proof>
+ </goal>
+ <goal name="VC value_sub_upper_bound_tight.1" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC value_tail" expl="VC for value_tail" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="9"/></proof>
+ </goal>
+ <goal name="VC value_concat" expl="VC for value_concat" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="26"/></proof>
+ </goal>
+</theory>
+</file>
+</why3session>
diff --git a/examples/multiprecision/lemmas/why3shapes.gz b/examples/multiprecision/lemmas/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..189729d2c747f463d41b1ca04c652c36daed6b81
Binary files /dev/null and b/examples/multiprecision/lemmas/why3shapes.gz differ
diff --git a/examples/multiprecision/lineardecision.mlw b/examples/multiprecision/lineardecision.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..6dae622ca9f375a45c6073b32a8f1512afde2929
--- /dev/null
+++ b/examples/multiprecision/lineardecision.mlw
@@ -0,0 +1,2105 @@
+module LinearEquationsCoeffs
+
+type a
+function (+) a a : a
+function ( *) a a : a
+function (-_) a : a
+function azero: a
+function aone: a
+predicate ale a a
+
+clone algebra.OrderedUnitaryCommutativeRing as A with type t = a, function (+) = (+), function ( *) = ( *), function (-_) = (-_), constant zero = azero, constant one=aone, predicate (<=) = ale
+
+function (-) a a : a
+
+axiom sub_def: forall a1 a2. a1 - a2 = a1 + (- a2)
+
+type t
+type vars = int -> a
+type cvars
+exception Unknown
+
+function interp t cvars : a
+
+val constant czero : t
+val constant cone : t
+
+axiom zero_def: forall y. interp czero y = azero
+axiom one_def: forall y. interp cone y = aone
+
+lemma neg_mul:
+ forall x y: a. (-x) * y = - (x*y)
+
+val add (a b: t) : t
+ ensures { forall v: cvars. interp result v = interp a v + interp b v }
+ raises { Unknown -> true }
+
+val mul (a b: t) : t
+ ensures { forall v: cvars. interp result v = interp a v * interp b v }
+ raises { Unknown -> true }
+
+val opp (a:t) : t
+ ensures { forall v: cvars. interp result v = - (interp a v) }
+
+val predicate eq (a b:t)
+ ensures { result -> forall y:cvars. interp a y = interp b y }
+
+val inv (a:t) : t
+ requires { not (eq a czero) }
+ (* ensures { forall v: cvars. interp result v * interp a v = aone } no proof needed, but had better be true *)
+ ensures { not (eq result czero) }
+ raises { Unknown -> true }
+
+end
+
+module LinearEquationsDecision
+
+use import int.Int
+type coeff
+
+clone LinearEquationsCoeffs as C with type t = coeff
+type vars = C.vars
+
+type expr = Term coeff int | Add expr expr | Cst coeff
+
+let rec predicate valid_expr (e:expr)
+ variant { e }
+= match e with
+ | Term _ i -> 0 <= i
+ | Cst _ -> true
+ | Add e1 e2 -> valid_expr e1 && valid_expr e2
+ end
+
+let rec predicate expr_bound (e:expr) (b:int)
+ variant { e }
+= match e with
+ | Term _ i -> 0 <= i <= b
+ | Cst _ -> true
+ | Add e1 e2 -> expr_bound e1 b && expr_bound e2 b
+ end
+
+function interp (e:expr) (y:vars) (z:C.cvars) : C.a
+= match e with
+ | Term c v -> C.( *) (C.interp c z) (y v)
+ | Add e1 e2 -> C.(+) (interp e1 y z) (interp e2 y z)
+ | Cst c -> C.interp c z
+ end
+
+meta rewrite_def function interp
+
+use import bool.Bool
+use import list.List
+
+type equality = (expr, expr)
+type context = list equality
+
+let predicate valid_eq (eq:equality)
+= match eq with (e1,e2) -> valid_expr e1 && valid_expr e2 end
+
+let predicate eq_bound (eq:equality) (b:int)
+= match eq with (e1,e2) -> expr_bound e1 b && expr_bound e2 b end
+
+let rec predicate valid_ctx (ctx:context)
+= match ctx with Nil -> true | Cons eq t -> valid_eq eq && valid_ctx t end
+
+let rec predicate ctx_bound (ctx:context) (b:int)
+= match ctx with Nil -> true | Cons eq t -> eq_bound eq b && ctx_bound t b end
+
+let rec lemma expr_bound_w (e:expr) (b1 b2:int)
+ requires { b1 <= b2 }
+ requires { expr_bound e b1 }
+ ensures { expr_bound e b2 }
+ variant { e }
+= match e with
+ | Add e1 e2 -> expr_bound_w e1 b1 b2; expr_bound_w e2 b1 b2
+ | Cst _ -> ()
+ | Term _ _ -> ()
+ end
+
+lemma eq_bound_w: forall e:equality, b1 b2:int. eq_bound e b1 -> b1 <= b2 -> eq_bound e b2
+
+let rec lemma ctx_bound_w (l:context) (b1 b2:int)
+ requires { ctx_bound l b1 }
+ requires { b1 <= b2 }
+ ensures { ctx_bound l b2 }
+ variant { l }
+= match l with Nil -> () | Cons _ t -> ctx_bound_w t b1 b2 end
+
+function interp_eq (g:equality) (y:vars) (z:C.cvars) : bool
+ = match g with (g1, g2) -> interp g1 y z = interp g2 y z end
+
+meta rewrite_def function interp_eq
+
+function interp_ctx (l: context) (g: equality) (y: vars) (z:C.cvars) : bool
+= match l with
+ | Nil -> interp_eq g y z
+ | Cons h t -> (interp_eq h y z) -> (interp_ctx t g y z)
+ end
+
+meta rewrite_def function interp_ctx
+
+use import mach.int.Int63
+use import seq.Seq
+use import mach.array.Array63
+use import mach.matrix.Matrix63
+
+let apply_r (m: matrix coeff) (v: array coeff) : array coeff
+ requires { v.length = m.columns }
+ ensures { result.length = m.rows }
+ raises { C.Unknown -> true }
+= let r = Array63.make m.rows C.czero in
+ for i = 0 to m.rows - 1 do
+ for j = 0 to m.columns - 1 do
+ r[i] <- C.add r[i] (C.mul (get m i j) v[j]);
+ done
+ done;
+ r
+
+let apply_l (v: array coeff) (m: matrix coeff) : array coeff
+ requires { v.length = m.rows }
+ ensures { result.length = m.columns }
+ raises { C.Unknown -> true }
+= let r = Array63.make m.columns C.czero in
+ for j = 0 to m.columns - 1 do
+ for i = 0 to m.rows - 1 do
+ r[j] <- C.add r[j] (C.mul (get m i j) v[i]);
+ done
+ done;
+ r
+
+use import ref.Ref
+
+let sprod (a b: array coeff) : coeff
+ requires { a.length = b.length }
+ raises { C.Unknown -> true }
+= let r = ref C.czero in
+ for i = 0 to a.length - 1 do
+ r := C.add !r (C.mul a[i] b[i]);
+ done;
+ !r
+
+let m_append (m: matrix coeff) (v:array coeff) : matrix coeff
+ requires { m.rows = v.length }
+ requires { m.columns < int63'maxInt }
+ ensures { result.rows = m.rows }
+ ensures { result.columns = m.columns + 1 }
+ ensures { forall i j. 0 <= i < m.rows -> 0 <= j < m.columns ->
+ result.elts i j = m.elts i j }
+ ensures { forall i. 0 <= i < m.rows -> result.elts i m.columns = v[i] }
+= let r = Matrix63.make m.rows (m.columns + 1) C.czero in
+ for i = 0 to m.rows - 1 do
+ invariant { forall k j. 0 <= k < i -> 0 <= j < m.columns ->
+ r.elts k j = m.elts k j }
+ invariant { forall k. 0 <= k < i -> r.elts k m.columns = v[k] }
+ for j = 0 to m.columns - 1 do
+ invariant { forall k j. 0 <= k < i -> 0 <= j < m.columns ->
+ r.elts k j = m.elts k j }
+ invariant { forall k. 0 <= k < i -> r.elts k m.columns = v[k] }
+ invariant { forall l. 0 <= l < j -> r.elts i l = m.elts i l }
+ set r i j (get m i j)
+ done;
+ set r i m.columns v[i]
+ done;
+ r
+
+let v_append (v: array coeff) (c: coeff) : array coeff
+ requires { length v < int63'maxInt }
+ ensures { length result = length v + 1 }
+ ensures { forall k. 0 <= k < v.length -> result[k] = v[k] }
+ ensures { result[v.length] = c }
+= let r = Array63.make (v.length + 1) c in
+ for i = 0 to v.length - 1 do
+ invariant { forall k. 0 <= k < i -> r[k] = v[k] }
+ invariant { r[v.length] = c }
+ r[i] <- v[i]
+ done;
+ r
+
+let predicate (==) (a b: array coeff)
+ ensures { result = true -> length a = length b /\
+ forall i. 0 <= i < length a -> C.eq a[i] b[i] }
+=
+ if length a <> length b then false
+ else
+ let r = ref true in
+ for i = 0 to length a - 1 do
+ invariant { !r = true -> forall j. 0 <= j < i -> C.eq a[j] b[j] }
+ if not (C.eq a[i] b[i]) then r := false;
+ done;
+ !r
+
+use import int.MinMax
+use import list.Length
+
+let rec function max_var (e:expr) : int
+ variant { e }
+ requires { valid_expr e }
+ ensures { 0 <= result }
+ ensures { expr_bound e result }
+= match e with
+ | Term _ i -> i
+ | Cst _ -> 0
+ | Add e1 e2 -> max (max_var e1) (max_var e2)
+ end
+
+let function max_var_e (e:equality) : int
+ requires { valid_eq e }
+ ensures { 0 <= result }
+ ensures { eq_bound e result }
+= match e with (e1,e2) -> max (max_var e1) (max_var e2) end
+
+let rec function max_var_ctx (l:context) : int
+ variant { l }
+ requires { valid_ctx l }
+ ensures { 0 <= result }
+ ensures { ctx_bound l result }
+= match l with
+ | Nil -> 0
+ | Cons e t -> max (max_var_e e) (max_var_ctx t)
+ end
+
+let rec opp_expr (e:expr) : expr
+ ensures { forall y z. interp result y z = C.(-_) (interp e y z) }
+ ensures { valid_expr e -> valid_expr result }
+ ensures { forall b. expr_bound e b -> expr_bound result b }
+ variant { e }
+= match e with
+ | Cst c -> Cst (C.opp c)
+ | Term c j ->
+ let oc = C.opp c in
+ let r = Term oc j in
+ assert { forall y z. interp r y z = C.( *) (C.interp oc z) (y j)
+ = C.( *) (C.(-_) (C.interp c z)) (y j)
+ = C.(-_) (C.( *) (C.interp c z) (y j))
+ = C.(-_) (interp e y z) };
+ r
+ | Add e1 e2 ->
+ let e1' = opp_expr e1 in
+ let e2' = opp_expr e2 in
+ assert { forall a1 a2. C.(+) (C.(-_) a1) (C.(-_) a2) = C.(-_) (C.(+) a1 a2) };
+ assert { forall y z. interp (Add e1' e2') y z = C.(-_) (interp e y z) by
+ interp (Add e1' e2') y z = C.(+) (interp e1' y z) (interp e2' y z)
+ = C.(+) (C.(-_) (interp e1 y z)) (C.(-_) (interp e2 y z))
+ = C.(-_) (C.(+) (interp e1 y z) (interp e2 y z))
+ = C.(-_) (interp e y z) };
+ Add e1' e2'
+ end
+
+predicate atom (e:expr)
+= match e with
+ | Add _ _ -> false | _ -> true
+ end
+
+(*TODO put this back in norm_eq*)
+let rec norm_eq_aux (ex acc_e:expr) (acc_c:coeff) : (expr, coeff)
+ returns { (rex, rc) -> forall y z.
+ C.(+) (interp rex y z) (interp (Cst rc) y z)
+ = C.(+) (interp ex y z)
+ (C.(+) (interp acc_e y z) (interp (Cst acc_c) y z)) }
+ returns { (rex, _) -> forall b:int. expr_bound ex b /\ expr_bound acc_e b
+ -> expr_bound rex b }
+ raises { C.Unknown -> true }
+ variant { ex }
+= match ex with
+ | Cst c -> acc_e, (C.add c acc_c)
+ | Term _ _ -> (Add acc_e ex, acc_c)
+ | Add e1 e2 -> let ae, ac = norm_eq_aux e1 acc_e acc_c in
+ norm_eq_aux e2 ae ac
+ end
+
+use import debug.Debug
+
+let norm_eq (e:equality) : (expr, coeff)
+ returns { (ex, c) -> forall y z.
+ interp_eq e y z <-> interp_eq (ex, Cst c) y z }
+ returns { (ex, _) -> forall b:int. eq_bound e b -> expr_bound ex b }
+ raises { C.Unknown -> true }
+= match e with
+ | (e1, e2) ->
+ let s = Add e1 (opp_expr e2) in
+ assert { forall b. eq_bound e b -> expr_bound s b };
+ match norm_eq_aux s (Cst C.czero) C.czero with
+ (e, c) ->
+ let ec = C.opp c in
+ assert { forall a1 a2. C.(+) a1 a2 = C.azero -> a1 = C.(-_) a2 };
+ assert { forall y z. interp_eq (e1,e2) y z -> interp_eq (e, Cst ec) y z
+ by interp_eq (s, Cst C.czero) y z so interp s y z = C.azero
+ so C.(+) (interp e y z) (interp (Cst c) y z) = C.azero
+ so interp e y z = C.(-_) (interp (Cst c) y z)
+ = interp (Cst ec) y z };
+ e, ec
+ end
+ end
+
+
+let rec lemma interp_ctx_impl (ctx: context) (g1 g2:equality)
+ requires { forall y z. interp_eq g1 y z -> interp_eq g2 y z }
+ ensures { forall y z. interp_ctx ctx g1 y z -> interp_ctx ctx g2 y z }
+ variant { ctx }
+= match ctx with Nil -> () | Cons _ t -> interp_ctx_impl t g1 g2 end
+
+let rec lemma interp_ctx_valid (ctx:context) (g:equality)
+ ensures { forall y z. interp_eq g y z -> interp_ctx ctx g y z }
+ variant { ctx }
+= match ctx with Nil -> () | Cons _ t -> interp_ctx_valid t g end
+
+use import list.Append
+
+let rec lemma interp_ctx_wr (ctx l:context) (g:equality)
+ ensures { forall y z. interp_ctx ctx g y z -> interp_ctx (ctx ++ l) g y z }
+ variant { ctx }
+= match ctx with
+ | Nil -> ()
+ | Cons _ t -> interp_ctx_wr t l g end
+
+let rec lemma interp_ctx_wl (ctx l: context) (g:equality)
+ ensures { forall y z. interp_ctx ctx g y z -> interp_ctx (l ++ ctx) g y z }
+ variant { l }
+= match l with Nil -> () | Cons _ t -> interp_ctx_wl ctx t g end
+
+let rec mul_expr (e:expr) (c:coeff) : expr
+ ensures { forall y z. interp result y z
+ = C.( *) (C.interp c z) (interp e y z) }
+ ensures { valid_expr e -> valid_expr result }
+ variant { e }
+ raises { C.Unknown -> true }
+= if C.eq c C.czero then Cst C.czero
+ else match e with
+ | Cst c1 -> Cst (C.mul c c1)
+ | Term c1 v -> Term (C.mul c c1) v
+ | Add e1 e2 -> Add (mul_expr e1 c) (mul_expr e2 c)
+ end
+
+let rec add_expr (e1 e2: expr) : expr
+ ensures { forall y z. interp result y z
+ = C.(+) (interp e1 y z) (interp e2 y z) }
+ variant { e2 }
+ raises { C.Unknown -> true }
+=
+ let term_or_cst c i
+ ensures { forall y z. interp result y z = interp (Term c i) y z }
+ = if C.eq C.czero c then Cst C.czero else Term c i in
+ let rec add_atom (e a:expr) : (expr, bool)
+ requires { atom a }
+ returns { r,_ -> forall y z. interp r y z
+ = C.(+) (interp e y z) (interp a y z) }
+ variant { e }
+ raises { C.Unknown -> true }
+ = match (e,a) with
+ | Term ce ie, Term ca ia ->
+ if ie = ia then (term_or_cst (C.add ce ca) ie, True)
+ else if C.eq ce C.czero then (term_or_cst ca ia, True)
+ else if C.eq ca C.czero then (e,True)
+ else (Add e a, False)
+ | Cst ce, Cst ca -> Cst (C.add ce ca), True
+ | Cst ce, Term ca _ ->
+ if C.eq ca C.czero then (e, True)
+ else if C.eq ce C.czero then (a, True)
+ else (Add e a, False)
+ | Term ce _, Cst ca ->
+ if C.eq ce C.czero then (a, True)
+ else if C.eq ca C.czero then (e, True)
+ else (Add e a, False)
+ | Add e1 e2, _ ->
+ let r, b = add_atom e1 a in
+ if b
+ then
+ match r with
+ | Cst c ->
+ if C.eq c C.czero
+ then begin
+ assert { forall y z. C.(+) (interp e1 y z) (interp a y z) = C.azero };
+ e2, True end
+ else Add r e2, True
+ | _ -> Add r e2, True
+ end
+ else
+ let r,b = add_atom e2 a in
+ match r with
+ | Cst c ->
+ if C.eq c C.czero
+ then begin
+ assert { forall y z. C.(+) (interp e2 y z) (interp a y z) = C.azero };
+ e1, True end
+ else Add e1 r, b
+ | _ -> Add e1 r, b
+ end
+ | _, Add _ _ -> absurd
+ end
+ in
+ match e2 with
+ | Add e1' e2' -> add_expr (add_expr e1 e1') e2'
+ | _ -> let r,_= add_atom e1 e2 in r
+ end
+
+let mul_eq (eq:equality) (c:coeff)
+ ensures { forall y z. interp_eq eq y z -> interp_eq result y z }
+ raises { C.Unknown -> true }
+= match eq with (e1,e2) -> (mul_expr e1 c, mul_expr e2 c) end
+
+let add_eq (eq1 eq2:equality)
+ ensures { forall y z. interp_eq eq1 y z -> interp_eq eq2 y z
+ -> interp_eq result y z }
+ ensures { forall y z ctx. interp_ctx ctx eq1 y z -> interp_ctx ctx eq2 y z
+ -> interp_ctx ctx result y z }
+ raises { C.Unknown -> true }
+= match eq1, eq2 with ((a1,b1), (a2,b2)) ->
+ let a = add_expr a1 a2 in let b = add_expr b1 b2 in
+ let r = (a,b) in
+ let rec lemma aux (l:context)
+ ensures { forall y z. interp_ctx l eq1 y z -> interp_ctx l eq2 y z
+ -> interp_ctx l r y z }
+ variant { l }
+ = match l with Nil -> () | Cons _ t -> aux t end in
+ r
+ end
+
+let rec zero_expr (e:expr) : bool
+ ensures { result -> forall y z. interp e y z = C.azero }
+ variant { e }
+ raises { C.Unknown -> true }
+=
+ let rec all_zero (e:expr) : bool
+ ensures { result -> forall y z. interp e y z = C.azero }
+ variant { e }
+ = match e with
+ | Cst c -> C.eq c C.czero
+ | Term c _ -> C.eq c C.czero
+ | Add e1 e2 -> all_zero e1 && all_zero e2
+ end
+ in
+ let e' = add_expr (Cst C.czero) e in (* simplifies expr *)
+ all_zero e'
+
+let sub_expr (e1 e2:expr)
+ ensures { forall y z. C.(+) (interp result y z) (interp e2 y z)
+ = interp e1 y z }
+ raises { C.Unknown -> true }
+= let r = add_expr e1 (mul_expr e2 (C.opp C.cone)) in
+ assert { forall y z.
+ let v1 = interp e1 y z in
+ let v2 = interp e2 y z in
+ let vr = interp r y z in
+ C.(+) vr v2 = v1
+ by C.( *) v2 (C.(-_) C.aone) = C.(-_) v2
+ so C.(+) vr v2
+ = C.(+) (C.(+) v1 (C.( *) v2 (C.(-_) C.aone))) v2
+ = C.(+) (C.(+) v1 (C.(-_) v2)) v2 = v1 };
+ r
+
+let rec same_eq (eq1 eq2: equality) : bool
+ ensures { result -> forall y z. interp_eq eq1 y z -> interp_eq eq2 y z }
+ raises { C.Unknown -> true }
+= let (e1,c1) = norm_eq eq1 in
+ let (e2,c2) = norm_eq eq2 in
+ let e = sub_expr e1 e2 in
+ if zero_expr e && C.eq c1 c2 then true
+ else (print (add_expr (Cst C.czero) e); print c1; print c2; false)
+
+use import option.Option
+
+let rec norm_context (l:context) : context
+ ensures { forall g y z. interp_ctx result g y z -> interp_ctx l g y z }
+ raises { C.Unknown -> true }
+ variant { l }
+= match l with
+ | Nil -> Nil
+ | Cons h t ->
+ let ex, c = norm_eq h in
+ Cons (ex, Cst c) (norm_context t)
+ end
+
+let rec print_lc ctx v : unit variant { ctx }
+= match ctx, v with
+ | Nil, Nil -> ()
+ | Cons l t, Cons v t2 ->
+ (if C.eq C.czero v then ()
+ else (print l; print v));
+ print_lc t t2
+ | _ -> ()
+ end
+
+let check_combination (ctx:context) (g:equality) (v:list coeff) : bool
+ ensures { result = true -> forall y z. interp_ctx ctx g y z}
+ raises { C.Unknown -> true }
+=
+ (*let ctx = norm_context ctx in
+ let (g,c) = norm_eq g in*)
+ (* normalize before for fewer Unknown exceptions in computations ? *)
+ let rec aux (l:context) (ghost acc: context) (s:equality) (v:list coeff) : option equality
+ requires { forall y z. interp_ctx acc s y z }
+ requires { ctx = acc ++ l }
+ returns { Some r -> forall y z. interp_ctx ctx r y z | None -> true }
+ raises { C.Unknown -> true }
+ variant { l }
+ = match (l, v) with
+ | Nil, Nil -> Some s
+ | Cons eq te, Cons c tc ->
+ let ghost nacc = acc ++ (Cons eq Nil) in
+ if C.eq c C.czero then aux te nacc s tc
+ else begin
+ let ns = (add_eq s (mul_eq eq c)) in
+ interp_ctx_wr ctx (Cons eq Nil) s;
+ interp_ctx_wl ctx (Cons eq Nil) eq;
+ assert { forall y z. interp_ctx nacc ns y z
+ by interp_ctx nacc s y z /\ interp_ctx nacc eq y z };
+ aux te nacc ns tc end
+ | _ -> None
+ end
+ in
+ match aux ctx Nil (Cst C.czero, Cst C.czero) v with
+ | Some sum -> if same_eq sum g then true else (print_lc ctx v; false)
+ | None -> false
+ end
+
+let transpose (m:matrix coeff) : matrix coeff
+ ensures { result.rows = m.columns /\ result.columns = m.rows }
+=
+ let r = Matrix63.make m.columns m.rows C.czero in
+ for i = 0 to m.rows - 1 do
+ for j = 0 to m.columns - 1 do
+ set r j i (get m i j)
+ done
+ done;
+ r
+
+let swap_rows (m:matrix coeff) (i1 i2: int63) : unit
+ requires { 0 <= i1 < m.rows /\ 0 <= i2 < m.rows }
+= for j = 0 to m.columns - 1 do
+ let c = get m i1 j in
+ set m i1 j (get m i2 j);
+ set m i2 j c
+ done
+
+let mul_row (m:matrix coeff) (i: int63) (c: coeff) : unit
+ requires { 0 <= i < m.rows }
+ requires { not (C.eq c C.czero) }
+ raises { C.Unknown -> true }
+= if C.eq c C.cone then () else
+ for j = 0 to m.columns - 1 do
+ set m i j (C.mul c (get m i j))
+ done
+
+let addmul_row (m:matrix coeff) (src dst: int63) (c: coeff) : unit
+ requires { 0 <= src < m.rows /\ 0 <= dst < m.rows }
+ raises { C.Unknown -> true }
+= if C.eq c C.czero then () else
+ for j = 0 to m.columns - 1 do
+ set m dst j (C.add (get m dst j) (C.mul c (get m src j)))
+ done
+
+use import ref.Ref
+
+let gauss_jordan (a: matrix coeff) : option (array coeff)
+ (*AX=B, a=(A|B), result=X*)
+ returns { Some r -> Array63.length r = a.columns | None -> true }
+ requires { 1 <= a.rows /\ 1 <= a.columns }
+ raises { C.Unknown -> true }
+=
+ let n = a.rows in
+ let m = a.columns in
+ (* print n; print m; *)
+ let rec find_nonz (i j:int63)
+ requires { 0 <= i <= n }
+ requires { 0 <= j < m }
+ variant { n-i }
+ ensures { i <= result <= n }
+ ensures { result < n -> not (C.eq (a.elts result j) C.czero) }
+ = if i >= n then n
+ else
+ if C.eq (get a i j) C.czero
+ then find_nonz (i+1) j
+ else i in
+ let pivots = Array63.make n 0 in
+ let r = ref (-1) in
+ for j = 0 to m-2 do
+ invariant { -1 <= !r < n }
+ invariant { forall i. 0 <= i <= !r -> 0 <= pivots[i] }
+ invariant { forall i1 i2: int. 0 <= i1 < i2 <= !r -> pivots[i1] < pivots[i2] }
+ invariant { !r >= 0 -> pivots[!r] < j }
+ label Start in
+ let k = find_nonz (!r+1) j in
+ if k < n
+ then begin
+ r := !r + 1;
+ pivots[!r] <- j;
+ mul_row a k (C.inv(get a k j));
+ if k <> !r then swap_rows a k !r;
+ for i = 0 to n-1 do
+ if i <> !r
+ then addmul_row a !r i (C.opp(get a i j))
+ done;
+ end;
+ assert { forall i1 i2: int. 0 <= i1 < i2 <= !r -> pivots[i1] < pivots[i2]
+ by pivots[i1] = pivots[i1] at Start
+ so [@case_split]
+ ((i2 < !r so pivots[i2] = pivots[i2] at Start)
+ \/ (i2 = !r so pivots[i1] < j(* = pivots[i2])*))) };
+ done;
+ if !r < 0 then None (* matrix is all zeroes *)
+ else begin
+ let v = Array63.make m(*(m-1)*) C.czero in
+ for i = 0 to !r do
+ v[pivots[i]] <- get a i (m-1)
+ done;
+ Some v (*pivots[!r] < m-1*) (*pivot on last column, no solution*)
+ end
+
+let rec function to_list (a: array 'a) (l u: int63) : list 'a
+ requires { l >= 0 /\ u <= Array63.length a }
+ variant { u - l }
+= if u <= l then Nil else Cons a[l] (to_list a (l+1) u)
+
+exception Failure
+
+let linear_decision (l: context) (g: equality) : bool
+ requires { valid_ctx l }
+ requires { valid_eq g }
+ requires { length l < 100000 } (* integer overflows *)
+ ensures { forall y z. result -> interp_ctx l g y z }
+ raises { C.Unknown -> true | Failure -> true }
+=
+ let nv = (max (max_var_e g) (max_var_ctx l)) in
+ begin ensures { nv < 100000 }
+ if nv >= 100000 then raise Failure
+ end;
+ let nv = Int63.of_int nv in
+ let ll = Int63.of_int (length l) in
+ let a = Matrix63.make ll (nv+1) C.czero in
+ let b = Array63.make ll C.czero in (* ax = b *)
+ let v = Array63.make (nv+1) C.czero in (* goal *)
+ let rec fill_expr (ex: expr) (i:int63): unit
+ variant { ex }
+ raises { C.Unknown -> true }
+ requires { 0 <= i < length l }
+ requires { expr_bound ex nv }
+ raises { Failure -> true }
+ = match ex with
+ | Cst c -> if C.eq c C.czero then () else raise Failure
+ | Term c j ->
+ let j = Int63.of_int j in
+ set a i j (C.add (get a i j) c)
+ | Add e1 e2 -> fill_expr e1 i; fill_expr e2 i
+ end in
+ let rec fill_ctx (ctx:context) (i:int63) : unit
+ requires { ctx_bound ctx nv }
+ variant { length l - i }
+ requires { length l - i = length ctx }
+ requires { 0 <= i <= length l }
+ raises { Failure -> true }
+ = match ctx with
+ | Nil -> ()
+ | Cons e t ->
+ assert { i < length l };
+ try
+ let ex, c = norm_eq e in
+ if (not (C.eq c C.czero)) then b[i] <- C.add b[i] c;
+ fill_expr ex i;
+ with C.Unknown -> () (* some equalities are in the context but cannot be normalized, typically they are useless, ignore them *)
+ end;
+ fill_ctx t (i+1)
+ end in
+ let rec fill_goal (ex:expr) : unit
+ requires { expr_bound ex nv }
+ variant { ex }
+ raises { C.Unknown -> true }
+ raises { Failure -> true }
+ = match ex with
+ | Cst c -> if C.eq c C.czero then () else raise Failure
+ | Term c j ->
+ let j = Int63.of_int j in
+ v[j] <- C.add v[j] c
+ | Add e1 e2 -> fill_goal e1; fill_goal e2
+ end in
+ fill_ctx l 0;
+ let (ex, d) = norm_eq g in
+ fill_goal ex;
+ let ab = m_append a b in
+ let cd = v_append v d in
+ let ab' = transpose ab in
+ match gauss_jordan (m_append ab' cd) with
+ | Some r ->
+ check_combination l g (to_list r 0 ll)
+ | None -> false
+ end
+
+type expr' = | Sum expr' expr' | ProdL expr' cprod | ProdR cprod expr' | Diff expr' expr'
+ | Var int | Coeff coeff
+
+with cprod = | C coeff | Times cprod cprod
+
+function interp_c (e:cprod) (y:vars) (z:C.cvars) : C.a
+= match e with
+ | C c -> C.interp c z
+ | Times e1 e2 -> C.(*) (interp_c e1 y z) (interp_c e2 y z)
+ end
+
+meta rewrite_def function interp_c
+
+function interp' (e:expr') (y:vars) (z:C.cvars) : C.a
+= match e with
+ | Sum e1 e2 -> C.(+) (interp' e1 y z) (interp' e2 y z)
+ | ProdL e c -> C.(*) (interp' e y z) (interp_c c y z)
+ | ProdR c e -> C.(*) (interp_c c y z) (interp' e y z)
+ | Diff e1 e2 -> C.(-) (interp' e1 y z) (interp' e2 y z)
+ | Var n -> y n
+ | Coeff c -> C.interp c z
+ end
+
+meta rewrite_def function interp'
+
+(*exception NonLinear*)
+
+type equality' = (expr', expr')
+type context' = list equality'
+
+function interp_eq' (g:equality') (y:vars) (z:C.cvars) : bool
+= match g with (g1, g2) -> interp' g1 y z = interp' g2 y z end
+
+meta rewrite_def function interp_eq'
+
+function interp_ctx' (l: context') (g: equality') (y: vars) (z:C.cvars) : bool
+= match l with
+ | Nil -> interp_eq' g y z
+ | Cons h t -> (interp_eq' h y z) -> (interp_ctx' t g y z)
+ end
+
+meta rewrite_def function interp_ctx'
+
+let rec predicate valid_expr' (e:expr')
+ variant { e }
+= match e with
+ | Var i -> 0 <= i
+ | Sum e1 e2 | Diff e1 e2 -> valid_expr' e1 && valid_expr' e2
+ | Coeff _ -> true
+ | ProdL e _ | ProdR _ e -> valid_expr' e
+ end
+
+let predicate valid_eq' (eq:equality')
+= match eq with (e1,e2) -> valid_expr' e1 && valid_expr' e2 end
+
+let rec predicate valid_ctx' (ctx:context')
+= match ctx with Nil -> true | Cons eq t -> valid_eq' eq && valid_ctx' t end
+
+let rec simp (e:expr') : expr
+ ensures { forall y z. interp result y z = interp' e y z }
+ ensures { valid_expr' e -> valid_expr result }
+ raises { C.Unknown -> true }
+ variant { e }
+=
+ let rec simp_c (e:cprod) : coeff
+ ensures { forall y z. C.interp result z = interp_c e y z }
+ variant { e }
+ raises { C.Unknown -> true }
+ =
+ match e with
+ | C c -> c
+ | Times c1 c2 -> C.mul (simp_c c1) (simp_c c2)
+ end
+ in
+ match e with
+ | Sum e1 e2 -> Add (simp e1) (simp e2)
+ | Diff e1 e2 -> Add (simp e1) (opp_expr (simp e2))
+ | Var n -> Term C.cone n
+ | Coeff c -> Cst c
+ | ProdL e c | ProdR c e ->
+ mul_expr (simp e) (simp_c c)
+ end
+
+let simp_eq (eq:equality') : equality
+ ensures { forall y z. interp_eq result y z = interp_eq' eq y z }
+ ensures { valid_eq' eq -> valid_eq result }
+ raises { (*NonLinear -> true | *)C.Unknown -> true }
+= match eq with (g1, g2) -> (simp g1, simp g2) end
+
+let rec simp_ctx (ctx: context') (g:equality') : (context, equality)
+ returns { (rc, rg) ->
+ (valid_ctx' ctx -> valid_eq' g -> valid_ctx rc /\ valid_eq rg) /\
+ length rc = length ctx /\
+ forall y z. interp_ctx rc rg y z = interp_ctx' ctx g y z }
+ raises { (*NonLinear -> true | *) C.Unknown -> true }
+ variant { ctx }
+= match ctx with
+ | Nil -> Nil, simp_eq g
+ | Cons eq t -> let rt, rg = simp_ctx t g in
+ Cons (simp_eq eq) rt, rg
+ end
+
+let decision (l:context') (g:equality')
+ requires { valid_ctx' l }
+ requires { valid_eq' g }
+ requires { length l < 100000 }
+ ensures { forall y z. result -> interp_ctx' l g y z }
+ raises { (* NonLinear -> true | *) C.Unknown -> true | Failure -> true }
+= let sl, sg = simp_ctx l g in
+ linear_decision sl sg
+
+end
+
+module RationalCoeffs
+
+use import int.Int
+use import real.RealInfix
+use import real.FromInt
+use import int.Abs
+
+(*meta coercion function from_int*)
+
+type t = (int, int)
+type rvars = int -> real
+
+exception QError
+
+let constant rzero = (0,1)
+let constant rone = (1,1)
+
+function rinterp (t:t) (v:rvars) : real
+= match t with
+ | (n,d) -> from_int n /. from_int d
+ end
+
+meta rewrite_def function rinterp
+
+let lemma prod_compat_eq (a b c:real)
+ requires { c <> 0.0 }
+ requires { a *. c = b *. c }
+ ensures { a = b }
+= ()
+
+let lemma cross_d (n1 d1 n2 d2:int)
+ requires { d1 <> 0 /\ d2 <> 0 }
+ requires { n1 * d2 = n2 * d1 }
+ ensures { forall v. rinterp (n1,d1) v = rinterp (n2,d2) v }
+= let d = from_int (d1 * d2) in
+ assert { forall v. rinterp (n1, d1) v = rinterp (n2, d2) v
+ by rinterp (n1, d1) v *. d = rinterp (n2,d2) v *. d }
+
+let lemma cross_ind (n1 d1 n2 d2:int)
+ requires { d1 <> 0 /\ d2 <> 0 }
+ requires { forall v. rinterp (n1,d1) v = rinterp (n2,d2) v }
+ ensures { n1 * d2 = n2 * d1 }
+= assert { from_int d1 <> 0.0 /\ from_int d2 <> 0.0 };
+ assert { from_int n1 /. from_int d1 = from_int n2 /. from_int d2 };
+ assert { from_int n1 *. from_int d2 = from_int n2 *. from_int d1
+ by from_int n1 *. from_int d2
+ = (from_int n1 /. from_int d1) *. from_int d1 *. from_int d2
+ = (from_int n2 /. from_int d2) *. from_int d1 *. from_int d2
+ = from_int n2 *. from_int d1 };
+ assert { from_int (n1*d2) = from_int (n2 * d1) }
+
+
+lemma cross: forall n1 d1 n2 d2: int. d1 <> 0 -> d2 <> 0 ->
+ n1 * d2 = n2 * d1 <->
+ forall v. rinterp (n1,d1) v = rinterp (n2,d2) v
+
+use import int.ComputerDivision
+use import ref.Ref
+use import number.Gcd
+
+let gcd (x:int) (y:int)
+ requires { x > 0 /\ y > 0 }
+ ensures { result = gcd x y }
+ ensures { result > 0 }
+ =
+ let ghost ox = x in
+ let x = ref x in let y = ref y in
+ label Pre in
+ while (!y > 0) do
+ invariant { !x >= 0 /\ !y >= 0 }
+ invariant { gcd !x !y = gcd (!x at Pre) (!y at Pre) }
+ variant { !y }
+ invariant { ox > 0 -> !x > 0 }
+ let r = mod !x !y in let ghost q = div !x !y in
+ assert { r = !x - q * !y };
+ x := !y; y := r;
+ done;
+ !x
+
+let simp (t:t) : t
+ ensures { forall v:rvars. rinterp result v = rinterp t v }
+= match t with
+ | (n,d) ->
+ if d = 0 then t
+ else if n = 0 then rzero
+ else
+ let g = gcd (abs n) (abs d) in
+ let n', d' = (div n g, div d g) in
+ assert { n = g * n' /\ d = g * d' };
+ assert { n' * d = n * d' };
+ (n', d')
+ end
+
+let radd (a b:t)
+ ensures { forall y. rinterp result y = rinterp a y +. rinterp b y }
+ raises { QError -> true }
+= match (a,b) with
+ | (n1,d1), (n2,d2) ->
+ if d1 = 0 || d2 = 0 then raise QError
+ else begin
+ let r = (n1*d2 + n2*d1, d1*d2) in
+ let ghost d = from_int d1 *. from_int d2 in
+ assert { forall y.
+ rinterp a y +. rinterp b y = rinterp r y
+ by rinterp a y *. d = from_int n1 *. from_int d2
+ so rinterp b y *. d = from_int n2 *. from_int d1
+ so (rinterp a y +. rinterp b y) *. d
+ = from_int (n1*d2 + n2*d1)
+ = rinterp r y *. d };
+ simp r end
+ end
+
+let rmul (a b:t)
+ ensures { forall y. rinterp result y = rinterp a y *. rinterp b y }
+ raises { QError -> true }
+= match (a,b) with
+ | (n1,d1), (n2, d2) ->
+ if d1 = 0 || d2 = 0 then raise QError
+ else begin
+ let r = (n1*n2, d1*d2) in
+ assert { forall y. rinterp r y = rinterp a y *. rinterp b y
+ by rinterp r y = from_int (n1*n2) /. from_int(d1*d2)
+ = (from_int n1 *. from_int n2) /. (from_int d1 *. from_int d2)
+ = (from_int n1 /. from_int d1) *. (from_int n2 /. from_int d2)
+ = rinterp a y *. rinterp b y };
+ r
+ end
+ end
+
+let ropp (a:t)
+ ensures { forall y. rinterp result y = -. rinterp a y }
+= match a with
+ | (n,d) -> (-n, d)
+ end
+
+let predicate req (a b:t)
+ ensures { result -> forall y. rinterp a y = rinterp b y }
+= match (a,b) with
+ | (n1,d1), (n2,d2) -> n1 = n2 && d1 = d2 || (d1 <> 0 && d2 <> 0 && n1 * d2 = n2 * d1)
+ end
+
+let rinv (a:t)
+ requires { not req a rzero }
+ ensures { not req result rzero }
+ ensures { forall y. rinterp result y *. rinterp a y = 1.0 }
+ raises { QError -> true }
+= match a with
+ | (n,d) -> if n = 0 || d = 0 then raise QError else (d,n)
+ end
+
+let is_zero (a:t)
+ ensures { result <-> req a rzero }
+= match a with
+ | (n,d) -> n = 0 && d <> 0
+ end
+
+end
+
+module LinearDecisionRational
+
+use import RationalCoeffs
+use import real.RealInfix
+use import real.FromInt
+
+clone export LinearEquationsDecision with type C.a = real, function C.(+) = (+.), function C.( * ) = ( *. ), function C.(-_) = (-._), function C.(-) = (-.), type coeff = t, type C.cvars=int -> real, function C.interp=rinterp, exception C.Unknown = QError, constant C.azero = Real.zero, constant C.aone = Real.one, predicate C.ale = (<=.), val C.czero=rzero, val C.cone=rone, lemma C.sub_def, lemma C.zero_def, lemma C.one_def, val C.add=radd, val C.mul=rmul, val C.opp=ropp, val C.eq=req, val C.inv=rinv, goal C.A.ZeroLessOne, goal C.A.CompatOrderAdd, goal C.A.CompatOrderMult, goal C.A.Unitary, goal C.A.NonTrivialRing, goal C.A.Mul_distr_l, goal C.A.Mul_distr_r, goal C.A.Inv_def_l, goal C.A.Inv_def_r, goal C.A.MulAssoc.Assoc, goal C.A.Assoc, goal C.A.MulComm.Comm, goal C.A.Comm, goal C.A.Unit_def_l, goal C.A.Unit_def_r
+
+end
+
+module LinearDecisionInt
+
+use import int.Int
+
+type t' = IC int | Error
+
+function interp_id (t:t') (v:int -> int) : int
+= match t with
+ | IC i -> i
+ | Error -> 0 (* never created *)
+ end
+
+meta rewrite_def function interp_id
+
+let constant izero = IC 0
+
+let constant ione = IC 1
+
+let predicate ieq (a b:t') = false
+
+exception NError
+
+let iadd (a b:t') : t'
+ ensures { forall z. interp_id result z = interp_id a z + interp_id b z }
+ raises { NError -> true }
+= raise NError
+
+let imul (a b:t') : t'
+ ensures { forall z. interp_id result z = interp_id a z * interp_id b z }
+ raises { NError -> true }
+= raise NError
+
+let iopp (a:t') : t'
+ ensures { forall z. interp_id result z = - interp_id a z }
+ raises { NError -> true }
+= raise NError
+
+let iinv (t:t') : t'
+ (*ensures { forall v: int -> int. id result v * id t v = one }*)
+ ensures { not (ieq result izero) }
+ raises { NError -> true }
+= raise NError
+
+clone export LinearEquationsDecision with type C.a = int, function C.(+)=(+), function C.(*) = (*), function C.(-_) = (-_), function C.(-) = (-), type coeff = t', type C.cvars = int->int,function C.interp = interp_id, constant C.azero = zero, constant C.aone = one, predicate C.ale= (<=), val C.czero = izero, val C.cone = ione, lemma C.sub_def, lemma C.zero_def, lemma C.one_def, val C.add = iadd, val C.mul = imul, val C.opp = iopp, val C.eq = ieq, val C.inv = iinv, goal C.A.ZeroLessOne, goal C.A.CompatOrderAdd, goal C.A.CompatOrderMult, goal C.A.Unitary, goal C.A.NonTrivialRing, goal C.A.Mul_distr_l, goal C.A.Mul_distr_r, goal C.A.Inv_def_l, goal C.A.Inv_def_r, goal C.A.MulAssoc.Assoc, goal C.A.Assoc, goal C.A.MulComm.Comm, goal C.A.Comm, goal C.A.Unit_def_l, goal C.A.Unit_def_r
+
+
+use import real.FromInt
+use import RationalCoeffs
+use LinearDecisionRational as R
+use import list.List
+
+let ghost function m_y (y:int -> int): (int -> real)
+ ensures { forall i. result i = from_int (y i) }
+= fun i -> from_int (y i)
+
+meta rewrite_def function m_y
+
+let m (t:t') : (int, int)
+ ensures { forall z. rinterp result (m_y z) = from_int (interp_id t z) }
+ raises { NError -> true }
+= match t with
+ | IC x -> (x,1)
+ | _ -> raise NError
+ end
+
+let rec m_cprod (e:cprod) : R.cprod
+ ensures { forall y z. R.interp_c result (m_y y) (m_y z)
+ = from_int (interp_c e y z) }
+ raises { NError -> true }
+ variant { e }
+= match e with
+ | C c -> R.C (m c)
+ | Times c1 c2 -> R.Times (m_cprod c1) (m_cprod c2)
+ end
+
+let rec m_expr (e:expr') : R.expr'
+ ensures { forall y z. R.interp' result (m_y y) (m_y z)
+ = from_int (interp' e y z) }
+ ensures { valid_expr' e -> R.valid_expr' result }
+ raises { NError -> true }
+ variant { e }
+= match e with
+ | Var i -> R.Var i
+ | Coeff c -> R.Coeff (m c)
+ | Sum e1 e2 -> R.Sum (m_expr e1) (m_expr e2)
+ | Diff e1 e2 -> R.Diff (m_expr e1) (m_expr e2)
+ | ProdL e c -> R.ProdL (m_expr e) (m_cprod c)
+ | ProdR c e -> R.ProdR (m_cprod c) (m_expr e)
+ end
+
+use import list.Length
+use import debug.Debug
+
+let m_eq (eq:equality') : R.equality'
+ ensures { forall y z. R.interp_eq' result (m_y y) (m_y z)
+ <-> interp_eq' eq y z }
+ ensures { valid_eq' eq -> R.valid_eq' result }
+ raises { NError -> true }
+= match eq with (e1,e2) -> (m_expr e1, m_expr e2) end
+
+let rec m_ctx (ctx:context') (g:equality') : (R.context', R.equality')
+ returns { c',g' -> forall y z. R.interp_ctx' c' g' (m_y y) (m_y z) <->
+ interp_ctx' ctx g y z }
+ returns { c', _ -> valid_ctx' ctx -> R.valid_ctx' c' }
+ returns { c', _ -> length c' = length ctx }
+ returns { _, g' -> valid_eq' g -> R.valid_eq' g' }
+ raises { NError -> true }
+ variant { ctx }
+= match ctx with
+ | Nil -> Nil, m_eq g
+ | Cons h t ->
+ let c',g' = m_ctx t g in
+ (Cons (m_eq h) c',g')
+ end
+
+let int_decision (l: context') (g: equality') : bool
+ requires { valid_ctx' l }
+ requires { valid_eq' g }
+ requires { length l < 100000 }
+ ensures { forall y z. result -> interp_ctx' l g y z }
+ raises { R.Failure -> true | QError -> true | NError -> true }
+= let l',g' = m_ctx l g in
+ R.decision l' g'
+
+end
+
+
+module Test
+
+use import RationalCoeffs
+use import LinearDecisionRational
+use import int.Int
+use import real.RealInfix
+use import real.FromInt
+
+meta "compute_max_steps" 0x10000
+meta coercion function from_int
+
+goal g: forall x y: real.
+ (from_int 3 /. from_int 1) *. x +. (from_int 2/. from_int 1) *. y = (from_int 21/. from_int 1) ->
+ (from_int 7 /. from_int 1) *. x +. (from_int 4/. from_int 1) *. y = (from_int 47/. from_int 1) ->
+ x = (from_int 5 /. from_int 1)
+end
+
+module TestInt
+
+use import LinearDecisionInt
+use import int.Int
+
+meta "compute_max_steps" 0x10000
+
+goal g: forall x y:int.
+ 3 * x + 2 * y = 21 ->
+ 7 * x + 4 * y = 47 ->
+ x = 5
+
+end
+
+module MP64Coeffs
+
+use mach.int.UInt64 as M
+use import real.RealInfix
+use import real.FromInt
+use import real.PowerReal
+use RationalCoeffs as Q
+use import int.Int
+
+use import debug.Debug
+
+type evars = int -> int
+
+
+type exp = Lit int | Var int | Plus exp exp | Minus exp | Sub exp exp
+type t = (Q.t, exp)
+
+let constant mzero = (Q.rzero, Lit 0)
+let constant mone = (Q.rone, Lit 0)
+
+constant rradix: real = from_int (M.radix)
+
+function qinterp (q:Q.t) : real
+= match q with (n,d) -> from_int n /. from_int d end
+
+meta rewrite_def function qinterp
+
+lemma qinterp_def: forall q v. qinterp q = Q.rinterp q v
+
+function interp_exp (e:exp) (y:evars) : int
+= match e with
+ | Lit n -> n
+ | Var v -> y v
+ | Plus e1 e2 -> interp_exp e1 y + interp_exp e2 y
+ | Sub e1 e2 -> interp_exp e1 y - interp_exp e2 y
+ | Minus e' -> - (interp_exp e' y)
+ end
+
+meta rewrite_def function interp_exp
+
+function minterp (t:t) (y:evars) : real
+= match t with
+ (q,e) ->
+ qinterp q *. pow rradix (from_int (interp_exp e y))
+ end
+
+meta rewrite_def function minterp
+
+exception MPError
+
+let rec opp_exp (e:exp)
+ ensures { forall y. interp_exp result y = - interp_exp e y }
+ variant { e }
+= match e with
+ | Lit n -> Lit (-n)
+ | Minus e' -> e'
+ | Plus e1 e2 -> Plus (opp_exp e1) (opp_exp e2)
+ | Sub e1 e2 -> Sub e2 e1
+ | Var _ -> Minus e
+ end
+
+let rec add_sub_exp (e1 e2:exp) (s:bool) : exp
+ ensures { forall y.
+ if s
+ then interp_exp result y = interp_exp e1 y + interp_exp e2 y
+ else interp_exp result y = interp_exp e1 y - interp_exp e2 y }
+ raises { MPError -> true }
+ variant { e2, e1 }
+=
+ let rec add_atom (e a:exp) (s:bool) : (exp, bool)
+ returns { r, _ -> forall y.
+ if s then interp_exp r y = interp_exp e y + interp_exp a y
+ else interp_exp r y = interp_exp e y - interp_exp a y }
+ raises { MPError -> true }
+ variant { e }
+ = match (e,a) with
+ | Lit n1, Lit n2 -> (if s then Lit (n1+n2) else Lit (n1-n2)), True
+ | Lit n, Var i
+ -> if n = 0 then (if s then Var i else Minus (Var i)), True
+ else (if s then Plus e a else Sub e a), False
+ | Var i, Lit n
+ -> if n = 0 then Var i, true
+ else (if s then Plus e a else Sub e a), False
+ | Lit n, Minus e' ->
+ if n = 0 then (if s then Minus e' else e'), True
+ else (if s then Plus e a else Sub e a), False
+ | Minus e', Lit n ->
+ if n = 0 then Minus e', True
+ else (if s then Plus e a else Sub e a), False
+ | Var i, Minus (Var j) | Minus (Var j), Var i ->
+ if s && (i = j) then (Lit 0, true)
+ else (if s then Plus e a else Sub e a), False
+ | Var i, Var j -> if s then Plus e a, False
+ else
+ if i = j then Lit 0, True
+ else Sub e a, False
+ | Minus (Var i), Minus (Var j) ->
+ if (not s) && (i=j) then Lit 0, true
+ else (if s then Plus e a else Sub e a), False
+ | Minus _, Minus _ -> (if s then Plus e a else Sub e a), False
+ | Plus e1 e2, _ ->
+ let r, b = add_atom e1 a s in
+ if b then
+ match r with
+ | Lit n -> if n = 0 then e2, True else Plus r e2, True
+ | _ -> Plus r e2, True
+ end
+ else let r, b = add_atom e2 a s in Plus e1 r, b
+ | Sub e1 e2, _ ->
+ let r, b = add_atom e1 a s in
+ if b then
+ match r with
+ | Lit n -> if n = 0 then opp_exp e2, True else Sub r e2, True
+ | _ -> Sub r e2, True
+ end
+ else let r, b = add_atom e2 a (not s) in
+ if b then Sub e1 r, True
+ else if s then Sub (Plus e1 a) e2, False
+ else Sub e1 (Plus e2 a), False
+ | _ -> raise MPError
+ end
+ in
+ match e2 with
+ | Plus e1' e2' ->
+ let r = add_sub_exp e1 e1' s in
+ match r with
+ | Lit n -> if n = 0
+ then (if s then e2' else opp_exp e2')
+ else add_sub_exp r e2' s
+ | _ -> add_sub_exp r e2' s
+ end
+ | Sub e1' e2' ->
+ let r = add_sub_exp e1 e1' s in
+ match r with
+ | Lit n -> if n = 0
+ then (if s then opp_exp e2' else e2')
+ else add_sub_exp r e2' (not s)
+ | _ -> add_sub_exp r e2' (not s)
+ end
+ | _ -> let r, _ = add_atom e1 e2 s in r
+ end
+
+let add_exp (e1 e2:exp) : exp
+ ensures { forall y. interp_exp result y = interp_exp e1 y + interp_exp e2 y }
+ raises { MPError -> True }
+= add_sub_exp e1 e2 True
+
+
+let rec zero_exp (e:exp) : bool
+ ensures { result -> forall y. interp_exp e y = 0 }
+ variant { e }
+ raises { MPError -> true }
+=
+ let rec all_zero (e:exp) : bool
+ ensures { result -> forall y. interp_exp e y = 0 }
+ variant { e }
+ = match e with
+ | Lit n -> n = 0
+ | Var _ -> false
+ | Minus e -> all_zero e
+ | Plus e1 e2 -> all_zero e1 && all_zero e2
+ | Sub e1 e2 -> all_zero e1 && all_zero e2
+ end
+ in
+ let e' = add_exp (Lit 0) e in (* simplifies exp *)
+ all_zero e'
+
+let rec same_exp (e1 e2: exp)
+ ensures { result -> forall y. interp_exp e1 y = interp_exp e2 y }
+ variant { e1, e2 }
+ raises { MPError -> true }
+= match e1, e2 with
+ | Lit n1, Lit n2 -> n1 = n2
+ | Var v1, Var v2 -> v1 = v2
+ | Minus e1', Minus e2' -> same_exp e1' e2'
+ | _ -> zero_exp (add_exp e1 (opp_exp e2))
+ end
+
+let madd (a b:t)
+ ensures { forall y. minterp result y = minterp a y +. minterp b y }
+ raises { MPError -> true }
+ raises { Q.QError -> true }
+= match a, b with
+ | (q1, e1), (q2, e2) ->
+ if Q.is_zero q1 then b
+ else if Q.is_zero q2 then a
+ else if same_exp e1 e2
+ then begin
+ let q = Q.radd q1 q2 in
+ assert { forall y. minterp (q, e1) y = minterp a y +. minterp b y
+ by let p = pow rradix (from_int (interp_exp e1 y)) in
+ minterp (q, e1) y = (qinterp q) *. p
+ = (qinterp q1 +. qinterp q2) *. p
+ = qinterp q1 *. p +. qinterp q2 *. p
+ = minterp a y +. minterp b y };
+ (q,e1) end
+ else raise MPError
+ end
+
+let mmul (a b:t)
+ ensures { forall y. minterp result y = minterp a y *. minterp b y }
+ raises { Q.QError -> true }
+ raises { MPError -> true }
+= match a, b with
+ | (q1,e1), (q2,e2) ->
+ let q = Q.rmul q1 q2 in
+ if Q.is_zero q then mzero
+ else begin
+ let e = add_exp e1 e2 in
+ assert { forall y. minterp (q,e) y = minterp a y *. minterp b y
+ by let p1 = pow rradix (from_int (interp_exp e1 y)) in
+ let p2 = pow rradix (from_int (interp_exp e2 y)) in
+ let p = pow rradix (from_int (interp_exp e y)) in
+ interp_exp e y = interp_exp e1 y + interp_exp e2 y
+ so p = p1 *. p2
+ so minterp (q,e) y = qinterp q *. p
+ = (qinterp q1 *. qinterp q2) *. p
+ = (qinterp q1 *. qinterp q2) *. p1 *. p2
+ = minterp a y *. minterp b y };
+ (q,e)
+ end
+ end
+
+let mopp (a:t)
+ ensures { forall y. minterp result y = -. minterp a y }
+= match a with (q,e) -> (Q.ropp q, e) end
+
+let rec predicate pure_same_exp (e1 e2: exp)
+ ensures { result -> forall y. interp_exp e1 y = interp_exp e2 y }
+ variant { e1, e2 }
+= match e1, e2 with
+ | Lit n1, Lit n2 -> n1 = n2
+ | Var v1, Var v2 -> v1 = v2
+ | Minus e1', Minus e2' -> pure_same_exp e1' e2'
+ | Plus a1 a2, Plus b1 b2 ->
+ (pure_same_exp a1 b1 && pure_same_exp a2 b2) ||
+ (pure_same_exp a1 b2 && pure_same_exp a2 b1)
+ | _ -> false
+ end
+
+let predicate meq (a b:t)
+ ensures { result -> forall y. minterp a y = minterp b y }
+= match (a,b) with
+ | (q1,e1), (q2,e2) -> (Q.req q1 q2 && pure_same_exp e1 e2) || (Q.is_zero q1 && Q.is_zero q2)
+ end
+
+let minv (a:t)
+ requires { not meq a mzero }
+ ensures { not meq result mzero }
+(* ensures { forall y. minterp result y *. minterp a y = 1.0 } no need to prove this*)
+ raises { Q.QError -> true }
+= match a with
+ | (q,e) -> (Q.rinv q, opp_exp e)
+ end
+
+end
+
+module LinearDecisionRationalMP
+
+use import MP64Coeffs
+use import real.RealInfix
+
+type coeff = t
+
+clone export LinearEquationsDecision with type C.a = real, function C.(+) = (+.), function C.( *) = ( *.), function C.(-_) = (-._), function C.(-) = (-.), type coeff = t, type C.cvars=evars, function C.interp=minterp, exception C.Unknown = MPError, constant C.azero = Real.zero, constant C.aone = Real.one, predicate C.ale = (<=.), val C.czero=mzero, val C.cone=mone, lemma C.sub_def, lemma C.zero_def, lemma C.one_def, val C.add=madd, val C.mul=mmul, val C.opp=mopp, val C.eq=meq, val C.inv=minv, goal C.A.ZeroLessOne, goal C.A.CompatOrderAdd, goal C.A.CompatOrderMult, goal C.A.Unitary, goal C.A.NonTrivialRing, goal C.A.Mul_distr_l, goal C.A.Mul_distr_r, goal C.A.Inv_def_l, goal C.A.Inv_def_r, goal C.A.MulAssoc.Assoc, goal C.A.Assoc, goal C.A.MulComm.Comm, goal C.A.Comm, goal C.A.Unit_def_l, goal C.A.Unit_def_r
+
+end
+module LinearDecisionIntMP
+
+use import int.Int
+use import int.Power
+use import MP64Coeffs
+
+type t = | I int | E exp | R
+
+let constant mpzero: t = I 0
+let constant mpone: t = I 1
+
+function mpinterp (t:t) (y:evars) : int
+= match t with
+ | I n -> n
+ | E e -> power M.radix (interp_exp e y)
+ | R -> M.radix
+ end
+
+meta rewrite_def function mpinterp
+
+(* TODO restructure stuff so that expr, eq, ctx, valid_ can be imported without having to implement these *)
+
+let mpadd (a b:t) : t
+ ensures { forall y. mpinterp result y = mpinterp a y + mpinterp b y }
+ raises { MPError -> true }
+= raise MPError
+
+let mpmul (a b:t) : t
+ ensures { forall y. mpinterp result y = mpinterp a y * mpinterp b y }
+ raises { MPError -> true }
+= raise MPError
+
+let mpopp (a:t) : t
+ ensures { forall y. mpinterp result y = - mpinterp a y }
+ raises { MPError -> true }
+= raise MPError
+
+let predicate mpeq (a b:t)
+ ensures { result -> forall y. mpinterp a y = mpinterp b y }
+= false (*match a, b with
+ (n1, e1), (n2, e2) -> n1=n2 && (n1 = 0 || same_exp e1 e2)
+ end*)
+
+let mpinv (a:t) : t
+ ensures { not mpeq result mpzero }
+ raises { MPError -> true }
+= raise MPError
+
+
+clone export LinearEquationsDecision with type C.a = int, function C.(+) = (+), function C.(*) = (*), function C.(-_) = (-_), function C.(-) = (-), type coeff = t, type C.cvars = int->int, function C.interp = mpinterp, constant C.azero = zero, constant C.aone = one, val C.czero = mpzero, val C.cone = mpone, predicate C.ale = (<=), lemma C.sub_def, lemma C.zero_def, lemma C.one_def, val C.add = mpadd, val C.mul = mpmul, val C.opp = mpopp, val C.eq = mpeq, val C.inv = mpinv, goal C.A.ZeroLessOne, goal C.A.CompatOrderAdd, goal C.A.CompatOrderMult, goal C.A.Unitary, goal C.A.NonTrivialRing, goal C.A.Mul_distr_l, goal C.A.Mul_distr_r, goal C.A.Inv_def_l, goal C.A.Inv_def_r, goal C.A.MulAssoc.Assoc, goal C.A.Assoc, goal C.A.MulComm.Comm, goal C.A.Comm, goal C.A.Unit_def_l, goal C.A.Unit_def_r
+
+use LinearDecisionRationalMP as R
+use import real.FromInt
+use import real.PowerReal
+use import real.RealInfix
+use import int.Int
+
+use import list.List
+
+predicate pos_exp (t:t) (y:evars)
+= match t with
+ | E e -> 0 <= interp_exp e y
+ | I _ | R -> true
+ end
+
+predicate pos_cprod (e:cprod) (y:evars)
+= match e with
+ | C c -> pos_exp c y
+ | Times c1 c2 -> pos_cprod c1 y && pos_cprod c2 y
+ end
+
+predicate pos_expr' (e:expr') (y:evars)
+= match e with
+ | Coeff c -> pos_exp c y
+ | Var _ -> true
+ | Sum e1 e2 | Diff e1 e2
+ -> pos_expr' e1 y /\ pos_expr' e2 y
+ | ProdL e c | ProdR c e -> pos_expr' e y && pos_cprod c y
+ end
+
+predicate pos_eq' (eq:equality') (y:evars)
+= match eq with (e1, e2) -> pos_expr' e1 y /\ pos_expr' e2 y end
+
+predicate pos_ctx' (l:context') (y:evars)
+= match l with Nil -> true | Cons h t -> pos_eq' h y /\ pos_ctx' t y end
+
+let rec function m (t:t) : R.coeff
+ ensures { forall y. pos_exp t y -> minterp result y
+ = from_int (mpinterp t y) }
+= match t with
+ | I n -> ((n,1), Lit 0)
+ | E e -> ((1,1), e)
+ | R -> ((1,1), Lit 1) (* or ((radix, 1), Lit 0) ? *)
+ end
+
+meta rewrite_def function m
+
+let ghost function m_y (y:int->int): (int -> real)
+ ensures { forall i. result i = from_int (y i) }
+= fun i -> from_int (y i)
+
+let rec function m_cprod (e:cprod) : R.cprod
+ ensures { forall y z. pos_cprod e z -> R.interp_c result (m_y y) z
+ = from_int (interp_c e y z) }
+= match e with
+ | C c -> R.C (m c)
+ | Times c1 c2 -> R.Times (m_cprod c1) (m_cprod c2)
+ end
+
+meta rewrite_def function m_cprod
+
+let rec function m_expr (e:expr') : R.expr'
+ ensures { forall y z. pos_expr' e z -> R.interp' result (m_y y) z
+ = from_int (interp' e y z) }
+ ensures { valid_expr' e -> R.valid_expr' result}
+= match e with
+ | Var i -> R.Var i
+ | Coeff c -> R.Coeff (m c)
+ | Sum e1 e2 -> R.Sum (m_expr e1) (m_expr e2)
+ | Diff e1 e2 -> R.Diff (m_expr e1) (m_expr e2)
+ | ProdL e c -> R.ProdL (m_expr e) (m_cprod c)
+ | ProdR c e -> R.ProdR (m_cprod c) (m_expr e)
+ end
+
+meta rewrite_def function m_expr
+
+let function m_eq (eq:equality') : R.equality'
+ ensures { forall y z. pos_eq' eq z -> (R.interp_eq' result (m_y y) z
+ <-> interp_eq' eq y z) }
+ ensures { valid_eq' eq -> R.valid_eq' result }
+= match eq with (e1,e2) -> (m_expr e1, m_expr e2) end
+
+meta rewrite_def function m_eq
+
+use import list.Length
+
+let rec function m_ctx (ctx:context') : R.context'
+ ensures { forall y z g. pos_ctx' ctx z -> pos_eq' g z ->
+ (R.interp_ctx' result (m_eq g) (m_y y) z
+ <-> interp_ctx' ctx g y z) }
+ ensures { length result = length ctx }
+ ensures { valid_ctx' ctx -> R.valid_ctx' result }
+ variant { ctx }
+= match ctx with
+ | Nil -> Nil
+ | Cons h t ->
+ let r = Cons (m_eq h) (m_ctx t) in
+ r
+ end
+
+meta rewrite_def function m_ctx
+
+let mp_decision (l: context') (g: equality') : bool
+ requires { valid_ctx' l }
+ requires { valid_eq' g }
+ requires { length l < 100000 }
+ ensures { forall y z. result -> pos_ctx' l z -> pos_eq' g z
+ -> interp_ctx' l g y z }
+ raises { R.Failure -> true | MPError -> true | Q.QError -> true }
+=
+ R.decision (m_ctx l) (m_eq g)
+
+end
+
+module EqPropMP
+
+use import int.Int
+use import LinearDecisionIntMP
+use import array.Array
+use import int.MinMax
+use import option.Option
+use import list.List
+use import list.Append
+
+
+use MP64Coeffs as E
+
+let rec predicate expr_bound' (e:expr') (b:int)
+ variant { e }
+= match e with
+ | Sum e1 e2 | Diff e1 e2 -> expr_bound' e1 b && expr_bound' e2 b
+ | ProdL e _ | ProdR _ e -> expr_bound' e b
+ | Var n -> 0 <= n <= b
+ | Coeff _ -> true
+ end
+
+let predicate eq_bound' (eq:equality') (b:int)
+= match eq with (e1,e2) -> expr_bound' e1 b && expr_bound' e2 b end
+
+let rec predicate ctx_bound' (ctx:context') (b:int)
+= match ctx with Nil -> true | Cons eq t -> eq_bound' eq b && ctx_bound' t b end
+
+let rec lemma expr_bound_w' (e:expr') (b1 b2:int)
+ requires { b1 <= b2 }
+ requires { expr_bound' e b1 }
+ ensures { expr_bound' e b2 }
+ variant { e }
+= match e with
+ | Sum e1 e2 | Diff e1 e2 ->
+ expr_bound_w' e1 b1 b2; expr_bound_w' e2 b1 b2
+ | ProdL e _ | ProdR _ e -> expr_bound_w' e b1 b2
+ | _ -> ()
+ end
+
+lemma eq_bound_w': forall e:equality', b1 b2:int. eq_bound' e b1 -> b1 <= b2 -> eq_bound' e b2
+
+let rec lemma ctx_bound_w' (l:context') (b1 b2:int)
+ requires { ctx_bound' l b1 }
+ requires { b1 <= b2 }
+ ensures { ctx_bound' l b2 }
+ variant { l }
+= match l with Nil -> () | Cons _ t -> ctx_bound_w' t b1 b2 end
+
+let rec function max_var' (e:expr') : int
+ variant { e }
+ requires { valid_expr' e }
+ ensures { 0 <= result }
+ ensures { expr_bound' e result }
+= match e with
+ | Var i -> i
+ | Coeff _ -> 0
+ | Sum e1 e2 | Diff e1 e2 -> max (max_var' e1) (max_var' e2)
+ | ProdL e _ | ProdR _ e -> max_var' e
+ end
+
+let function max_var_e' (e:equality') : int
+ requires { valid_eq' e }
+ ensures { 0 <= result }
+ ensures { eq_bound' e result }
+= match e with (e1,e2) -> max (max_var' e1) (max_var' e2) end
+
+let rec function max_var_ctx' (l:context') : int
+ variant { l }
+ requires { valid_ctx' l }
+ ensures { 0 <= result }
+ ensures { ctx_bound' l result }
+= match l with
+ | Nil -> 0
+ | Cons e t -> max (max_var_e' e) (max_var_ctx' t)
+ end
+
+let rec lemma interp_ctx_valid' (ctx:context') (g:equality')
+ ensures { forall y z. interp_eq' g y z -> interp_ctx' ctx g y z }
+ variant { ctx }
+= match ctx with Nil -> () | Cons _ t -> interp_ctx_valid' t g end
+
+let rec lemma interp_ctx_wr' (ctx l:context') (g:equality')
+ ensures { forall y z. interp_ctx' ctx g y z -> interp_ctx' (ctx ++ l) g y z }
+ variant { ctx }
+= match ctx with
+ | Nil -> ()
+ | Cons _ t -> interp_ctx_wr' t l g end
+
+let rec lemma interp_ctx_wl' (ctx l: context') (g:equality')
+ ensures { forall y z. interp_ctx' ctx g y z -> interp_ctx' (l ++ ctx) g y z }
+ variant { l }
+= match l with Nil -> () | Cons _ t -> interp_ctx_wl' ctx t g end
+
+
+let lemma interp_ctx_cons' (e:equality') (l:context') (g:equality')
+ requires { forall y z. (interp_eq' e y z -> interp_ctx' l g y z) }
+ ensures { forall y z. interp_ctx' (Cons e l) g y z }
+= ()
+
+predicate ctx_impl_ctx' (c1 c2: context')
+= match c2 with
+ | Nil -> true
+ | Cons eq t -> ctx_impl_ctx' c1 t /\ forall y z. y=z -> interp_ctx' c1 eq y z
+ end
+
+predicate ctx_holds' (c: context') (y z:vars)
+= match c with
+ | Nil -> true
+ | Cons h t -> interp_eq' h y z /\ ctx_holds' t y z
+ end
+
+let rec lemma holds_interp_ctx' (l:context') (g:equality') (y z:vars)
+ requires { ctx_holds' l y z -> interp_eq' g y z }
+ ensures { interp_ctx' l g y z }
+ variant { l }
+= match l with
+ | Nil -> ()
+ | Cons h t ->
+ if interp_eq' h y z then holds_interp_ctx' t g y z
+ end
+
+let rec lemma interp_holds' (l:context') (g:equality') (y z:vars)
+ requires { interp_ctx' l g y z }
+ requires { ctx_holds' l y z }
+ ensures { interp_eq' g y z }
+ variant { l }
+= match l with
+ | Nil -> ()
+ | Cons _ t -> interp_holds' t g y z
+ end
+
+let rec lemma impl_holds' (c1 c2: context') (y z: vars)
+ requires { ctx_impl_ctx' c1 c2 }
+ requires { y=z }
+ requires { ctx_holds' c1 y z }
+ ensures { ctx_holds' c2 y z }
+ variant { c2 }
+= match c2 with
+ | Nil -> ()
+ | Cons h t -> interp_holds' c1 h y z; impl_holds' c1 t y z
+ end
+
+let rec lemma ctx_impl' (c1 c2: context') (g:equality') (y z: vars)
+ requires { ctx_impl_ctx' c1 c2 }
+ requires { y=z }
+ requires { interp_ctx' c2 g y z }
+ ensures { interp_ctx' c1 g y z }
+ variant { c2 }
+= if ctx_holds' c1 y z
+ then begin
+ impl_holds' c1 c2 y z;
+ interp_holds' c2 g y z;
+ holds_interp_ctx' c1 g y z
+ end
+
+let rec lemma interp_ctx_impl' (ctx: context') (g1 g2:equality')
+ requires { forall y z. interp_eq' g1 y z -> interp_eq' g2 y z }
+ ensures { forall y z. interp_ctx' ctx g1 y z -> interp_ctx' ctx g2 y z }
+ variant { ctx }
+= match ctx with Nil -> () | Cons _ t -> interp_ctx_impl' t g1 g2 end
+
+let lemma impl_cons (c1 c2:context') (e:equality') (y z:vars)
+ requires { ctx_impl_ctx' c1 c2 }
+ requires { forall y z. interp_ctx' c1 e y z }
+ ensures { ctx_impl_ctx' c1 (Cons e c2) }
+= ()
+
+let rec lemma impl_wl' (c1 c2:context') (e:equality')
+ requires { ctx_impl_ctx' c1 c2 }
+ ensures { ctx_impl_ctx' (Cons e c1) c2 }
+ variant { c2 }
+= match c2 with
+ | Nil -> ()
+ | Cons h t -> interp_ctx_wl' c1 (Cons e Nil) h; impl_wl' c1 t e
+ end
+
+let rec lemma impl_self (c:context')
+ ensures { ctx_impl_ctx' c c }
+ variant { c }
+= match c with
+ | Nil -> ()
+ | Cons h t -> (impl_self t; impl_wl' c t h)
+ end
+
+predicate is_eq_tbl (a:array (option E.exp)) (l:context')
+= forall i. 0 <= i < length a ->
+ match a[i] with
+ | None -> true
+ | Some e -> forall y z. y=z -> ctx_holds' l y z
+ -> E.interp_exp (E.Var i) z = E.interp_exp e z
+ end
+use import int.NumOf
+use import array.NumOfEq
+use import list.Length
+
+let prop_ctx (l:context') (g:equality') : (context', equality')
+ requires { valid_ctx' l }
+ requires { valid_eq' g }
+ returns { rl, _ -> length rl = length l }
+ returns { rl, rg -> valid_ctx' rl /\ valid_eq' rg
+ /\ forall y z. y=z -> interp_ctx' rl rg y z
+ -> interp_ctx' l g y z }
+ returns { rl, rg -> forall y z. y=z -> ctx_holds' l y z
+ -> pos_ctx' l z -> pos_eq' g z
+ -> (pos_ctx' rl z /\ pos_eq' rg z) }
+ raises { OutOfBounds -> true }
+=
+ let m = max (max_var_ctx' l) (max_var_e' g) in
+ let a : array (option E.exp) = Array.make (m+1) None in
+ let rec exp_of_expr' (e:expr') : option E.exp
+ returns { | None -> true
+ | Some ex -> forall y z. y=z -> interp' e y z = E.interp_exp ex z }
+ variant { e }
+ = match e with
+ | Var i -> Some (E.Var i)
+ | Sum e1 e2 ->
+ let r1,r2 = (exp_of_expr' e1, exp_of_expr' e2) in
+ match r1,r2 with
+ | Some ex1, Some ex2 -> Some (E.Plus ex1 ex2)
+ | _ -> None
+ end
+ | Diff e1 e2 ->
+ let r1,r2 = (exp_of_expr' e1, exp_of_expr' e2) in
+ match r1,r2 with
+ | Some ex1, Some ex2 -> Some (E.Sub ex1 ex2)
+ | _ -> None
+ end
+ | Coeff (I n) -> Some (E.Lit n)
+ | _ -> None
+ end
+ in
+ let fill_tbl_eq (eq:equality') : unit
+ requires { eq_bound' eq m }
+ ensures { forall l. is_eq_tbl (old a) l ->
+ is_eq_tbl a (Cons eq l) }
+ = match eq with
+ | Var i, e | e, Var i ->
+ let r = exp_of_expr' e in
+ match r with
+ | None -> ()
+ | Some ex ->
+ assert { forall l y z. y=z -> ctx_holds' (Cons eq l) y z ->
+ E.interp_exp ex z = interp' e y z
+ = interp' (Var i) y z = y i };
+ a[i] <- Some ex
+ end
+ | _ -> ()
+ end
+ in
+ let rec fill_tbl_ctx (l:context') : unit
+ requires { is_eq_tbl a Nil }
+ ensures { is_eq_tbl a l }
+ requires { ctx_bound' l m }
+ variant { l }
+ = match l with
+ | Nil -> ()
+ | Cons eq l -> fill_tbl_ctx l; fill_tbl_eq eq
+ end
+ in
+ fill_tbl_ctx l;
+ (* a contains equalities, let us propagate them so that
+ only a single pass on the context is needed *)
+ let seen = Array.make (m+1) false in
+ let rec propagate_in_tbl (i:int) : unit
+ requires { is_eq_tbl a l }
+ ensures { is_eq_tbl a l }
+ raises { OutOfBounds -> true }
+ variant { numof seen false 0 (m+1) }
+ requires { seen[i] = false }
+ ensures { seen[i] = true }
+ ensures { forall j. old seen[j] -> seen[j] }
+ =
+ label Start in
+ let rec prop (e:E.exp) : E.exp
+ requires { is_eq_tbl a l }
+ ensures { is_eq_tbl a l }
+ ensures { forall y z. y=z -> ctx_holds' l y z ->
+ E.interp_exp e z = E.interp_exp result z }
+ ensures { forall j. old seen[j] -> seen[j] }
+ raises { OutOfBounds -> true }
+ requires { numof seen false 0 (m+1) < numof (seen at Start) false 0 (m+1) }
+ variant { e }
+ = match e with
+ | E.Lit _ -> e
+ | E.Var j ->
+ if (not (defensive_get seen j)) then propagate_in_tbl j;
+ match (defensive_get a j) with
+ | None -> e
+ | Some e' -> e'
+ end
+ | E.Plus e1 e2 -> E.Plus (prop e1) (prop e2)
+ | E.Sub e1 e2 -> E.Sub (prop e1) (prop e2)
+ | E.Minus e -> E.Minus (prop e)
+ end
+ in
+ defensive_set seen i true;
+ assert { numof seen false 0 (m+1) < numof (old seen) false 0 (m+1)
+ by forall j. 0 <= j < m+1 -> (old seen)[j] -> seen[j]
+ so not (old seen)[i] so seen[i] };
+ match a[i] with
+ | None -> ()
+ | Some e -> a[i] <- Some (prop e)
+ end;
+ in
+ for i = 0 to m do
+ invariant { is_eq_tbl a l }
+ if not seen[i] then propagate_in_tbl i;
+ done;
+ let rec propagate_exp (e:E.exp)
+ ensures { forall y z. y=z -> ctx_holds' l y z ->
+ E.interp_exp e z = E.interp_exp result z }
+ variant { e }
+ raises { OutOfBounds -> true }
+ = match e with
+ | E.Lit _ -> e
+ | E.Var i -> match (defensive_get a i) with Some e' -> e' | None -> e end
+ | E.Plus e1 e2 -> E.Plus (propagate_exp e1) (propagate_exp e2)
+ | E.Sub e1 e2 -> E.Sub (propagate_exp e1) (propagate_exp e2)
+ | E.Minus e -> E.Minus (propagate_exp e)
+ end
+ in
+ let propagate_coeff (c:t)
+ ensures { forall y z. y=z -> ctx_holds' l y z ->
+ interp_eq' (Coeff c, Coeff result) y z }
+ ensures { forall y z. y = z -> ctx_holds' l y z ->
+ pos_exp c z -> pos_exp result z }
+ raises { OutOfBounds -> true }
+ = match c with
+ | I _ -> c
+ | E e -> E (propagate_exp e)
+ | R -> R
+ end
+ in
+ let rec propagate_c (c:cprod)
+ ensures { forall y z. y=z -> ctx_holds' l y z ->
+ interp_c c y z = interp_c result y z }
+ variant { c }
+ raises { OutOfBounds -> true }
+ ensures { forall y z. y = z -> ctx_holds' l y z ->
+ pos_cprod c z -> pos_cprod result z }
+ = match c with
+ | C c -> C (propagate_coeff c)
+ | Times c1 c2 -> Times (propagate_c c1) (propagate_c c2)
+ end
+ in
+ let rec propagate_e (e:expr')
+ requires { expr_bound' e m }
+ ensures { expr_bound' result m }
+ ensures { forall y z. y=z -> ctx_holds' l y z -> interp_eq' (e,result) y z }
+ variant { e }
+ raises { OutOfBounds -> true }
+ requires { valid_expr' e }
+ ensures { valid_expr' result }
+ ensures { forall y z. y = z -> ctx_holds' l y z
+ -> pos_expr' e z -> pos_expr' result z }
+ = match e with
+ | Var _ -> e
+ | ProdL e c -> ProdL (propagate_e e) (propagate_c c)
+ | ProdR c e -> ProdR (propagate_c c) (propagate_e e)
+ | Sum e1 e2 -> Sum (propagate_e e1) (propagate_e e2)
+ | Diff e1 e2 -> Diff (propagate_e e1) (propagate_e e2)
+ | Coeff c -> Coeff (propagate_coeff c)
+ end
+ in
+ let rec propagate_eq (eq:equality')
+ requires { eq_bound' eq m }
+ ensures { eq_bound' result m }
+ ensures { forall y z. y=z -> interp_ctx' l eq y z <-> interp_ctx' l result y z }
+ raises { OutOfBounds -> true }
+ requires { valid_eq' eq }
+ ensures { valid_eq' result }
+ ensures { forall y z. y = z -> ctx_holds' l y z
+ -> pos_eq' eq z -> pos_eq' result z }
+ = match eq with (a,b) -> (propagate_e a, propagate_e b) end
+ in
+ let rec propagate (acc:context') : context'
+ requires { ctx_bound' acc m }
+ ensures { ctx_bound' result m }
+ requires { ctx_impl_ctx' l acc }
+ ensures { ctx_impl_ctx' l result }
+ ensures { length result = length acc }
+ variant { acc }
+ requires { valid_ctx' acc }
+ ensures { valid_ctx' result }
+ ensures { forall y z. y = z -> ctx_holds' l y z
+ -> pos_ctx' acc z -> pos_ctx' result z }
+ raises { OutOfBounds -> true }
+ = match acc with
+ | Nil -> Nil
+ | Cons h t ->
+ let h' = propagate_eq h in
+ let t' = propagate t in
+ Cons h' t'
+ end
+ in
+ propagate l, propagate_eq g
+
+ use LinearDecisionRationalMP as R
+
+ let prop_mp_decision (l:context') (g:equality') : bool
+ requires { valid_ctx' l }
+ requires { valid_eq' g }
+ requires { length l < 100000 }
+ ensures { forall y z. result -> pos_ctx' l z -> pos_eq' g z
+ -> y = z -> interp_ctx' l g y z }
+ raises { | OutOfBounds -> true | E.MPError -> true
+ | E.Q.QError -> true | R.Failure -> true}
+ = let l', g' = prop_ctx l g in
+ mp_decision l' g'
+
+end
+
+module TestMP
+
+use import EqPropMP
+use import mach.int.UInt64
+use import int.Int
+use import int.Power
+
+meta "compute_max_steps" 0x10000
+
+goal g: forall i x c r: int.
+ 0 <= i ->
+ x + (2 * (power radix i) * c) = r ->
+ radix * x + (2 * (power radix (i+1)) * c) = radix * r
+
+goal g': forall a b i j: int.
+ 0 <= i -> 0 <= j ->
+ (power radix i) * a = b ->
+ i+1 = j ->
+ (power radix j) * a = radix*b
+
+goal g'': forall r r' i c x x' y l: int.
+ 0 <= i ->
+ c = 0 ->
+ r + power radix i * c = x + y ->
+ r' = r + power radix i * l ->
+ x' = x + power radix i * l ->
+ r' + power radix (i+1) * c = x' + y
+
+(*tries to add power radix i and power radix (i+1), fails
+ -> cst propagation ? *)
+
+end
+
+module Test2
+
+use import int.Int
+use import LinearDecisionInt
+
+meta "compute_max_steps" 0x10000
+
+goal g: forall x y z: int.
+ x + y = 0 ->
+ y - z = 0 ->
+ x = 0
+
+end
+
+module Fmla
+
+use import map.Map
+use import int.Int
+
+type value
+constant dummy : value
+predicate foo value
+function add value value : value
+
+type term = Val int | Add term term
+type fmla = Forall fmla | Foo term
+
+function interp_term (t:term) (b:int->value) : value =
+ match t with
+ | Val n -> b n
+ | Add t1 t2 -> add (interp_term t1 b) (interp_term t2 b)
+ end
+
+meta rewrite_def function interp_term
+
+function interp_fmla (f:fmla) (l:int) (b:int->value) : bool =
+ match f with
+ | Foo t -> foo (interp_term t b)
+ | Forall f -> forall v. interp_fmla f (l-1) b[l <- v]
+ end
+
+meta rewrite_def function interp_fmla
+
+function interp (f:fmla) (b: int -> value) : bool =
+ interp_fmla f (-1) b
+
+meta rewrite_def function interp
+
+let f (f:fmla) : bool
+ ensures { result -> forall b. interp f b }
+= false
+end
+
+module TestFmla
+
+use import Fmla
+
+meta "compute_max_steps" 0x10000
+
+goal g:
+ forall a: value.
+ ((forall x. forall y. foo (add x (add (add a dummy) y))) = True)
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/lineardecision/why3session.xml b/examples/multiprecision/lineardecision/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..204df7ae524b0907a46a5eb5ad51b8cb2bc6c714
--- /dev/null
+++ b/examples/multiprecision/lineardecision/why3session.xml
@@ -0,0 +1,4352 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="Alt-Ergo" version="1.30" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="1" name="CVC4" version="1.4" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="2" name="Z3" version="4.5.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="3" name="Eprover" version="1.9.1-001" timelimit="5" steplimit="0" memlimit="2000"/>
+<file name="../lineardecision.mlw">
+<theory name="LinearEquationsCoeffs" proved="true">
+ <goal name="VC czero" expl="VC for czero" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC cone" expl="VC for cone" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ </transf>
+ </goal>
+ <goal name="neg_mul" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+</theory>
+<theory name="LinearEquationsDecision" proved="true">
+ <goal name="VC valid_expr" expl="VC for valid_expr" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC expr_bound" expl="VC for expr_bound" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC valid_eq" expl="VC for valid_eq" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC eq_bound" expl="VC for eq_bound" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC valid_ctx" expl="VC for valid_ctx" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC ctx_bound" expl="VC for ctx_bound" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w" expl="VC for expr_bound_w" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC expr_bound_w.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w.2" expl="precondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="12"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w.3" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w.4" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w.5" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="13"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w.6" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="34"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="eq_bound_w" proved="true">
+ <proof prover="0"><result status="valid" time="0.00" steps="18"/></proof>
+ </goal>
+ <goal name="VC ctx_bound_w" expl="VC for ctx_bound_w" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC ctx_bound_w.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC ctx_bound_w.1" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="12"/></proof>
+ </goal>
+ <goal name="VC ctx_bound_w.2" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC ctx_bound_w.3" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="31"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC apply_r" expl="VC for apply_r" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC apply_r.0" expl="array creation size" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="17"/></proof>
+ </goal>
+ <goal name="VC apply_r.1" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC apply_r.2" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC apply_r.3" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="22"/></proof>
+ </goal>
+ <goal name="VC apply_r.4" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="23"/></proof>
+ </goal>
+ <goal name="VC apply_r.5" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="22"/></proof>
+ </goal>
+ <goal name="VC apply_r.6" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="22"/></proof>
+ </goal>
+ <goal name="VC apply_r.7" expl="exceptional postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="10"/></proof>
+ </goal>
+ <goal name="VC apply_r.8" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC apply_r.9" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="15"/></proof>
+ </goal>
+ <goal name="VC apply_r.10" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC apply_l" expl="VC for apply_l" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC apply_l.0" expl="array creation size" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="10"/></proof>
+ </goal>
+ <goal name="VC apply_l.1" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC apply_l.2" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC apply_l.3" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="22"/></proof>
+ </goal>
+ <goal name="VC apply_l.4" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="23"/></proof>
+ </goal>
+ <goal name="VC apply_l.5" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="22"/></proof>
+ </goal>
+ <goal name="VC apply_l.6" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="22"/></proof>
+ </goal>
+ <goal name="VC apply_l.7" expl="exceptional postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="10"/></proof>
+ </goal>
+ <goal name="VC apply_l.8" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC apply_l.9" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="15"/></proof>
+ </goal>
+ <goal name="VC apply_l.10" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sprod" expl="VC for sprod" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sprod.0" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sprod.1" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="15"/></proof>
+ </goal>
+ <goal name="VC sprod.2" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="15"/></proof>
+ </goal>
+ <goal name="VC sprod.3" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC sprod.4" expl="exceptional postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC m_append" expl="VC for m_append" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC m_append.0" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC m_append.1" expl="precondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="59"/></proof>
+ </goal>
+ <goal name="VC m_append.2" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC m_append.3" expl="loop invariant init" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="17"/></proof>
+ </goal>
+ <goal name="VC m_append.4" expl="loop invariant init" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="17"/></proof>
+ </goal>
+ <goal name="VC m_append.5" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC m_append.6" expl="loop invariant init" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="30"/></proof>
+ </goal>
+ <goal name="VC m_append.7" expl="loop invariant init" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="27"/></proof>
+ </goal>
+ <goal name="VC m_append.8" expl="loop invariant init" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="23"/></proof>
+ </goal>
+ <goal name="VC m_append.9" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="28"/></proof>
+ </goal>
+ <goal name="VC m_append.10" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="28"/></proof>
+ </goal>
+ <goal name="VC m_append.11" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="39"/></proof>
+ </goal>
+ <goal name="VC m_append.12" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="36"/></proof>
+ </goal>
+ <goal name="VC m_append.13" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="36"/></proof>
+ </goal>
+ <goal name="VC m_append.14" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="25"/></proof>
+ </goal>
+ <goal name="VC m_append.15" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="26"/></proof>
+ </goal>
+ <goal name="VC m_append.16" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="95"/></proof>
+ </goal>
+ <goal name="VC m_append.17" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="33"/></proof>
+ </goal>
+ <goal name="VC m_append.18" expl="out of loop bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="39"/></proof>
+ </goal>
+ <goal name="VC m_append.19" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="19"/></proof>
+ </goal>
+ <goal name="VC m_append.20" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="20"/></proof>
+ </goal>
+ <goal name="VC m_append.21" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="28"/></proof>
+ </goal>
+ <goal name="VC m_append.22" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="25"/></proof>
+ </goal>
+ <goal name="VC m_append.23" expl="out of loop bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC v_append" expl="VC for v_append" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC v_append.0" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC v_append.1" expl="array creation size" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="12"/></proof>
+ </goal>
+ <goal name="VC v_append.2" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC v_append.3" expl="loop invariant init" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="15"/></proof>
+ </goal>
+ <goal name="VC v_append.4" expl="loop invariant init" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="17"/></proof>
+ </goal>
+ <goal name="VC v_append.5" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="19"/></proof>
+ </goal>
+ <goal name="VC v_append.6" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="19"/></proof>
+ </goal>
+ <goal name="VC v_append.7" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="193"/></proof>
+ </goal>
+ <goal name="VC v_append.8" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="101"/></proof>
+ </goal>
+ <goal name="VC v_append.9" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="17"/></proof>
+ </goal>
+ <goal name="VC v_append.10" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="21"/></proof>
+ </goal>
+ <goal name="VC v_append.11" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="18"/></proof>
+ </goal>
+ <goal name="VC v_append.12" expl="out of loop bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="24"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC infix ==" expl="VC for infix ==" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC infix ==.0" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC infix ==.1" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC infix ==.2" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC infix ==.3" expl="index in array bounds" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC infix ==.4" expl="index in array bounds" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC infix ==.5" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="18"/></proof>
+ </goal>
+ <goal name="VC infix ==.6" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="21"/></proof>
+ </goal>
+ <goal name="VC infix ==.7" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC infix ==.8" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC max_var" expl="VC for max_var" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="393"/></proof>
+ </goal>
+ <goal name="VC max_var_e" expl="VC for max_var_e" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC max_var_ctx" expl="VC for max_var_ctx" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="258"/></proof>
+ </goal>
+ <goal name="VC opp_expr" expl="VC for opp_expr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC opp_expr.0" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC opp_expr.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="11"/></proof>
+ </goal>
+ <goal name="VC opp_expr.0.1" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="11"/></proof>
+ </goal>
+ <goal name="VC opp_expr.0.2" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC opp_expr.0.2.0" expl="assertion" proved="true">
+ <transf name="apply" proved="true" arg1="neg_mul">
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC opp_expr.0.3" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="11"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC opp_expr.1" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC opp_expr.2" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC opp_expr.3" expl="assertion" proved="true">
+ <proof prover="3" memlimit="1000"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC opp_expr.4" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC opp_expr.4.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="11"/></proof>
+ </goal>
+ <goal name="VC opp_expr.4.1" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC opp_expr.4.2" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC opp_expr.4.3" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="11"/></proof>
+ </goal>
+ <goal name="VC opp_expr.4.4" expl="VC for opp_expr" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC opp_expr.5" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC opp_expr.5.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="16"/></proof>
+ </goal>
+ <goal name="VC opp_expr.5.1" expl="postcondition" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC opp_expr.5.1.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="27"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC opp_expr.5.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC opp_expr.6" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="213"/></proof>
+ </goal>
+ <goal name="VC opp_expr.7" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="147"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC norm_eq_aux" expl="VC for norm_eq_aux" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC norm_eq_aux.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="26"/></proof>
+ </goal>
+ <goal name="VC norm_eq_aux.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="12"/></proof>
+ </goal>
+ <goal name="VC norm_eq_aux.2" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC norm_eq_aux.3" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="11"/></proof>
+ </goal>
+ <goal name="VC norm_eq_aux.4" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="16"/></proof>
+ </goal>
+ <goal name="VC norm_eq_aux.5" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC norm_eq_aux.6" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC norm_eq_aux.7" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="27"/></proof>
+ </goal>
+ <goal name="VC norm_eq_aux.8" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="73"/></proof>
+ </goal>
+ <goal name="VC norm_eq_aux.9" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC norm_eq_aux.10" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC norm_eq" expl="VC for norm_eq" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC norm_eq.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="55"/></proof>
+ </goal>
+ <goal name="VC norm_eq.1" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC norm_eq.2" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC norm_eq.2.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="64"/></proof>
+ </goal>
+ <goal name="VC norm_eq.2.1" expl="VC for norm_eq" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="40"/></proof>
+ </goal>
+ <goal name="VC norm_eq.2.2" expl="VC for norm_eq" proved="true">
+ <proof prover="1"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC norm_eq.2.3" expl="VC for norm_eq" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="46"/></proof>
+ </goal>
+ <goal name="VC norm_eq.2.4" expl="VC for norm_eq" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="21"/></proof>
+ </goal>
+ <goal name="VC norm_eq.2.5" expl="VC for norm_eq" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="16"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC norm_eq.3" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC norm_eq.3.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="34"/></proof>
+ </goal>
+ <goal name="VC norm_eq.3.1" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.60"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC norm_eq.4" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="41"/></proof>
+ </goal>
+ <goal name="VC norm_eq.5" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC interp_ctx_impl" expl="VC for interp_ctx_impl" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC interp_ctx_impl.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC interp_ctx_impl.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC interp_ctx_impl.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC interp_ctx_valid" expl="VC for interp_ctx_valid" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC interp_ctx_valid.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC interp_ctx_valid.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC interp_ctx_wr" expl="VC for interp_ctx_wr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="172"/></proof>
+ </goal>
+ <goal name="VC interp_ctx_wl" expl="VC for interp_ctx_wl" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="139"/></proof>
+ </goal>
+ <goal name="VC mul_expr" expl="VC for mul_expr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_expr.0" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC mul_expr.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="12"/></proof>
+ </goal>
+ <goal name="VC mul_expr.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="18"/></proof>
+ </goal>
+ <goal name="VC mul_expr.3" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="13"/></proof>
+ </goal>
+ <goal name="VC mul_expr.4" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul_expr.5" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="20"/></proof>
+ </goal>
+ <goal name="VC mul_expr.6" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="34"/></proof>
+ </goal>
+ <goal name="VC mul_expr.7" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mul_expr.8" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="60"/></proof>
+ </goal>
+ <goal name="VC mul_expr.9" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="63"/></proof>
+ </goal>
+ <goal name="VC mul_expr.10" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="22"/></proof>
+ </goal>
+ <goal name="VC mul_expr.11" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="100"/></proof>
+ </goal>
+ <goal name="VC mul_expr.12" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul_expr.13" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_expr" expl="VC for add_expr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_expr.0" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC add_expr.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="19"/></proof>
+ </goal>
+ <goal name="VC add_expr.2" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.3" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_expr.3.0" expl="postcondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add_expr.3.0.0" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.73"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_expr.3.1" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_expr.4" expl="postcondition" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC add_expr.4.0" expl="postcondition" proved="true">
+ <proof prover="3" memlimit="1000"><result status="valid" time="0.67"/></proof>
+ </goal>
+ <goal name="VC add_expr.4.1" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.39"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_expr.5" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.6" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.7" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="69"/></proof>
+ </goal>
+ <goal name="VC add_expr.8" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.38" steps="273"/></proof>
+ </goal>
+ <goal name="VC add_expr.9" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.10" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.11" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="69"/></proof>
+ </goal>
+ <goal name="VC add_expr.12" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.50" steps="502"/></proof>
+ </goal>
+ <goal name="VC add_expr.13" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.14" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.15" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="21"/></proof>
+ </goal>
+ <goal name="VC add_expr.16" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.17" expl="postcondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC add_expr.17.0" expl="postcondition" proved="true">
+ <transf name="revert" proved="true" arg1="H">
+ <goal name="VC add_expr.17.0.0" expl="postcondition" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC add_expr.17.0.0.0" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC add_expr.17.0.0.1" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.38"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_expr.18" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.19" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.20" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="66"/></proof>
+ </goal>
+ <goal name="VC add_expr.21" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.34" steps="261"/></proof>
+ </goal>
+ <goal name="VC add_expr.22" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.23" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.24" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="66"/></proof>
+ </goal>
+ <goal name="VC add_expr.25" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.35" steps="479"/></proof>
+ </goal>
+ <goal name="VC add_expr.26" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.27" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.28" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.29" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.30" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="20"/></proof>
+ </goal>
+ <goal name="VC add_expr.31" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_expr.31.0" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_expr.31.0.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="22"/></proof>
+ </goal>
+ <goal name="VC add_expr.31.0.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="23"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_expr.31.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="22"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_expr.32" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.33" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.34" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="20"/></proof>
+ </goal>
+ <goal name="VC add_expr.35" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="22"/></proof>
+ </goal>
+ <goal name="VC add_expr.36" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.37" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.38" expl="unreachable point" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.39" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.40" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.41" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="15"/></proof>
+ </goal>
+ <goal name="VC add_expr.42" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.43" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_expr.44" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_expr.45" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_expr.46" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_eq" expl="VC for mul_eq" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="33"/></proof>
+ </goal>
+ <goal name="VC add_eq" expl="VC for add_eq" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_eq.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_eq.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC add_eq.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_eq.3" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_eq.4" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_eq.5" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC zero_expr" expl="VC for zero_expr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC zero_expr.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC zero_expr.1" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC zero_expr.2" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC zero_expr.2.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="34"/></proof>
+ </goal>
+ <goal name="VC zero_expr.2.1" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC zero_expr.2.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="39"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC zero_expr.3" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC zero_expr.3.0" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC zero_expr.4" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_expr" expl="VC for sub_expr" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_expr.0" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_expr.0.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_expr.0.1" expl="VC for sub_expr" proved="true">
+ <proof prover="1"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC sub_expr.0.2" expl="VC for sub_expr" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="10"/></proof>
+ </goal>
+ <goal name="VC sub_expr.0.3" expl="VC for sub_expr" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="42"/></proof>
+ </goal>
+ <goal name="VC sub_expr.0.4" expl="VC for sub_expr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_expr.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="10"/></proof>
+ </goal>
+ <goal name="VC sub_expr.2" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC sub_expr.3" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC same_eq" expl="VC for same_eq" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC same_eq.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="63"/></proof>
+ </goal>
+ <goal name="VC same_eq.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="9"/></proof>
+ </goal>
+ <goal name="VC same_eq.2" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC same_eq.3" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC same_eq.4" expl="exceptional postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ </transf>
+ </goal>
+ <goal name="VC same_eq.5" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC same_eq.6" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC norm_context" expl="VC for norm_context" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC norm_context.0" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC norm_context.1" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC norm_context.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC norm_context.3" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC norm_context.4" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC print_lc" expl="VC for print_lc" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="46"/></proof>
+ </goal>
+ <goal name="VC check_combination" expl="VC for check_combination" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC check_combination.0" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC check_combination.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC check_combination.2" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="43"/></proof>
+ </goal>
+ <goal name="VC check_combination.3" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="25"/></proof>
+ </goal>
+ <goal name="VC check_combination.4" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="68"/></proof>
+ </goal>
+ <goal name="VC check_combination.5" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="87"/></proof>
+ </goal>
+ <goal name="VC check_combination.6" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC check_combination.7" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC check_combination.7.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="25"/></proof>
+ </goal>
+ <goal name="VC check_combination.7.1" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="64"/></proof>
+ </goal>
+ <goal name="VC check_combination.7.2" expl="VC for check_combination" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="78"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC check_combination.8" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="43"/></proof>
+ </goal>
+ <goal name="VC check_combination.9" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="14"/></proof>
+ </goal>
+ <goal name="VC check_combination.10" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="68"/></proof>
+ </goal>
+ <goal name="VC check_combination.11" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="87"/></proof>
+ </goal>
+ <goal name="VC check_combination.12" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC check_combination.13" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC check_combination.14" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC check_combination.15" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC check_combination.16" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC check_combination.17" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="10"/></proof>
+ </goal>
+ <goal name="VC check_combination.18" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="1.88"/></proof>
+ </goal>
+ <goal name="VC check_combination.19" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC check_combination.20" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC check_combination.21" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC check_combination.22" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC transpose" expl="VC for transpose" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC swap_rows" expl="VC for swap_rows" proved="true">
+ <proof prover="2"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC mul_row" expl="VC for mul_row" proved="true">
+ <proof prover="0"><result status="valid" time="0.00" steps="430"/></proof>
+ </goal>
+ <goal name="VC addmul_row" expl="VC for addmul_row" proved="true">
+ <proof prover="0"><result status="valid" time="0.14" steps="843"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan" expl="VC for gauss_jordan" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC gauss_jordan.0" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.02" steps="19"/></proof>
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.1" expl="integer overflow" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="22"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.2" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="21"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.3" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="21"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.4" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="23"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.5" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="58"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.6" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="28"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.7" expl="array creation size" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.8" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.9" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.10" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.11" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.12" expl="loop invariant init" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="19"/></proof>
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.13" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.14" expl="precondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="25"/></proof>
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.15" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="27"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.16" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.17" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="31"/></proof>
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.18" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="34"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.19" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="34"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.20" expl="precondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="34"/></proof>
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.21" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.22" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="41"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.23" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.24" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="49"/></proof>
+ <proof prover="2"><result status="valid" time="0.66"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.25" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="51"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.26" expl="exceptional postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.00" steps="12"/></proof>
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.27" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC gauss_jordan.27.0" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC gauss_jordan.27.0.0" expl="VC for gauss_jordan" proved="true">
+ <proof prover="1"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.27.0.1" expl="VC for gauss_jordan" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.27.0.2" expl="VC for gauss_jordan" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.27.0.3" expl="VC for gauss_jordan" proved="true">
+ <transf name="revert" proved="true" arg1="H">
+ <goal name="VC gauss_jordan.27.0.3.0" expl="VC for gauss_jordan" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC gauss_jordan.27.0.3.0.0" expl="VC for gauss_jordan" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="548"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC gauss_jordan.27.0.4" expl="VC for gauss_jordan" proved="true">
+ <proof prover="1"><result status="valid" time="0.15"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC gauss_jordan.28" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="44"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.29" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.81"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.30" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="56"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.31" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.41"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.32" expl="out of loop bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="41"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.33" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.34" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="47"/></proof>
+ <proof prover="2"><result status="valid" time="0.61"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.35" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="49"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.36" expl="exceptional postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="12"/></proof>
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.37" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC gauss_jordan.37.0" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.37.1" expl="VC for gauss_jordan" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.37.2" expl="VC for gauss_jordan" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.37.3" expl="VC for gauss_jordan" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="538"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.37.4" expl="VC for gauss_jordan" proved="true">
+ <proof prover="1"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC gauss_jordan.38" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="42"/></proof>
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.39" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.45"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.40" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="54"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.41" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.38"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.42" expl="out of loop bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="39"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.43" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.44" expl="exceptional postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="12"/></proof>
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.45" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC gauss_jordan.45.0" expl="VC for gauss_jordan" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.45.1" expl="VC for gauss_jordan" proved="true">
+ <transf name="revert" proved="true" arg1="H">
+ <goal name="VC gauss_jordan.45.1.0" expl="VC for gauss_jordan" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC gauss_jordan.45.1.0.0" expl="VC for gauss_jordan" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC gauss_jordan.45.2" expl="VC for gauss_jordan" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC gauss_jordan.46" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="28"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.47" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.48" expl="loop invariant preservation" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC gauss_jordan.48.0" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC gauss_jordan.49" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.50" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.51" expl="array creation size" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="23"/></proof>
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.52" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.53" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="31"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.54" expl="index in array bounds" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.55" expl="index in array bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="61"/></proof>
+ <proof prover="2"><result status="valid" time="0.41"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.56" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.57" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="24"/></proof>
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC gauss_jordan.58" expl="out of loop bounds" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="17"/></proof>
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC to_list" expl="VC for to_list" proved="true">
+ <proof prover="2"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC linear_decision" expl="VC for linear_decision" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC linear_decision.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.2" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.3" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.4" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.5" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.6" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC linear_decision.7" expl="precondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="97"/></proof>
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC linear_decision.8" expl="array creation size" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC linear_decision.9" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.10" expl="array creation size" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC linear_decision.11" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.12" expl="integer overflow" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="190"/></proof>
+ </goal>
+ <goal name="VC linear_decision.13" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="213"/></proof>
+ </goal>
+ <goal name="VC linear_decision.14" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="213"/></proof>
+ </goal>
+ <goal name="VC linear_decision.15" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.16" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC linear_decision.17" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="32"/></proof>
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC linear_decision.18" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="82"/></proof>
+ </goal>
+ <goal name="VC linear_decision.19" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.39"/></proof>
+ </goal>
+ <goal name="VC linear_decision.20" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="32"/></proof>
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC linear_decision.21" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="82"/></proof>
+ </goal>
+ <goal name="VC linear_decision.22" expl="exceptional postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="10"/></proof>
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.23" expl="exceptional postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="10"/></proof>
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.24" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.25" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.26" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC linear_decision.27" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="34"/></proof>
+ </goal>
+ <goal name="VC linear_decision.28" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="34"/></proof>
+ </goal>
+ <goal name="VC linear_decision.29" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="36"/></proof>
+ </goal>
+ <goal name="VC linear_decision.30" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="92"/></proof>
+ </goal>
+ <goal name="VC linear_decision.31" expl="integer overflow" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="37"/></proof>
+ </goal>
+ <goal name="VC linear_decision.32" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="37"/></proof>
+ </goal>
+ <goal name="VC linear_decision.33" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="94"/></proof>
+ </goal>
+ <goal name="VC linear_decision.34" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="42"/></proof>
+ </goal>
+ <goal name="VC linear_decision.35" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="39"/></proof>
+ </goal>
+ <goal name="VC linear_decision.36" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.37" expl="integer overflow" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ <goal name="VC linear_decision.38" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ <goal name="VC linear_decision.39" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="94"/></proof>
+ </goal>
+ <goal name="VC linear_decision.40" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="42"/></proof>
+ </goal>
+ <goal name="VC linear_decision.41" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="39"/></proof>
+ </goal>
+ <goal name="VC linear_decision.42" expl="exceptional postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="10"/></proof>
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.43" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.44" expl="integer overflow" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="35"/></proof>
+ </goal>
+ <goal name="VC linear_decision.45" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="35"/></proof>
+ </goal>
+ <goal name="VC linear_decision.46" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="90"/></proof>
+ </goal>
+ <goal name="VC linear_decision.47" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="40"/></proof>
+ </goal>
+ <goal name="VC linear_decision.48" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ <goal name="VC linear_decision.49" expl="exceptional postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="10"/></proof>
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.50" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="34"/></proof>
+ </goal>
+ <goal name="VC linear_decision.51" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="88"/></proof>
+ </goal>
+ <goal name="VC linear_decision.52" expl="integer overflow" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="35"/></proof>
+ </goal>
+ <goal name="VC linear_decision.53" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="35"/></proof>
+ </goal>
+ <goal name="VC linear_decision.54" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="90"/></proof>
+ </goal>
+ <goal name="VC linear_decision.55" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="40"/></proof>
+ </goal>
+ <goal name="VC linear_decision.56" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ <goal name="VC linear_decision.57" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.58" expl="integer overflow" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="35"/></proof>
+ </goal>
+ <goal name="VC linear_decision.59" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="35"/></proof>
+ </goal>
+ <goal name="VC linear_decision.60" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="90"/></proof>
+ </goal>
+ <goal name="VC linear_decision.61" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="40"/></proof>
+ </goal>
+ <goal name="VC linear_decision.62" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ <goal name="VC linear_decision.63" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.64" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.65" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC linear_decision.66" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="34"/></proof>
+ </goal>
+ <goal name="VC linear_decision.67" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="89"/></proof>
+ </goal>
+ <goal name="VC linear_decision.68" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="39"/></proof>
+ </goal>
+ <goal name="VC linear_decision.69" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC linear_decision.70" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.71" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.72" expl="integer overflow" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="178"/></proof>
+ </goal>
+ <goal name="VC linear_decision.73" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="461"/></proof>
+ </goal>
+ <goal name="VC linear_decision.74" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="461"/></proof>
+ </goal>
+ <goal name="VC linear_decision.75" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.76" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.48"/></proof>
+ </goal>
+ <goal name="VC linear_decision.77" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="76"/></proof>
+ </goal>
+ <goal name="VC linear_decision.78" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.38"/></proof>
+ </goal>
+ <goal name="VC linear_decision.79" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="76"/></proof>
+ </goal>
+ <goal name="VC linear_decision.80" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.81" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC linear_decision.82" expl="exceptional postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="10"/></proof>
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.83" expl="exceptional postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="10"/></proof>
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.84" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.85" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.86" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.87" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="91"/></proof>
+ </goal>
+ <goal name="VC linear_decision.88" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC linear_decision.89" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.90" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC linear_decision.91" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="103"/></proof>
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC linear_decision.92" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC linear_decision.93" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC linear_decision.94" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.95" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="43"/></proof>
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC linear_decision.96" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.97" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.01" steps="10"/></proof>
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.98" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.99" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC linear_decision.100" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.101" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC linear_decision.102" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC valid_expr'" expl="VC for valid_expr'" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC valid_eq'" expl="VC for valid_eq'" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC valid_ctx'" expl="VC for valid_ctx'" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp" expl="VC for simp" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC simp.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="12"/></proof>
+ </goal>
+ <goal name="VC simp.1" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC simp.2" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="38"/></proof>
+ </goal>
+ <goal name="VC simp.3" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="14"/></proof>
+ </goal>
+ <goal name="VC simp.4" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.5" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.6" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.7" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC simp.8" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC simp.9" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="21"/></proof>
+ </goal>
+ <goal name="VC simp.10" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC simp.11" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.12" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.13" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.31"/></proof>
+ </goal>
+ <goal name="VC simp.14" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.35"/></proof>
+ </goal>
+ <goal name="VC simp.15" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="22"/></proof>
+ </goal>
+ <goal name="VC simp.16" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC simp.17" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.18" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.19" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="43"/></proof>
+ </goal>
+ <goal name="VC simp.20" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC simp.21" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="12"/></proof>
+ </goal>
+ <goal name="VC simp.22" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC simp.23" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="142"/></proof>
+ </goal>
+ <goal name="VC simp.24" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="16"/></proof>
+ </goal>
+ <goal name="VC simp.25" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="34"/></proof>
+ </goal>
+ <goal name="VC simp.26" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.27" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.28" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.29" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="142"/></proof>
+ </goal>
+ <goal name="VC simp.30" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="16"/></proof>
+ </goal>
+ <goal name="VC simp.31" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="34"/></proof>
+ </goal>
+ <goal name="VC simp.32" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.33" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC simp.34" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC simp_eq" expl="VC for simp_eq" proved="true">
+ <proof prover="2"><result status="valid" time="0.57"/></proof>
+ </goal>
+ <goal name="VC simp_ctx" expl="VC for simp_ctx" proved="true">
+ <proof prover="0"><result status="valid" time="0.51" steps="1700"/></proof>
+ </goal>
+ <goal name="VC decision" expl="VC for decision" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC decision.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decision.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decision.2" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC decision.3" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC decision.4" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decision.5" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decision.6" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="RationalCoeffs" proved="true">
+ <goal name="VC rzero" expl="VC for rzero" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rone" expl="VC for rone" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prod_compat_eq" expl="VC for prod_compat_eq" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC cross_d" expl="VC for cross_d" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC cross_d.0" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC cross_d.0.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.90"/></proof>
+ </goal>
+ <goal name="VC cross_d.0.1" expl="VC for cross_d" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC cross_d.0.1.0" expl="VC for cross_d" proved="true">
+ <transf name="apply" proved="true" arg1="prod_compat_eq" arg2="with" arg3="d">
+ <goal name="VC cross_d.0.1.0.0" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC cross_d.0.1.0.1" proved="true">
+ <proof prover="2"><result status="valid" time="0.32"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC cross_d.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.00"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC cross_ind" expl="VC for cross_ind" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC cross_ind.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC cross_ind.1" expl="assertion" proved="true">
+ <proof prover="3" timelimit="10"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC cross_ind.2" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC cross_ind.2.0" expl="VC for cross_ind" proved="true">
+ <proof prover="3" timelimit="10"><result status="valid" time="3.88"/></proof>
+ </goal>
+ <goal name="VC cross_ind.2.1" expl="VC for cross_ind" proved="true">
+ <proof prover="0"><result status="valid" time="0.00" steps="8"/></proof>
+ </goal>
+ <goal name="VC cross_ind.2.2" expl="VC for cross_ind" proved="true">
+ <proof prover="3" timelimit="10"><result status="valid" time="3.58"/></proof>
+ </goal>
+ <goal name="VC cross_ind.2.3" expl="VC for cross_ind" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC cross_ind.3" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC cross_ind.4" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="cross" proved="true">
+ <proof prover="0"><result status="valid" time="0.00" steps="11"/></proof>
+ </goal>
+ <goal name="VC gcd" expl="VC for gcd" proved="true">
+ <proof prover="1"><result status="valid" time="0.30"/></proof>
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC gcd.0" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gcd.1" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC gcd.2" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC gcd.3" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gcd.4" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gcd.5" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gcd.6" expl="loop variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC gcd.7" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gcd.8" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gcd.9" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gcd.10" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC gcd.11" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC simp" expl="VC for simp" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC simp.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC simp.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC simp.2" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC simp.3" expl="assertion" proved="true">
+ <proof prover="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC simp.4" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.00" steps="8"/></proof>
+ </goal>
+ <goal name="VC simp.5" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC simp.5.0" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC simp.5.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC simp.5.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC radd" expl="VC for radd" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC radd.0" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC radd.1" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC radd.1.0" expl="assertion" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC radd.1.0.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC radd.1.1" expl="VC for radd" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC radd.1.1.0" expl="VC for radd" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC radd.1.1.0.0" expl="VC for radd" proved="true">
+ <transf name="replace" proved="true" arg1="(from_int a1 * from_int b1)" arg2="(from_int b1 * from_int a1)">
+ <goal name="VC radd.1.1.0.0.0" expl="VC for radd" proved="true">
+ <transf name="cut" proved="true" arg1="(inv1 (from_int b1) * from_int b1 = one)">
+ <goal name="VC radd.1.1.0.0.0.0" expl="VC for radd" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="7"/></proof>
+ </goal>
+ <goal name="VC radd.1.1.0.0.0.1" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC radd.1.1.0.0.1" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC radd.1.2" expl="VC for radd" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC radd.1.3" expl="VC for radd" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC radd.1.3.0" expl="VC for radd" proved="true">
+ <proof prover="3" timelimit="10"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC radd.1.4" expl="VC for radd" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC radd.1.4.0" expl="VC for radd" proved="true">
+ <transf name="apply" proved="true" arg1="prod_compat_eq" arg2="with" arg3="d">
+ <goal name="VC radd.1.4.0.0" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC radd.1.4.0.1" proved="true">
+ <proof prover="0"><result status="valid" time="0.05" steps="23"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC radd.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rmul" expl="VC for rmul" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rmul.0" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rmul.1" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rmul.1.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="6"/></proof>
+ </goal>
+ <goal name="VC rmul.1.1" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC rmul.1.2" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.70" steps="108"/></proof>
+ </goal>
+ <goal name="VC rmul.1.3" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="6"/></proof>
+ </goal>
+ <goal name="VC rmul.1.4" expl="VC for rmul" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rmul.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC ropp" expl="VC for ropp" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC ropp.0" expl="VC for ropp" proved="true">
+ <proof prover="0"><result status="valid" time="0.00" steps="6"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC req" expl="VC for req" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC req.0" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC req.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC req.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rinv" expl="VC for rinv" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rinv.0" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC rinv.1" expl="postcondition" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC rinv.1.0" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rinv.2" expl="postcondition" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC rinv.2.0" expl="postcondition" proved="true">
+ <proof prover="3" timelimit="10"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC is_zero" expl="VC for is_zero" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC is_zero.0" expl="postcondition" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC is_zero.0.0" expl="VC for is_zero" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC is_zero.0.0.0" expl="VC for is_zero" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC is_zero.0.0.0.0" expl="VC for is_zero" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC is_zero.0.1" expl="VC for is_zero" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC is_zero.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="LinearDecisionRational" proved="true">
+ <goal name="C.A.Assoc" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Unit_def_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Unit_def_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Inv_def_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Inv_def_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Comm" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.MulAssoc.Assoc" proved="true">
+ <proof prover="2"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="C.A.Mul_distr_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Mul_distr_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.MulComm.Comm" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Unitary" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.NonTrivialRing" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.ZeroLessOne" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.CompatOrderAdd" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.CompatOrderMult" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.sub_def" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC czero" expl="VC for czero" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC cone" expl="VC for cone" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.zero_def" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="C.one_def" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="one_def.0" proved="true">
+ <transf name="replace" proved="true" arg1="one" arg2="1.0">
+ <goal name="one_def.0.0" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="one_def.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="C.VC add" expl="VC for add" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="C.VC mul" expl="VC for mul" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC opp" expl="VC for opp" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC eq" expl="VC for eq" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC inv" expl="VC for inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+</theory>
+<theory name="LinearDecisionInt" proved="true">
+ <goal name="VC izero" expl="VC for izero" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC ione" expl="VC for ione" proved="true">
+ <proof prover="2"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC ieq" expl="VC for ieq" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC iadd" expl="VC for iadd" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC imul" expl="VC for imul" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC iopp" expl="VC for iopp" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC iinv" expl="VC for iinv" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Assoc" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Unit_def_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Unit_def_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Inv_def_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Inv_def_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Comm" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.MulAssoc.Assoc" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Mul_distr_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Mul_distr_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.MulComm.Comm" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Unitary" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.NonTrivialRing" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.ZeroLessOne" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.CompatOrderAdd" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.CompatOrderMult" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.sub_def" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC czero" expl="VC for czero" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC cone" expl="VC for cone" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.zero_def" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="C.one_def" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.VC add" expl="VC for add" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.VC mul" expl="VC for mul" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.VC opp" expl="VC for opp" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC eq" expl="VC for eq" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC inv" expl="VC for inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC m_y" expl="VC for m_y" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC m" expl="VC for m" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="114"/></proof>
+ </goal>
+ <goal name="VC m_cprod" expl="VC for m_cprod" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="201"/></proof>
+ </goal>
+ <goal name="VC m_expr" expl="VC for m_expr" proved="true">
+ <proof prover="0"><result status="valid" time="0.69" steps="2866"/></proof>
+ </goal>
+ <goal name="VC m_eq" expl="VC for m_eq" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="169"/></proof>
+ </goal>
+ <goal name="VC m_ctx" expl="VC for m_ctx" proved="true">
+ <proof prover="0"><result status="valid" time="0.31" steps="938"/></proof>
+ </goal>
+ <goal name="VC int_decision" expl="VC for int_decision" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC int_decision.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC int_decision.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC int_decision.2" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC int_decision.3" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC int_decision.4" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC int_decision.5" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC int_decision.6" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="Test" proved="true">
+ <goal name="g" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="g.0" proved="true">
+ <transf name="reflection_f" proved="true" arg1="decision">
+ <goal name="g.0.0" expl="reification check" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="TestInt" proved="true">
+ <goal name="g" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="g.0" proved="true">
+ <transf name="reflection_f" proved="true" arg1="int_decision">
+ <goal name="g.0.0" expl="reification check" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="MP64Coeffs" proved="true">
+ <goal name="VC mzero" expl="VC for mzero" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mone" expl="VC for mone" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="qinterp_def" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ </transf>
+ </goal>
+ <goal name="VC opp_exp" expl="VC for opp_exp" proved="true">
+ <proof prover="0"><result status="valid" time="0.05" steps="182"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp" expl="VC for add_sub_exp" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_sub_exp.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="35"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="22"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="22"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.3" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.4" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="337"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.5" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.6" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="61"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.7" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.8" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.9" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.10" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="344"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.11" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.12" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="119"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.13" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.14" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.15" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="49"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.16" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="47"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.17" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.18" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="39"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.19" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.20" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="341"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.21" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.22" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="61"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.23" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.24" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.25" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.26" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_sub_exp.26.0" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_sub_exp.26.0.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="37"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.26.0.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.26.0.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="102"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_sub_exp.26.1" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_sub_exp.26.1.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="34"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.26.1.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.26.1.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_sub_exp.27" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.28" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="119"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.29" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.30" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.31" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="29"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.32" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="49"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.33" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="52"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.34" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="18"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.35" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.36" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="386"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.37" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.38" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="67"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.39" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.40" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.41" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.42" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.05" steps="393"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.43" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.44" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="132"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.45" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.46" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.47" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="29"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.48" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="17"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.49" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.50" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.20" steps="1600"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.51" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.52" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="148"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.53" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.54" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.55" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.56" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.19" steps="1703"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.57" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.58" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="418"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.59" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.60" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.61" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.62" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.63" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="333"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.64" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.65" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="94"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.66" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.67" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.68" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.69" expl="postcondition" proved="true">
+ <transf name="eliminate_if" proved="true" >
+ <goal name="VC add_sub_exp.69.0" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_sub_exp.69.0.0" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_sub_exp.69.0.0.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.69.0.0.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="17"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.69.0.0.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="15"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_sub_exp.69.0.1" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_sub_exp.69.0.1.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="19"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.69.0.1.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="17"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.69.0.1.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="15"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_sub_exp.70" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.71" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.05" steps="206"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.72" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.73" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.74" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.75" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.76" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="36"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.77" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.78" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="18"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.79" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.80" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.81" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="16"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.82" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.83" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.84" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.85" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="36"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.86" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.87" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="18"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.88" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.89" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.90" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="16"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.91" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.92" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.93" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC add_sub_exp.94" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC add_exp" expl="VC for add_exp" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC add_exp.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="7"/></proof>
+ </goal>
+ <goal name="VC add_exp.1" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC zero_exp" expl="VC for zero_exp" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC zero_exp.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC zero_exp.1" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC zero_exp.2" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC zero_exp.3" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC zero_exp.4" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC zero_exp.5" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="46"/></proof>
+ </goal>
+ <goal name="VC zero_exp.6" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="9"/></proof>
+ </goal>
+ <goal name="VC zero_exp.7" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC same_exp" expl="VC for same_exp" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC same_exp.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="9"/></proof>
+ </goal>
+ <goal name="VC same_exp.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC same_exp.2" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC same_exp.3" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC same_exp.4" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC same_exp.5" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC same_exp.6" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC same_exp.7" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC same_exp.8" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC same_exp.9" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="12"/></proof>
+ </goal>
+ <goal name="VC same_exp.10" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC same_exp.11" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC same_exp.12" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC same_exp.13" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC same_exp.14" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC same_exp.15" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC same_exp.16" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC madd" expl="VC for madd" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC madd.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.64" steps="161"/></proof>
+ </goal>
+ <goal name="VC madd.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC madd.2" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC madd.2.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC madd.2.1" expl="assertion" proved="true">
+ <proof prover="3" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC madd.2.2" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC madd.2.3" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="14"/></proof>
+ </goal>
+ <goal name="VC madd.2.4" expl="VC for madd" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC madd.3" expl="postcondition" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC madd.3.0" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC madd.4" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC madd.5" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC madd.6" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mmul" expl="VC for mmul" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mmul.0" expl="postcondition" proved="true">
+ <proof prover="3" timelimit="10"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC mmul.1" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mmul.1.0" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mmul.1.1" expl="VC for mmul" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="13"/></proof>
+ </goal>
+ <goal name="VC mmul.1.2" expl="VC for mmul" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="12"/></proof>
+ </goal>
+ <goal name="VC mmul.1.3" expl="VC for mmul" proved="true">
+ <proof prover="3" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mmul.1.4" expl="VC for mmul" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="9"/></proof>
+ </goal>
+ <goal name="VC mmul.1.5" expl="VC for mmul" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="12"/></proof>
+ </goal>
+ <goal name="VC mmul.1.6" expl="VC for mmul" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mmul.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mmul.3" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mmul.4" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mopp" expl="VC for mopp" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC mopp.0" expl="VC for mopp" proved="true">
+ <proof prover="0"><result status="valid" time="0.03" steps="10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC pure_same_exp" expl="VC for pure_same_exp" proved="true">
+ <proof prover="0"><result status="valid" time="0.24" steps="756"/></proof>
+ </goal>
+ <goal name="VC meq" expl="VC for meq" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC meq.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.67" steps="226"/></proof>
+ </goal>
+ <goal name="VC meq.1" expl="postcondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC meq.1.0" expl="postcondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC meq.1.0.0" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC minv" expl="VC for minv" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC minv.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC minv.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC minv.2" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="LinearDecisionRationalMP" proved="true">
+ <goal name="C.A.Assoc" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Unit_def_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Unit_def_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Inv_def_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Inv_def_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Comm" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.MulAssoc.Assoc" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Mul_distr_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Mul_distr_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.MulComm.Comm" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Unitary" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.NonTrivialRing" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.ZeroLessOne" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.CompatOrderAdd" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.CompatOrderMult" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.sub_def" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC czero" expl="VC for czero" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC cone" expl="VC for cone" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.zero_def" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.one_def" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="17"/></proof>
+ </goal>
+ <goal name="C.VC add" expl="VC for add" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.VC mul" expl="VC for mul" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.VC opp" expl="VC for opp" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC eq" expl="VC for eq" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC inv" expl="VC for inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+</theory>
+<theory name="LinearDecisionIntMP" proved="true">
+ <goal name="VC mpzero" expl="VC for mpzero" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mpone" expl="VC for mpone" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mpadd" expl="VC for mpadd" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mpmul" expl="VC for mpmul" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mpopp" expl="VC for mpopp" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mpeq" expl="VC for mpeq" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC mpinv" expl="VC for mpinv" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Assoc" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.Unit_def_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Unit_def_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Inv_def_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Inv_def_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Comm" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.MulAssoc.Assoc" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Mul_distr_l" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Mul_distr_r" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.MulComm.Comm" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.Unitary" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.NonTrivialRing" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.A.ZeroLessOne" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.CompatOrderAdd" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.A.CompatOrderMult" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.sub_def" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="C.VC czero" expl="VC for czero" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.VC cone" expl="VC for cone" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.zero_def" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ </transf>
+ </goal>
+ <goal name="C.one_def" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="11"/></proof>
+ </goal>
+ <goal name="C.VC add" expl="VC for add" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.VC mul" expl="VC for mul" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.VC opp" expl="VC for opp" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.VC eq" expl="VC for eq" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="C.VC inv" expl="VC for inv" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC m" expl="VC for m" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC m.0" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC m.0.0" expl="postcondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC m.0.0.0" expl="postcondition" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC m.0.0.0.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="81"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC m.1" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC m.1.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="116"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC m.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="118"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC m_y" expl="VC for m_y" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC m_cprod" expl="VC for m_cprod" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC m_cprod.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="61"/></proof>
+ </goal>
+ <goal name="VC m_cprod.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="67"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC m_expr" expl="VC for m_expr" proved="true">
+ <proof prover="0"><result status="valid" time="0.30" steps="1321"/></proof>
+ </goal>
+ <goal name="VC m_eq" expl="VC for m_eq" proved="true">
+ <proof prover="1"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC m_ctx" expl="VC for m_ctx" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="719"/></proof>
+ </goal>
+ <goal name="VC mp_decision" expl="VC for mp_decision" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC mp_decision.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mp_decision.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mp_decision.2" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC mp_decision.3" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC mp_decision.4" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mp_decision.5" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mp_decision.6" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="EqPropMP" proved="true">
+ <goal name="VC expr_bound'" expl="VC for expr_bound'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC expr_bound'.0" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="200"/></proof>
+ </goal>
+ <goal name="VC expr_bound'.1" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="201"/></proof>
+ </goal>
+ <goal name="VC expr_bound'.2" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="200"/></proof>
+ </goal>
+ <goal name="VC expr_bound'.3" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="201"/></proof>
+ </goal>
+ <goal name="VC expr_bound'.4" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="200"/></proof>
+ </goal>
+ <goal name="VC expr_bound'.5" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="200"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC eq_bound'" expl="VC for eq_bound'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ </transf>
+ </goal>
+ <goal name="VC ctx_bound'" expl="VC for ctx_bound'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ </transf>
+ </goal>
+ <goal name="VC expr_bound_w'" expl="VC for expr_bound_w'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC expr_bound_w'.0" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="213"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.2" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.05" steps="51"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.3" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="214"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.4" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.5" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="52"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.6" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="213"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.7" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.8" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="51"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.9" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="214"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.10" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.11" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="52"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.12" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="208"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.13" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.14" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="51"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.15" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="208"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.16" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.17" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="51"/></proof>
+ </goal>
+ <goal name="VC expr_bound_w'.18" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.11" steps="337"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="eq_bound_w'" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="112"/></proof>
+ </goal>
+ <goal name="VC ctx_bound_w'" expl="VC for ctx_bound_w'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC ctx_bound_w'.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC ctx_bound_w'.1" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="52"/></proof>
+ </goal>
+ <goal name="VC ctx_bound_w'.2" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC ctx_bound_w'.3" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="106"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC max_var'" expl="VC for max_var'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC max_var'.0" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="211"/></proof>
+ </goal>
+ <goal name="VC max_var'.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC max_var'.2" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="213"/></proof>
+ </goal>
+ <goal name="VC max_var'.3" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC max_var'.4" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="211"/></proof>
+ </goal>
+ <goal name="VC max_var'.5" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC max_var'.6" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="213"/></proof>
+ </goal>
+ <goal name="VC max_var'.7" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC max_var'.8" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="206"/></proof>
+ </goal>
+ <goal name="VC max_var'.9" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC max_var'.10" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="206"/></proof>
+ </goal>
+ <goal name="VC max_var'.11" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC max_var'.12" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="170"/></proof>
+ </goal>
+ <goal name="VC max_var'.13" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.15" steps="430"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC max_var_e'" expl="VC for max_var_e'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC max_var_e'.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC max_var_e'.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC max_var_e'.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC max_var_e'.3" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="107"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC max_var_ctx'" expl="VC for max_var_ctx'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC max_var_ctx'.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC max_var_ctx'.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC max_var_ctx'.2" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC max_var_ctx'.3" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="63"/></proof>
+ </goal>
+ <goal name="VC max_var_ctx'.4" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.11" steps="166"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC interp_ctx_valid'" expl="VC for interp_ctx_valid'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC interp_ctx_valid'.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC interp_ctx_valid'.1" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC interp_ctx_wr'" expl="VC for interp_ctx_wr'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC interp_ctx_wr'.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC interp_ctx_wr'.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="178"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC interp_ctx_wl'" expl="VC for interp_ctx_wl'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC interp_ctx_wl'.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC interp_ctx_wl'.1" expl="postcondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC interp_ctx_wl'.1.0" expl="postcondition" proved="true">
+ <transf name="compute_in_goal" proved="true" >
+ <goal name="VC interp_ctx_wl'.1.0.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.22" steps="688"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC interp_ctx_cons'" expl="VC for interp_ctx_cons'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC interp_ctx_cons'.0" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC holds_interp_ctx'" expl="VC for holds_interp_ctx'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC holds_interp_ctx'.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC holds_interp_ctx'.1" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="61"/></proof>
+ </goal>
+ <goal name="VC holds_interp_ctx'.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="60"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC interp_holds'" expl="VC for interp_holds'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC interp_holds'.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC interp_holds'.1" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="78"/></proof>
+ </goal>
+ <goal name="VC interp_holds'.2" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="54"/></proof>
+ </goal>
+ <goal name="VC interp_holds'.3" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC impl_holds'" expl="VC for impl_holds'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC impl_holds'.0" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="75"/></proof>
+ </goal>
+ <goal name="VC impl_holds'.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC impl_holds'.2" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC impl_holds'.3" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="55"/></proof>
+ </goal>
+ <goal name="VC impl_holds'.4" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC impl_holds'.5" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC impl_holds'.6" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="89"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC ctx_impl'" expl="VC for ctx_impl'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC ctx_impl'.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC ctx_impl'.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC ctx_impl'.2" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC ctx_impl'.3" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC ctx_impl'.4" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC ctx_impl'.5" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC ctx_impl'.6" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.21"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC interp_ctx_impl'" expl="VC for interp_ctx_impl'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC interp_ctx_impl'.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC interp_ctx_impl'.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC interp_ctx_impl'.2" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC impl_cons" expl="VC for impl_cons" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC impl_cons.0" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="30"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC impl_wl'" expl="VC for impl_wl'" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC impl_wl'.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC impl_wl'.1" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="52"/></proof>
+ </goal>
+ <goal name="VC impl_wl'.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="149"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC impl_self" expl="VC for impl_self" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC impl_self.0" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC impl_self.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC impl_self.2" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="155"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC prop_ctx" expl="VC for prop_ctx" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC prop_ctx.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.2" expl="array creation size" proved="true">
+ <proof prover="2"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.3" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.13" steps="248"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.4" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.11" steps="254"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.5" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.13" steps="248"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.6" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.14" steps="254"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.7" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.30" steps="956"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.8" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.13" steps="167"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.9" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.18" steps="498"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.10" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.15" steps="455"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.11" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.33" steps="491"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.12" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.14" steps="162"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.13" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.24" steps="474"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.14" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.18" steps="439"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.15" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="3.42" steps="4075"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.16" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.11" steps="162"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.17" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.20" steps="474"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.18" expl="index in array bounds" proved="true">
+ <proof prover="0"><result status="valid" time="0.24" steps="439"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.19" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="3.17" steps="3992"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.20" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.15" steps="257"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.21" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.13" steps="30"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.22" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.23" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.24" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="69"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.25" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="75"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.26" expl="postcondition" proved="true">
+ <proof prover="0" timelimit="5" memlimit="2000"><result status="valid" time="0.10" steps="100"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.27" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.28" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.29" expl="array creation size" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.30" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.31" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.32" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.33" expl="variant decrease" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC prop_ctx.33.0" expl="VC for prop_ctx" proved="true">
+ <proof prover="2"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.33.1" expl="VC for prop_ctx" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC prop_ctx.34" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.35" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.36" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.37" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="1.42" steps="602"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.38" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.39" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.40" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.41" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.42" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.82" steps="473"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.43" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.44" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.45" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.46" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.20" steps="352"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.47" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.48" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.49" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.15" steps="365"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.50" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.51" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.52" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.53" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="112"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.54" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.55" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.56" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.57" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="352"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.58" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.59" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.60" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.19" steps="365"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.61" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.62" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.33"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.63" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.64" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="114"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.65" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.34"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.66" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.67" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.68" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="347"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.69" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.70" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.71" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.72" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="107"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.73" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.74" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.75" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC prop_ctx.75.0" expl="VC for prop_ctx" proved="true">
+ <proof prover="0"><result status="valid" time="0.05" steps="90"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.75.1" expl="VC for prop_ctx" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.75.2" expl="VC for prop_ctx" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="44"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.75.3" expl="VC for prop_ctx" proved="true">
+ <transf name="unfold" proved="true" arg1="numof">
+ <goal name="VC prop_ctx.75.3.0" expl="VC for prop_ctx" proved="true">
+ <transf name="split_all_full" proved="true" >
+ <goal name="VC prop_ctx.75.3.0.0" expl="VC for prop_ctx" proved="true">
+ <proof prover="1" timelimit="10" memlimit="4000"><result status="valid" time="10.72"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC prop_ctx.76" expl="index in array bounds" proved="true">
+ <proof prover="2"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.77" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.14" steps="39"/></proof>
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.78" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="44"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.79" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="104"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.80" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.81" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.82" expl="index in array bounds" proved="true">
+ <proof prover="2"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.83" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.31" steps="445"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.84" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.11" steps="158"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.85" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="181"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.86" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.87" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.88" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.89" expl="index in array bounds" proved="true">
+ <proof prover="2"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.90" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.91" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.92" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.93" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.94" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.95" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.96" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.19" steps="154"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.97" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.98" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="225"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.99" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="225"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.100" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="85"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.101" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.102" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.103" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="225"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.104" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.11" steps="225"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.105" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="87"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.106" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.107" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.108" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="221"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.109" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="85"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.110" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.111" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="40"/></proof>
+ <proof prover="2"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.112" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.113" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="125"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.114" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="98"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.115" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.116" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.117" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="37"/></proof>
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.118" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.18" steps="167"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.119" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="91"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.120" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.121" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="83"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.122" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="83"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.123" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.11" steps="91"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.124" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.11" steps="190"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.125" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.126" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.127" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.128" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="39"/></proof>
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.129" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.130" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="19"/></proof>
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.131" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.14" steps="293"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.132" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.07" steps="77"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.133" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.134" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="42"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.135" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.27" steps="142"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.136" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.137" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="217"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.138" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.139" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.140" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.14" steps="293"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.141" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="77"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.142" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.143" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="42"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.144" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.29" steps="142"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.145" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.146" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="217"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.147" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.148" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.149" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.11" steps="303"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.150" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="77"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.151" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.152" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.18" steps="310"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.153" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="79"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.154" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.155" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="44"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.156" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="146"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.157" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.158" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="228"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.159" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.160" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.161" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.13" steps="303"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.162" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="77"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.163" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.164" expl="variant decrease" proved="true">
+ <proof prover="0"><result status="valid" time="0.14" steps="310"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.165" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="79"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.166" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.167" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="44"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.168" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.14" steps="150"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.169" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.170" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="228"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.171" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.172" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.173" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="37"/></proof>
+ <proof prover="2"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.174" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="95"/></proof>
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.175" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.176" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="99"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.177" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.178" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="36"/></proof>
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.179" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.180" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="38"/></proof>
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.181" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.182" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.183" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.31" steps="330"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.184" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.185" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.186" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.187" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.188" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.14" steps="37"/></proof>
+ <proof prover="2"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.189" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="38"/></proof>
+ <proof prover="2"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.190" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.191" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.192" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.193" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="82"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.194" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.195" expl="variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.196" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="85"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.197" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="86"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.198" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.199" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.09" steps="48"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.200" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.12" steps="141"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.201" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.05" steps="52"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.202" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.203" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="264"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.204" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.205" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.206" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.207" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.208" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.209" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.210" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.211" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.212" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.213" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.214" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.215" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC prop_ctx.216" expl="out of loop bounds" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC prop_mp_decision" expl="VC for prop_mp_decision" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC prop_mp_decision.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC prop_mp_decision.1" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC prop_mp_decision.2" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC prop_mp_decision.3" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC prop_mp_decision.4" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC prop_mp_decision.5" expl="postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC prop_mp_decision.6" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC prop_mp_decision.7" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC prop_mp_decision.8" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC prop_mp_decision.9" expl="exceptional postcondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="TestMP" proved="true">
+ <goal name="g" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="g.0" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="g.0.0" expl="reification check" proved="true">
+ <proof prover="0"><result status="valid" time="0.04" steps="53"/></proof>
+ </goal>
+ <goal name="g.0.1" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="g.0.2" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="g'" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="g'.0" proved="true">
+ <transf name="reflection_f" proved="true" arg1="prop_mp_decision">
+ <goal name="g'.0.0" expl="reification check" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="49"/></proof>
+ </goal>
+ <goal name="g'.0.1" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="g'.0.2" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="g'.0.3" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ </transf>
+ <transf name="subst" proved="true" arg1="j">
+ <goal name="g'.0.0" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="g'.0.0.0" expl="reification check" proved="true">
+ <proof prover="0"><result status="valid" time="0.08" steps="47"/></proof>
+ </goal>
+ <goal name="g'.0.0.1" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="g'.0.0.2" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="g''" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="g''.0" proved="true">
+ <transf name="replace" proved="true" arg1="c" arg2="0">
+ <goal name="g''.0.0" proved="true">
+ <transf name="replace" proved="true" arg1="c" arg2="0" arg3="in" arg4="H2">
+ <goal name="g''.0.0.0" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="g''.0.0.0.0" expl="reification check" proved="true">
+ <proof prover="0"><result status="valid" time="0.05" steps="49"/></proof>
+ </goal>
+ <goal name="g''.0.0.0.1" proved="true">
+ <proof prover="2"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="g''.0.0.0.2" proved="true">
+ <proof prover="2"><result status="valid" time="0.26"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="g''.0.0.1" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="g''.0.1" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="Test2">
+ <goal name="g">
+ <transf name="introduce_premises" >
+ <goal name="g.0">
+ <transf name="reflection_f" arg1="int_decision">
+ <goal name="g.0.0" expl="reification check" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="g.0.1">
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+<theory name="Fmla" proved="true">
+ <goal name="VC f" expl="VC for f" proved="true">
+ <proof prover="2"><result status="valid" time="0.02"/></proof>
+ </goal>
+</theory>
+<theory name="TestFmla">
+ <goal name="g">
+ <transf name="introduce_premises" >
+ <goal name="g.0">
+ <transf name="reflection_f" arg1="f">
+ <goal name="g.0.0" expl="reification check" proved="true">
+ <proof prover="2"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="g.0.1">
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+</file>
+</why3session>
diff --git a/examples/multiprecision/lineardecision/why3shapes.gz b/examples/multiprecision/lineardecision/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..d69103c28b5533853f1c0ed2f1e49a28e3635a05
Binary files /dev/null and b/examples/multiprecision/lineardecision/why3shapes.gz differ
diff --git a/examples/multiprecision/logical.mlw b/examples/multiprecision/logical.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..f13301d839ce974a4514f403f89443c577b5f2b1
--- /dev/null
+++ b/examples/multiprecision/logical.mlw
@@ -0,0 +1,389 @@
+module Logical
+
+ use import int.Int
+ use import mach.int.Int32
+ use import mach.int.UInt64GMP as Limb
+ use import int.Power
+ use import ref.Ref
+ use import mach.c.C
+ use import array.Array
+ use import map.Map
+ use import types.Types
+ use import lemmas.Lemmas
+ use import int.EuclideanDivision
+
+ let lemma pow2_64 ()
+ ensures { power 2 64 = radix }
+ =
+ assert { power 2 2 = 4 };
+ assert { power 2 4 = (power 2 2)*(power 2 2) };
+ assert { power 2 8 = (power 2 4)*(power 2 4) };
+ assert { power 2 16 = (power 2 8)*(power 2 8) };
+ assert { power 2 32 = (power 2 16)*(power 2 16) };
+ assert { power 2 64 = (power 2 32)*(power 2 32) = radix}
+
+ (* is a logical lemma in ComputerDivision*)
+ let lemma mod_mult (x y z:int)
+ requires { x > 0 }
+ ensures { mod (x * y + z) x = mod z x }
+ =
+ ()
+
+ let lsld_ext (x cnt:limb) : (limb,limb)
+ requires { 0 <= cnt < Limb.length }
+ returns { (r,d) -> uint64'int r + radix * uint64'int d = (power 2 cnt) * x }
+ returns { (r,_d) -> mod (l2i r) (power 2 cnt) = 0 }
+ returns { (r,_d) -> l2i r <= radix - (power 2 cnt) }
+ returns { (_r,d) -> l2i d < power 2 cnt }
+ =
+ let uzero = Limb.of_int 0 in
+ if (Limb.(=) cnt uzero) then (x, uzero)
+ else
+ begin
+ let (r:limb,d:limb) = lsld x cnt in
+ let ghost p = power 2 (l2i cnt) in
+ let ghost q = power 2 (Limb.length - l2i cnt) in
+ assert { p > 0 /\ q > 0 };
+ assert { radix = p * q by
+ radix = power 2 Limb.length = power 2 (cnt + (Limb.length - cnt))
+ = p*q };
+ assert { mod radix p = 0
+ by mod radix p
+ = mod (p * q + 0) p
+ = mod 0 p
+ = 0 };
+ assert { r < radix };
+ mod_mult p (q*l2i d) (l2i r);
+ mod_mult p (l2i x) 0;
+ assert { mod (r) p = 0
+ by
+ mod (r) p = mod (p * (q * d) + r) p
+ so p * (q * d) = radix * d
+ so mod (r) p = mod (radix * d + r) p
+ = mod (p * x) p
+ = mod 0 p
+ = 0 };
+ assert { r <= radix - p
+ by
+ r = p * (div (r) p) + (mod (r) p)
+ = p * (div (r) p)
+ so
+ radix = p * q
+ so
+ r < radix
+ so (div (r) p >= q -> (r = p * div (r) p >= p*q = radix)
+ -> false)
+ so div (r) p <= q-1
+ so r = p * div (r) p <= p * (q-1) = p*q - p = radix - p };
+ assert { d < p
+ by
+ r + radix * d = p * x
+ so
+ radix * d <= p * x
+ so
+ x < radix /\ p > 0
+ so p * x < p * radix
+ so radix * d < p * radix
+ so d < p
+ };
+ (r,d)
+ end
+
+ let clz_ext (x:limb) : int32
+ requires { x > 0 }
+ ensures { power 2 result * x < radix }
+ ensures { 2 * power 2 result * x >= radix }
+ ensures { 0 <= result < Limb.length }
+ ensures { power 2 result * x <= radix - power 2 result }
+ =
+ let r = count_leading_zeros x in
+ let ghost p = power 2 (p2i r) in
+ let ghost q = power 2 (Limb.length - p2i r) in
+ assert { p * x <= radix - p
+ by
+ p * q = radix
+ so p > 0 so q > 0
+ so mod radix p = mod (q * p) p = 0
+ so mod (p * x) p = 0
+ so p * x < p * q
+ so (x < q by p > 0)
+ so radix - p = p * (q - 1)
+ so x <= q - 1
+ so p * x <= p * (q - 1)
+ };
+ r
+
+ (** [lshift r x sz cnt] shifts [(x,sz)] [cnt] bits to the left and
+ writes the result in [(r, sz)]. Returns the [cnt] most significant
+ bits of [(x, sz)]. Corresponds to [mpn_lshift]. *)
+ (*TODO overlapping allowed if r >= x*)
+ let lshift (r x:t) (sz:int32) (cnt:limb) : limb
+ requires { 0 < cnt < Limb.length }
+ requires { valid r sz }
+ requires { valid x sz }
+ requires { 0 < sz }
+ ensures { value r sz + (power radix sz) * result =
+ value x sz * (power 2 (cnt)) }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let zero = Int32.of_int 0 in
+ let one = Int32.of_int 1 in
+ let msb = Int32.(-) sz one in
+ let xp = ref (C.incr x msb) in
+ let rp = ref (C.incr r msb) in
+ let high = ref limb_zero in
+ let low = ref (C.get !xp) in
+ let i = ref msb in
+ let l, retval = lsld_ext !low cnt in
+ high := l;
+ while (Int32.(>) !i zero) do
+ variant { p2i !i }
+ invariant { 0 <= !i < sz }
+ invariant { radix * value_sub (pelts r) (r.offset + 1 + !i) (r.offset + sz)
+ + (power radix (sz - !i)) * retval + !high
+ = value !xp (sz - !i)
+ * (power 2 (cnt)) }
+ invariant { (!rp).offset = r.offset + !i }
+ invariant { (!xp).offset = x.offset + !i }
+ invariant { plength !rp = plength r }
+ invariant { !rp.min = r.min }
+ invariant { !rp.max = r.max }
+ invariant { pelts !rp = pelts r }
+ invariant { plength !xp = plength x }
+ invariant { !xp.min = x.min }
+ invariant { !xp.max = x.max }
+ invariant { pelts !xp = pelts x }
+ invariant { !high <= radix - power 2 (cnt) }
+ label StartLoop in
+ xp.contents <- C.incr !xp (-1);
+ low := C.get !xp;
+ let l,h = lsld_ext !low cnt in
+ assert { !high + h < radix };
+ let ghost v = Limb.(+) !high h in
+ value_sub_update_no_change (pelts r) (!rp).offset (r.offset + 1 + p2i !i)
+ (r.offset + p2i sz) v;
+ C.set !rp (Limb.(+) !high h);
+ rp.contents <- C.incr !rp (-1);
+ high := l;
+ let ghost k = p2i !i in
+ i := Int32.(-) !i one;
+ value_sub_head (pelts r) (r.offset + k) (r.offset + p2i sz);
+ value_sub_head (pelts !xp) (!xp).offset (x.offset + p2i sz);
+ assert { radix
+ * value_sub (pelts r) (r.offset + k) (r.offset + sz)
+ + (power radix (sz - !i)) * retval + !high
+ = value !xp (sz - !i)
+ * (power 2 (cnt))
+ by
+ (pelts r)[r.offset + k]
+ = (pelts r)[(!rp.offset at StartLoop)]
+ = (!high at StartLoop) + h
+ so
+ power radix (sz - !i)
+ = power radix (sz - (k - 1))
+ = power radix ((sz - k) +1)
+ = radix * power radix (sz - k)
+ so
+ !low = (pelts x)[(!xp).offset]
+ so
+ radix * value_sub (pelts r) (r.offset + k) (r.offset + sz)
+ + (power radix (sz - !i)) * retval + !high
+ = radix * value_sub (pelts r) (r.offset + k) (r.offset + sz)
+ + radix * (power radix (sz - k)) * retval + !high
+ = radix * ( (pelts r)[r.offset + k]
+ + radix * (value_sub (pelts r)
+ (r.offset + 1 + k) (r.offset + sz)))
+ + radix * (power radix (sz - k)) * retval + !high
+ = radix * ( (!high at StartLoop) + h
+ + radix * (value_sub (pelts r)
+ (r.offset + 1 + k) (r.offset + sz)))
+ + radix * (power radix (sz - k)) * retval + !high
+ = radix * ( (!high at StartLoop)
+ + radix * (value_sub (pelts r)
+ (r.offset + 1 + k) (r.offset + sz)))
+ + radix * h
+ + radix * (power radix (sz - k)) * retval + !high
+ = radix * ( (!high at StartLoop)
+ + radix * (value_sub (pelts r)
+ (r.offset + 1 + k) (r.offset + sz)))
+ + radix * h
+ + radix * (power radix (sz - k)) * retval + l
+ = radix * ( (!high at StartLoop)
+ + radix * (value_sub (pelts r)
+ (r.offset + 1 + k) (r.offset + sz)))
+ + radix * (power radix (sz - k)) * retval + l
+ + radix * h
+ = radix * ( (!high at StartLoop)
+ + radix * (value_sub (pelts r)
+ (r.offset + 1 + k) (r.offset + sz)))
+ + radix * (power radix (sz - k)) * retval
+ + (power 2 (cnt)) * !low
+ = radix * ( (!high at StartLoop)
+ + radix * (value_sub (pelts r)
+ (r.offset + 1 + k) (r.offset + sz)))
+ + radix * (power radix (sz - k)) * retval
+ + (power 2 (cnt)) * (pelts x)[(!xp).offset]
+ = radix * ( (!high at StartLoop)
+ + radix * (value_sub (pelts r)
+ (r.offset + 1 + k) (r.offset + sz))
+ + power radix (sz - k) * retval )
+ + (power 2 (cnt)) * (pelts x)[(!xp).offset]
+ = radix * ( radix * (value_sub (pelts r)
+ (r.offset + 1 + k) (r.offset + sz))
+ + power radix (sz - k) * retval
+ + (!high at StartLoop) )
+ + (power 2 (cnt)) * (pelts x)[(!xp).offset]
+ = radix * value (!xp at StartLoop) (sz - k)
+ * (power 2 (cnt))
+ + (power 2 (cnt)) * (pelts x)[(!xp).offset]
+ = (power 2 (cnt)) *
+ ((pelts x)[(!xp).offset]
+ + radix * value (!xp at StartLoop) (sz - k))
+ = (power 2 (cnt)) * value !xp (sz - !i)
+ };
+ done;
+ assert { !high + radix * value_sub (pelts r) (r.offset + 1) (r.offset + sz)
+ + (power radix sz) * retval
+ = value !xp sz
+ * (power 2 (cnt)) };
+ value_sub_update_no_change (pelts r) r.offset (r.offset+1)
+ (r.offset + p2i sz) !high;
+ C.set r !high;
+ value_sub_head (pelts r) r.offset (r.offset + p2i sz);
+ retval
+
+ (** [rshift r x sz cnt] shifts [(x,sz)] [cnt] bits to the right and
+ writes the result in [(r, sz)]. Returns the [cnt] least significant
+ bits of [(x, sz)]. Corresponds to [mpn_rshift]. *)
+ (*TODO overlapping allowed if r <= x*)
+ let rshift (r x:t) (sz:int32) (cnt:limb) : limb
+ requires { valid x sz }
+ requires { valid r sz }
+ requires { 0 < cnt < Limb.length }
+ requires { 0 < sz }
+ ensures { result + radix * value r sz
+ = value x sz * (power 2 (Limb.length - cnt)) }
+ =
+ let tnc = Limb.(-) (Limb.of_int Limb.length) cnt in
+ let zero = Int32.of_int 0 in
+ let one = Int32.of_int 1 in
+ let msb = Int32.(-) sz one in
+ let xp = ref (C.incr x zero) in
+ let rp = ref (C.incr r zero) in
+ let high = ref (C.get !xp) in
+ let retval, h = lsld_ext !high tnc in
+ let low = ref h in
+ let i = ref zero in
+ let ghost c = power 2 (l2i tnc) in
+ while (Int32.(<) !i msb) do
+ variant { sz - !i }
+ invariant { 0 <= !i <= msb }
+ invariant { retval + radix * (value r !i
+ + (power radix !i) * !low)
+ = value x (!i+1) * c }
+ invariant { (!rp).offset = r.offset + !i }
+ invariant { (!xp).offset = x.offset + !i }
+ invariant { plength !rp = plength r }
+ invariant { !rp.min = r.min }
+ invariant { !rp.max = r.max }
+ invariant { plength !xp = plength x }
+ invariant { !xp.min = x.min }
+ invariant { !xp.max = x.max }
+ invariant { pelts !rp = pelts r }
+ invariant { pelts !xp = pelts x }
+ invariant { !low < c}
+ label StartLoop in
+ xp.contents <- C.incr !xp one;
+ high := C.get !xp;
+ let l,h = lsld_ext !high tnc in
+ assert { !low + l < radix };
+ let ghost v = Limb.(+) !low l in
+ value_sub_shift_no_change (pelts r) r.offset (p2i !i) (p2i !i) v;
+ C.set !rp (Limb.(+) !low l);
+ assert { value r !i = value (r at StartLoop) !i };
+ value_tail r !i;
+ value_tail x (!i+1);
+ assert { (pelts r)[r.offset + !i] = !low + l };
+ low := h;
+ assert { value x (!i+2) * c = value x (!i+1) * c
+ + power radix (!i+1) * l + power radix (!i+2) * h
+ by (pelts x)[offset x + !i + 1] = !high
+ so value x (!i+2) * c =
+ (value x (!i+1) + power radix (!i+1)* !high) * c
+ so !high * c = l + radix * h };
+ (*nonlinear part*)
+ assert { retval + radix * (value r (!i+1)
+ + (power radix (!i+1)) * !low)
+ = value x (!i+2) * c
+ (* by
+ (pelts r)[r.offset + k]
+ = (pelts r)[(!rp.offset at StartLoop)]
+ = (!low at StartLoop) + l
+ so
+ !high = (pelts x)[(!xp).offset]
+ so
+ retval + radix * (value r !i
+ + (power radix !i) * !low)
+ = retval + radix * (value r k
+ + power radix k * (pelts r)[r.offset+k]
+ + power radix !i * !low)
+ = retval + radix * (value r k
+ + power radix k * ((!low at StartLoop) + l)
+ + power radix !i * !low)
+ = retval + radix * (value r k
+ + power radix k * (!low at StartLoop)
+ + power radix k * l
+ + power radix !i * !low)
+ = retval + radix * (value r k
+ + power radix k * (!low at StartLoop))
+ + radix * (power radix k * l
+ + power radix !i * !low)
+ = value x (k+1) * power 2 (tnc)
+ + radix * (power radix k * l
+ + power radix !i * !low)
+ = value x !i * power 2 (tnc)
+ + radix * (power radix k * l
+ + power radix !i * !low)
+ = value x !i * power 2 (tnc)
+ + radix * (power radix k * l
+ + power radix k * radix * !low)
+ = value x !i * power 2 (tnc)
+ + radix * (power radix k * (l + radix * !low))
+ = value x !i * power 2 (tnc)
+ + radix * (power radix k * !high * power 2 (tnc))
+ = value x !i * power 2 (tnc)
+ + power radix !i * !high * power 2 (tnc)
+ = (value x !i + power radix !i * !high)
+ * power 2 (tnc)
+ = (value x !i
+ + power radix !i * (pelts x)[x.offset + !i])
+ * power 2 (tnc)
+ = value x (1 + !i) * power 2 (tnc) *)
+ };
+ i := Int32.(+) !i one;
+ rp.contents <- C.incr !rp one;
+ done;
+ label EndLoop in
+ assert { retval + radix * (value r msb
+ + (power radix msb) * !low)
+ = value x sz * c };
+ value_sub_tail (pelts r) r.offset (r.offset + p2i msb);
+ assert { (!rp).offset = r.offset + msb };
+ value_sub_shift_no_change (pelts r) r.offset
+ (r.offset + p2i msb) (r.offset + p2i msb) !low;
+ C.set !rp !low;
+ assert { pelts r = Map.set (pelts (r at EndLoop)) (r.offset + msb) !low};
+ value_sub_tail (pelts r) r.offset (r.offset + p2i msb);
+ assert { value r sz
+ = value r msb + power radix msb * !low
+ by value r sz
+ = value r msb + power radix msb * (pelts r)[r.offset + msb] };
+ assert { value r sz
+ = value (r at EndLoop) msb
+ + power radix msb * !low
+ by
+ value (r at EndLoop) msb = value r msb
+ };
+ retval
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/logical/why3session.xml b/examples/multiprecision/logical/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..486932016b0a90d83eee611b3dd7dc6cc9c6c4f1
--- /dev/null
+++ b/examples/multiprecision/logical/why3session.xml
@@ -0,0 +1,899 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="Eprover" version="1.9.1-001" timelimit="5" steplimit="0" memlimit="2000"/>
+<prover id="1" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="2000"/>
+<prover id="2" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="3" name="Z3" version="4.5.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="4" name="Z3" version="4.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="5" name="Alt-Ergo" version="2.0.0" timelimit="5" steplimit="0" memlimit="1000"/>
+<file name="../logical.mlw" proved="true">
+<theory name="Logical" proved="true">
+ <goal name="VC pow2_64" expl="VC for pow2_64" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC pow2_64.0" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="10"/></proof>
+ </goal>
+ <goal name="VC pow2_64.1" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="10"/></proof>
+ </goal>
+ <goal name="VC pow2_64.2" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="11"/></proof>
+ </goal>
+ <goal name="VC pow2_64.3" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="12"/></proof>
+ </goal>
+ <goal name="VC pow2_64.4" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="13"/></proof>
+ </goal>
+ <goal name="VC pow2_64.5" expl="assertion" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="14"/></proof>
+ </goal>
+ <goal name="VC pow2_64.6" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="13"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mod_mult" expl="VC for mod_mult" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="9"/></proof>
+ </goal>
+ <goal name="VC lsld_ext" expl="VC for lsld_ext" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lsld_ext.0" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lsld_ext.0.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lsld_ext.1" expl="precondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.03"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.04"/></proof>
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ <proof prover="5"><result status="valid" time="0.01" steps="12"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.2" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lsld_ext.2.0" expl="VC for lsld_ext" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.2.1" expl="VC for lsld_ext" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lsld_ext.3" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.36"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.4" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lsld_ext.4.0" expl="VC for lsld_ext" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.4.1" expl="VC for lsld_ext" proved="true">
+ <proof prover="0"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.4.2" expl="VC for lsld_ext" proved="true">
+ <proof prover="0"><result status="valid" time="0.08"/></proof>
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.4.3" expl="VC for lsld_ext" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lsld_ext.5" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lsld_ext.5.0" expl="assertion" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lsld_ext.6" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lsld_ext.6.0" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lsld_ext.7" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="19"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.8" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lsld_ext.9.0" expl="VC for lsld_ext" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="22"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9.1" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9.2" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9.3" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9.4" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9.5" expl="VC for lsld_ext" proved="true">
+ <proof prover="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9.6" expl="VC for lsld_ext" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9.7" expl="VC for lsld_ext" proved="true">
+ <proof prover="0"><result status="valid" time="0.67"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9.8" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9.9" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.9.10" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lsld_ext.10" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lsld_ext.10.0" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.10.1" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.10.2" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.10.3" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.10.4" expl="VC for lsld_ext" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="29"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.10.5" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.10.6" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.10.7" expl="VC for lsld_ext" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lsld_ext.11" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lsld_ext.11.0" expl="postcondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.11.1" expl="postcondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.09"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lsld_ext.12" expl="postcondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.13" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.36" steps="50"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.14" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lsld_ext.14.0" expl="postcondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lsld_ext.14.1" expl="postcondition" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC lsld_ext.14.1.0" expl="postcondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC clz_ext" expl="VC for clz_ext" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC clz_ext.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC clz_ext.1.0" expl="VC for clz_ext" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="15"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.1" expl="VC for clz_ext" proved="true">
+ <proof prover="1" timelimit="20"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.2" expl="VC for clz_ext" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="14"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.3" expl="VC for clz_ext" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="15"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.4" expl="VC for clz_ext" proved="true">
+ <proof prover="1"><result status="valid" time="0.66"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.5" expl="VC for clz_ext" proved="true">
+ <proof prover="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.6" expl="VC for clz_ext" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.7" expl="VC for clz_ext" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.8" expl="VC for clz_ext" proved="true">
+ <proof prover="1"><result status="valid" time="0.04"/></proof>
+ <transf name="remove" proved="true" arg1="real,bool,tuple0,unit,tuple2,map,t,ref,zone,limb,zero,one,(>=),abs,div,div1,mod1,get,([]),const,map_eq_sub,max,to_int,in_bounds,zero_unsigned,radix,int32'maxInt,int32'minInt,min_int32,max_int32,in_bounds4,uint32'minInt,to_int1,zero_unsigned1,is_msb_set,(!),uint64'minInt,in_bounds2,zero_unsigned2,is_msb_set1,length1,([]),make,in_us_bounds,null_zone,data,offset,min,zone,plength,pelts,valid_ptr_shift,valid,is_not_null,map_eq_sub_shift,l2i,value_sub,value,Assoc,Unit_def_l,Unit_def_r,Inv_def_l,Inv_def_r,Comm,Assoc1,Mul_distr_l,Mul_distr_r,Comm1,Unitary,NonTrivialRing,Refl,Trans,Antisymm,Total,ZeroLessOne,CompatOrderAdd,CompatOrderMult,Abs_le,Abs_pos,Div_mod,Mod_bound,Div_unique,Div_bound,Mod_1,Div_1,Div_inf,Div_inf_neg,Mod_0,Div_1_left,Div_minus1_left,Mod_1_left,Mod_minus1_left,Div_mult,Mod_mult,Div_mod1,Div_bound1,Mod_bound1,Div_sign_pos,Div_sign_neg,Mod_sign_pos,Mod_sign_neg,Rounds_toward_zero,Div_11,Mod_11,Div_inf1,Mod_inf,Div_mult1,Mod_mult1,Power_0,Power_s,Power_s_alt,Power_1,Power_sum,Power_mult,Power_comm1,Power_comm2,Power_non_neg,Power_monotonic,to_int_in_bounds,extensionality,zero_unsigned_is_zero,radix_def,to_int_in_bounds3,extensionality3,to_int_in_bounds1,extensionality1,zero_unsigned_is_zero1,is_msb_set_spec,to_int_in_bounds2,extensionality2,zero_unsigned_is_zero2,is_msb_set_spec1,array'invariant,make_spec,valid_itv_to_shift,is_not_null_spec,map_eq_shift,map_eq_shift_zero,limb_max_bound,prod_compat_strict_r,prod_compat_r,value_sub_def,value_sub_frame,value_sub_frame_shift,value_sub_tail,value_sub_concat,value_sub_head,value_sub_update,value_zero,value_sub_update_no_change,value_sub_shift_no_change,value_sub_lower_bound,value_sub_upper_bound,value_sub_lower_bound_tight,value_sub_upper_bound_tight,value_tail,value_concat,pow2_64,mod_mult">
+ <goal name="VC clz_ext.1.8.0" expl="VC for clz_ext" proved="true">
+ <proof prover="1" timelimit="1"><result status="valid" time="0.02"/></proof>
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC clz_ext.1.9" expl="VC for clz_ext" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="20"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.10" expl="VC for clz_ext" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="21"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.11" expl="VC for clz_ext" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC clz_ext.1.12" expl="VC for clz_ext" proved="true">
+ <proof prover="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC clz_ext.2" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC clz_ext.3" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC clz_ext.4" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC clz_ext.5" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lshift" expl="VC for lshift" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lshift.0" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="23"/></proof>
+ </goal>
+ <goal name="VC lshift.1" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="24"/></proof>
+ </goal>
+ <goal name="VC lshift.2" expl="integer overflow" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.06"/></proof>
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.03" steps="25"/></proof>
+ </goal>
+ <goal name="VC lshift.3" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.4" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="26"/></proof>
+ </goal>
+ <goal name="VC lshift.5" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="33"/></proof>
+ </goal>
+ <goal name="VC lshift.6" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="40"/></proof>
+ </goal>
+ <goal name="VC lshift.7" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.03" steps="30"/></proof>
+ </goal>
+ <goal name="VC lshift.8" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lshift.9" expl="loop invariant init" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC lshift.9.0" expl="loop invariant init" proved="true">
+ <transf name="replace" proved="true" arg1="(sz - msb)" arg2="1">
+ <goal name="VC lshift.9.0.0" expl="loop invariant init" proved="true">
+ <transf name="cut" proved="true" arg1="(value o3 1 = get (pelts o3) (offset o3))">
+ <goal name="VC lshift.9.0.0.0" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="64"/></proof>
+ </goal>
+ <goal name="VC lshift.9.0.0.1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.44"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lshift.9.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lshift.10" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="38"/></proof>
+ </goal>
+ <goal name="VC lshift.11" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="38"/></proof>
+ </goal>
+ <goal name="VC lshift.12" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC lshift.13" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lshift.14" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lshift.15" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC lshift.16" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ <proof prover="5"><result status="valid" time="0.07" steps="38"/></proof>
+ </goal>
+ <goal name="VC lshift.17" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lshift.18" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lshift.19" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lshift.19.0" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="38"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lshift.20" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.21" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC lshift.22" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.05" steps="74"/></proof>
+ </goal>
+ <goal name="VC lshift.23" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC lshift.24" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC lshift.25" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC lshift.26" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lshift.26.0" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lshift.27" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.28" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.29" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC lshift.30" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC lshift.31" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC lshift.32" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC lshift.33" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC lshift.34" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lshift.34.0" expl="VC for lshift" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.34.1" expl="VC for lshift" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC lshift.34.2" expl="VC for lshift" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC lshift.34.3" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lshift.34.4" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC lshift.34.5" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC lshift.34.6" expl="VC for lshift" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.34.7" expl="VC for lshift" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lshift.34.8" expl="VC for lshift" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC lshift.34.9" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lshift.34.10" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.34.11" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.34.12" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lshift.34.13" expl="VC for lshift" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC lshift.34.13.0" expl="VC for lshift" proved="true">
+ <transf name="rewrite" proved="true" arg1="H">
+ <goal name="VC lshift.34.13.0.0" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lshift.34.14" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lshift.34.15" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lshift.34.16" expl="VC for lshift" proved="true">
+ <proof prover="1"><result status="valid" time="2.00"/></proof>
+ </goal>
+ <goal name="VC lshift.34.17" expl="VC for lshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lshift.34.18" expl="VC for lshift" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC lshift.34.18.0" expl="VC for lshift" proved="true">
+ <proof prover="0"><result status="valid" time="0.16"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lshift.34.19" expl="VC for lshift" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lshift.35" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lshift.36" expl="loop invariant preservation" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC lshift.37" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="2.54"/></proof>
+ </goal>
+ <goal name="VC lshift.38" expl="loop invariant preservation" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC lshift.39" expl="loop invariant preservation" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC lshift.40" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC lshift.41" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.42" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC lshift.43" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC lshift.43.0" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lshift.44" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC lshift.45" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.46" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.47" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC lshift.48" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC lshift.49" expl="assertion" proved="true">
+ <proof prover="1" timelimit="20" memlimit="3000"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC lshift.50" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC lshift.51" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC lshift.52" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC lshift.53" expl="precondition" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC lshift.53.0" expl="precondition" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC lshift.54" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="1.98"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift" expl="VC for rshift" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rshift.0" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC rshift.1" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC rshift.2" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.3" expl="integer overflow" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC rshift.3.0" expl="integer overflow" proved="true">
+ <proof prover="1" memlimit="1000"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.4" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC rshift.5" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rshift.6" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.7" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="41"/></proof>
+ </goal>
+ <goal name="VC rshift.8" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC rshift.9" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC rshift.10" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.11" steps="120"/></proof>
+ </goal>
+ <goal name="VC rshift.11" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC rshift.12" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.13" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.14" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rshift.15" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rshift.16" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rshift.17" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rshift.18" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rshift.19" expl="loop invariant init" proved="true">
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC rshift.20" expl="loop invariant init" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC rshift.21" expl="loop invariant init" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.04"/></proof>
+ <proof prover="2"><result status="valid" time="0.05"/></proof>
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC rshift.22" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC rshift.23" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC rshift.24" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rshift.24.0" expl="VC for rshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.24.1" expl="VC for rshift" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC rshift.24.1.0" expl="VC for rshift" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC rshift.24.1.0.0" expl="VC for rshift" proved="true">
+ <proof prover="0"><result status="valid" time="4.17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.25" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.26" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC rshift.27" expl="precondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.03"/></proof>
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC rshift.28" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rshift.29" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.30" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC rshift.31" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC rshift.32" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rshift.33" expl="integer overflow" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ <proof prover="4"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC rshift.34" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC rshift.35" expl="assertion" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC rshift.36" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rshift.36.0" expl="VC for rshift" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.36.1" expl="VC for rshift" proved="true">
+ <proof prover="1" timelimit="10"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC rshift.36.2" expl="VC for rshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.36.3" expl="VC for rshift" proved="true">
+ <proof prover="1" timelimit="10"><result status="valid" time="1.00"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.37" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC rshift.37.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC rshift.37.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC rshift.37.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC rshift.37.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC rshift.37.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.27"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.38" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC rshift.39" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.47"/></proof>
+ </goal>
+ <goal name="VC rshift.40" expl="loop variant decrease" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC rshift.41" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rshift.41.0" expl="VC for rshift" proved="true">
+ <proof prover="0"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC rshift.41.1" expl="VC for rshift" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.42" expl="loop invariant preservation" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC rshift.42.0" expl="loop invariant preservation" proved="true">
+ <transf name="cut" proved="true" arg1="(i = i1+1)">
+ <goal name="VC rshift.42.0.0" expl="loop invariant preservation" proved="true">
+ <transf name="rewrite" proved="true" arg1="h">
+ <goal name="VC rshift.42.0.0.0" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.42.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.43" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="3.35"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.17"/></proof>
+ </goal>
+ <goal name="VC rshift.44" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC rshift.45" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.20"/></proof>
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.46" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.47" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.48" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.12"/></proof>
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.10"/></proof>
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.49" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC rshift.50" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.51" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC rshift.52" expl="loop invariant preservation" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.18"/></proof>
+ </goal>
+ <goal name="VC rshift.53" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC rshift.54" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rshift.54.0" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC rshift.54.0.0" expl="assertion" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC rshift.54.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.55" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC rshift.56" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC rshift.57" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC rshift.58" expl="precondition" proved="true">
+ <proof prover="2" memlimit="2000"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC rshift.59" expl="precondition" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.10"/></proof>
+ </goal>
+ <goal name="VC rshift.60" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rshift.60.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.61" expl="precondition" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="1.94"/></proof>
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC rshift.62" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rshift.62.0" expl="VC for rshift" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC rshift.62.0.0" expl="VC for rshift" proved="true">
+ <transf name="cut" proved="true" arg1="(sz = msb + 1)">
+ <goal name="VC rshift.62.0.0.0" expl="VC for rshift" proved="true">
+ <transf name="rewrite" proved="true" arg1="h">
+ <goal name="VC rshift.62.0.0.0.0" expl="VC for rshift" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.62.0.0.1" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.62.1" expl="VC for rshift" proved="true">
+ <proof prover="2" timelimit="1"><result status="valid" time="0.37"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.63" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC rshift.63.0" expl="VC for rshift" proved="true">
+ <proof prover="0"><result status="valid" time="0.41"/></proof>
+ </goal>
+ <goal name="VC rshift.63.1" expl="VC for rshift" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC rshift.63.1.0" expl="VC for rshift" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC rshift.63.1.0.0" expl="VC for rshift" proved="true">
+ <proof prover="0"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC rshift.64" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+</file>
+</why3session>
diff --git a/examples/multiprecision/logical/why3shapes.gz b/examples/multiprecision/logical/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..aaa3eed43263f1cc131488e1f9cc8a8611bf413f
Binary files /dev/null and b/examples/multiprecision/logical/why3shapes.gz differ
diff --git a/examples/multiprecision/mul.mlw b/examples/multiprecision/mul.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..39db51cca97a8a758a6718103468e45a872b1bff
--- /dev/null
+++ b/examples/multiprecision/mul.mlw
@@ -0,0 +1,601 @@
+module Mul
+
+ use import int.Int
+ use import mach.int.Int32
+ use import mach.int.UInt64GMP as Limb
+ use import int.Power
+ use import ref.Ref
+ use import mach.c.C
+ use import array.Array
+ use import map.Map
+ use import types.Types
+ use import lemmas.Lemmas
+ use import util.Util
+ use import add.Add
+
+
+ (** [mul_limb r x y sz] multiplies [x[0..sz-1]] by the limb [y] and
+ writes the n least significant limbs in [r], and returns the most
+ significant limb. It corresponds to [mpn_mul_1]. *)
+ let mul_limb (r x:t) (y:limb) (sz:int32) : limb
+ requires { valid x sz }
+ requires { valid r sz }
+ ensures { value r sz + (power radix sz) * result
+ = value x sz * y }
+ ensures { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ writes { r.data.elts }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let lx = ref limb_zero in
+ let c = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sz do
+ variant { sz - !i }
+ invariant { 0 <= !i <= sz }
+ invariant { value r !i + (power radix !i) * !c =
+ value x !i * y }
+ invariant { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ label StartLoop in
+ lx := get_ofs x !i;
+ let rl, rh = Limb.mul_double !lx y in
+ let res, carry = Limb.add_with_carry rl !c limb_zero in
+ label BeforeWrite in
+ value_sub_shift_no_change (pelts r) r.offset (p2i !i) (p2i !i) res;
+ set_ofs r !i res;
+ assert { value r !i + (power radix !i) * !c =
+ value x !i * y };
+ assert { rh < radix - 1
+ by
+ (!lx * y <= !lx * (radix-1) <= (radix-1)*(radix-1)
+ by
+ 0 <= !lx <= radix - 1 /\ 0 <= y <= radix -1)
+ /\
+ (radix * rh <= !lx * y
+ by
+ rl + radix * rh = !lx * y)
+ so
+ radix * rh <= (radix -1) * (radix -1)
+ };
+ c := Limb.(+) rh carry;
+ value_tail r !i;
+ value_tail x !i;
+ assert { value x (!i+1) * y
+ = value x !i * y + power radix !i * (!lx * y) };
+ (*nonlinear, needed for reflection*)
+ assert { value r (!i+1) + (power radix (!i+1)) * !c =
+ value x (!i+1) * y
+ (* by
+ value r !i + !c * (power radix !i)
+ = value r k + res * (power radix k)
+ + (power radix !i) * !c
+ = value r k + (power radix k) * res
+ + (power radix k) * radix * !c
+ = value r k + (power radix k) * (res + radix * !c)
+ = value r k + (power radix k) *
+ (res + radix * (rh + carry))
+ = value r k + (power radix k) *
+ (res + radix * carry + radix * rh)
+ = value r k + (power radix k) *
+ ((!c at StartLoop) + rl + radix*rh)
+ = value r k + (power radix k) *
+ ((!c at StartLoop) + !lx * y)
+ = value r k + (power radix k) * (!c at StartLoop)
+ + (power radix k) * !lx * y
+ = value x k * y + (power radix k) * !lx * y
+ = (value x k + (power radix k) * !lx) * y
+ = value x !i * y *)
+ };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ !c
+
+ (** [addmul_limb r x y sz] multiplies [(x, sz)] by [y], adds the [sz]
+ least significant limbs to [(r, sz)] and writes the result in [(r,sz)].
+ Returns the most significant limb of the product plus the carry
+ of the addition. Corresponds to [mpn_addmul_1].*)
+ let addmul_limb (r x:t) (y:limb) (sz:int32):limb
+ requires { valid x sz }
+ requires { valid r sz }
+ ensures { value r sz + (power radix sz) * result
+ = value (old r) sz
+ + value x sz * y }
+ writes { r.data.elts }
+ ensures { forall j. (j < r.offset \/ r.offset + sz <= j) ->
+ (pelts r)[j] = (pelts (old r))[j] }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let lx = ref limb_zero in
+ let lr = ref limb_zero in
+ let c = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sz do
+ variant { sz - !i }
+ invariant { 0 <= !i <= sz }
+ invariant { value r !i + (power radix !i) * !c
+ = value (old r) !i
+ + value x !i * y }
+ invariant { forall j. !i <= j < sz ->
+ (pelts (old r)) [r.offset+j] = (pelts r)[r.offset + j] }
+ invariant { forall j. j < r.offset \/ r.offset + sz <= j ->
+ (pelts r)[j] = (pelts (old r))[j] }
+ label StartLoop in
+ lx := get_ofs x !i;
+ lr := get_ofs r !i;
+ assert { !lr = (pelts (old r))[r.offset + !i] };
+ let rl, rh = Limb.mul_double !lx y in
+ let res, carry = Limb.add3 !lr rl !c in
+ value_tail r !i;
+ value_tail x !i;
+ assert { value (old r) (!i+1) = value (old r) !i + power radix !i * !lr };
+ (* value_tail (old r) !i... *)
+ value_sub_update (pelts r) (r.offset + p2i !i)
+ r.offset (r.offset + p2i !i +1) res;
+ set_ofs r !i res;
+ assert { forall j. (!i + 1) <= j < sz ->
+ (pelts (old r))[r.offset+j] = (pelts r)[r.offset+j]
+ by
+ (pelts r)[r.offset+j] = ((pelts r) at StartLoop)[r.offset+j]
+ = (pelts (old r))[r.offset+j] };
+ assert { value r (!i + 1)
+ = value (r at StartLoop) (!i + 1)
+ + (power radix !i) * (res - !lr) };
+ assert { rl + radix * rh <= (radix-1)*(radix-1)
+ by
+ (!lx * y <= !lx * (radix-1) <= (radix-1)*(radix-1)
+ by
+ 0 <= !lx <= radix - 1 /\ 0 <= y <= radix -1)
+ /\
+ rl + radix * rh = !lx * y };
+ assert { rh < radix - 1
+ by
+ rl + radix * rh <= (radix -1) * (radix -1)
+ so
+ radix * rh <= (radix -1) * (radix -1) };
+ assert { rh = radix - 2 -> rl <= 1
+ by
+ rl + radix * rh <= (radix-1)*(radix-1) };
+ assert { rh = radix - 2 -> carry <= 1
+ by rl <= 1 };
+ c := Limb.(+) rh carry;
+ assert { value x (!i + 1) * y
+ = value x !i * y + (power radix !i) * (!lx * y) };
+ (* nonlinear part *)
+ assert { value r (!i+1) + (power radix (!i+1)) * !c
+ = value (old r) (!i+1)
+ + value x (!i+1) * y
+ (* by
+ (value r !i + (power radix !i) * !c
+ = value (r at StartLoop) !i +
+ (power radix k) * (res - !lr)
+ + (power radix !i) * !c
+ = value (r at StartLoop) !i +
+ (power radix k) * (res - !lr)
+ + (power radix !i) * (rh + carry)
+ = value (r at StartLoop) !i +
+ (power radix k) * (res - !lr)
+ + (power radix k) * radix * (rh + carry)
+ = value (r at StartLoop) !i +
+ (power radix k) * (res - !lr
+ + radix * (rh + carry))
+ = value (r at StartLoop) !i +
+ (power radix k) * (res + radix * carry
+ - !lr + radix * rh)
+ = value (r at StartLoop) !i +
+ (power radix k) * (rl + !lr + (!c at StartLoop)
+ - !lr + radix * rh)
+ = value (r at StartLoop) !i +
+ (power radix k) * (rl + radix * rh + (!c at StartLoop))
+ = value (r at StartLoop) !i +
+ (power radix k) * (!lx * y + (!c at StartLoop))
+ = value (r at StartLoop) k
+ + (power radix k) * !lr
+ + (power radix k) * (!lx * y + (!c at StartLoop))
+ = value (r at StartLoop) k
+ + (power radix k) * (!c at StartLoop)
+ + (power radix k) * (!lx * y + !lr)
+ = value (old r) k
+ + value x k * y
+ + (power radix k) * (!lx * y + !lr)
+ = value (old r) k
+ + (power radix k) * !lr
+ + (value x k + (power radix k)* (!lx)) * y
+ = value (old r) !i
+ + (value x k + (power radix k)* (!lx)) * y
+ = value (old r) !i
+ + value x !i * y
+ by
+ value (old r) !i = value (old r) k
+ + (power radix k) * (!lr)
+ ) *)
+ };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ !c
+
+ (** [mul_limbs r x y sz] multiplies [(x, sz)] and [(y, sz)] and
+ writes the result to [(r, 2*sz)]. [r] must not overlap with either
+ [x] or [y]. Corresponds to [mpn_mul_n]. *)
+ let mul_limbs (r x y:t) (sz:int32) : unit
+ requires { sz > 0 }
+ requires { valid x sz }
+ requires { valid y sz }
+ requires { valid r (sz + sz) }
+ writes { r.data.elts }
+ ensures { value r (sz + sz)
+ = value x sz * value y sz }
+ ensures { forall j. (j < offset r \/ offset r + (sz + sz) <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ =
+ zero r sz;
+ let limb_zero = Limb.of_int 0 in
+ let one = Int32.of_int 1 in
+ let rp = ref (C.incr r (Int32.of_int 0)) in
+ let ly = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sz do
+ invariant { 0 <= !i <= sz }
+ invariant { value r (!i + sz) = value x sz * value y !i }
+ invariant { (!rp).offset = r.offset + !i }
+ invariant { plength !rp = plength r }
+ invariant { !rp.min = r.min }
+ invariant { !rp.max = r.max }
+ invariant { pelts !rp = pelts r }
+ invariant { forall j. (j < offset r \/ offset r + (sz + sz) <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ variant { sz - !i }
+ label StartLoop in
+ value_concat r !i (!i + sz);
+ assert { value !rp sz
+ = value_sub (pelts r) (offset r + !i) (offset r + (!i + sz)) };
+ ly := get_ofs y !i;
+ let c' = addmul_limb !rp x !ly sz in
+ assert { value !rp sz + power radix sz * c'
+ = value (!rp at StartLoop) sz + value x sz * !ly };
+ assert { MapEq.map_eq_sub (pelts r) (pelts r at StartLoop)
+ r.offset (!rp).offset
+ by (!rp).offset = r.offset + !i
+ so forall j. r.offset <= j < (!rp).offset
+ ->
+ (j < (!rp).offset
+ so (pelts !rp)[j] = (pelts !rp at StartLoop)[j]
+ = (pelts r at StartLoop)[j]) };
+ label BeforeCarry in
+ value_sub_update_no_change (pelts r) ((!rp).offset + p2i sz)
+ r.offset (r.offset + p2i !i) c';
+ set_ofs !rp sz c';
+ assert { (pelts !rp)[offset !rp + sz] = c'
+ = (pelts r)[offset r + (!i + sz)] };
+ assert { value r !i = value (r at BeforeCarry) !i
+ = value (r at StartLoop) !i};
+ value_tail r (!i + sz);
+ assert { value r (!i + sz + 1) = value r (!i + sz)
+ + power radix (!i + sz) * (pelts r)[offset r + (!i + sz)] };
+ value_tail y !i;
+ value_concat r !i (!i + sz);
+ assert { value_sub (pelts r) (r.offset + !i) (r.offset + (!i + sz))
+ = value !rp sz };
+ assert { value !rp sz = value (!rp at BeforeCarry) sz };
+ assert { value !rp sz + power radix sz * c'
+ = value (!rp at StartLoop) sz + value x sz * !ly };
+ assert { value (r at StartLoop) !i
+ + (power radix !i) * value_sub (pelts r at StartLoop)
+ (r.offset + !i) (r.offset + (!i + sz))
+ = value (r at StartLoop) (!i + sz) };
+ assert { value x sz * value y (!i + 1)
+ = value x sz * value y !i + (power radix !i) * (value x sz * !ly) };
+ (* nonlinear *)
+ assert { value r (!i + sz + 1) = value x sz * value y (!i+1) };
+ i := Int32.(+) !i one;
+ rp.contents <- C.incr !rp one;
+ done
+
+ let addmul_limbs (r x y:t) (sz:int32) : limb
+ requires { sz > 0 }
+ requires { valid x sz }
+ requires { valid y sz }
+ requires { valid r (sz + sz) }
+ writes { r.data.elts }
+ ensures { value r (sz + sz)
+ + power radix (sz + sz) * result
+ = value (old r) (sz + sz)
+ + value x sz * value y sz }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let one = Int32.of_int 1 in
+ let rp = ref (C.incr r (Int32.of_int 0)) in
+ let ly = ref limb_zero in
+ let lr = ref limb_zero in
+ let c = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sz do
+ invariant { 0 <= !i <= sz }
+ invariant { value r (!i + sz)
+ + (power radix (!i + sz)) * !c
+ = value (old r) (!i + sz)
+ + value x sz * value y !i }
+ invariant { (!rp).offset = r.offset + !i }
+ invariant { !rp.min = r.min }
+ invariant { !rp.max = r.max }
+ invariant { r.data = (!rp).data }
+ invariant { 0 <= !c <= 1 }
+ invariant { forall j. (!rp).offset + sz <= j ->
+ (pelts (old r)) [j] = (pelts r)[j] }
+ variant { sz - !i }
+ label StartLoop in
+ value_concat r !i (!i+sz);
+ assert { value !rp sz
+ = value_sub (pelts r) (r.offset + !i) (r.offset + (!i + sz)) };
+ ly := get_ofs y !i;
+ let c' = addmul_limb !rp x !ly sz in
+ assert { forall j. (!rp).offset + sz <= j ->
+ (pelts (old r)) [j] = (pelts r)[j]
+ by (pelts r)[j]
+ = (pelts !rp)[j]
+ = (pelts !rp)[j] at StartLoop
+ = (pelts (old r))[j]};
+ assert { value !rp sz + power radix sz * c'
+ = value (!rp at StartLoop) sz + value x sz * !ly };
+ assert { MapEq.map_eq_sub (pelts r) (pelts r at StartLoop)
+ r.offset (!rp).offset
+ by (!rp).offset = r.offset + !i
+ so forall j. r.offset <= j < (!rp).offset
+ ->
+ (j < (!rp).offset
+ so (pelts !rp)[j] = (pelts !rp at StartLoop)[j]
+ = (pelts r at StartLoop)[j]) };
+ lr := get_ofs !rp sz;
+ assert { !lr = (pelts (old r))[(old r).offset + (!i + sz)] };
+ let (res, carry) = add_with_carry c' !lr !c in
+ label BeforeCarry in
+ value_sub_update_no_change (pelts r) ((!rp).offset + p2i sz)
+ r.offset (r.offset + p2i !i) res;
+ set_ofs !rp sz res;
+ assert { value !rp sz = value (!rp at BeforeCarry) sz };
+ c:= carry;
+ assert { value r !i = value (r at BeforeCarry) !i
+ = value (r at StartLoop) !i};
+ value_tail r (!i+sz);
+ value_tail y !i;
+ assert { value (old r) ((!i+sz)+1)
+ = value (old r) (!i+sz) + power radix (!i+sz) * !lr };
+ assert { (pelts r)[r.offset + (!i + sz)] = res };
+ value_concat r !i (!i+sz);
+ assert { value_sub (pelts r) (r.offset + !i) (r.offset+(!i+sz))
+ = value !rp sz };
+ assert { value x sz * value y (!i+1)
+ = value x sz * value y !i + power radix !i * (value x sz * !ly) };
+ (* nonlinear *)
+ assert { value r (!i + sz + 1)
+ + (power radix (!i + sz + 1)) * !c
+ = value (old r) (!i + sz + 1)
+ + value x sz
+ * value y (!i + 1)
+ (*by
+ power radix (k + sz) = power radix k * power radix sz
+ so
+ power radix (!i + sz) = power radix k * power radix sz * radix
+ so
+ value (r at StartLoop) k
+ + (power radix k) * value_sub (pelts r at StartLoop)
+ (r.offset + k) (r.offset + k + sz)
+ = value (r at StartLoop) (k + sz)
+ so (value (old r) (!i+sz)
+ = value (old r) (k+sz)
+ + power radix (k+sz) * !lr
+ by !lr = (pelts (old r))[r.offset + k + sz])
+ so
+ value !rp sz + (power radix sz) * c' =
+ value (!rp at StartLoop) sz
+ + value x sz * !ly
+ so
+ value r (!i + sz)
+ + (power radix (!i + sz)) * !c
+ = value r (k + sz)
+ + (power radix (k + sz)) * res
+ + (power radix (!i + sz)) * !c
+ = value r k
+ + (power radix k) * value !rp sz
+ + (power radix (k + sz)) * res
+ + (power radix (!i + sz)) * !c
+ = value r k
+ + (power radix k) * value !rp sz
+ + (power radix k) * (power radix sz) * res
+ + (power radix (!i + sz)) * !c
+ = value r k
+ + (power radix k) * value !rp sz
+ + (power radix k) * (power radix sz) * res
+ + (power radix k) * (power radix sz) * radix * !c
+ = value r k
+ + (power radix k) * value !rp sz
+ + (power radix k) * (power radix sz)
+ * (res + radix * !c)
+ = value r k
+ + (power radix k) * value !rp sz
+ + (power radix k) * (power radix sz)
+ * (c' + (!c at StartLoop) + !lr)
+ = value r k + (power radix k)
+ * (value !rp sz
+ + power radix sz * (c'+ (!c at StartLoop) + !lr))
+ = value r k + (power radix k)
+ * (value !rp sz
+ + power radix sz * c'
+ + power radix sz * ((!c at StartLoop) + !lr))
+ = value r k + (power radix k)
+ * (value (!rp at StartLoop) sz
+ + value x sz * !ly
+ + (power radix sz) * ((!c at StartLoop) + !lr))
+ = value r k
+ + power radix k * (value (!rp at StartLoop) sz)
+ + power radix k * (value x sz * !ly
+ + (power radix sz) * ((!c at StartLoop) + !lr))
+ = value (r at StartLoop) k
+ + power radix k * (value (!rp at StartLoop) sz)
+ + power radix k * (value x sz * !ly
+ + (power radix sz) * ((!c at StartLoop) + !lr))
+ = value (r at StartLoop) k
+ + power radix k * (value_sub (pelts r at StartLoop) (r.offset+k)
+ (r.offset+k+ sz))
+ + power radix k * (value x sz * !ly
+ + (power radix sz) * ((!c at StartLoop) + !lr))
+ = value (r at StartLoop) (k + sz)
+ + power radix k * (value x sz * !ly
+ + (power radix sz) * ((!c at StartLoop) + !lr))
+ = value (r at StartLoop) (k + sz)
+ + power radix k * value x sz * !ly
+ + power radix k * power radix sz * ((!c at StartLoop) + !lr)
+ = value (r at StartLoop) (k + sz)
+ + power radix k * power radix sz * ((!c at StartLoop) + !lr)
+ + power radix k * value x sz * !ly
+ = value (r at StartLoop) (k + sz)
+ + power radix (k + sz) * ((!c at StartLoop) + !lr)
+ + power radix k * value x sz * !ly
+ = value (r at StartLoop) (k + sz)
+ + power radix (k + sz) * ((!c at StartLoop))
+ + power radix (k + sz) * !lr
+ + power radix k * value x sz * !ly
+ = value (old r) (k+sz)
+ + value x sz * value y k
+ + power radix (k + sz) * !lr
+ + power radix k * value x sz * !ly
+ = value (old r) (k+sz)
+ + power radix (k + sz) * !lr
+ + value x sz * value y k
+ + power radix k * value x sz * !ly
+ = value (old r) (k+sz)
+ + power radix (k + sz) * !lr
+ + value x sz * (value y k + power radix k * !ly)
+ = value (old r) (k+sz)
+ + power radix (k + sz) * !lr
+ + value x sz * value y !i
+ = value (old r) (!i +sz)
+ + value x sz * value y !i *)
+ };
+ i := Int32.(+) !i one;
+ rp.contents <- C.incr !rp one;
+ assert { forall j. (!rp).offset + sz <= j ->
+ (pelts (old r)) [j] = (pelts r)[j] };
+ done;
+ !c
+
+ (** [mul r x y sx sy] multiplies [(x, sx)] and [(y,sy)] and writes
+ the result in [(r, sx+sy)]. [sx] must be greater than or equal to
+ [sy]. Corresponds to [mpn_mul]. *)
+ let mul (r x y:t) (sx sy:int32) : unit
+ requires { 0 < sy <= sx }
+ requires { valid x sx }
+ requires { valid y sy }
+ requires { valid r (sy + sx) }
+ writes { r.data.elts }
+ ensures { value r (sy + sx) = value x sx * value y sy }
+ ensures { forall j. (j < offset r \/ offset r + (sy + sx) <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ (*ensures { result = (pelts r)[r.offset + sx + sy - 1] }*)
+ =
+ let ly = ref (C.get y) in
+ let c = mul_limb r x !ly sx in
+ value_sub_update_no_change (pelts r) (r.offset + p2i sx)
+ r.offset (r.offset + p2i sx - 1) c;
+ set_ofs r sx c;
+ value_sub_tail (pelts r) r.offset (r.offset + p2i sx);
+ assert { value r (sx + 1) = value x sx * value y 1
+ by value y 1 = !ly
+ so value r sx + power radix sx * c = value x sx * value y 1 };
+ let one = Int32.of_int 1 in
+ let rp = ref (C.incr r (Int32.of_int 1)) in
+ let i = ref (Int32.of_int 1) in
+ while Int32.(<) !i sy do
+ invariant { 1 <= !i <= sy }
+ invariant { value r (!i + sx) = value x sx * value y !i }
+ invariant { (!rp).offset = r.offset + !i }
+ invariant { plength !rp = plength r }
+ invariant { !rp.min = r.min }
+ invariant { !rp.max = r.max }
+ invariant { pelts !rp = pelts r }
+ invariant { forall j. (j < offset r \/ offset r + (sy + sx) <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ variant { sy - !i }
+ label StartLoop in
+ value_concat r !i (!i + sx);
+ assert { value !rp sx =
+ value_sub (pelts r) (r.offset + !i) (r.offset + (!i + sx)) };
+ ly := get_ofs y !i;
+ let res = addmul_limb !rp x !ly sx in
+ assert { value !rp sx + power radix sx * res
+ = value (!rp at StartLoop) sx + value x sx * !ly };
+ assert { MapEq.map_eq_sub (pelts r) (pelts r at StartLoop)
+ r.offset (!rp).offset
+ by (!rp).offset = r.offset + !i
+ so forall j. r.offset <= j < (!rp).offset
+ ->
+ (j < (!rp).offset
+ so (pelts !rp)[j] = (pelts !rp at StartLoop)[j]
+ = (pelts r at StartLoop)[j]) };
+ label BeforeCarry in
+ value_sub_update_no_change (pelts r) ((!rp).offset + p2i sx)
+ r.offset (r.offset + p2i !i) res;
+ set_ofs !rp sx res;
+ assert { value !rp sx = value (!rp at BeforeCarry) sx };
+ assert { value r !i = value (r at BeforeCarry) !i
+ = value (r at StartLoop) !i };
+ value_tail r (!i + sx);
+ value_tail y !i;
+ value_concat r !i (!i+sx);
+ assert { value_sub (pelts r) (r.offset + !i) (r.offset+(!i+sx))
+ = value !rp sx };
+ assert { (pelts r)[r.offset + (!i+sx)] = res };
+ assert { value x sx * value y (!i+1)
+ = value x sx * value y !i
+ + power radix !i * (value x sx * !ly) };
+ (*nonlinear*)
+ assert { value r (!i + sx + 1) = value x sx * value y (!i+1)
+ (*by (value !rp sx + power radix sx * res
+ = value (!rp at StartLoop) sx + value x sx * !ly
+ by value !rp sx = value (!rp at BeforeCarry) sx)
+ so power radix (k + sx) = power radix k * power radix sx
+ so
+ value (r at StartLoop) k
+ + (power radix k) * value_sub (pelts r at StartLoop)
+ (r.offset + k) (r.offset + k + sx)
+ = value (r at StartLoop) (k + sx)
+ so
+ value r (!i + sx)
+ = value r (k + sx)
+ + (power radix (k + sx)) * res
+ = value r k
+ + (power radix k) * value !rp sx
+ + (power radix (k + sx)) * res
+ = value r k
+ + (power radix k) * value !rp sx
+ + (power radix k) * (power radix sx) * res
+ = value r k
+ + (power radix k) * value !rp sx
+ + (power radix k) * (power radix sx) * res
+ = value r k
+ + (power radix k) * (value !rp sx + (power radix sx) * res)
+ = value r k + (power radix k)
+ * (value (!rp at StartLoop) sx
+ + value x sx * !ly)
+ = value r k
+ + power radix k * (value (!rp at StartLoop) sx)
+ + power radix k * (value x sx * !ly)
+ = value (r at StartLoop) k
+ + power radix k * (value (!rp at StartLoop) sx)
+ + power radix k * (value x sx * !ly)
+ = value (r at StartLoop) k
+ + power radix k * (value_sub (pelts r at StartLoop) (r.offset+k)
+ (r.offset+k+ sx))
+ + power radix k * (value x sx * !ly)
+ = value (r at StartLoop) (k + sx)
+ + power radix k * (value x sx * !ly)
+ = value x sx * value y k
+ + power radix k * value x sx * !ly
+ = value x sx *
+ (value y k + power radix k * !ly)
+ = value x sx * value y !i *) };
+ i := Int32.(+) !i one;
+ rp.contents <- C.incr !rp one;
+ done;
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/mul/why3session.xml b/examples/multiprecision/mul/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..1c65994f5fe4ea3d1db6e33e3f76b4d9b8715a97
--- /dev/null
+++ b/examples/multiprecision/mul/why3session.xml
@@ -0,0 +1,1471 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="Eprover" version="1.9.1-001" timelimit="5" steplimit="0" memlimit="2000"/>
+<prover id="1" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="2" name="CVC4" version="1.4" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="3" name="Z3" version="4.5.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="4" name="Z3" version="4.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="5" name="Alt-Ergo" version="2.0.0" timelimit="5" steplimit="0" memlimit="1000"/>
+<file name="../mul.mlw" proved="true">
+<theory name="Mul" proved="true">
+ <goal name="VC mul_limb" expl="VC for mul_limb" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limb.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul_limb.1" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limb.1.0" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limb.2" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="11"/></proof>
+ </goal>
+ <goal name="VC mul_limb.3" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="70"/></proof>
+ </goal>
+ <goal name="VC mul_limb.4" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mul_limb.5" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limb.5.0" expl="VC for mul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul_limb.5.1" expl="VC for mul_limb" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limb.6" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limb.7" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limb.7.0" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limb.8" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limb.9" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limb.9.0" expl="VC for mul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mul_limb.9.1" expl="VC for mul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limb.10" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.05" steps="56"/></proof>
+ </goal>
+ <goal name="VC mul_limb.11" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="56"/></proof>
+ </goal>
+ <goal name="VC mul_limb.12" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limb.13" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.05" steps="36"/></proof>
+ </goal>
+ <goal name="VC mul_limb.14" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limb.15" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.28" steps="38"/></proof>
+ </goal>
+ <goal name="VC mul_limb.16" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul_limb.16.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC mul_limb.16.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC mul_limb.16.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC mul_limb.16.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.32"/></proof>
+ </goal>
+ <goal name="VC mul_limb.16.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limb.17" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limb.18" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC mul_limb.19" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC mul_limb.20" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limb.21" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul_limb.22" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.15"/></proof>
+ </goal>
+ <goal name="VC mul_limb.23" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.01" steps="19"/></proof>
+ </goal>
+ <goal name="VC mul_limb.24" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb" expl="VC for addmul_limb" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limb.0" expl="integer overflow" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limb.0.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb.1" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.2" expl="loop invariant init" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.3" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="69"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.4" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.5" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.6" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.7" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limb.7.0" expl="VC for addmul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.7.1" expl="VC for addmul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb.8" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limb.8.0" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="45"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb.9" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.10" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limb.10.0" expl="precondition" proved="true">
+ <proof prover="1" memlimit="2000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb.11" expl="assertion" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="6.40"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.12" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.09"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.13" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limb.13.0" expl="VC for addmul_limb" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limb.13.0.0" expl="VC for addmul_limb" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC addmul_limb.13.0.0.0" expl="VC for addmul_limb" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="0.14"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb.13.1" expl="VC for addmul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb.14" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limb.14.0" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.14.1" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.39"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.14.2" expl="VC for addmul_limb" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb.15" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="2.24"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.16" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limb.16.0" expl="VC for addmul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.16.1" expl="VC for addmul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.16.2" expl="VC for addmul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.16.3" expl="VC for addmul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.16.4" expl="VC for addmul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.16.5" expl="VC for addmul_limb" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limb.16.5.0" expl="VC for addmul_limb" proved="true">
+ <transf name="apply" proved="true" arg1="prod_compat_r">
+ <goal name="VC addmul_limb.16.5.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.16.5.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb.16.6" expl="VC for addmul_limb" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.16.7" expl="VC for addmul_limb" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb.17" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.18" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.19" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.20" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.21" expl="assertion" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.22" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limb.22.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC addmul_limb.22.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC addmul_limb.22.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.38"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.22.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.22.0.0.2" proved="true">
+ <proof prover="2"><result status="valid" time="0.34"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limb.23" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.24" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.25" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.26" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.27" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.28" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.29" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.30" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="19"/></proof>
+ </goal>
+ <goal name="VC addmul_limb.31" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs" expl="VC for mul_limbs" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limbs.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="27"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.1" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="33"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.2" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.3" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="35"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.4" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="35"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.5" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.6" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limbs.6.0" expl="VC for mul_limbs" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.6.1" expl="VC for mul_limbs" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.7" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="107"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.8" expl="loop invariant init" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="30"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.9" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.10" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.11" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.12" expl="loop invariant init" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul_limbs.12.0" expl="loop invariant init" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC mul_limbs.12.0.0" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limbs.12.0.0.0" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.13" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.14" expl="integer overflow" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul_limbs.14.0" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.15" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.16" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="76"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.17" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limbs.17.0" expl="VC for mul_limbs" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="45"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.17.1" expl="VC for mul_limbs" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.18" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.19" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limbs.19.0" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul_limbs.19.0.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC mul_limbs.19.0.0.0" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20" memlimit="3000"><result status="valid" time="0.04" steps="89"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.20" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="57"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.21" expl="assertion" proved="true">
+ <proof prover="4"><result status="valid" time="4.10"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.22" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="58"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.23" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.24" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="75"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.25" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="110"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.26" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limbs.26.0" expl="VC for mul_limbs" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.10" steps="112"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.26.1" expl="VC for mul_limbs" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.27"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.27" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.28" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.29" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.30" expl="precondition" proved="true">
+ <proof prover="2" timelimit="5"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.31" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.32" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.10" steps="80"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.33" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul_limbs.33.0" expl="assertion" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC mul_limbs.33.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.34" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul_limbs.34.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.43"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.35" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limbs.35.0" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.09" steps="83"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.36" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.12" steps="84"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.37" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.14" steps="85"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.38" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul_limbs.38.0" expl="assertion" proved="true">
+ <transf name="rewrite" proved="true" arg1="H6" arg2="in" arg3="H5">
+ <goal name="VC mul_limbs.38.0.0" expl="assertion" proved="true">
+ <transf name="rewrite" proved="true" arg1="H10" arg2="in" arg3="H9">
+ <goal name="VC mul_limbs.38.0.0.0" expl="assertion" proved="true">
+ <transf name="rewrite" proved="true" arg1="H57" arg2="in" arg3="H56">
+ <goal name="VC mul_limbs.38.0.0.0.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC mul_limbs.38.0.0.0.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC mul_limbs.38.0.0.0.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.43"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.38.0.0.0.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="1.31"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.39" expl="integer overflow" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul_limbs.39.0" expl="integer overflow" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC mul_limbs.39.0.0" expl="integer overflow" proved="true">
+ <proof prover="0" memlimit="1000"><result status="valid" time="3.74"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.40" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.41" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.42" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.43" expl="loop invariant preservation" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul_limbs.43.0" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.19"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.44" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.45" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.46" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.47" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.48" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul_limbs.48.0" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul_limbs.49" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.40"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.50" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="41"/></proof>
+ </goal>
+ <goal name="VC mul_limbs.51" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs" expl="VC for addmul_limbs" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limbs.0" expl="integer overflow" proved="true">
+ <proof prover="4" timelimit="10"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.1" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="28"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.2" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.02" steps="29"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.3" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.12" steps="29"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.4" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.04" steps="37"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.5" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limbs.5.0" expl="VC for addmul_limbs" proved="true">
+ <proof prover="1"><result status="valid" time="0.09"/></proof>
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limbs.5.0.0" expl="VC for addmul_limbs" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC addmul_limbs.5.0.0.0" expl="VC for addmul_limbs" proved="true">
+ <proof prover="0" timelimit="20" memlimit="1000"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.5.1" expl="VC for addmul_limbs" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.6" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="106"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.7" expl="loop invariant init" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limbs.7.0" expl="loop invariant init" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC addmul_limbs.7.0.0" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limbs.7.0.0.0" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.01" steps="24"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.8" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.9" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.10" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.11" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.06" steps="25"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.12" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.05" steps="6"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.13" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.14" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.15" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="86"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.16" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="55"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.17" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.06" steps="40"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.18" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="85"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.19" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limbs.19.0" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC addmul_limbs.19.0.0" expl="VC for addmul_limbs" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.19.0.1" expl="VC for addmul_limbs" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.19.0.2" expl="VC for addmul_limbs" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.19.0.3" expl="VC for addmul_limbs" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.20" expl="assertion" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.02" steps="52"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.21" expl="assertion" proved="true">
+ <proof prover="2"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.22" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="69"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.23" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limbs.23.0" expl="assertion" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC addmul_limbs.23.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.24" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="55"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.25" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limbs.25.0" expl="precondition" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limbs.25.0.0" expl="precondition" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC addmul_limbs.25.0.0.0" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="58"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.26" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.08" steps="59"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.27" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.05" steps="75"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.28" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.60"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.29" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.30" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.31" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.05" steps="77"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.32" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.06" steps="78"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.33" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="3.34"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.34" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.32" steps="117"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.35" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.36" expl="precondition" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.32" steps="82"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.37" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limbs.37.0" expl="assertion" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC addmul_limbs.37.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.05"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.38" expl="assertion" proved="true">
+ <proof prover="5" timelimit="20"><result status="valid" time="0.45" steps="84"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.39" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limbs.39.0" expl="assertion" proved="true">
+ <transf name="rewrite" proved="true" arg1="H3" arg2="in" arg3="H2">
+ <goal name="VC addmul_limbs.39.0.0" expl="assertion" proved="true">
+ <transf name="rewrite" proved="true" arg1="H8" arg2="in" arg3="H7">
+ <goal name="VC addmul_limbs.39.0.0.0" expl="assertion" proved="true">
+ <transf name="rewrite" proved="true" arg1="H60" arg2="in" arg3="H59">
+ <goal name="VC addmul_limbs.39.0.0.0.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC addmul_limbs.39.0.0.0.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC addmul_limbs.39.0.0.0.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.39.0.0.0.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.39.0.0.0.0.0.2" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.31"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.40" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.41" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.42" expl="assertion" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.86"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.43" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.44" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.45" expl="loop invariant preservation" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limbs.45.0" expl="loop invariant preservation" proved="true">
+ <transf name="cut" proved="true" arg1="(i=i1+1)">
+ <goal name="VC addmul_limbs.45.0.0" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.45.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.46" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.47" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.48" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.49" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.50" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC addmul_limbs.50.0" expl="VC for addmul_limbs" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC addmul_limbs.50.1" expl="VC for addmul_limbs" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limbs.50.1.0" expl="VC for addmul_limbs" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.51" expl="loop invariant preservation" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC addmul_limbs.51.0" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC addmul_limbs.52" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="36"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul" expl="VC for mul" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul.0" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul.0.0" expl="VC for mul" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.0.1" expl="VC for mul" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul.1" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.01" steps="11"/></proof>
+ </goal>
+ <goal name="VC mul.2" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="30"/></proof>
+ </goal>
+ <goal name="VC mul.3" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.01" steps="17"/></proof>
+ </goal>
+ <goal name="VC mul.4" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="18"/></proof>
+ </goal>
+ <goal name="VC mul.5" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="36"/></proof>
+ </goal>
+ <goal name="VC mul.6" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="25"/></proof>
+ </goal>
+ <goal name="VC mul.7" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul.7.0" expl="VC for mul" proved="true">
+ <proof prover="3"><result status="valid" time="0.29"/></proof>
+ </goal>
+ <goal name="VC mul.7.1" expl="VC for mul" proved="true">
+ <proof prover="0"><result status="valid" time="0.41"/></proof>
+ </goal>
+ <goal name="VC mul.7.2" expl="VC for mul" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="72"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul.8" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="46"/></proof>
+ </goal>
+ <goal name="VC mul.9" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="47"/></proof>
+ </goal>
+ <goal name="VC mul.10" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="47"/></proof>
+ </goal>
+ <goal name="VC mul.11" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.07" steps="55"/></proof>
+ </goal>
+ <goal name="VC mul.12" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="37"/></proof>
+ </goal>
+ <goal name="VC mul.13" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="39"/></proof>
+ </goal>
+ <goal name="VC mul.14" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.09" steps="40"/></proof>
+ </goal>
+ <goal name="VC mul.15" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul.15.0" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="41"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul.16" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.17" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.18" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="41"/></proof>
+ </goal>
+ <goal name="VC mul.19" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="86"/></proof>
+ </goal>
+ <goal name="VC mul.20" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.21" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="52"/></proof>
+ </goal>
+ <goal name="VC mul.22" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="90"/></proof>
+ </goal>
+ <goal name="VC mul.23" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="72"/></proof>
+ </goal>
+ <goal name="VC mul.24" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="55"/></proof>
+ </goal>
+ <goal name="VC mul.25" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.14" steps="108"/></proof>
+ </goal>
+ <goal name="VC mul.26" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.14" steps="67"/></proof>
+ </goal>
+ <goal name="VC mul.27" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.84" steps="137"/></proof>
+ </goal>
+ <goal name="VC mul.28" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.60"/></proof>
+ </goal>
+ <goal name="VC mul.29" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul.29.0" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.13" steps="69"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul.30" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC mul.30.0" expl="VC for mul" proved="true">
+ <proof prover="4" memlimit="2000"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mul.30.1" expl="VC for mul" proved="true">
+ <proof prover="2"><result status="valid" time="0.10"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul.31" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.62"/></proof>
+ </goal>
+ <goal name="VC mul.32" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC mul.33" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC mul.34" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.30" steps="86"/></proof>
+ </goal>
+ <goal name="VC mul.35" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.22" steps="87"/></proof>
+ </goal>
+ <goal name="VC mul.36" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul.37" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC mul.38" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul.38.0" expl="assertion" proved="true">
+ <transf name="inline_goal" proved="true" >
+ <goal name="VC mul.38.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul.39" expl="assertion" proved="true">
+ <proof prover="5" timelimit="10" memlimit="2000"><result status="valid" time="4.18" steps="134"/></proof>
+ </goal>
+ <goal name="VC mul.40" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="3.28" steps="92"/></proof>
+ </goal>
+ <goal name="VC mul.41" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC mul.41.0" expl="assertion" proved="true">
+ <transf name="rewrite" proved="true" arg1="H4" arg2="in" arg3="H3">
+ <goal name="VC mul.41.0.0" expl="assertion" proved="true">
+ <transf name="rewrite" proved="true" arg1="H7" arg2="in" arg3="H6">
+ <goal name="VC mul.41.0.0.0" expl="assertion" proved="true">
+ <transf name="rewrite" proved="true" arg1="H54" arg2="in" arg3="H53">
+ <goal name="VC mul.41.0.0.0.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC mul.41.0.0.0.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC mul.41.0.0.0.0.0.0" expl="assertion" proved="true">
+ <transf name="apply" proved="true" arg1="HR">
+ <goal name="VC mul.41.0.0.0.0.0.0.0" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.3" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.4" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.5" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.6" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.7" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.8" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.9" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.10" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.11" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.12" proved="true">
+ <proof prover="3"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.13" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.14" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.15" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.16" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.17" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.18" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.19" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.20" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.21" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.22" proved="true">
+ <proof prover="3"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.23" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.24" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.25" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.26" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.27" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.28" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.29" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.30" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.31" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.32" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.33" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.34" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.35" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.36" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.37" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.38" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.39" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.40" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.41" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.42" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.43" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.44" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.45" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.46" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.47" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.48" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.49" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.50" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.51" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.52" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.53" proved="true">
+ <proof prover="3"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.54" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.55" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.56" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.57" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.58" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.59" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.60" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.61" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.62" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.63" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.64" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.65" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.66" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.67" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.68" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.69" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.70" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.71" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.72" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.73" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.74" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.75" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.76" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.77" proved="true">
+ <proof prover="3"><result status="valid" time="0.26"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.78" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.79" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.80" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.81" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.82" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.83" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.84" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.85" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.86" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.87" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.88" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.89" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.90" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.91" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.92" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.93" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.94" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.95" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.96" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.97" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.98" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.99" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.100" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.101" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.102" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.103" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.104" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.105" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.106" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.107" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.108" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.109" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.110" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.111" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.112" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.0.113" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul.41.0.0.0.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.31"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC mul.42" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC mul.43" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC mul.44" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul.45" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC mul.46" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="3.14"/></proof>
+ </goal>
+ <goal name="VC mul.47" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC mul.48" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC mul.49" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.50" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.51" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC mul.52" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.27"/></proof>
+ </goal>
+ <goal name="VC mul.53" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="51"/></proof>
+ </goal>
+ <goal name="VC mul.54" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+</file>
+</why3session>
diff --git a/examples/multiprecision/mul/why3shapes.gz b/examples/multiprecision/mul/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..0f7ec6398320949c58cfefe1efd929d44f0a17a3
Binary files /dev/null and b/examples/multiprecision/mul/why3shapes.gz differ
diff --git a/examples/multiprecision/sub.mlw b/examples/multiprecision/sub.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..08ced6d0d615bf0354f5e8a40628fd59cf6eb6b8
--- /dev/null
+++ b/examples/multiprecision/sub.mlw
@@ -0,0 +1,546 @@
+module Sub
+
+ use import int.Int
+ use import mach.int.Int32
+ use import mach.int.UInt64GMP as Limb
+ use import int.Power
+ use import ref.Ref
+ use import mach.c.C
+ use import array.Array
+ use import map.Map
+ use import types.Types
+ use import lemmas.Lemmas
+
+
+ (** [sub_limb r x y sz] substracts [y] from [(x, sz)] and writes
+ the result to [(r, sz)]. Returns borrow, either 0 or
+ 1. Corresponds to [mpn_sub_1]. *)
+ let sub_limb (r x:t) (y:limb) (sz:int32) : limb
+ requires { valid x sz }
+ requires { valid r sz }
+ requires { 0 < sz }
+ ensures { value r sz - power radix sz * result
+ = value x sz - y }
+ ensures { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ ensures { 0 <= result <= 1 }
+ writes { r.data.elts }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let b = ref y in
+ let lx = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sz && (not (Limb.(=) !b limb_zero)) do
+ invariant { 0 <= !i <= sz }
+ invariant { !i > 0 -> 0 <= !b <= 1 }
+ invariant { value r !i - power radix !i * !b
+ = value x !i - y }
+ invariant { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ variant { sz - !i }
+ label StartLoop in
+ lx := get_ofs x !i;
+ let (res, borrow) = sub_with_borrow !lx !b limb_zero in
+ set_ofs r !i res;
+ assert { value r !i - power radix !i * !b =
+ value x !i - y };
+ b := borrow;
+ value_tail r !i;
+ value_tail x !i;
+ assert { value r (!i+1) - power radix (!i+1) * !b
+ = value x (!i+1) - y
+ (*by
+ value r !i - power radix !i * !b
+ = value r k + power radix k * res
+ - power radix !i * !b
+ = value r k + power radix k * res
+ - power radix k * radix * !b
+ = value r k + power radix k * (res - radix * !b)
+ = value r k +
+ (power radix k) * (!lx - (!b at StartLoop))
+ = value r k - power radix k * (!b at StartLoop)
+ + power radix k * !lx
+ = value x k - y + power radix k * !lx
+ = value x !i - y*)
+ };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ if Int32.(=) !i sz then !b
+ else begin
+ while Int32.(<) !i sz do
+ invariant { !b = 0 }
+ invariant { 0 <= !i <= sz }
+ invariant { value r !i - power radix !i * !b
+ = value x !i - y }
+ invariant { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ variant { sz - !i }
+ lx := get_ofs x !i;
+ set_ofs r !i !lx;
+ assert { value r !i - power radix !i * !b
+ = value x !i - y };
+ let ghost k = p2i !i in
+ i := Int32.(+) !i (Int32.of_int 1);
+ value_sub_tail (pelts r) r.offset (r.offset + k);
+ value_sub_tail (pelts x) x.offset (x.offset + k);
+ done;
+ !b
+ end
+
+ (** [sub_limbs r x y sz] substracts [(y, sz)] from [(x, sz)] and
+ writes the result to [(r, sz)]. Returns borrow, either 0 or
+ 1. Corresponds to [mpn_sub_n]. *)
+ let sub_limbs (r x y:t) (sz:int32) : limb
+ requires { valid x sz }
+ requires { valid y sz }
+ requires { valid r sz }
+ ensures { 0 <= result <= 1 }
+ ensures { value r sz - power radix sz * result
+ = value x sz - value y sz }
+ ensures { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ writes { r.data.elts }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let lx = ref limb_zero in
+ let ly = ref limb_zero in
+ let b = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ while Int32.(<) !i sz do
+ variant { sz - !i }
+ invariant { 0 <= !i <= sz }
+ invariant { value r !i - (power radix !i) * !b
+ = value x !i - value y !i }
+ invariant { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ invariant { 0 <= !b <= 1 }
+ label StartLoop in
+ lx := get_ofs x !i;
+ ly := get_ofs y !i;
+ let res, borrow = sub_with_borrow !lx !ly !b in
+ set_ofs r !i res;
+ assert { value r !i - (power radix !i) * !b =
+ value x !i - value y !i };
+ b := borrow;
+ value_tail r !i;
+ value_tail x !i;
+ value_tail y !i;
+ assert { value r (!i+1) - (power radix (!i+1)) * !b
+ = value x (!i+1) - value y (!i+1)
+ (*by
+ value r !i - power radix !i * !b
+ = value r k + power radix k * res
+ - power radix !i * !b
+ = value r k + power radix k * res
+ - power radix k * radix * !b
+ = value r k
+ + power radix k * (res - radix * !b)
+ = value r k
+ + power radix k * (!lx - !ly - (!b at StartLoop))
+ = value r k - power radix k * (!b at StartLoop)
+ + power radix k * (!lx - !ly)
+ = value x k - value y k
+ + power radix k * (!lx - !ly)
+ = value x k - value y k
+ + power radix k * !lx - power radix k * !ly
+ = value x k + power radix k * !lx
+ - (value y k + power radix k * !ly)
+ = value x !i
+ - (value y k + power radix k * !ly)
+ = value x !i - value y !i*)
+ };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ !b
+
+ (** [sub r x y sx sy] substracts [(y,sy)] from [(x, sx)] and writes the
+ result in [(r, sx)]. [sx] must be greater than or equal to
+ [sy]. Returns borrow, either 0 or 1. Corresponds to [mpn_sub]. *)
+ let sub (r x y:t) (sx sy:int32) : limb
+ requires { 0 <= sy <= sx }
+ requires { valid x sx }
+ requires { valid y sy }
+ requires { valid r sx }
+ ensures { value r sx - power radix sx * result
+ = value x sx - value y sy }
+ ensures { forall j. (j < offset r \/ offset r + sx <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ ensures { 0 <= result <= 1 }
+ writes { r.data.elts }
+ =
+ let limb_zero = Limb.of_int 0 in
+ let lx = ref limb_zero in
+ let ly = ref limb_zero in
+ let b = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ let one = Int32.of_int 1 in
+ while Int32.(<) !i sy do
+ variant { sy - !i }
+ invariant { 0 <= !i <= sy }
+ invariant { value r !i - power radix !i * !b =
+ value x !i - value y !i }
+ invariant { forall j. (j < offset r \/ offset r + sx <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ invariant { 0 <= !b <= 1 }
+ label StartLoop in
+ lx := get_ofs x !i;
+ ly := get_ofs y !i;
+ let res, borrow = sub_with_borrow !lx !ly !b in
+ set_ofs r !i res;
+ assert { value r !i - power radix !i * !b =
+ value x !i - value y !i };
+ b := borrow;
+ value_tail r !i;
+ value_tail x !i;
+ value_tail y !i;
+ assert { value r (!i+1) - power radix (!i+1) * !b =
+ value x (!i+1) - value y (!i+1)
+ (*by
+ value r !i - power radix !i * !b
+ = value r k + power radix k * res
+ - power radix !i * !b
+ = value r k + power radix k * res
+ - (power radix k) * radix * !b
+ = value r k
+ + power radix k * (res - radix * !b)
+ = value r k
+ + power radix k * (!lx - !ly - (!b at StartLoop))
+ = value r k - (power radix k) * (!b at StartLoop)
+ + power radix k * (!lx - !ly)
+ = value x k - value y k
+ + power radix k * (!lx - !ly)
+ = value x k + power radix k * !lx
+ - value y k - power radix k * !ly
+ = value x !i
+ - (value y k + power radix k * !ly)
+ = value x !i - value y !i*) };
+ i := Int32.(+) !i one;
+ done;
+ try
+ begin while Int32.(<) !i sx do
+ variant { sx - !i }
+ invariant { sy <= !i <= sx }
+ invariant { value r !i - power radix !i * !b =
+ value x !i - value y sy }
+ invariant { forall j. (j < offset r \/ offset r + sx <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ invariant { 0 <= !b <= 1 }
+ (if (Limb.(=) !b (Limb.of_int 0)) then raise Break);
+ label StartLoop2 in
+ lx := get_ofs x !i;
+ let res, borrow = sub_with_borrow !lx limb_zero !b in
+ set_ofs r !i res;
+ assert { value r !i - power radix !i * !b =
+ value x !i - value y sy };
+ b := borrow;
+ value_tail r !i;
+ value_tail x !i;
+ assert { value r (!i+1) - power radix (!i+1) * !b =
+ value x (!i+1) - value y sy
+ (*by
+ value r !i - power radix !i * !b
+ = value r k + power radix k * res
+ - (power radix !i) * !b
+ = value r k + power radix k * res
+ - (power radix k) * radix * !b
+ = value r k + power radix k * (res - radix * !b)
+ = value r k
+ + power radix k * (!lx - 0 - (!b at StartLoop2))
+ = value r k - (power radix k) * (!b at StartLoop2)
+ + (power radix k) * !lx
+ = value x k - value y sy
+ + (power radix k) * !lx
+ = value x !i
+ - value y sy*) };
+ i := Int32.(+) !i one;
+ done;
+ assert { !i = sx }
+ end
+ with Break -> assert { !b = 0 }
+ end;
+ while Int32.(<) !i sx do
+ variant { sx - !i }
+ invariant { sy <= !i <= sx }
+ invariant { !i = sx \/ !b = 0 }
+ invariant { value r !i - power radix !i * !b =
+ value x !i - value y sy }
+ invariant { forall j. (j < offset r \/ offset r + sx <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ assert { !b = 0 by !i < sx };
+ lx := get_ofs x !i;
+ set_ofs r !i !lx;
+ value_tail r !i;
+ value_tail x !i;
+ assert { value r !i = value x !i - value y sy };
+ assert { value r (!i+1) - power radix (!i+1) * !b
+ = value x (!i+1) - value y sy
+ (*by
+ value r !i + power radix !i * !b
+ = value r !i
+ = value r k + power radix k * !lx
+ so value x !i
+ = value x k + power radix k * !lx
+ so value r k
+ = value r k + power radix k * !b
+ = value x k - value y sy*)
+ };
+ i := Int32.(+) !i (Int32.of_int 1);
+ done;
+ !b
+
+ let sub_in_place (x y:t) (sx sy:int32) : limb
+ requires { 0 <= sy <= sx }
+ requires { valid x sx }
+ requires { valid y sy }
+ ensures { value x sx - power radix sx * result
+ = value (old x) sx - value y sy }
+ ensures { 0 <= result <= 1 }
+ writes { x.data.elts }
+ ensures { forall j. j < x.offset \/ x.offset + sx <= j ->
+ (pelts x)[j] = (pelts (old x))[j] }
+ =
+ let ghost ox = { x } in
+ let limb_zero = Limb.of_int 0 in
+ let lx = ref limb_zero in
+ let ly = ref limb_zero in
+ let b = ref limb_zero in
+ let i = ref (Int32.of_int 0) in
+ let one = Int32.of_int 1 in
+ while Int32.(<) !i sy do
+ variant { sy - !i }
+ invariant { 0 <= !i <= sy }
+ invariant { value x !i - power radix !i * !b =
+ value ox !i - value y !i }
+ invariant { 0 <= !b <= 1 }
+ invariant { forall j. !i <= j < sx ->
+ (pelts x)[x.offset + j] = (pelts ox)[x.offset + j] }
+ invariant { forall j. j < x.offset \/ x.offset + sx <= j ->
+ (pelts x)[j] = (pelts (old x))[j] }
+ label StartLoop in
+ lx := get_ofs x !i;
+ assert { !lx = (pelts ox)[ox.offset + !i] };
+ ly := get_ofs y !i;
+ let res, borrow = sub_with_borrow !lx !ly !b in
+ set_ofs x !i res;
+ assert { forall j. !i < j < sx ->
+ (pelts x)[x.offset + j]
+ = (pelts ox)[x.offset + j]
+ by (pelts x)[x.offset + j]
+ = (pelts (x at StartLoop))[x.offset + j]
+ = (pelts ox)[x.offset + j]};
+ assert { value x !i - power radix !i * !b = value ox !i - value y !i };
+ b := borrow;
+ value_tail ox !i;
+ value_tail x !i;
+ value_tail y !i;
+ assert { value x (!i+1) - power radix (!i+1) * !b =
+ value ox (!i+1) - value y (!i+1)
+ (*by value x !i - power radix !i * !b
+ = value x k + power radix k * res
+ - power radix !i * !b
+ = value x k + power radix k * res
+ - (power radix k) * radix * !b
+ = value x k
+ + power radix k * (res - radix * !b)
+ = value x k
+ + power radix k * (!lx - !ly - (!b at StartLoop))
+ = value x k - (power radix k) * (!b at StartLoop)
+ + power radix k * (!lx - !ly)
+ = value ox k - value y k
+ + power radix k * (!lx - !ly)
+ = value ox k + power radix k * !lx
+ - value y k - power radix k * !ly
+ = value ox !i
+ - (value y k + power radix k * !ly)
+ = value ox !i - value y !i*) };
+ i := Int32.(+) !i one;
+ done;
+ try
+ begin while Int32.(<) !i sx do
+ variant { sx - !i }
+ invariant { sy <= !i <= sx }
+ invariant { value x !i - power radix !i * !b =
+ value ox !i - value y sy }
+ invariant { 0 <= !b <= 1 }
+ invariant { forall j. !i <= j < sx ->
+ (pelts x)[x.offset + j] = (pelts ox) [x.offset + j] }
+ invariant { forall j. j < x.offset \/ x.offset + sx <= j ->
+ (pelts x)[j] = (pelts (old x))[j] }
+ (if (Limb.(=) !b limb_zero) then raise ReturnLimb limb_zero);
+ label StartLoop2 in
+ lx := get_ofs x !i;
+ assert { !lx = (pelts ox)[ox.offset + !i] };
+ let res, borrow = sub_with_borrow !lx limb_zero !b in
+ value_sub_update_no_change (pelts x) (x.offset + p2i !i)
+ (x.offset + p2i !i + 1)
+ (x.offset + p2i sx) res;
+ set_ofs x !i res;
+ assert { value x !i - power radix !i * !b = value ox !i - value y sy };
+ b := borrow;
+ assert { forall j. !i < j < sx ->
+ (pelts x)[x.offset + j] = (pelts ox) [x.offset + j] };
+ value_tail ox !i;
+ value_tail x !i;
+ assert { value x (!i+1) - power radix (!i+1) * !b =
+ value ox (!i+1) - value y sy
+ (*by
+ value x !i - power radix !i * !b
+ = value x k + power radix k * res
+ - (power radix !i) * !b
+ = value x k + power radix k * res
+ - (power radix k) * radix * !b
+ = value x k + power radix k * (res - radix * !b)
+ = value x k
+ + power radix k * (!lx - 0 - (!b at StartLoop2))
+ = value x k - (power radix k) * (!b at StartLoop2)
+ + (power radix k) * !lx
+ = value ox k - value y sy
+ + (power radix k) * !lx
+ = value ox !i
+ - value y sy*) };
+ i := Int32.(+) !i one;
+ done;
+ assert { !i = sx };
+ !b
+ end
+ with ReturnLimb n -> begin
+ assert { n = 0 = !b };
+ assert { forall j. x.offset + !i <= j < x.offset + sx
+ -> (pelts x)[j] = (pelts ox)[j]
+ by !i <= j - x.offset < sx
+ so (pelts x)[x.offset + (j - x.offset)]
+ = (pelts ox)[x.offset + (j - x.offset)] };
+ value_sub_frame (pelts x) (pelts ox) (x.offset + p2i !i) (x.offset + p2i sx);
+ value_sub_concat (pelts x) x.offset (x.offset + p2i !i) (x.offset + p2i sx);
+ value_sub_concat (pelts ox) x.offset (x.offset + p2i !i) (x.offset + p2i sx);
+ assert { value x sx = value (old x) sx - value y sy };
+ n
+ end
+ end
+
+ (** [decr x y sz] subtracts from [x] the value of the limb [y] in place.
+ [x] has size [sz]. The subtraction must not overflow. This corresponds
+ to [mpn_decr] *)
+ let decr (x:t) (y:limb) (ghost sz:int32) : unit
+ requires { valid x sz }
+ requires { sz > 0 }
+ requires { 0 <= value x sz - y }
+ ensures { value x sz = value (old x) sz - y }
+ ensures { forall j. j < x.offset \/ x.offset + sz <= j ->
+ (pelts x)[j] = (pelts (old x))[j] }
+ writes { x.data.elts }
+ =
+ let ghost ox = { x } in
+ let b = ref y in
+ let lx : ref limb = ref 0 in
+ let i : ref int32 = ref 0 in
+ while not (Limb.(=) !b 0) do
+ invariant { 0 <= !i <= sz }
+ invariant { !i = sz -> !b = 0 }
+ invariant { !i > 0 -> 0 <= !b <= 1 }
+ invariant { value x !i - (power radix !i) * !b
+ = value ox !i - y }
+ invariant { forall j. !i <= j < sz ->
+ (pelts x)[x.offset + j] = (pelts ox)[x.offset + j] }
+ invariant { forall j. j < x.offset \/ x.offset + sz <= j ->
+ (pelts x)[j] = (pelts ox)[j] }
+ variant { sz - !i }
+ label StartLoop in
+ lx := get_ofs x !i;
+ assert { !lx = (pelts ox)[ox.offset + !i] };
+ let (res, borrow) = sub_with_borrow !lx !b 0 in (*TODO*)
+ assert { res - radix * borrow = !lx - !b }; (* TODO remove this *)
+ value_sub_update_no_change (pelts x) (x.offset + p2i !i)
+ (x.offset + p2i !i + 1)
+ (x.offset + p2i sz) res;
+ set_ofs x !i res;
+ assert { forall j. !i < j < sz ->
+ (pelts x)[x.offset + j]
+ = (pelts ox)[x.offset + j] };
+ assert { value x !i - (power radix !i) * !b = value ox !i - y };
+ b := borrow;
+ value_tail x !i;
+ value_tail ox !i;
+ assert { value x (!i+1) - power radix (!i+1) * !b =
+ value ox (!i+1) - y };
+ i := Int32.(+) !i 1;
+ assert { !i = sz -> !b = 0
+ by value x sz - power radix sz * !b = value ox sz - y
+ so 0 <= value ox sz - y
+ so value x sz < power radix sz
+ so value x sz - power radix sz * 1 < 0
+ so (!b=0 \/ !b=1) };
+ done;
+ value_concat x !i sz;
+ value_concat ox !i sz;
+ assert { forall j. x.offset + !i <= j < x.offset + sz ->
+ (pelts x)[j] = (pelts ox)[j]
+ by let k = j - x.offset in
+ !i <= k < sz
+ so (pelts x)[x.offset + k] = (pelts ox)[x.offset + k]};
+ value_sub_frame (pelts x) (pelts ox) (x.offset + p2i !i) (x.offset + p2i sz)
+
+ (** [incr_1 x sz] subtracts 1 from [x] in place.
+ [x] has size [sz]. The subtraction must not overflow.
+ This corresponds to [mpn_decr] *)
+ let decr_1 (x:t) (ghost sz:int32) : unit
+ requires { valid x sz }
+ requires { sz > 0 }
+ requires { 0 <= value x sz - 1 }
+ ensures { value x sz = value (old x) sz - 1 }
+ ensures { forall j. j < x.offset \/ x.offset + sz <= j ->
+ (pelts x)[j] = (pelts (old x))[j] }
+ writes { x.data.elts }
+ =
+ let ghost ox = { x } in
+ let ghost b : ref limb = ref 1 in
+ let lx : ref limb = ref 0 in
+ let i : ref int32 = ref 0 in
+ while (Limb.(=) !lx 0) do
+ invariant { 0 <= !i <= sz }
+ invariant { !i = sz -> !lx <> 0 }
+ invariant { !lx <> 0 <-> !b = 0 }
+ invariant { 0 <= !b <= 1 }
+ invariant { value x !i - (power radix !i) * !b
+ = value ox !i - 1 }
+ invariant { forall j. !i <= j < sz ->
+ (pelts x)[x.offset + j] = (pelts ox)[x.offset + j] }
+ invariant { forall j. j < x.offset \/ x.offset + sz <= j ->
+ (pelts x)[j] = (pelts ox)[j] }
+ variant { sz - !i }
+ label StartLoop in
+ lx := get_ofs x !i;
+ assert { !lx = (pelts ox)[ox.offset + !i] };
+ let res = sub_mod !lx 1 in
+ ghost (if Limb.(=) !lx 0 then b := 1 else b := 0);
+ assert { res - radix * !b = !lx - 1 };
+ value_sub_update_no_change (pelts x) (x.offset + p2i !i)
+ (x.offset + p2i !i + 1)
+ (x.offset + p2i sz) res;
+ set_ofs x !i res;
+ assert { forall j. !i < j < sz ->
+ (pelts x)[x.offset + j]
+ = (pelts ox)[x.offset + j] };
+ assert { value x !i - (power radix !i) * (!b at StartLoop) = value ox !i - 1 };
+ value_tail x !i;
+ value_tail ox !i;
+ assert { value x (!i+1) - power radix (!i+1) * !b =
+ value ox (!i+1) - 1 };
+ i := Int32.(+) !i 1;
+ assert { !i = sz -> !b = 0
+ by value x sz - power radix sz * !b = value ox sz - 1
+ so 0 <= value ox sz - 1
+ so value x sz < power radix sz
+ so value x sz - power radix sz * 1 < 0
+ so (!b=0 \/ !b=1) };
+ done;
+ value_concat x !i sz;
+ value_concat ox !i sz;
+ assert { forall j. x.offset + !i <= j < x.offset + sz ->
+ (pelts x)[j] = (pelts ox)[j]
+ by let k = j - x.offset in
+ !i <= k < sz
+ so (pelts x)[x.offset + k] = (pelts ox)[x.offset + k]};
+ value_sub_frame (pelts x) (pelts ox) (x.offset + p2i !i) (x.offset + p2i sz)
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/sub/why3session.xml b/examples/multiprecision/sub/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..714d8d0156c69abdc529e40f5eccc1df262f7885
--- /dev/null
+++ b/examples/multiprecision/sub/why3session.xml
@@ -0,0 +1,1261 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="Eprover" version="1.9.1-001" timelimit="5" steplimit="0" memlimit="2000"/>
+<prover id="1" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="2" name="CVC4" version="1.4" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="3" name="Z3" version="4.5.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="4" name="Z3" version="4.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
+<prover id="5" name="Alt-Ergo" version="2.0.0" timelimit="5" steplimit="0" memlimit="1000"/>
+<file name="../sub.mlw" proved="true">
+<theory name="Sub" proved="true">
+ <goal name="VC sub_limb" expl="VC for sub_limb" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_limb.0" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.06" steps="20"/></proof>
+ </goal>
+ <goal name="VC sub_limb.1" expl="integer overflow" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="21"/></proof>
+ </goal>
+ <goal name="VC sub_limb.2" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limb.3" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limb.4" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.05" steps="70"/></proof>
+ </goal>
+ <goal name="VC sub_limb.5" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC sub_limb.6" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="1.07"/></proof>
+ </goal>
+ <goal name="VC sub_limb.7" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_limb.7.0" expl="VC for sub_limb" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC sub_limb.7.1" expl="VC for sub_limb" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="21"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_limb.8" expl="precondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="53"/></proof>
+ </goal>
+ <goal name="VC sub_limb.9" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.50"/></proof>
+ </goal>
+ <goal name="VC sub_limb.10" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC sub_limb.11" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC sub_limb.12" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC sub_limb.12.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC sub_limb.12.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC sub_limb.12.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.52"/></proof>
+ </goal>
+ <goal name="VC sub_limb.12.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.30"/></proof>
+ </goal>
+ <goal name="VC sub_limb.12.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_limb.13" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limb.14" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_limb.15" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limb.16" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limb.17" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_limb.18" expl="loop invariant preservation" proved="true">
+ <proof prover="0" timelimit="10"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limb.19" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC sub_limb.20" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_limb.20.0" expl="postcondition" proved="true">
+ <transf name="inline_all" proved="true" >
+ <goal name="VC sub_limb.20.0.0" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="17"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_limb.20.1" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.04"/></proof>
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.09" steps="25"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_limb.21" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limb.22" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.06" steps="25"/></proof>
+ </goal>
+ <goal name="VC sub_limb.23" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limb.24" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limb.25" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limb.26" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limb.27" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="42"/></proof>
+ </goal>
+ <goal name="VC sub_limb.28" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="43"/></proof>
+ </goal>
+ <goal name="VC sub_limb.29" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="123"/></proof>
+ </goal>
+ <goal name="VC sub_limb.30" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.07" steps="52"/></proof>
+ </goal>
+ <goal name="VC sub_limb.31" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.03" steps="54"/></proof>
+ </goal>
+ <goal name="VC sub_limb.32" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limb.33" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limb.34" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.05"/></proof>
+ </goal>
+ <goal name="VC sub_limb.35" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limb.36" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_limb.37" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.08" steps="87"/></proof>
+ </goal>
+ <goal name="VC sub_limb.38" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="79"/></proof>
+ </goal>
+ <goal name="VC sub_limb.39" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="32"/></proof>
+ </goal>
+ <goal name="VC sub_limb.40" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limb.41" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_limbs" expl="VC for sub_limbs" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_limbs.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.1" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.08" steps="25"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.2" expl="loop invariant init" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.3" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="77"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.4" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.5" expl="loop invariant init" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.6" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.7" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.8" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.9" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_limbs.9.0" expl="VC for sub_limbs" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="28"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.9.1" expl="VC for sub_limbs" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_limbs.10" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.44"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.11" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.12" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.13" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.14" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC sub_limbs.14.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC sub_limbs.14.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC sub_limbs.14.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="4.20"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.14.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.14.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.22"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_limbs.15" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.16" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.17" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.18" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.19" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.20" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.14"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.21" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.22" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.23" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="22"/></proof>
+ </goal>
+ <goal name="VC sub_limbs.24" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub" expl="VC for sub" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub.0" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub.1" expl="integer overflow" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.2" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.09" steps="29"/></proof>
+ </goal>
+ <goal name="VC sub.3" expl="loop invariant init" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub.3.0" expl="VC for sub" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.3.1" expl="VC for sub" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub.4" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="88"/></proof>
+ </goal>
+ <goal name="VC sub.5" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC sub.6" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.06" steps="17"/></proof>
+ </goal>
+ <goal name="VC sub.7" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.8" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC sub.9" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.10" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="45"/></proof>
+ </goal>
+ <goal name="VC sub.11" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.50"/></proof>
+ </goal>
+ <goal name="VC sub.12" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="39"/></proof>
+ </goal>
+ <goal name="VC sub.13" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub.14" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="41"/></proof>
+ </goal>
+ <goal name="VC sub.15" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC sub.15.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC sub.15.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC sub.15.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="4.29"/></proof>
+ </goal>
+ <goal name="VC sub.15.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.22"/></proof>
+ </goal>
+ <goal name="VC sub.15.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.23"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub.16" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub.17" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.18" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub.19" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.20" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC sub.21" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub.22" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="25"/></proof>
+ </goal>
+ <goal name="VC sub.23" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="27"/></proof>
+ </goal>
+ <goal name="VC sub.24" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.25" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="28"/></proof>
+ </goal>
+ <goal name="VC sub.26" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="52"/></proof>
+ </goal>
+ <goal name="VC sub.27" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.06" steps="39"/></proof>
+ </goal>
+ <goal name="VC sub.28" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.06" steps="40"/></proof>
+ </goal>
+ <goal name="VC sub.29" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="40"/></proof>
+ </goal>
+ <goal name="VC sub.30" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="40"/></proof>
+ </goal>
+ <goal name="VC sub.31" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.32" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub.32.0" expl="VC for sub" proved="true">
+ <proof prover="0" timelimit="20" memlimit="3000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC sub.32.1" expl="VC for sub" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.11" steps="49"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub.33" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="64"/></proof>
+ </goal>
+ <goal name="VC sub.34" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="65"/></proof>
+ </goal>
+ <goal name="VC sub.35" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="57"/></proof>
+ </goal>
+ <goal name="VC sub.36" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub.37" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.59"/></proof>
+ </goal>
+ <goal name="VC sub.38" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC sub.38.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC sub.38.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC sub.38.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC sub.38.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC sub.38.0.0.2" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.26" steps="190"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub.39" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="77"/></proof>
+ </goal>
+ <goal name="VC sub.40" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="79"/></proof>
+ </goal>
+ <goal name="VC sub.41" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub.42" expl="loop invariant preservation" proved="true">
+ <proof prover="5"><result status="valid" time="0.07" steps="64"/></proof>
+ </goal>
+ <goal name="VC sub.43" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub.43.0" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.05" steps="66"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub.44" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.45" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.07" steps="107"/></proof>
+ </goal>
+ <goal name="VC sub.46" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="49"/></proof>
+ </goal>
+ <goal name="VC sub.47" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.48" expl="postcondition" proved="true">
+ <proof prover="5"><result status="valid" time="0.04" steps="50"/></proof>
+ </goal>
+ <goal name="VC sub.49" expl="precondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC sub.50" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub.50.0" expl="VC for sub" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC sub.50.1" expl="VC for sub" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.08" steps="40"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub.51" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="58"/></proof>
+ </goal>
+ <goal name="VC sub.52" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.24" steps="160"/></proof>
+ </goal>
+ <goal name="VC sub.53" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="52"/></proof>
+ </goal>
+ <goal name="VC sub.54" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.07" steps="53"/></proof>
+ </goal>
+ <goal name="VC sub.55" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC sub.55.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC sub.55.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC sub.55.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="4.01"/></proof>
+ </goal>
+ <goal name="VC sub.55.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.25"/></proof>
+ </goal>
+ <goal name="VC sub.55.0.0.2" proved="true">
+ <proof prover="2"><result status="valid" time="0.20"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub.56" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.64" steps="72"/></proof>
+ </goal>
+ <goal name="VC sub.57" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub.58" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub.59" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub.60" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.13"/></proof>
+ </goal>
+ <goal name="VC sub.61" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub.62" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.06" steps="113"/></proof>
+ </goal>
+ <goal name="VC sub.63" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="37"/></proof>
+ </goal>
+ <goal name="VC sub.64" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="37"/></proof>
+ </goal>
+ <goal name="VC sub.65" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.06" steps="37"/></proof>
+ </goal>
+ <goal name="VC sub.66" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub.67" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub.67.0" expl="VC for sub" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="46"/></proof>
+ </goal>
+ <goal name="VC sub.67.1" expl="VC for sub" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.10" steps="47"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub.68" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.07" steps="62"/></proof>
+ </goal>
+ <goal name="VC sub.69" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.06" steps="63"/></proof>
+ </goal>
+ <goal name="VC sub.70" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.06" steps="55"/></proof>
+ </goal>
+ <goal name="VC sub.71" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="56"/></proof>
+ </goal>
+ <goal name="VC sub.72" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.54"/></proof>
+ </goal>
+ <goal name="VC sub.73" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC sub.73.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC sub.73.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC sub.73.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC sub.73.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.19"/></proof>
+ </goal>
+ <goal name="VC sub.73.0.0.2" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.36" steps="188"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub.74" expl="integer overflow" proved="true">
+ <proof prover="5"><result status="valid" time="0.02" steps="75"/></proof>
+ </goal>
+ <goal name="VC sub.75" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="77"/></proof>
+ </goal>
+ <goal name="VC sub.76" expl="loop variant decrease" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub.77" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub.78" expl="loop invariant preservation" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC sub.79" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub.80" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.10" steps="105"/></proof>
+ </goal>
+ <goal name="VC sub.81" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="46"/></proof>
+ </goal>
+ <goal name="VC sub.82" expl="postcondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub.83" expl="postcondition" proved="true">
+ <proof prover="4"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_in_place" expl="VC for sub_in_place" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_in_place.0" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="22"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.1" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="23"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.2" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="24"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.3" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="13"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.4" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="74"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.5" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="16"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.6" expl="loop invariant init" proved="true">
+ <proof prover="0"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.7" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="6"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.8" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="35"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.9" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="51"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.10" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.08" steps="37"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.11" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_in_place.11.0" expl="VC for sub_in_place" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.11.1" expl="VC for sub_in_place" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="27"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_in_place.12" expl="precondition" proved="true">
+ <proof prover="2"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.13" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="63"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.14" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.48"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.15" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.10" steps="39"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.16" expl="precondition" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.17" expl="precondition" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.18" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC sub_in_place.18.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC sub_in_place.18.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC sub_in_place.18.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="3.86"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.18.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.24"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.18.0.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.19"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_in_place.19" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.20" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.21" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.22" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.23" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.24" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.47"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.25" expl="loop invariant preservation" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_in_place.25.0" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_in_place.26" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.01" steps="24"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.27" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="26"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.28" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.29" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="54"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.30" expl="loop invariant init" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="52"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.31" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="37"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.32" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_in_place.32.0" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.32.1" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.32.2" expl="VC for sub_in_place" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="67"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.32.3" expl="VC for sub_in_place" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_in_place.33" expl="precondition" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.07"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.34" expl="precondition" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.35" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="40"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.36" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="70"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.37" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="42"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.38" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.06" steps="43"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.39" expl="postcondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_in_place.39.0" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="68"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_in_place.40" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="48"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.41" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.03" steps="64"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.42" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="39"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.43" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="42"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.44" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="43"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.45" expl="precondition" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_in_place.45.0" expl="VC for sub_in_place" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="44"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.45.1" expl="VC for sub_in_place" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_in_place.46" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.27" steps="153"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.47" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="82"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.48" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.49" expl="precondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="53"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.50" expl="assertion" proved="true">
+ <transf name="introduce_premises" proved="true" >
+ <goal name="VC sub_in_place.50.0" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC sub_in_place.50.0.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC sub_in_place.50.0.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.50.0.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.23"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.50.0.0.2" proved="true">
+ <proof prover="2"><result status="valid" time="0.19"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_in_place.51" expl="integer overflow" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.17" steps="68"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.52" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.53" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.54" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.55" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.56" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.51"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.57" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.11"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.58" expl="assertion" proved="true">
+ <transf name="split_goal_right" proved="true" >
+ <goal name="VC sub_in_place.58.0" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.04" steps="103"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC sub_in_place.59" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.07" steps="36"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.60" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="37"/></proof>
+ </goal>
+ <goal name="VC sub_in_place.61" expl="postcondition" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.05" steps="62"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC decr" expl="VC for decr" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC decr.0" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.1" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.2" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr.3" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="26"/></proof>
+ </goal>
+ <goal name="VC decr.4" expl="loop invariant init" proved="true">
+ <proof prover="2" timelimit="5" memlimit="2000"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC decr.5" expl="loop invariant init" proved="true">
+ <transf name="split_vc" proved="true" >
+ </transf>
+ </goal>
+ <goal name="VC decr.6" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="98"/></proof>
+ </goal>
+ <goal name="VC decr.7" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="38"/></proof>
+ </goal>
+ <goal name="VC decr.8" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.9" expl="assertion" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC decr.10" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.11" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr.12" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="129"/></proof>
+ </goal>
+ <goal name="VC decr.13" expl="assertion" proved="true">
+ <proof prover="5" memlimit="2000"><result status="valid" time="0.02" steps="51"/></proof>
+ </goal>
+ <goal name="VC decr.14" expl="assertion" proved="true">
+ <transf name="split_all_full" proved="true" >
+ <goal name="VC decr.14.0" expl="assertion" proved="true">
+ <proof prover="5" timelimit="10" memlimit="4000"><result status="valid" time="3.00" steps="241"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC decr.15" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr.16" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr.17" expl="assertion" proved="true">
+ <transf name="use_th" proved="true" arg1="lineardecision.LinearDecisionIntMP">
+ <goal name="VC decr.17.0" expl="assertion" proved="true">
+ <transf name="reflection_f" proved="true" arg1="mp_decision">
+ <goal name="VC decr.17.0.0" expl="assertion" proved="true">
+ <proof prover="0"><result status="valid" time="0.21"/></proof>
+ </goal>
+ <goal name="VC decr.17.0.1" proved="true">
+ <proof prover="3"><result status="valid" time="0.28"/></proof>
+ </goal>
+ <goal name="VC decr.17.0.2" proved="true">
+ <proof prover="3"><result status="valid" time="0.23"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC decr.18" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC decr.19" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC decr.19.0" expl="VC for decr" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.19.1" expl="VC for decr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.19.2" expl="VC for decr" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC decr.19.3" expl="VC for decr" proved="true">
+ <proof prover="3"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC decr.19.4" expl="VC for decr" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decr.19.5" expl="VC for decr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC decr.20" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.21" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.08"/></proof>
+ </goal>
+ <goal name="VC decr.22" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.23" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.24" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.25" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.52"/></proof>
+ </goal>
+ <goal name="VC decr.26" expl="loop invariant preservation" proved="true">
+ <proof prover="2"><result status="valid" time="0.06"/></proof>
+ </goal>
+ <goal name="VC decr.27" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr.28" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr.29" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC decr.29.0" expl="VC for decr" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr.29.1" expl="VC for decr" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr.29.2" expl="VC for decr" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="40"/></proof>
+ </goal>
+ <goal name="VC decr.29.3" expl="VC for decr" proved="true">
+ <proof prover="3"><result status="valid" time="0.00"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC decr.30" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decr.31" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="22"/></proof>
+ </goal>
+ <goal name="VC decr.32" expl="postcondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC decr_1" expl="VC for decr_1" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC decr_1.0" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.1" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.2" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.3" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.4" expl="loop invariant init" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC decr_1.5" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="20"/></proof>
+ </goal>
+ <goal name="VC decr_1.6" expl="loop invariant init" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="18"/></proof>
+ </goal>
+ <goal name="VC decr_1.7" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="90"/></proof>
+ </goal>
+ <goal name="VC decr_1.8" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.01" steps="40"/></proof>
+ </goal>
+ <goal name="VC decr_1.9" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="29"/></proof>
+ </goal>
+ <goal name="VC decr_1.10" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decr_1.11" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr_1.12" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="130"/></proof>
+ </goal>
+ <goal name="VC decr_1.13" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="54"/></proof>
+ </goal>
+ <goal name="VC decr_1.14" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.09" steps="114"/></proof>
+ </goal>
+ <goal name="VC decr_1.15" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr_1.16" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr_1.17" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="54"/></proof>
+ </goal>
+ <goal name="VC decr_1.18" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.16"/></proof>
+ </goal>
+ <goal name="VC decr_1.19" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC decr_1.19.0" expl="VC for decr_1" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="46"/></proof>
+ </goal>
+ <goal name="VC decr_1.19.1" expl="VC for decr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr_1.19.2" expl="VC for decr_1" proved="true">
+ <proof prover="2"><result status="valid" time="0.12"/></proof>
+ </goal>
+ <goal name="VC decr_1.19.3" expl="VC for decr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.19.4" expl="VC for decr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.19.5" expl="VC for decr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC decr_1.20" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decr_1.21" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.08" steps="122"/></proof>
+ </goal>
+ <goal name="VC decr_1.22" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decr_1.23" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decr_1.24" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.25" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="50"/></proof>
+ </goal>
+ <goal name="VC decr_1.26" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="66"/></proof>
+ </goal>
+ <goal name="VC decr_1.27" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="69"/></proof>
+ </goal>
+ <goal name="VC decr_1.28" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="52"/></proof>
+ </goal>
+ <goal name="VC decr_1.29" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC decr_1.30" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr_1.31" expl="precondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="131"/></proof>
+ </goal>
+ <goal name="VC decr_1.32" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="55"/></proof>
+ </goal>
+ <goal name="VC decr_1.33" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.08" steps="112"/></proof>
+ </goal>
+ <goal name="VC decr_1.34" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.35" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC decr_1.36" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="42"/></proof>
+ </goal>
+ <goal name="VC decr_1.37" expl="integer overflow" proved="true">
+ <proof prover="3"><result status="valid" time="0.20"/></proof>
+ </goal>
+ <goal name="VC decr_1.38" expl="assertion" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="47"/></proof>
+ </goal>
+ <goal name="VC decr_1.39" expl="loop variant decrease" proved="true">
+ <proof prover="3"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC decr_1.40" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="122"/></proof>
+ </goal>
+ <goal name="VC decr_1.41" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decr_1.42" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decr_1.43" expl="loop invariant preservation" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.44" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="50"/></proof>
+ </goal>
+ <goal name="VC decr_1.45" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.04" steps="66"/></proof>
+ </goal>
+ <goal name="VC decr_1.46" expl="loop invariant preservation" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="69"/></proof>
+ </goal>
+ <goal name="VC decr_1.47" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.48" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.49" expl="assertion" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC decr_1.49.0" expl="VC for decr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decr_1.49.1" expl="VC for decr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC decr_1.49.2" expl="VC for decr_1" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.02" steps="44"/></proof>
+ </goal>
+ <goal name="VC decr_1.49.3" expl="VC for decr_1" proved="true">
+ <proof prover="3"><result status="valid" time="0.01"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC decr_1.50" expl="precondition" proved="true">
+ <proof prover="3"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC decr_1.51" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.03" steps="26"/></proof>
+ </goal>
+ <goal name="VC decr_1.52" expl="postcondition" proved="true">
+ <proof prover="5" timelimit="1"><result status="valid" time="0.06" steps="40"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+</file>
+</why3session>
diff --git a/examples/multiprecision/sub/why3shapes.gz b/examples/multiprecision/sub/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..aa513548f81ba913ac166ef6c298afc98a0311fd
Binary files /dev/null and b/examples/multiprecision/sub/why3shapes.gz differ
diff --git a/examples/multiprecision/types.mlw b/examples/multiprecision/types.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..ef7a27fdcf8930644eafa5a54c58d522ea2f5d56
--- /dev/null
+++ b/examples/multiprecision/types.mlw
@@ -0,0 +1,14 @@
+module Types
+
+ use import mach.c.C
+ use import mach.int.Int32
+ use import mach.int.UInt64GMP as Limb
+
+ type limb = uint64
+ type t = ptr limb
+
+ exception Break
+ exception Return32 int32
+ exception ReturnLimb limb
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/types/why3session.xml b/examples/multiprecision/types/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..8d26478429939c9d8edc09866d9803b739a30274
--- /dev/null
+++ b/examples/multiprecision/types/why3session.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<file name="../types.mlw" proved="true">
+</file>
+</why3session>
diff --git a/examples/multiprecision/types/why3shapes.gz b/examples/multiprecision/types/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..0239669d57f6148035ad2dc4a6d54ae7db678e85
Binary files /dev/null and b/examples/multiprecision/types/why3shapes.gz differ
diff --git a/examples/multiprecision/util.mlw b/examples/multiprecision/util.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..c899342e3f545c1623a965b4e29d92b71ad89caf
--- /dev/null
+++ b/examples/multiprecision/util.mlw
@@ -0,0 +1,65 @@
+module Util
+
+ use import int.Int
+ use import mach.int.Int32
+ use import mach.int.UInt64GMP as Limb
+ use import int.Power
+ use import ref.Ref
+ use import mach.c.C
+ use import map.Map
+ use import types.Types
+ use import lemmas.Lemmas
+
+ let copy (r x:t) (sz:int32) : unit
+ requires { valid x sz }
+ requires { valid r sz }
+ ensures { map_eq_sub_shift (pelts r) (pelts x) r.offset x.offset sz }
+ ensures { forall j. (j < offset r \/ offset r + sz <= j) ->
+ (pelts r)[j] = old (pelts r)[j] }
+ =
+ let zero = Int32.of_int 0 in
+ let one = Int32.of_int 1 in
+ let i = ref zero in
+ let xp = ref (C.incr x zero) in
+ let rp = ref (C.incr r zero) in
+ while (Int32.(<) !i sz) do
+ variant { p2i sz - p2i !i }
+ invariant { 0 <= !i <= sz }
+ invariant { map_eq_sub_shift (pelts r) (pelts x) r.offset x.offset !i }
+ invariant { pelts !xp = pelts x }
+ invariant { pelts !rp = pelts r }
+ invariant { !xp.min = min x }
+ invariant { !xp.max = x.max }
+ invariant { !rp.min = r.min }
+ invariant { !rp.max = r.max }
+ invariant { !xp.offset = x.offset + !i }
+ invariant { !rp.offset = r.offset + !i }
+ invariant { forall j. (j < offset r \/ offset r + sz <= j) ->
+ (pelts r)[j] = old (pelts r)[j] }
+ C.set !rp (C.get !xp);
+ rp.contents <- C.incr !rp one;
+ xp.contents <- C.incr !xp one;
+ i := Int32.(+) !i one;
+ done
+
+ (** [zero r sz] sets [(r,sz)] to zero. Corresponds to [mpn_zero]. *)
+ let zero (r:t) (sz:int32) : unit
+ requires { valid r sz }
+ ensures { value r sz = 0 }
+ ensures { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ =
+ let i = ref (Int32.of_int 0) in
+ let lzero = Limb.of_int 0 in
+ while Int32.(<) !i sz do
+ invariant { 0 <= !i <= sz }
+ variant { sz - !i }
+ invariant { value r !i = 0 }
+ invariant { forall j. (j < offset r \/ offset r + sz <= j)
+ -> (pelts r)[j] = old (pelts r)[j] }
+ set_ofs r !i lzero;
+ value_sub_tail (pelts r) r.offset (r.offset + p2i !i);
+ i := Int32.(+) !i (Int32.of_int 1);
+ done
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/util/why3session.xml b/examples/multiprecision/util/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..13d81b38ae919e9cd35dde6fc5f3dc7031c2c664
--- /dev/null
+++ b/examples/multiprecision/util/why3session.xml
@@ -0,0 +1,172 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="Alt-Ergo" version="2.0.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="1" name="Z3" version="4.5.0" timelimit="1" steplimit="0" memlimit="1000"/>
+<file name="../util.mlw" proved="true">
+<theory name="Util" proved="true">
+ <goal name="VC copy" expl="VC for copy" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC copy.0" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC copy.1" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC copy.2" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC copy.3" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC copy.4" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC copy.5" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC copy.6" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.00"/></proof>
+ </goal>
+ <goal name="VC copy.7" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC copy.8" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC copy.9" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC copy.10" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC copy.11" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC copy.12" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC copy.13" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC copy.14" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC copy.15" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC copy.16" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC copy.17" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC copy.18" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC copy.19" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC copy.20" expl="loop variant decrease" proved="true">
+ <proof prover="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC copy.21" expl="loop invariant preservation" proved="true">
+ <proof prover="1"><result status="valid" time="0.04"/></proof>
+ </goal>
+ <goal name="VC copy.22" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.06" steps="213"/></proof>
+ <proof prover="1"><result status="timeout" time="1.00"/></proof>
+ </goal>
+ <goal name="VC copy.23" expl="loop invariant preservation" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC copy.24" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.05" steps="101"/></proof>
+ <proof prover="1"><result status="timeout" time="1.00"/></proof>
+ </goal>
+ <goal name="VC copy.25" expl="loop invariant preservation" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC copy.26" expl="loop invariant preservation" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC copy.27" expl="loop invariant preservation" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC copy.28" expl="loop invariant preservation" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC copy.29" expl="loop invariant preservation" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC copy.30" expl="loop invariant preservation" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC copy.31" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="108"/></proof>
+ <proof prover="1"><result status="timeout" time="1.00"/></proof>
+ </goal>
+ <goal name="VC copy.32" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC copy.33" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ </transf>
+ </goal>
+ <goal name="VC zero" expl="VC for zero" proved="true">
+ <transf name="split_vc" proved="true" >
+ <goal name="VC zero.0" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC zero.1" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC zero.2" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC zero.3" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC zero.4" expl="loop invariant init" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC zero.5" expl="precondition" proved="true">
+ <proof prover="0"><result status="valid" time="0.01" steps="24"/></proof>
+ <proof prover="1"><result status="timeout" time="1.00"/></proof>
+ </goal>
+ <goal name="VC zero.6" expl="precondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.01"/></proof>
+ </goal>
+ <goal name="VC zero.7" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ <goal name="VC zero.8" expl="integer overflow" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC zero.9" expl="loop variant decrease" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC zero.10" expl="loop invariant preservation" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC zero.11" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.10" steps="110"/></proof>
+ <proof prover="1"><result status="timeout" time="1.00"/></proof>
+ </goal>
+ <goal name="VC zero.12" expl="loop invariant preservation" proved="true">
+ <proof prover="0"><result status="valid" time="0.02" steps="51"/></proof>
+ <proof prover="1"><result status="timeout" time="1.00"/></proof>
+ </goal>
+ <goal name="VC zero.13" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.03"/></proof>
+ </goal>
+ <goal name="VC zero.14" expl="postcondition" proved="true">
+ <proof prover="1"><result status="valid" time="0.02"/></proof>
+ </goal>
+ </transf>
+ </goal>
+</theory>
+</file>
+</why3session>
diff --git a/examples/multiprecision/util/why3shapes.gz b/examples/multiprecision/util/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..6239efc4c94f3abea733c1eb69df93c94af07f37
Binary files /dev/null and b/examples/multiprecision/util/why3shapes.gz differ
diff --git a/examples/multiprecision/wmpn.mlw b/examples/multiprecision/wmpn.mlw
new file mode 100644
index 0000000000000000000000000000000000000000..e0650b7504a4779773ec95b4ec097e062118adee
--- /dev/null
+++ b/examples/multiprecision/wmpn.mlw
@@ -0,0 +1,13 @@
+module Wmpn
+
+ use export types.Types
+ use export lemmas.Lemmas
+ use export util.Util
+ use export compare.Compare
+ use export add.Add
+ use export sub.Sub
+ use export logical.Logical
+ use export mul.Mul
+ use export div.Div
+
+end
\ No newline at end of file
diff --git a/examples/multiprecision/wmpn/why3session.xml b/examples/multiprecision/wmpn/why3session.xml
new file mode 100644
index 0000000000000000000000000000000000000000..8c6d53ba4de7a1d8af6e8f7d8c6e27804ca98e60
--- /dev/null
+++ b/examples/multiprecision/wmpn/why3session.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<file name="../wmpn.mlw" proved="true">
+</file>
+</why3session>
diff --git a/examples/multiprecision/wmpn/why3shapes.gz b/examples/multiprecision/wmpn/why3shapes.gz
new file mode 100644
index 0000000000000000000000000000000000000000..0239669d57f6148035ad2dc4a6d54ae7db678e85
Binary files /dev/null and b/examples/multiprecision/wmpn/why3shapes.gz differ