Commit f9f0325d authored by Mário Pereira's avatar Mário Pereira

Proof in progress (Schorr-Waite)

parent 4e4643c3
...@@ -68,7 +68,7 @@ module SchorrWaite ...@@ -68,7 +68,7 @@ module SchorrWaite
ensures { !c = set (old !c) p v } ensures { !c = set (old !c) p v }
val set_path_from_root (p: loc) (l : list loc) : unit val set_path_from_root (p: loc) (l : list loc) : unit
requires { p <> null } requires { p <> null }
writes { path_from_root } writes { path_from_root }
ensures { !path_from_root = set (old !path_from_root) p l } ensures { !path_from_root = set (old !path_from_root) p l }
...@@ -150,8 +150,11 @@ module SchorrWaite ...@@ -150,8 +150,11 @@ module SchorrWaite
end) \/ pair_in_list p1 p2 m end) \/ pair_in_list p1 p2 m
end end
lemma t : forall n x y: loc, left right : map loc loc, pth : list loc. (* the two following lemmas help proving the assertion in the push case *)
lemma path_edge : forall x y : loc, left right : map loc loc.
edge x y left right -> path left right x y (Cons x Nil)
lemma path_edge_cons : forall n x y : loc, left right : map loc loc, pth : list loc.
reachable_via n x left right pth -> edge x y left right -> reachable_via n x left right pth -> edge x y left right ->
reachable_via n y left right (pth ++ (Cons x Nil)) reachable_via n y left right (pth ++ (Cons x Nil))
...@@ -176,6 +179,9 @@ module SchorrWaite ...@@ -176,6 +179,9 @@ module SchorrWaite
(* every marked node was reachable from 'root' in the pre-state *) (* every marked node was reachable from 'root' in the pre-state *)
ensures { forall n : loc. S.mem n graph /\ n <> null /\ !m[n] -> ensures { forall n : loc. S.mem n graph /\ n <> null /\ !m[n] ->
reachable root n (old !left) (old !right) } reachable root n (old !left) (old !right) }
ensures { !m[root] }
ensures { forall n : loc. S.mem n graph /\ n <> null /\ !m[n] ->
(forall ch : loc. edge n ch !left !right /\ ch <> null -> !m[ch]) }
(* forall non-reachable vertices the mark remains (* forall non-reachable vertices the mark remains
the same as in the pre-state *) the same as in the pre-state *)
(* update: no need for this post-condition (taken from Hubert and Marché's work) (* update: no need for this post-condition (taken from Hubert and Marché's work)
...@@ -231,22 +237,27 @@ module SchorrWaite ...@@ -231,22 +237,27 @@ module SchorrWaite
if !c[nth k !stackNodes] then if !c[nth k !stackNodes] then
nth (k - 1) !stackNodes = (at !right 'Init)[nth k !stackNodes] nth (k - 1) !stackNodes = (at !right 'Init)[nth k !stackNodes]
else nth (k - 1) !stackNodes = (at !left 'Init)[nth k !stackNodes] } else nth (k - 1) !stackNodes = (at !left 'Init)[nth k !stackNodes] }
(* help establishing the next invariant for the push case -->
* line 70 from Leino's paper *)
invariant { !p <> null -> reachable_via root !p (at !left 'Init) (at !right 'Init) !pth }
(* line 72 from Leino's paper --> used to prove the post that very marked node was (* line 72 from Leino's paper --> used to prove the post that very marked node was
* reachable from 'root' in the pre-state *) * reachable from 'root' in the pre-state *)
invariant { forall n : loc. S.mem n graph /\ !m[n] /\ n <> null -> invariant { forall n : loc. S.mem n graph /\ !m[n] /\ n <> null ->
reachable root n (at !left 'Init) (at !right 'Init) } reachable root n (at !left 'Init) (at !right 'Init) }
(* help establishing the previous invariant for the push case -->
* line 70 from Leino's paper *)
invariant { !p <> null -> reachable_via root !p (at !left 'Init) (at !right 'Init) !pth }
(* help establishing the previous invariant when p = null, ie (* help establishing the previous invariant when p = null, ie
* for the firts push of the loop *) * for the firts push of the loop *)
invariant { !p = null <-> !t = root } invariant { !p = null -> !t = root }
invariant { (!p = null \/ !p = root) -> !pth = Nil } invariant { (!p = null \/ !p = root) -> !pth = Nil }
(* help establishing the previous invariant for the pop case --> (* help establishing the previous invariant for the pop case -->
* line 70 from Leino's paper *) * line 70 from Leino's paper *)
invariant { forall n : loc, pth : list loc. invariant { forall n : loc, pth : list loc.
S.mem n graph /\ n <> null /\ !m[n] /\ pth = !path_from_root[n] -> S.mem n graph /\ n <> null /\ !m[n] /\ pth = !path_from_root[n] ->
reachable_via root n (at !left 'Init) (at !right 'Init) pth } reachable_via root n (at !left 'Init) (at !right 'Init) pth }
(* lines 61-62 from Leinos' paper --> help establish the post that
* all nodes reachable from root are marked *)
invariant { forall n : loc. S.mem n graph /\ n <> null /\ !m[n] /\
not (L.mem n !stackNodes) /\ n <> !t ->
(forall ch : loc. edge n ch !left !right /\ ch <> null -> !m[ch]) }
(* termination proved using lexicographic order over a triple *) (* termination proved using lexicographic order over a triple *)
variant { S.cardinal !unmarked_nodes, S.cardinal !c_false_nodes, length !stackNodes } variant { S.cardinal !unmarked_nodes, S.cardinal !c_false_nodes, length !stackNodes }
if !t = null || !m[!t] then begin if !t = null || !m[!t] then begin
...@@ -275,11 +286,11 @@ module SchorrWaite ...@@ -275,11 +286,11 @@ module SchorrWaite
stackNodes := Cons !p !stackNodes; stackNodes := Cons !p !stackNodes;
t := get_left !t; t := get_left !t;
set_left !p q; set_left !p q;
set_m !p true; set_m !p true;
set_path_from_root !p !pth; set_path_from_root !p !pth;
(* this is assertion is automatically discharged and it helps (* this is assertion is automatically discharged and it helps
* proving that all marked nodes are reachable from root *) * proving that all marked nodes are reachable from root *)
assert { path (at !left 'Init) (at !right 'Init) root !p !pth }; (*assert { path (at !left 'Init) (at !right 'Init) root !p !pth }; *)
(*set_c !p false;*) (* if we assume at the pre-condition that all nodes start with c = 0, (*set_c !p false;*) (* if we assume at the pre-condition that all nodes start with c = 0,
then this redundant *) then this redundant *)
unmarked_nodes := S.remove !p !unmarked_nodes unmarked_nodes := S.remove !p !unmarked_nodes
......
...@@ -6,44 +6,44 @@ ...@@ -6,44 +6,44 @@
<prover id="1" name="CVC3" version="2.4.1" timelimit="5" memlimit="1000"/> <prover id="1" name="CVC3" version="2.4.1" timelimit="5" memlimit="1000"/>
<prover id="2" name="CVC4" version="1.4" timelimit="5" memlimit="1000"/> <prover id="2" name="CVC4" version="1.4" timelimit="5" memlimit="1000"/>
<file name="../schorr_waite.mlw" expanded="true"> <file name="../schorr_waite.mlw" expanded="true">
<theory name="SchorrWaite" sum="1639d9a2b08bf83df902f43d7615bb4b" expanded="true"> <theory name="SchorrWaite" sum="c76416d98908399b9d5e58958747c744" expanded="true">
<goal name="reflex_path"> <goal name="reflex_path">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="2"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="2"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.01"/></proof> <proof prover="1"><result status="valid" time="0.01"/></proof>
</goal> </goal>
<goal name="WP_parameter trans_path" expl="VC for trans_path"> <goal name="WP_parameter trans_path" expl="VC for trans_path">
<transf name="split_goal_wp"> <transf name="split_goal_wp">
<goal name="WP_parameter trans_path.1" expl="1. postcondition"> <goal name="WP_parameter trans_path.1" expl="1. postcondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.04" steps="117"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.04" steps="117"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="1.20"/></proof> <proof prover="1"><result status="valid" time="0.95"/></proof>
</goal> </goal>
<goal name="WP_parameter trans_path.2" expl="2. postcondition"> <goal name="WP_parameter trans_path.2" expl="2. postcondition">
<proof prover="0" obsolete="true"><result status="valid" time="1.16" steps="523"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="1.16" steps="523"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter trans_path.3" expl="3. variant decrease"> <goal name="WP_parameter trans_path.3" expl="3. variant decrease">
<transf name="split_goal_wp"> <transf name="split_goal_wp">
<goal name="WP_parameter trans_path.3.1" expl="1."> <goal name="WP_parameter trans_path.3.1" expl="1.">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="6"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="6"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter trans_path.3.2" expl="2."> <goal name="WP_parameter trans_path.3.2" expl="2.">
<proof prover="0" obsolete="true"><result status="valid" time="0.00" steps="9"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.00" steps="9"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.01"/></proof> <proof prover="1"><result status="valid" time="0.01"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
<goal name="WP_parameter trans_path.4" expl="4. precondition"> <goal name="WP_parameter trans_path.4" expl="4. precondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.03" steps="128"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.03" steps="128"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.08"/></proof> <proof prover="1"><result status="valid" time="0.08"/></proof>
</goal> </goal>
<goal name="WP_parameter trans_path.5" expl="5. precondition"> <goal name="WP_parameter trans_path.5" expl="5. precondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="5"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="5"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter trans_path.6" expl="6. postcondition"> <goal name="WP_parameter trans_path.6" expl="6. postcondition">
<proof prover="0" obsolete="true"><result status="timeout" time="3.68"/></proof> <proof prover="0" obsolete="true"><result status="timeout" time="3.68"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="4.17"/></proof> <proof prover="1"><result status="valid" time="2.98"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
...@@ -51,1405 +51,277 @@ ...@@ -51,1405 +51,277 @@
<transf name="split_goal_wp"> <transf name="split_goal_wp">
<goal name="WP_parameter length_tl.1" expl="1. postcondition"> <goal name="WP_parameter length_tl.1" expl="1. postcondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="2"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="2"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.04"/></proof> <proof prover="2" obsolete="true"><result status="valid" time="0.04"/></proof>
</goal> </goal>
<goal name="WP_parameter length_tl.2" expl="2. postcondition"> <goal name="WP_parameter length_tl.2" expl="2. postcondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="8"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="8"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof> <proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter length_tl.3" expl="3. variant decrease"> <goal name="WP_parameter length_tl.3" expl="3. variant decrease">
<transf name="split_goal_wp"> <transf name="split_goal_wp">
<goal name="WP_parameter length_tl.3.1" expl="1."> <goal name="WP_parameter length_tl.3.1" expl="1.">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="4"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="4"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.02"/></proof> <proof prover="2" obsolete="true"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter length_tl.3.2" expl="2."> <goal name="WP_parameter length_tl.3.2" expl="2.">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="13"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="13"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.04"/></proof> <proof prover="2" obsolete="true"><result status="valid" time="0.04"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
<goal name="WP_parameter length_tl.4" expl="4. precondition"> <goal name="WP_parameter length_tl.4" expl="4. precondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="23"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="23"/></proof>
<proof prover="1"><result status="valid" time="0.02"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof> <proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter length_tl.5" expl="5. postcondition"> <goal name="WP_parameter length_tl.5" expl="5. postcondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="10"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="10"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof> <proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
<goal name="t" expanded="true"> <goal name="path_edge" expanded="true">
<proof prover="0" obsolete="true"><result status="timeout" time="5.00"/></proof> <proof prover="2"><result status="valid" time="3.73"/></proof>
<proof prover="1" obsolete="true"><result status="timeout" time="5.00"/></proof> </goal>
<proof prover="2" obsolete="true"><result status="timeout" time="5.05"/></proof> <goal name="path_edge_cons" expanded="true">
<transf name="induction_ty_lex" expanded="true"> <proof prover="0"><result status="valid" time="0.03" steps="113"/></proof>
<goal name="t.1" expl="1." expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="t.1.1" expl="1." expanded="true">
<proof prover="1" obsolete="true"><result status="timeout" time="4.99"/></proof>
<proof prover="2" obsolete="true"><result status="timeout" time="5.04"/></proof>
</goal>
<goal name="t.1.2" expl="2." expanded="true">
<proof prover="1" obsolete="true"><result status="timeout" time="5.00"/></proof>
<proof prover="2" obsolete="true"><result status="timeout" time="6.01"/></proof>
</goal>
</transf>
</goal>
</transf>
</goal> </goal>
<goal name="WP_parameter schorr_waite" expl="VC for schorr_waite" expanded="true"> <goal name="WP_parameter schorr_waite" expl="VC for schorr_waite" expanded="true">
<transf name="split_goal_wp" expanded="true"> <transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.1" expl="1. loop invariant init"> <goal name="WP_parameter schorr_waite.1" expl="1. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.2" expl="2. loop invariant init"> <goal name="WP_parameter schorr_waite.2" expl="2. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="valid" time="0.04"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.3" expl="3. loop invariant init"> <goal name="WP_parameter schorr_waite.3" expl="3. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.4" expl="4. loop invariant init"> <goal name="WP_parameter schorr_waite.4" expl="4. loop variant decrease">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.5" expl="5. loop invariant init" expanded="true"> <goal name="WP_parameter schorr_waite.5" expl="5. assertion">
<transf name="split_goal_wp" expanded="true"> <proof prover="1"><result status="timeout" time="5.00"/></proof>
<goal name="WP_parameter schorr_waite.5.1" expl="1. loop invariant init">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.5.2" expl="2. loop invariant init">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter schorr_waite.6" expl="6. loop invariant init">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.7" expl="7. loop invariant init"> <goal name="WP_parameter schorr_waite.6" expl="6. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.8" expl="8. loop invariant init"> <goal name="WP_parameter schorr_waite.7" expl="7. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.9" expl="9. loop invariant init">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.10" expl="10. loop invariant init"> <goal name="WP_parameter schorr_waite.8" expl="8. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.11" expl="11. precondition"> <goal name="WP_parameter schorr_waite.9" expl="9. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.12" expl="12. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.13" expl="13. loop invariant preservation"> <goal name="WP_parameter schorr_waite.10" expl="10. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.14" expl="14. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.15" expl="15. loop invariant preservation" expanded="true"> <goal name="WP_parameter schorr_waite.11" expl="11. loop variant decrease">
<proof prover="1"><result status="valid" time="0.04"/></proof> <proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.16" expl="16. loop invariant preservation"> <goal name="WP_parameter schorr_waite.12" expl="12. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.17" expl="17. loop invariant preservation"> <goal name="WP_parameter schorr_waite.13" expl="13. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.18" expl="18. loop invariant preservation"> <goal name="WP_parameter schorr_waite.14" expl="14. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="timeout" time="5.01"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.19" expl="19. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.20" expl="20. loop invariant preservation" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.20.1" expl="1. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.20.2" expl="2. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.20.3" expl="3. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.20.4" expl="4. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
</transf>
</goal> </goal>
<goal name="WP_parameter schorr_waite.21" expl="21. loop invariant preservation" expanded="true"> <goal name="WP_parameter schorr_waite.15" expl="15. loop variant decrease">
<transf name="split_goal_wp" expanded="true"> <proof prover="1"><result status="valid" time="0.05"/></proof>
<goal name="WP_parameter schorr_waite.21.1" expl="1. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.21.2" expl="2. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
</transf>
</goal> </goal>
<goal name="WP_parameter schorr_waite.22" expl="22. loop invariant preservation"> <goal name="WP_parameter schorr_waite.16" expl="16. assertion">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.23" expl="23. loop invariant preservation"> <goal name="WP_parameter schorr_waite.17" expl="17. precondition">
<proof prover="1"><result status="valid" time="0.04"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.24" expl="24. loop invariant preservation"> <goal name="WP_parameter schorr_waite.18" expl="18. precondition">
<proof prover="1"><result status="valid" time="0.04"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.25" expl="25. loop invariant preservation"> <goal name="WP_parameter schorr_waite.19" expl="19. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.26" expl="26. loop invariant preservation"> <goal name="WP_parameter schorr_waite.20" expl="20. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.27" expl="27. loop invariant preservation"> <goal name="WP_parameter schorr_waite.21" expl="21. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.28" expl="28. loop invariant preservation"> <goal name="WP_parameter schorr_waite.22" expl="22. loop variant decrease">
<proof prover="1"><result status="valid" time="0.05"/></proof> <proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.29" expl="29. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.30" expl="30. loop invariant preservation"> <goal name="WP_parameter schorr_waite.23" expl="23. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.31" expl="31. loop invariant preservation"> <goal name="WP_parameter schorr_waite.24" expl="24. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.32" expl="32. loop invariant preservation"> <goal name="WP_parameter schorr_waite.25" expl="25. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.33" expl="33. loop variant decrease"> <goal name="WP_parameter schorr_waite.26" expl="26. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.34" expl="34. assertion"> <goal name="WP_parameter schorr_waite.27" expl="27. loop variant decrease">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="timeout" time="4.99"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.35" expl="35. precondition"> <goal name="WP_parameter schorr_waite.28" expl="28. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.36" expl="36. precondition" expanded="true"> <goal name="WP_parameter schorr_waite.29" expl="29. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.37" expl="37. precondition"> <goal name="WP_parameter schorr_waite.30" expl="30. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.38" expl="38. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.39" expl="39. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.40" expl="40. loop invariant preservation" expanded="true"> <goal name="WP_parameter schorr_waite.31" expl="31. precondition" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.40.1" expl="1. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.40.2" expl="2. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter schorr_waite.41" expl="41. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.42" expl="42. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.43" expl="43. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.44" expl="44. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.45" expl="45. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.46" expl="46. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.47" expl="47. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.48" expl="48. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.49" expl="49. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.50" expl="50. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.51" expl="51. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.52" expl="52. loop invariant preservation"> <goal name="WP_parameter schorr_waite.32" expl="32. loop variant decrease">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.53" expl="53. loop invariant preservation" expanded="true"> <goal name="WP_parameter schorr_waite.33" expl="33. precondition">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.53.1" expl="1. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.53.2" expl="2. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter schorr_waite.54" expl="54. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.55" expl="55. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.56" expl="56. loop invariant preservation"> <goal name="WP_parameter schorr_waite.34" expl="34. precondition">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.57" expl="57. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.58" expl="58. loop invariant preservation"> <goal name="WP_parameter schorr_waite.35" expl="35. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.59" expl="59. loop invariant preservation"> <goal name="WP_parameter schorr_waite.36" expl="36. loop variant decrease">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1"><result status="valid" time="0.03"/></proof>
</goal> </goal>
<goal name="WP_parameter schorr_waite.60" expl="60. loop variant decrease"> <goal name="WP_parameter schorr_waite.37" expl="37. assertion">
<proof prover="1"><result status="valid" time="0.04"/></proof> <proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.61" expl="61. precondition">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.62" expl="62. precondition">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.63" expl="63. loop invariant preservation" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.63.1" expl="1. loop invariant preservation">