Commit f9f0325d authored by Mário Pereira's avatar Mário Pereira

Proof in progress (Schorr-Waite)

parent 4e4643c3
......@@ -150,8 +150,11 @@ module SchorrWaite
end) \/ pair_in_list p1 p2 m
end
lemma t : forall n x y: loc, left right : map loc loc, pth : list loc.
(* the two following lemmas help proving the assertion in the push case *)
lemma path_edge : forall x y : loc, left right : map loc loc.
edge x y left right -> path left right x y (Cons x Nil)
lemma path_edge_cons : forall n x y : loc, left right : map loc loc, pth : list loc.
reachable_via n x left right pth -> edge x y left right ->
reachable_via n y left right (pth ++ (Cons x Nil))
......@@ -176,6 +179,9 @@ module SchorrWaite
(* every marked node was reachable from 'root' in the pre-state *)
ensures { forall n : loc. S.mem n graph /\ n <> null /\ !m[n] ->
reachable root n (old !left) (old !right) }
ensures { !m[root] }
ensures { forall n : loc. S.mem n graph /\ n <> null /\ !m[n] ->
(forall ch : loc. edge n ch !left !right /\ ch <> null -> !m[ch]) }
(* forall non-reachable vertices the mark remains
the same as in the pre-state *)
(* update: no need for this post-condition (taken from Hubert and Marché's work)
......@@ -231,22 +237,27 @@ module SchorrWaite
if !c[nth k !stackNodes] then
nth (k - 1) !stackNodes = (at !right 'Init)[nth k !stackNodes]
else nth (k - 1) !stackNodes = (at !left 'Init)[nth k !stackNodes] }
(* help establishing the next invariant for the push case -->
* line 70 from Leino's paper *)
invariant { !p <> null -> reachable_via root !p (at !left 'Init) (at !right 'Init) !pth }
(* line 72 from Leino's paper --> used to prove the post that very marked node was
* reachable from 'root' in the pre-state *)
invariant { forall n : loc. S.mem n graph /\ !m[n] /\ n <> null ->
reachable root n (at !left 'Init) (at !right 'Init) }
(* help establishing the previous invariant for the push case -->
* line 70 from Leino's paper *)
invariant { !p <> null -> reachable_via root !p (at !left 'Init) (at !right 'Init) !pth }
(* help establishing the previous invariant when p = null, ie
* for the firts push of the loop *)
invariant { !p = null <-> !t = root }
invariant { !p = null -> !t = root }
invariant { (!p = null \/ !p = root) -> !pth = Nil }
(* help establishing the previous invariant for the pop case -->
* line 70 from Leino's paper *)
invariant { forall n : loc, pth : list loc.
S.mem n graph /\ n <> null /\ !m[n] /\ pth = !path_from_root[n] ->
reachable_via root n (at !left 'Init) (at !right 'Init) pth }
(* lines 61-62 from Leinos' paper --> help establish the post that
* all nodes reachable from root are marked *)
invariant { forall n : loc. S.mem n graph /\ n <> null /\ !m[n] /\
not (L.mem n !stackNodes) /\ n <> !t ->
(forall ch : loc. edge n ch !left !right /\ ch <> null -> !m[ch]) }
(* termination proved using lexicographic order over a triple *)
variant { S.cardinal !unmarked_nodes, S.cardinal !c_false_nodes, length !stackNodes }
if !t = null || !m[!t] then begin
......@@ -279,7 +290,7 @@ module SchorrWaite
set_path_from_root !p !pth;
(* this is assertion is automatically discharged and it helps
* proving that all marked nodes are reachable from root *)
assert { path (at !left 'Init) (at !right 'Init) root !p !pth };
(*assert { path (at !left 'Init) (at !right 'Init) root !p !pth }; *)
(*set_c !p false;*) (* if we assume at the pre-condition that all nodes start with c = 0,
then this redundant *)
unmarked_nodes := S.remove !p !unmarked_nodes
......
......@@ -6,44 +6,44 @@
<prover id="1" name="CVC3" version="2.4.1" timelimit="5" memlimit="1000"/>
<prover id="2" name="CVC4" version="1.4" timelimit="5" memlimit="1000"/>
<file name="../schorr_waite.mlw" expanded="true">
<theory name="SchorrWaite" sum="1639d9a2b08bf83df902f43d7615bb4b" expanded="true">
<theory name="SchorrWaite" sum="c76416d98908399b9d5e58958747c744" expanded="true">
<goal name="reflex_path">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="2"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.01"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="WP_parameter trans_path" expl="VC for trans_path">
<transf name="split_goal_wp">
<goal name="WP_parameter trans_path.1" expl="1. postcondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.04" steps="117"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="1.20"/></proof>
<proof prover="1"><result status="valid" time="0.95"/></proof>
</goal>
<goal name="WP_parameter trans_path.2" expl="2. postcondition">
<proof prover="0" obsolete="true"><result status="valid" time="1.16" steps="523"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter trans_path.3" expl="3. variant decrease">
<transf name="split_goal_wp">
<goal name="WP_parameter trans_path.3.1" expl="1.">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="6"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter trans_path.3.2" expl="2.">
<proof prover="0" obsolete="true"><result status="valid" time="0.00" steps="9"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.01"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter trans_path.4" expl="4. precondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.03" steps="128"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.08"/></proof>
<proof prover="1"><result status="valid" time="0.08"/></proof>
</goal>
<goal name="WP_parameter trans_path.5" expl="5. precondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="5"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter trans_path.6" expl="6. postcondition">
<proof prover="0" obsolete="true"><result status="timeout" time="3.68"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="4.17"/></proof>
<proof prover="1"><result status="valid" time="2.98"/></proof>
</goal>
</transf>
</goal>
......@@ -51,1405 +51,277 @@
<transf name="split_goal_wp">
<goal name="WP_parameter length_tl.1" expl="1. postcondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="2"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter length_tl.2" expl="2. postcondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="8"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter length_tl.3" expl="3. variant decrease">
<transf name="split_goal_wp">
<goal name="WP_parameter length_tl.3.1" expl="1.">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="4"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter length_tl.3.2" expl="2.">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="13"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.04"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter length_tl.4" expl="4. precondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="23"/></proof>
<proof prover="1"><result status="valid" time="0.02"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter length_tl.5" expl="5. postcondition">
<proof prover="0" obsolete="true"><result status="valid" time="0.01" steps="10"/></proof>
<proof prover="1"><result status="valid" time="0.01"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
</goal>
</transf>
</goal>
<goal name="t" expanded="true">
<proof prover="0" obsolete="true"><result status="timeout" time="5.00"/></proof>
<proof prover="1" obsolete="true"><result status="timeout" time="5.00"/></proof>
<proof prover="2" obsolete="true"><result status="timeout" time="5.05"/></proof>
<transf name="induction_ty_lex" expanded="true">
<goal name="t.1" expl="1." expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="t.1.1" expl="1." expanded="true">
<proof prover="1" obsolete="true"><result status="timeout" time="4.99"/></proof>
<proof prover="2" obsolete="true"><result status="timeout" time="5.04"/></proof>
</goal>
<goal name="t.1.2" expl="2." expanded="true">
<proof prover="1" obsolete="true"><result status="timeout" time="5.00"/></proof>
<proof prover="2" obsolete="true"><result status="timeout" time="6.01"/></proof>
</goal>
</transf>
<goal name="path_edge" expanded="true">
<proof prover="2"><result status="valid" time="3.73"/></proof>
</goal>
</transf>
<goal name="path_edge_cons" expanded="true">
<proof prover="0"><result status="valid" time="0.03" steps="113"/></proof>
</goal>
<goal name="WP_parameter schorr_waite" expl="VC for schorr_waite" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.1" expl="1. loop invariant init">
<proof prover="1"><result status="valid" time="0.02"/></proof>
<goal name="WP_parameter schorr_waite.1" expl="1. precondition">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.2" expl="2. loop invariant init">
<proof prover="1"><result status="valid" time="0.02"/></proof>
<goal name="WP_parameter schorr_waite.2" expl="2. precondition">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.3" expl="3. loop invariant init">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<goal name="WP_parameter schorr_waite.3" expl="3. precondition">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.4" expl="4. loop invariant init">
<goal name="WP_parameter schorr_waite.4" expl="4. loop variant decrease">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.5" expl="5. loop invariant init" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.5.1" expl="1. loop invariant init">
<proof prover="1"><result status="valid" time="0.02"/></proof>
<goal name="WP_parameter schorr_waite.5" expl="5. assertion">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.5.2" expl="2. loop invariant init">
<goal name="WP_parameter schorr_waite.6" expl="6. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
</transf>
<goal name="WP_parameter schorr_waite.7" expl="7. precondition">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.6" expl="6. loop invariant init">
<goal name="WP_parameter schorr_waite.8" expl="8. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.7" expl="7. loop invariant init">
<goal name="WP_parameter schorr_waite.9" expl="9. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.8" expl="8. loop invariant init">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.9" expl="9. loop invariant init">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.10" expl="10. loop invariant init">
<goal name="WP_parameter schorr_waite.10" expl="10. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.11" expl="11. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<goal name="WP_parameter schorr_waite.11" expl="11. loop variant decrease">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.12" expl="12. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.13" expl="13. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<goal name="WP_parameter schorr_waite.13" expl="13. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.14" expl="14. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<goal name="WP_parameter schorr_waite.14" expl="14. precondition">
<proof prover="1"><result status="timeout" time="5.01"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.15" expl="15. loop invariant preservation" expanded="true">
<proof prover="1"><result status="valid" time="0.04"/></proof>
<goal name="WP_parameter schorr_waite.15" expl="15. loop variant decrease">
<proof prover="1"><result status="valid" time="0.05"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.16" expl="16. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<goal name="WP_parameter schorr_waite.16" expl="16. assertion">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.17" expl="17. loop invariant preservation">
<goal name="WP_parameter schorr_waite.17" expl="17. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.18" expl="18. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.19" expl="19. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.20" expl="20. loop invariant preservation" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.20.1" expl="1. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
<goal name="WP_parameter schorr_waite.18" expl="18. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.20.2" expl="2. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<goal name="WP_parameter schorr_waite.19" expl="19. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.20.3" expl="3. loop invariant preservation">
<goal name="WP_parameter schorr_waite.20" expl="20. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.20.4" expl="4. loop invariant preservation">
<goal name="WP_parameter schorr_waite.21" expl="21. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter schorr_waite.21" expl="21. loop invariant preservation" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.21.1" expl="1. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
<goal name="WP_parameter schorr_waite.22" expl="22. loop variant decrease">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.21.2" expl="2. loop invariant preservation">
<goal name="WP_parameter schorr_waite.23" expl="23. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter schorr_waite.22" expl="22. loop invariant preservation">
<goal name="WP_parameter schorr_waite.24" expl="24. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.23" expl="23. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.24" expl="24. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.25" expl="25. loop invariant preservation">
<goal name="WP_parameter schorr_waite.25" expl="25. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.26" expl="26. loop invariant preservation">
<goal name="WP_parameter schorr_waite.26" expl="26. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.27" expl="27. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<goal name="WP_parameter schorr_waite.27" expl="27. loop variant decrease">
<proof prover="1"><result status="timeout" time="4.99"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.28" expl="28. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.05"/></proof>
<goal name="WP_parameter schorr_waite.28" expl="28. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.29" expl="29. loop invariant preservation">
<goal name="WP_parameter schorr_waite.29" expl="29. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.30" expl="30. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<goal name="WP_parameter schorr_waite.30" expl="30. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.31" expl="31. loop invariant preservation">
<goal name="WP_parameter schorr_waite.31" expl="31. precondition" expanded="true">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.32" expl="32. loop invariant preservation">
<goal name="WP_parameter schorr_waite.32" expl="32. loop variant decrease">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.33" expl="33. loop variant decrease">
<goal name="WP_parameter schorr_waite.33" expl="33. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.34" expl="34. assertion">
<goal name="WP_parameter schorr_waite.34" expl="34. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.35" expl="35. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.36" expl="36. precondition" expanded="true">
<goal name="WP_parameter schorr_waite.36" expl="36. loop variant decrease">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.37" expl="37. precondition">
<goal name="WP_parameter schorr_waite.37" expl="37. assertion">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.38" expl="38. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.39" expl="39. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.40" expl="40. loop invariant preservation" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.40.1" expl="1. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.40.2" expl="2. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter schorr_waite.41" expl="41. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.42" expl="42. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.43" expl="43. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.44" expl="44. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.45" expl="45. loop invariant preservation">
<goal name="WP_parameter schorr_waite.39" expl="39. precondition" expanded="true">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.46" expl="46. loop invariant preservation">
<goal name="WP_parameter schorr_waite.40" expl="40. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.47" expl="47. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.48" expl="48. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.49" expl="49. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.50" expl="50. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.51" expl="51. loop invariant preservation">
<goal name="WP_parameter schorr_waite.41" expl="41. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.52" expl="52. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<goal name="WP_parameter schorr_waite.42" expl="42. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.53" expl="53. loop invariant preservation" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.53.1" expl="1. loop invariant preservation">
<goal name="WP_parameter schorr_waite.43" expl="43. loop variant decrease">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.53.2" expl="2. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter schorr_waite.54" expl="54. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.55" expl="55. loop invariant preservation">
<goal name="WP_parameter schorr_waite.44" expl="44. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.56" expl="56. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
<goal name="WP_parameter schorr_waite.45" expl="45. precondition">
<proof prover="1"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.57" expl="57. loop invariant preservation">
<goal name="WP_parameter schorr_waite.46" expl="46. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.58" expl="58. loop invariant preservation">
<goal name="WP_parameter schorr_waite.47" expl="47. loop variant decrease">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.59" expl="59. loop invariant preservation">
<goal name="WP_parameter schorr_waite.48" expl="48. assertion">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.60" expl="60. loop variant decrease">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.61" expl="61. precondition">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.62" expl="62. precondition">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.63" expl="63. loop invariant preservation" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.63.1" expl="1. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.25"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.63.2" expl="2. loop invariant preservation">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
</transf>
<goal name="WP_parameter schorr_waite.49" expl="49. precondition" expanded="true">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.64" expl="64. loop invariant preservation">
<goal name="WP_parameter schorr_waite.50" expl="50. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.65" expl="65. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.45"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.66" expl="66. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.28"/></proof>
<goal name="WP_parameter schorr_waite.51" expl="51. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.67" expl="67. loop invariant preservation">
<goal name="WP_parameter schorr_waite.52" expl="52. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.68" expl="68. loop invariant preservation">
<goal name="WP_parameter schorr_waite.53" expl="53. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.69" expl="69. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.70" expl="70. loop invariant preservation" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.70.1" expl="1. loop invariant preservation">
<proof prover="1"><result status="timeout" time="4.99"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.70.2" expl="2. loop invariant preservation">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.70.3" expl="3. loop invariant preservation">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.70.4" expl="4. loop invariant preservation">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter schorr_waite.71" expl="71. loop invariant preservation" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.71.1" expl="1. loop invariant preservation" expanded="true">
<proof prover="1"><result status="valid" time="0.07"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.71.2" expl="2. loop invariant preservation" expanded="true">
<proof prover="1"><result status="valid" time="0.07"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter schorr_waite.72" expl="72. loop invariant preservation">
<proof prover="1"><result status="timeout" time="4.99"/></proof>
<proof prover="2" obsolete="true"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.73" expl="73. loop invariant preservation" expanded="true">
<proof prover="1"><result status="timeout" time="4.99"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.74" expl="74. loop invariant preservation">
<goal name="WP_parameter schorr_waite.54" expl="54. loop variant decrease">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.75" expl="75. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.07"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.76" expl="76. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.77" expl="77. loop invariant preservation">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.78" expl="78. loop invariant preservation">
<proof prover="1"><result status="timeout" time="4.99"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.79" expl="79. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.80" expl="80. loop invariant preservation">
<proof prover="1"><result status="timeout" time="4.99"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.81" expl="81. loop invariant preservation">
<proof prover="1"><result status="timeout" time="5.00"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.82" expl="82. loop invariant preservation">
<proof prover="1"><result status="timeout" time="4.99"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.83" expl="83. loop variant decrease">
<proof prover="1"><result status="valid" time="0.05"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.84" expl="84. assertion">
<proof prover="1"><result status="valid" time="0.05"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.85" expl="85. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.86" expl="86. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.87" expl="87. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.88" expl="88. precondition">
<goal name="WP_parameter schorr_waite.55" expl="55. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.89" expl="89. precondition">
<goal name="WP_parameter schorr_waite.56" expl="56. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.90" expl="90. loop invariant preservation" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter schorr_waite.90.1" expl="1. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter schorr_waite.90.2" expl="2. loop invariant preservation">
<goal name="WP_parameter schorr_waite.57"